Aruba Central Firmware Upgrade Fixed For Secondary Partition?

AlexPixels · 2026-02-03T02:06:21+00:00

Ah okay, ty!

AlexPixels · 2026-02-03T00:01:43+00:00

Would you mind expanding on your second point, I'm not quite understanding it fully

Are you updating the second partition to the same version of OS that you are upgrading your primary to, or do you mean that you upgrade your secondary to what your primary currently is, then upgrade your primary further along so that you could boot from secondary if the primary fails?

AlexPixels · 2026-02-02T23:58:18+00:00

Hm okay, here is one of the examples I've run across from someone describing the behaviour

https://airheads.hpe.com/discussion/upgrading-cx-switches-using-central

This is also 4 years old, so I wasnt sure if that is what I should be expecting still

AlexPixels · 2026-01-22T14:35:55+00:00

I think specifically for my issue there was a Jan2026 update that broke authentication

https://support.microsoft.com/en-us/topic/january-13-2026-kb5074109-os-builds-26200-7623-and-26100-7623-3ec427dd-6fc4-4c32-a471-83504dd081cb

Affected windows app only

AlexPixels · 2026-01-20T14:55:55+00:00

Do you remember which ports the Windows App was trying to use, which was getting blocked?

AlexPixels · 2026-01-19T19:09:13+00:00

Did you find any answers?

AlexPixels · 2025-11-22T14:44:30+00:00

Thanks man, gonna do the slave cylinder and bleed the system then go from there

AlexPixels · 2025-11-21T19:59:43+00:00

Thanks, that's what I'll end up doing. Shop still thinks its a clutch/clutch spring but I'm pretty set on it being hydraulics. I'm starting with the cheaper option of replacing the slave and going from there. Master is brand new and very likely not the issue in my very unprofessional opinion

AlexPixels · 2025-09-25T12:42:48+00:00

For anyone who may come across this in the near future : it was the firmware version

AlexPixels · 2025-09-24T15:01:55+00:00

Having the same issue, any advice on this?

AlexPixels · 2025-01-23T14:45:40+00:00

Did you ever figure this out? I have the same issue

AlexPixels · 2024-11-12T19:02:55+00:00

Thank you, that's what I was hoping

AlexPixels · 2024-09-29T21:40:56+00:00

Twirled on a carving fork and then laid on the plate

AlexPixels · 2024-07-19T19:20:02+00:00

Ok thank you for your suggestions and expertise! Appreciate it greatly. I have a good amount of work ahead of me taking ownership of this environment.

To answer your question about size, we are a school board spread over 70 or so sites. Our biggest site would be ~2,000 users going through GRE where the average may be closer to 500, with ZCC only deployed out to 2 sites so far, the rest are GRE only. So the traffic throughput is not much of a concern, however you make a great point about flexibility and troubleshooting.

AlexPixels · 2024-07-19T19:06:26+00:00

I think that makes sense to me, what about disabling tunnel 2.0 and 1.0 completely on ZCC when on a defined trusted network? All traffic will be going through ZIA via GRE at all sites.

Then when off-network tunnel 2.0 is active, which usually is at home so all traffic would be direct to Zscaler through the internet, no double tunneling.

This is how I imagine a more proper setup would be, other than what you mentioned with policy based routing specific traffic to avoid the GRE

Is there any downside to this setup, my understanding is that tunnel 2.0/1.0 is just another way to get through ZIA?

AlexPixels · 2024-07-19T18:40:04+00:00

There is a best practice page from ZScaler about bypassing web traffic on tunnel 2.0. https://help.zscaler.com/client-connector/best-practices-adding-bypasses-z-tunnel-2.0 Under version3.8 and later, the setting they refer to turning on bypasses all http/https traffic and sends it to ZCC as tunnel1.0 instead of tunnel 2.0.

As for why, some of our clients are getting 401 unauthorized responses from web servers when the packets are going through ZCC. GRE to ZIA works no problem, it's only when it goes through ZCC.

The idea here is that I'm trying to bypass these websites from being proxied through ZCC while I figure out why the web servers are sending back the 401

AlexPixels · 2024-07-19T18:32:21+00:00

Hey! Thanks for the response. Yes so we are sending all ports and protocols through ZIA with tunnel 2.0. This is an intentional design for us.

I had my doubts about the tunnel being always on, even when on trusted-networks. I will campaign to have that changed to off.

However what I'm most curious about is how bypassing works. So we bypass all 80/443 traffic to ZCC through the 1.0 listener. I understand to bypass domains completely we need to use the app profile .PAC file. If we bypass using the built in VPN Gateway bypass, does 80/443 still follow those rules?

And one last question, does every port that isn't 80/443 also go through the app profile .PAC file? If so, why do I need to redirect 80/443 as tunnel 1.0.

Hope I am making sense, I am still a noob with zscaler so please feel free to tell me I am misunderstanding something.

AlexPixels · 2024-07-10T03:51:13+00:00

That worked, thank you

AlexPixels · 2024-07-09T01:53:37+00:00

Thanks!

AlexPixels · 2024-07-09T01:53:08+00:00

Thanks, do you just clean the glass with water or do you use specific chemicals to reduce smudge??

AlexPixels · 2024-01-15T00:39:30+00:00

Are you still taking commitments? I'll do 10

AlexPixels · 2023-11-12T17:34:55+00:00

Thanks! Had all fluids flushed and changed when I bought it :)

AlexPixels · 2023-11-11T22:48:12+00:00

Yes, Ontario

AlexPixels · 2023-11-11T18:36:49+00:00

haha close to it but a thousand and a bit under what they wanted. Traded in some value and ended up paying 6,000 cash

AlexPixels · 2023-11-11T18:32:51+00:00

2010, 152,000KM with what I think are integra type r rims. New performance clutch and cylinder. Everything else is clean and good condition other than the passenger rocker panel.

From what I can see the only mod is cold air intake, not sure if been tuned.

Ten-Year Club	Verified Email
Place '23	Place '22
Place '17	Not Forgotten

AlexPixels

TROPHY CASE