Thank you, although this is proving difficult.  In the Installation Program field, I'm specifying   powershell.exe -ExecutionPolicy Bypass -File "Install-SecureClient-PowerShell-Test.ps1"   I have the ps1 file and ServiceUI.exe as part of the content.   The ps1 file has this code:   # Quote the target application path   $serviceUIPath = Join-Path -Path $PSScriptRoot -ChildPath "ServiceUI.exe" $targetApp = "C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\csc_ui.exe" $quotedAppPath = "`"$targetApp`"" Start-Process -FilePath $serviceUIPath -ArgumentList "/Process:explorer.exe", $quotedAppPath     I'm using Start-Transcript functionality to log all output.  The script seems to run fine but the Cisco Secure Client never launches.  I've tested this script by running locally in a powershell terminal run as System (using psexec -i -s powershell.exe)   Could you share the code you've used? ... View more

For your three cases I'd suggest:   1) Check the local status page, it might assist in recovery.  If not, power off the affected switch for a few minutes, repower and if that doesn't work, disconnect it from the stack.  Make sure it has an internet connection, then factory reset the affected switch, if that doesn't work RMA it.     2) Check the local status pages, if that doesn't help, make sure both switches have an internet connection, factory reset both switches.   3) Not likely. ... View more

Yes , i suppose everyone  https://community.meraki.com/t5/Security-SD-WAN/Retransmissions-Port-179-BGP-IPv6-on-Site-to-Site-capture-when/m-p/249447#M55712 ... View more

From what I can gather from your drawing and part of the extensive explanation you gave your offices and branches don't use direct internet access but are fully tunneled to the DC one armed concentrator HA pair and then exit to the internet there? The first issue I see with that design is that the branch office only has an internet circuit to reach that datacenter, so if that datacenter has internet outage then that branch has no connectivity. In case of the main office, it would be able to use the autoVPN tunnel between it and the DC via that private link, however traffic would stop there as the internet failed at the DC. Then for one of your questions: You cannot use an Azure vMX to break out to the internet from remote locations.  Azure cloud only allows internet access for actual resources hosted there. Then for design improvements. - Normally you have a 2 DC setup where you can have a single or HA-pair of MX concentrators and in case of active/active DC's you'll need an L2 circuit in between so hosts can move from 1 DC to the other while keeping their own IP address.  You can also have some branches select 1 DC while the others choose the other DC.  You could also use VXLAN between the DC's and an L3 circuit. - If you remain on 1 DC then you will need to have 2 upstream ISP connections.  Since the concentrator mode MX only has 1 local IP and one WAN connection the upstream infrastructure needs to provide ISP redundancy, preferably with a BGP dual homed IP range so the tunnel quickly recovers when the primary ISP circuit fails.  If you use 2 circuits with different IP's it will also work but the tunnels will need some time to recover since internet outage detection can take a few minutes and the VPN registries need to adapt.  However your HQ should be less affected since it primarily uses the private link as primary autoVPN tunnel so that only needs to wait for the internet down detection but you will feel it. ... View more