Tuesday, March 23, 2021

Recent Questions - Server Fault

Recent Questions - Server Fault

WVD App attach launching windows file explorer

Posted: 23 Mar 2021 10:17 PM PDT

I'm trying to virtualize some apps and test the app attach feature with MSIX packages. I've followed all the steps, and expanded the MSIX into a VHD. I've uploaded the VHD and placed it in a hostpool / app group. It launches. However, it launches file explorer, and not the app itself:

WVD and APP - App Attach launch

Is there something I'm missing? I've read the documentation several times, and re-traced my steps countless times. I'm sure I'm missing something, but just not sure what at the moment.

Thank you in advance.

-Richard F.

What is the circle icon in Chrome's Network tab?

Posted: 23 Mar 2021 09:36 PM PDT

What is the circle icon in this request? It's a GET request that returns a pdf.

enter image description here

It does it in incognito as well.

I have the following extensions installed:

  • Cisco Webex Extension
  • Google Docs Offline
  • Docs
  • Sheets
  • Slides

LetsEncrypt Certificate is updated, but still showing old date on the website (restarted Apache)

Posted: 23 Mar 2021 08:14 PM PDT

Running Apache on EC2 ubuntu server, using letsencrypt certificate, which I see if I run sudo certbot certificates. I manually renewed it and confirmed the dates on the server, but the certificate on the website is still showing the old date.

Then I restarted the server with sudo systemctl restart apache2.service, but still don't see any changes on my site's certificate date. Please help, expiring in a couple of days..

iptables: Route outgoing requests to a local proxy preserving destination address and port

Posted: 23 Mar 2021 07:35 PM PDT

I want the proxy to make some routing decisions based on the original destination IP and port. I can do this easily for an incoming request:

iptables -t mangle -A PREROUTING -p tcp --destination 10.37.253.90 \  --dport 8080 -j TPROXY --on-port 8081

This intercepts the packets headed for 10.87.253.90:8080 on local port 8081 of the proxy. But for an outgoing request, how can I do this?

Do SQL Server 2016 Web Edition have CAL License? [duplicate]

Posted: 23 Mar 2021 07:03 PM PDT

I am looking for information of SQL Server 2016 Web Edition if it have CAL license but have not found any.

Background: I have a web application for 20 concurrent users. We are planning to have SQL Server 2016 Web edition because its cheaper than the other edition. Then my concern is on the CAL user license OF SQL Server 2016 WEB EDITION. Do I need it? I try look around the internet but no info on this. Mostly its on Standard or Enterprise edition.

So my question is, do I need CAL user license for SQL Server 2016 WEB EDITION, how many do I need, and how much per CAL?

Thank you.

Ubuntu sudo required for listening on port 80 but not on other unused ports

Posted: 23 Mar 2021 07:02 PM PDT

On my Ubuntu desktop, I'm able to successfully run a small C++ webserver on unused ports like this:

./myserver 127.0.0.1 3050

This problem is that if I run on port 80, I must run as sudo like this:

sudo ./myserver 127.0.0.1 80

If I run on port 80 without using sudo, I get an error accept: Invalid argument.

Can someone explain why sudo is required when running on port 80?

How to calculate total optimal connection count and find DB instance type to use?

Posted: 23 Mar 2021 06:27 PM PDT

How can I calculate the optimal total connection count from my service to the my DB endpoint? Is there a basic formula based on expected number of queries per second and CPU and IO taken by each query? For queries per second I could use the traffic that my service needs to support.

Similarly, is there a formula to calculate the optimal database instance type/size to use based on traffic patterns and query characteristics (CPU, IO consumed or latency of query)?

I will be using this to create the connection pool in my service. I'm assuming that if my service has N hosts then per host the connection pool size need to be the total optimal connection count divided by N.

Note: By instance type I mean similar to AWS EC2 instance type which provides info on vCPU and memory (RAM)

Enquiry on raid 1

Posted: 23 Mar 2021 06:12 PM PDT

my DC has added a new disk hard, it appear as md124 inactive sdc1, when i try to mount, the error is unknown filesystem type 'linux_raid_member'

I need to use this disk for backup VM. can I just do a fdisk fdisk /dev/sdc1? or I do have to break the raid array?

#Break the array, removing the mirror mdadm --manage /dev/md124 --fail /dev/sdc1 mdadm --manage /dev/md124 --remove /dev/sdc1 #Create a new file system on the mirror mke2fs -t ext4 -j /dev/sdc1 #Mount the mirror so you can use it mkdir /mnt/backup mount /dev/sdc1 /mnt/backup

[root@~]# cat /proc/mdstat Personalities : [raid1] md124 : inactive sdc10 976628736 blocks super 1.2

md128 : active raid1 sdb4[1] sda4[0] 919444160 blocks super 1.2 [2/2] [UU] bitmap: 0/7 pages [0KB], 65536KB chunk

md125 : active raid1 sdb2[1] sda2[0] 524288 blocks super 1.2 [2/2] [UU] bitmap: 0/1 pages [0KB], 65536KB chunk

md126 : active raid1 sdb3[1] sda3[0] 52427776 blocks super 1.2 [2/2] [UU] bitmap: 1/1 pages [4KB], 65536KB chunk

md127 : active raid1 sdb1[1] sda1[0] 4193280 blocks super 1.2 [2/2] [UU]

many thanks in advance

Possible conflict with multiple SSL certificates?

Posted: 23 Mar 2021 06:54 PM PDT

We currently have a SSL certificate for mycompany.com in GoDaddy and they are asking me to get one for our QA department for the URL qa.mycompany.com. I have installed certificates just fine with Let's Encrypt before, but never for a subdomain, and specially with a domain with a certificate installed already.

qa.mycompany.com is hosted in another server, with another public IP. The DNS configuration is done in GoDaddy where mycompany.com and qa.mycompany.com is hosted. I am planning to use certbot to install Let's Encrypt certificate for qa.mycompany.com in QA server.

Is there any risk in doing this? Like overriding the SSL certificate of mycompany.com? Or making it invalid after installing the one for qa.mycompany.com?

Given an existing unencrypted AWS EFS volume, can somebody give me a path for encrypting it without data loss?

Posted: 23 Mar 2021 10:18 PM PDT

We have discovered that we really ought to have encrypted the MySql database and EFS volume on our application, at the time of creation. We are now attempting to correct the oversight.

I've read the Amazon document about converting a database from unencrypted to encrypted, as well as the ServerFault thread about changing encryption keys.

What would be the best and most practical way to do something similar for the EFS volume?

(And is anybody aware of any ways to improve the process on the database side?)

Access Point setting on tplink TL-mr3420

Posted: 23 Mar 2021 09:43 PM PDT

We have a network with Mikrotik cloud core Routerboard (with DHCP pool of 172.16.0.1 - 172.16.255.254) which we use for Hotspot authentication.

A Cisco 2960 switch is connected to the Mikrotik and from it, we distribute network across the school via fiber.

At each faculty, from the fiber multimedia converter, we feed the network into a cisco 2960 switch which distributes to offices in that faculty.

We also have about 4 tplink Tl-mr3420 access points in each faculty.

We were having clients connected to the wireless kicked out at the faculties then I realized all the 4 tplink were by default running as dhcp routers and all assigning same range of IP (192.168.0.XX)

So, I disabled dhcp on the tplink so as to make it an access point but it demands for a LAN IP in the configuration and when set, it says it's not in the same segment as the IP. But when I use an IP within the one for the Mikrotik DHCP pool, it accepts but all devices take ages connecting to the Mikrotik but aren't being issued IP.

Any suggestions on why the clients don't get IP address from Mikrotik and also, which is the ideal ip address I should use in the tplink for LAN setup?

Thank you.

Wireguard Unable to Complete Handshake on Android only 4G network

Posted: 23 Mar 2021 09:09 PM PDT

I have a Wireguard server on my home network which works fine on all my devices, including my phone when it's connected on Wi-Fi. The problem comes when I disconnect from the Wi-Fi and go on 4G, now my phone is unable to complete the handshake with my server.

On my router, I have UDP port 51820 forwarded to my Wireguard server. On my phone, I connect to the VPN using the DNS name (vpn.mydomain.tld:51820)

I've enabled kernel logging for Wireguard to help me troubleshoot this but sadly I haven't been able to find what's wrong with my setup.

Here are the logs on my server that appear when I'm trying to connect from my phone (via 4G)

Mar 23 17:49:36 wireguard kernel: [448095.663902] wireguard: wg0: Keypair 9893 created for peer 16  Mar 23 17:49:45 wireguard kernel: [448104.009541] wireguard: wg0: Receiving handshake initiation from peer 16 (xxx.xxx.xxx.xxx:40061)  Mar 23 17:49:45 wireguard kernel: [448104.009546] wireguard: wg0: Sending handshake response to peer 16 (xxx.xxx.xxx.xxx:40061)  Mar 23 17:49:45 wireguard kernel: [448104.010284] wireguard: wg0: Keypair 9893 destroyed for peer 16  Mar 23 17:49:45 wireguard kernel: [448104.010286] wireguard: wg0: Keypair 9894 created for peer 16  Mar 23 17:49:50 wireguard kernel: [448109.069901] wireguard: wg0: Receiving handshake initiation from peer 16 (xxx.xxx.xxx.xxx:40061)  Mar 23 17:49:50 wireguard kernel: [448109.069903] wireguard: wg0: Sending handshake response to peer 16 (xxx.xxx.xxx.xxx:40061)  Mar 23 17:49:50 wireguard kernel: [448109.070073] wireguard: wg0: Keypair 9894 destroyed for peer 16

On my phone, I see the following:

peer(...) - Sending handshake initiation  peer(...) - Handshake did not complete after 5 seconds, retrying (try 2)  peer(...) - Sending handshake initiation  peer(...) - Handshake did not complete after 5 seconds, retrying (try 2)  peer(...) - Sending handshake initiation

Since it works fine when I'm connected to my home Wi-Fi, I'm at a loss as to what to look for other that port forwarding, but that works fine as far as I can tell.

Here is the wg0.conf on my server:

[Interface]  Address = 10.10.10.3/32  SaveConfig = true  PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -d 10.10.10.0/24 -o eth0 -j MASQUERADE; iptables -t nat -A POSTROUTING ! -d 10.10.10.0/24 -o pia -j MASQUERADE  PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -d 10.10.10.0/24 -o eth0 -j MASQUERADE; iptables -t nat -A POSTROUTING ! -d 10.10.10.0/24 -o pia -j MASQUERADE  ListenPort = 51820  PrivateKey = [removed]    [Peer]  PublicKey = [removed]  AllowedIPs = 10.10.10.245/32  Endpoint = 10.10.10.147:60743

And the connection file on my phone (running Android 11):

[Interface]  Address = 10.10.10.245/24  DNS = 10.10.10.2  PrivateKey = [removed]    [Peer]  AllowedIPs = 0.0.0.0/0  Endpoint = vpn.mydomain.tld:51820  PersistentKeepalive = 25  PublicKey = [removed]

I've made sure the keys are matching but since the connection works fine when connected to my Wi-Fi, I don't think the config file is to blame.

I have UFW installed on the server, with the following config:

To                         Action      From  --                         ------      ----  51820/udp                  ALLOW       Anywhere  22/tcp                     ALLOW       Anywhere  10050                      ALLOW       Anywhere  51820/udp (v6)             ALLOW       Anywhere (v6)  22/tcp (v6)                ALLOW       Anywhere (v6)  10050 (v6)                 ALLOW       Anywhere (v6)

However I disabled it to make sure it wasn't interfering, and it didn't change anything. At this point I don't know what is wrong nor what to search for to help me in figuring this out so any help will be welcome

Any PowerShell Script to Backup and restore Ms-sql database using dB username and password?

Posted: 23 Mar 2021 09:05 PM PDT

I am looking for a PowerShell script which can take backup and restore MS-SQL databases using SQL authentication.

How to use scp when cygwin is used as default shell

Posted: 23 Mar 2021 06:18 PM PDT

I have installed openssh-server from optional features on a Windows machine. I can ssh and scp (I need upload only) from my Linux box; However I don't like cmd shell, so I installed Cygwin and set it as default shell for openssh-server (configure shell for openssh). Now the ssh works but scp doesn't (again from my Linux box). scp hangs until I break it with Ctrl+c and no file is transferred. When I ran it with -v option, it hangs on debug1: Sending command: scp -v -r -t /tmp/

This behavior is 100% reproducible and switching the openssh-server shell between cmd and Cygwin.bat gives the explained results all the times.

I remember reading somewhere: the shell shouldn't echo anything or it won't work with scp, I checked ~/.bashrc and ~/.profile and didn't see anything printing out.

I tried set TERM=linux in Cygwin.bat but it didn't help.

I tried to find a way to distinguish scp from ssh in Cygwin.bat but couldn't find a way (my goal was to not start Cygwin64/bin/bash.exe for scp).

Thanks for reading.

Ubuntu 20.04 container failing to startup in Proxmox

Posted: 23 Mar 2021 05:50 PM PDT

Hello I have created a Ubuntu 20.04 and 18.04 container in Proxmox and both return the same error when I try to start them up after creating the container via the Proxmox GUI.

They fail to start and return the following error message:

Job for pve-container@100.service failed because the control process exited with error code.  See "systemctl status pve-container@100.service" and "journalctl -xe" for details.  TASK ERROR: command 'systemctl start pve-container@100' failed: exit code 1

I found another serverfault question that sounds similar]1, however the error is slightly different and I have not even got to the step of being able to set anything up. These are clean Ubuntu templates downloaded right through Proxmox's official location. Also when I setup Proxmox I and the containers I left everything default including all the storage things.

I am a bit unclear on where to go from here or what to do.

I also did the journalctl -xe command and the systemctl status commands as the error messages indicates for details and here are the results:

# journalctl -xe  -- Support: https://www.debian.org/support  --   -- An ExecStart= process belonging to unit pve-container@100.service has exited.  --   -- The process' exit code is 'exited' and its exit status is 1.  May 06 17:53:56 ns500282 systemd[1]: pve-container@100.service: Killing process 14587 (lxc-start) with signal SIGKILL.  May 06 17:53:56 ns500282 systemd[1]: pve-container@100.service: Killing process 14648 (apparmor_parser) with signal SIGKILL.  May 06 17:53:56 ns500282 systemd[1]: pve-container@100.service: Failed with result 'exit-code'.  -- Subject: Unit failed  -- Defined-By: systemd  -- Support: https://www.debian.org/support  --   -- The unit pve-container@100.service has entered the 'failed' state with result 'exit-code'.  May 06 17:53:56 ns500282 systemd[1]: Failed to start PVE LXC Container: 100.  -- Subject: A start job for unit pve-container@100.service has failed  -- Defined-By: systemd  -- Support: https://www.debian.org/support  --   -- A start job for unit pve-container@100.service has finished with a failure.  --   -- The job identifier is 173480 and the job result is failed.  May 06 17:54:00 ns500282 systemd[1]: Starting Proxmox VE replication runner...  -- Subject: A start job for unit pvesr.service has begun execution  -- Defined-By: systemd  -- Support: https://www.debian.org/support  --   -- A start job for unit pvesr.service has begun execution.  --   -- The job identifier is 173490.  May 06 17:54:00 ns500282 systemd[1]: pvesr.service: Succeeded.  -- Subject: Unit succeeded  -- Defined-By: systemd  -- Support: https://www.debian.org/support  --   -- The unit pvesr.service has successfully entered the 'dead' state.  May 06 17:54:00 ns500282 systemd[1]: Started Proxmox VE replication runner.  -- Subject: A start job for unit pvesr.service has finished successfully  -- Defined-By: systemd  -- Support: https://www.debian.org/support  --   -- A start job for unit pvesr.service has finished successfully.  --   -- The job identifier is 173490.

and

# systemctl status pve-container@100.service  ● pve-container@100.service - PVE LXC Container: 100     Loaded: loaded (/lib/systemd/system/pve-container@.service; static; vendor preset: enabled)     Active: failed (Result: exit-code) since Wed 2020-05-06 17:53:56 EDT; 2min 19s ago       Docs: man:lxc-start             man:lxc             man:pct    Process: 14579 ExecStart=/usr/bin/lxc-start -n 100 (code=exited, status=1/FAILURE)    May 06 17:53:54 ns500282 systemd[1]: Starting PVE LXC Container: 100...  May 06 17:53:56 ns500282 lxc-start[14579]: lxc-start: 100: lxccontainer.c: wait_on_daemonized_start: 874 Received container state "ABORTING" instead of "RUNNING"  May 06 17:53:56 ns500282 lxc-start[14579]: lxc-start: 100: tools/lxc_start.c: main: 329 The container failed to start  May 06 17:53:56 ns500282 lxc-start[14579]: lxc-start: 100: tools/lxc_start.c: main: 332 To get more details, run the container in foreground mode  May 06 17:53:56 ns500282 lxc-start[14579]: lxc-start: 100: tools/lxc_start.c: main: 335 Additional information can be obtained by setting the --logfile and --logpriority   May 06 17:53:56 ns500282 systemd[1]: pve-container@100.service: Control process exited, code=exited, status=1/FAILURE  May 06 17:53:56 ns500282 systemd[1]: pve-container@100.service: Killing process 14587 (lxc-start) with signal SIGKILL.  May 06 17:53:56 ns500282 systemd[1]: pve-container@100.service: Killing process 14648 (apparmor_parser) with signal SIGKILL.  May 06 17:53:56 ns500282 systemd[1]: pve-container@100.service: Failed with result 'exit-code'.  May 06 17:53:56 ns500282 systemd[1]: Failed to start PVE LXC Container: 100.

[service I created].service: Failed to execute command: Permission denied

Posted: 23 Mar 2021 09:01 PM PDT

I've been trying to set up a website that runs from my computer that runs Ubuntu. I've managed to troubleshoot most of my problems thus far and I think I'm nearing the end of getting this thing online. The website I'm trying to get installed and running is called WriteFreely (it's a minimalist blogging platform that enables myself and others to sign up and start blogging without distractions.

I've followed this guide here: https://writefreely.org/start and have been successful all the way up to the heading Starting the service. I'm running Ubuntu 18.04 and so have followed this instruction: create a Systemd service by creating a file at /etc/systemd/system/writefreely.service:. I assumed that I would need to open the text editor, create a .service file called writefreely.service, and copy and paste the service script in:

[Unit]  Description=WriteFreely Instance  After=syslog.target network.target  # If MySQL is running on the same machine, uncomment the following   # line to use it, instead.   #After=syslog.target network.target mysql.service    [Service]  Type=simple  StandardOutput=syslog  StandardError=syslog  WorkingDirectory=/var/www/example.com  ExecStart=/var/www/example.com/writefreely  Restart=always    [Install]  WantedBy=multi-user.target

In the documentation provided, it tells you to change the /var/www/example.com's to your own domain. I did so by going to /var/www/ and created a folder with my domain in (amcosy.club) and then moved the latest writefreely folder into this newly created folder.

Now, this is where I'm truly unsure what to do. I've entered in sudo systemctl start writefreely, it asks for my password and then nothing happens. I assume that's normal. The next input is to verify the application log with sudo journalctl -f -u writefreely. This returns the following:

-- Logs begin at Wed 2020-04-08 00:01:21 BST. --  Apr 08 20:10:42 AMCosyClub systemd[11537]: writefreely.service: Failed to execute command: Permission denied  Apr 08 20:10:42 AMCosyClub systemd[11537]: writefreely.service: Failed at step EXEC spawning /var/www/amcosy.club/writefreely: Permission denied  Apr 08 20:10:42 AMCosyClub systemd[1]: writefreely.service: Main process exited, code=exited, status=203/EXEC  Apr 08 20:10:42 AMCosyClub systemd[1]: writefreely.service: Failed with result 'exit-code'.  Apr 08 20:10:42 AMCosyClub systemd[1]: writefreely.service: Service hold-off time over, scheduling restart.  Apr 08 20:10:42 AMCosyClub systemd[1]: writefreely.service: Scheduled restart job, restart counter is at 5.  Apr 08 20:10:42 AMCosyClub systemd[1]: Stopped WriteFreely Instance.  Apr 08 20:10:42 AMCosyClub systemd[1]: writefreely.service: Start request repeated too quickly.  Apr 08 20:10:42 AMCosyClub systemd[1]: writefreely.service: Failed with result 'exit-code'.  Apr 08 20:10:42 AMCosyClub systemd[1]: Failed to start WriteFreely Instance.

I apologise if this is something really obvious but I'm really not great with all this. If I need to provide additional details, please let me know! Very grateful to anyone who can offer insight!

Edit 1 Running id produces: uid=1000(harry) gid=1000(harry) groups=1000(harry),4(adm),24(cdrom),27(sudo),30(dip),33(www-data),46(plugdev),116(lpadmin),126(sambashare)

Running df -h produces

Filesystem Size Used Avail Use% Mounted on udev 5.8G 0 5.8G 0% /dev tmpfs 1.2G 1.9M 1.2G 1% /run /dev/sda7 41G 27G 13G 70% / tmpfs 5.9G 64M 5.8G 2% /dev/shm tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 5.9G 0 5.9G 0% /sys/fs/cgroup /dev/loop1 1.0M 1.0M 0 100% /snap/gnome-logs/81 /dev/loop6 15M 15M 0 100% /snap/gnome-characters/495 /dev/loop5 49M 49M 0 100% /snap/gtk-common-themes/1474 /dev/loop0 161M 161M 0 100% /snap/gnome-3-28-1804/116 /dev/loop7 3.8M 3.8M 0 100% /snap/gnome-system-monitor/127 /dev/loop4 15M 15M 0 100% /snap/gnome-characters/399 /dev/loop2 45M 45M 0 100% /snap/gtk-common-themes/1440 /dev/loop9 3.8M 3.8M 0 100% /snap/gnome-system-monitor/135 /dev/loop10 1.0M 1.0M 0 100% /snap/gnome-logs/93 /dev/loop11 4.3M 4.3M 0 100% /snap/gnome-calculator/544 /dev/loop8 90M 90M 0 100% /snap/core/8268 /dev/loop12 4.4M 4.4M 0 100% /snap/gnome-calculator/704 /dev/loop3 55M 55M 0 100% /snap/core18/1668 /dev/loop13 55M 55M 0 100% /snap/core18/1705 /dev/loop14 94M 94M 0 100% /snap/core/8935 /dev/sda2 256M 110M 147M 43% /boot/efi tmpfs 1.2G 20K 1.2G 1% /run/user/1000

dmesg gives a lot feedback. Thousands of lines, actually.

[ 65.595748] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] is repeated constantly.

[ 65.595754] nouveau 0000:07:00.0: timeout [ 65.595757] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595765] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595815] WARNING: CPU: 4 PID: 294 at /build/linux-hwe-3vURZB/linux-hwe-5.3.0/drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c:174 gk104_fifo_runlist_commit+0x140/0x190 [nouveau] [ 65.595816] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595818] Modules linked in: rfcomm cmac bnep nls_iso8859_1 intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp kvm irqbypass nouveau snd_hda_codec_hdmi i915 btusb crct10dif_pclmul btrtl crc32_pclmul btbcm mxm_wmi ghash_clmulni_intel ttm btintel [ 65.595824] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595824] aesni_intel drm_kms_helper bluetooth wl(POE) mei_hdcp aes_x86_64 crypto_simd cryptd glue_helper intel_cstate intel_rapl_perf ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 snd_hda_codec_idt snd_hda_codec_generic ledtrig_audio xt_hl snd_hda_intel uvcvideo snd_intel_nhlt ip6t_rt videobuf2_vmalloc videobuf2_memops snd_hda_codec [ 65.595832] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595832] videobuf2_v4l2 videobuf2_common hp_wmi serio_raw videodev snd_hda_core snd_hwdep ecdh_generic sparse_keymap mc input_leds ipt_REJECT ecc wmi_bmof joydev nf_reject_ipv4 snd_pcm drm cfg80211 xt_comment snd_seq_midi snd_seq_midi_event i2c_algo_bit fb_sys_fops snd_rawmidi syscopyarea rtsx_pci_ms [ 65.595839] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595839] hp_accel sysfillrect lis3lv02d nf_log_ipv4 sysimgblt memstick input_polldev nf_log_common lpc_ich snd_seq xt_LOG snd_seq_device snd_timer snd soundcore ie31200_edac mac_hid mei_me intel_smartconnect hp_wireless mei [ 65.595847] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595847] xt_limit xt_tcpudp xt_addrtype sch_fq_codel xt_conntrack ip6table_filter ip6_tables nf_conntrack_netbios_ns nf_conntrack_broadcast nf_nat_ftp nf_nat nf_conntrack_ftp nf_conntrack parport_pc nf_defrag_ipv6 ppdev nf_defrag_ipv4 libcrc32c iptable_filter bpfilter [ 65.595854] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595855] lp parport ip_tables x_tables autofs4 hid_generic usbhid hid rtsx_pci_sdmmc r8169 psmouse ahci realtek libahci rtsx_pci wmi video [ 65.595863] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595866] CPU: 4 PID: 294 Comm: kworker/4:2 Tainted: P W OE 5.3.0-46-generic #38~18.04.1-Ubuntu [ 65.595867] Hardware name: Hewlett-Packard HP ENVY 17 Notebook PC/1968, BIOS F.60 04/08/2014 [ 65.595870] Workqueue: pm pm_runtime_work [ 65.595871] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595908] RIP: 0010:gk104_fifo_runlist_commit+0x140/0x190 [nouveau] [ 65.595909] Code: 45 a8 48 8b 40 10 48 8b 78 10 48 8b 5f 50 48 85 db 74 49 e8 62 cc b5 f5 48 89 da 48 89 c6 48 c7 c7 a5 3a 46 c1 e8 10 ce 51 f5 <0f> 0b 41 8b 46 50 85 c0 74 a0 41 8b 46 28 44 89 e9 48 c7 c6 b0 8a [ 65.595910] RSP: 0018:ffffac5b803f7a80 EFLAGS: 00010282 [ 65.595912] RAX: 0000000000000000 RBX: ffff9fa810bf8450 RCX: 0000000000000006 [ 65.595912] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffff9fa813117440 [ 65.595913] RBP: ffffac5b803f7ae0 R08: 000000000057c9a3 R09: 0000000000000004 [ 65.595914] R10: 0000000000000000 R11: 0000000000000001 R12: 00000000000022a4 [ 65.595915] R13: 0000000000000004 R14: ffff9fa80df1a000 R15: 0000000000000000 [ 65.595915] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595917] FS: 0000000000000000(0000) GS:ffff9fa813100000(0000) knlGS:0000000000000000 [ 65.595918] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 65.595919] CR2: 00007f9f1d3e1120 CR3: 000000029500a002 CR4: 00000000001606e0 [ 65.595920] Call Trace: [ 65.595922] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595958] gk104_fifo_runlist_update+0x1cc/0x200 [nouveau] [ 65.595959] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.595994] gk104_fifo_gpfifo_fini+0x84/0xa0 [nouveau] [ 65.595994] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596030] nvkm_fifo_chan_fini+0x1d/0x30 [nouveau] [ 65.596030] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596047] nvkm_object_fini+0xbd/0x220 [nouveau] [ 65.596048] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596066] nvkm_object_fini+0x78/0x220 [nouveau] [ 65.596067] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596088] nvkm_object_fini+0x78/0x220 [nouveau] [ 65.596089] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596104] nvkm_object_fini+0x78/0x220 [nouveau] [ 65.596105] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596136] nvkm_client_suspend+0x13/0x20 [nouveau] [ 65.596136] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596156] nvif_client_suspend+0x1d/0x20 [nouveau] [ 65.596157] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596185] nouveau_do_suspend+0x1a0/0x2c0 [nouveau] [ 65.596186] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596215] nouveau_pmops_runtime_suspend+0x44/0xb0 [nouveau] [ 65.596215] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596218] pci_pm_runtime_suspend+0x62/0x1a0 [ 65.596222] ? __switch_to_asm+0x40/0x70 [ 65.596222] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596224] ? pci_pm_runtime_resume+0xd0/0xd0 [ 65.596227] __rpm_callback+0x9b/0x150 [ 65.596228] ? pci_pm_runtime_resume+0xd0/0xd0 [ 65.596230] rpm_callback+0x24/0x80 [ 65.596231] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596233] rpm_suspend+0x109/0x600 [ 65.596236] ? __switch_to+0x85/0x480 [ 65.596237] ? __switch_to_asm+0x40/0x70 [ 65.596238] ? __switch_to_asm+0x34/0x70 [ 65.596239] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596241] pm_runtime_work+0x78/0xa0 [ 65.596244] process_one_work+0x1fd/0x3f0 [ 65.596246] worker_thread+0x34/0x410 [ 65.596248] kthread+0x121/0x140 [ 65.596248] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596251] ? process_one_work+0x3f0/0x3f0 [ 65.596252] ? kthread_park+0xb0/0xb0 [ 65.596254] ret_from_fork+0x35/0x40 [ 65.596255] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596256] ---[ end trace 4dbe70ab8c0632f5 ]--- [ 65.596258] nouveau 0000:07:00.0: fifo: runlist 4 update timeout [ 65.596263] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596273] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 65.596283] nouveau 0000:07:00.0: fifo: SCHED_ERROR 20 [] [ 126.942326] [UFW BLOCK] IN=wlp8s0 OUT= MAC=(MAC Address) df:(df) SRC=(SRC) DST=(DST) LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2

Edit 2 After running sudo ls -l /var/www/amcosy.club/writefreely I get the following:

total 50600 -rw-rw-rw- 1 root root 1004 Apr 7 20:43 config.ini drwxrwxrwx 2 root root 4096 Apr 7 20:43 keys drwxrwxrwx 2 root root 4096 Dec 18 02:41 pages drwxrwxrwx 6 root root 4096 Dec 18 02:41 static drwxrwxrwx 4 root root 4096 Dec 18 02:41 templates -rwxrwxrwx 1 root root 51786256 Dec 18 02:43 writefreely

postfix 3.3.0 has fatal error "bad string length 0 < 1"

Posted: 23 Mar 2021 10:08 PM PDT

I'm migrating my mail server from an older instance of postfix (3.2.0) to 3.3.0 on Ubuntu. I'm installing from apt and installation went fine. I'm in the process of trying to set up my MySQL connections, copying them from my old system to this one.

I'm running into a problem when I try to run postmap -q example@example.com mysql:aliases.cf. The error I get is:

postmap: fatal: bad string length 0 < 1: aliases.cf_dbname =

The file in question (aliases.cf) is simple:

hosts = 127.0.0.1  user = postfix_user  password = hunter2  dbname = postfix_db    query = SELECT `destination`          FROM `mail_aliases`          WHERE          `alias_address` = '%u'          AND `domain` = '%d'          AND `active` = 1

I've done a couple of things to troubleshoot this:

  • I've tried adding options_file and options_group which didn't help.
  • Kept options_file and options_group and removed hosts, user, and `password. Didn't work
  • Created a hash file (flat file) and that works
  • Sent an email to an address in the database (via sendmail on the local box) but get this error: Sep 17 01:06:42 ec21234 postfix/cleanup[4230]: warning: mysql:/etc/postfix/virtual/aliases.cf lookup error for "example@example.com"
  • Connecting to the database directly with username and password works perfectly.

I've done a bit of google searching and haven't been able to find anything useful. The closest I could find was this result which only loads when viewed with Google Cache.

dnsmasq not forwarding request to nameserver

Posted: 23 Mar 2021 09:01 PM PDT

I'm trying to run two instances of dnsmasq on a raspberry pi, I've gotten quite far. I'm currently trying to get the first dnsmasq server to forward any request it doesn't know the answer to to the second server but it only seems to be working if I dig <address> @127.0.0.1. Using the external addresses of the either interface, or querying from another machine doesn't do it.

Querying either server directly gets the desired result, but trying to get the first server to forward results from the second... not so much.

Config for instance A (lan):

root@Raspberry-server:~# cat /etc/dnsmasq/dnsmasq.conf    port=53  except-interface=eth0.1  bind-interfaces    no-hosts  #changing the cache size makes no difference  #cache-size=5000  cache-size=0    # uncomment to forget about 404 responses  #no-negcache    #resolv-file=/etc/dnsmasq/resolv.lan.conf  #no-poll  no-resolv  strict-order    server=192.168.1.13    auth-server=raspberry.lan,eth0  auth-zone=lan,192.168.1.0/24  host-record=raspberry.lan,192.168.1.11  host-record=htpc.lan,192.168.1.10  host-record=tom.lan,192.168.1.12

Config for instance B (global):

root@Raspberry-server:~# cat /etc/dnsmasq/dnsmasq.blocker.conf    port=53  bind-interfaces  listen-address=192.168.1.13    no-hosts  addn-hosts=/etc/dnsmasq/blocked.host  cache-size=100000    # uncomment to forget about 404 responses  #no-negcache    resolv-file=/etc/dnsmasq/resolv.blocker.conf  #no-poll    strict-order

Instance A status log:

systemd[1]: Starting DNSMasq Lightweight DNS server...  dnsmasq[1651]: dnsmasq: syntax check OK.  dnsmasq[1656]: started, version 2.76 cache disabled  dnsmasq[1656]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify  systemd[1]: Started DNSMasq Lightweight DNS server.  dnsmasq[1656]: using nameserver 192.168.1.13#53

nginx as Reverse Proxy - Disable Upstream Node if 502

Posted: 23 Mar 2021 10:08 PM PDT

There is a very simple LB, say, LB1

upstream api_servers {      least_conn;          server 10.0.0.193;          server 10.0.0.11;      }  server {      location / {          proxy_http_version 1.1;          proxy_pass http://api_servers;      }  }

Each of the upstream servers is also an nginx LB running locally and reverse proxying a process on 9000 port. The problem is that when any of the processes on port 9000 go down, then LB1 happily returns 502 if request hits one of the machines where the process is down.

LB1:nginx:80 -> 10.0.0.193:nginx:80 -> localhost:9000

How do I tell nginx LB1 to not send requests to a node, which responds with 502?

auditd - Getting only EXECVE in ausearch?

Posted: 23 Mar 2021 07:06 PM PDT

I'd like to use the auditd daemon to log whatever is run as or by root on our servers. To that effect, I added the following lines to /etc/audit/audit.rules:

# Log all commands run as (or by) root  -a exit,always -F arch=b64 -F euid=0 -S execve -k exec_root  -a exit,always -F arch=b32 -F euid=0 -S execve -k exec_root

Works well. Now I'd like to ausearch(8) to return only the actual commands, that have been run. It returns too much for me…

# ausearch -k exec_root -c ausearch -m execve  …  ----  time->Fri Jun 17 13:43:08 2016  type=PROCTITLE msg=audit(1466163788.236:26612): proctitle=6175736561726368002D6B00657865635F726F6F74002D63006175736561726368002D6D00657865637665  type=PATH msg=audit(1466163788.236:26612): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=687763 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL  type=PATH msg=audit(1466163788.236:26612): item=0 name="/sbin/ausearch" inode=407310 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL  type=CWD msg=audit(1466163788.236:26612):  cwd="/home/ask"  type=EXECVE msg=audit(1466163788.236:26612): argc=7 a0="ausearch" a1="-k" a2="exec_root" a3="-c" a4="ausearch" a5="-m" a6="execve"  type=SYSCALL msg=audit(1466163788.236:26612): arch=c000003e syscall=59 success=yes exit=0 a0=559e5b5c5198 a1=559e5b5cb3f8 a2=559e5b5bfba0 a3=559e5b5db000 items=2 ppid=5651 pid=5652 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=1 comm="ausearch" exe="/sbin/ausearch" key="exec_root"  ----  time->Fri Jun 17 13:50:29 2016  type=PROCTITLE msg=audit(1466164229.888:31811): proctitle=6175736561726368002D6B00657865635F726F6F74002D63006175736561726368002D6D00657865637665  type=PATH msg=audit(1466164229.888:31811): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=687763 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL  type=PATH msg=audit(1466164229.888:31811): item=0 name="/sbin/ausearch" inode=407310 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL  type=CWD msg=audit(1466164229.888:31811):  cwd="/home/ask"  type=EXECVE msg=audit(1466164229.888:31811): argc=7 a0="ausearch" a1="-k" a2="exec_root" a3="-c" a4="ausearch" a5="-m" a6="execve"  type=SYSCALL msg=audit(1466164229.888:31811): arch=c000003e syscall=59 success=yes exit=0 a0=55cc1c3a0198 a1=55cc1c3a63f8 a2=55cc1c39aba0 a3=55cc1c3b6000 items=2 ppid=6163 pid=6164 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=1 comm="ausearch" exe="/sbin/ausearch" key="exec_root"

I would like to ONLY get the type=EXECVE lines, WITHOUT having to use grep… ☺

But as you can see in the example above, adding -m execve to the ausearch(8) command didn' work. It also returned type=PROCTITLE, type=PATH etc.pp. lines.

What's the right way to go?

I'm on Ubuntu 16.04.

Thanks, Alexander

openssl default md5 message digest default_md not listed in cert

Posted: 23 Mar 2021 05:04 PM PDT

According to this serverfault answer the default message digest for openssl 1.0 is MD5. My openssl.cnf file has default_md set to default.

I generated a certificate using openssl 1.0.0:

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 360

When I query the cert I see:

Signature Algorithm: sha1WithRSAEncryption  Public Key Algorithm: rsaEncryption

How can I query the cert to show what the message digest is? Or how can I determine what the deafult_md is other than the openssl doc?

Disabling cloud-init if metadata server cannot be reached

Posted: 23 Mar 2021 06:00 PM PDT

I'm trying to get cloud-init to not take any action if the metadata server cannot be reached. If cloud-init ignores the error and continues executing (which seems to be the default configuration), then it resets the host SSH key, administrative user password, etc., which is a problem if the virtual machine was being used already beforehand (if password login was configured, then users can no longer access the VM).

I'm seeing this problem in two situations:

  • The metadata server goes down
  • Software is installed that blocks connections to the metadata server during boot (most recently, seeing this with ubuntu-desktop)

SQL Server 2008 local connection an error occurred during the pre-login handshake

Posted: 23 Mar 2021 07:06 PM PDT

I am getting an error while trying to connect to SQL locally either via a web application or SQL management Studio. Oddly, I can connect fine remotely via apps on other servers or SQL management on my desktop.

The error is: SQL - an error occurred during the pre-login handshake.

EDIT I have tried the winsock command listed on the other page I have tried adding tcp:servername,1433 to the Registry as Suggested elsewhere on here. I have tried running this fix it from Microsoft http://support.microsoft.com/kb/2643584 I am still getting the same issue which is that SQL Agent cannot start, if I re-enable SSL3 and reboot all works fine disable again and here is the error i recieve

2014-11-24 21:03:34 - ! [000] Unable to connect to server 'tcp:servername,1433'; SQLServerAgent cannot start 2014-11-24 21:03:34 - ! [298] SQLServer Error: 10054, TCP Provider: An existing connection was forcibly closed by the remote host. [SQLSTATE 08001] 2014-11-24 21:03:34 - ! [298] SQLServer Error: 10054, Client unable to establish connection [SQLSTATE 08001] 2014-11-24 21:03:34 - ! [382] Logon to server 'tcp:servername,1433' failed (DisableAgentXPs) 2014-11-24 21:03:35 - ? [098] SQLServerAgent terminated (normally)

Where is the samba name "workstation" coming from?

Posted: 23 Mar 2021 08:01 PM PDT

The output of smbstatus running on OS X Mavericks with the latest Server app installed (but with native SMB shut down in favor of the Samba implementation from Homebrew) contains many entries like this one

IPC$ 85975 workstation Tue Aug 5 11:58:03 2014

I've worked out that all of these users are connecting via OS X. All users who connect through Windows have their computer name displayed. I have checked on my own OS X machine (with computer name, local host name, and host name all set) and I even show up as "workstation." Where is this name coming from? How can I change it?

Check processor status- check processor/cpu status and failed/off status

Posted: 23 Mar 2021 08:01 PM PDT

I want to Check processor status- check processor/cpu status and failed/off status so for that I used command prtdiag and want to fetch the cpu status only from that. how can i do that?

set up apache http server in windows as proxy to access another domain

Posted: 23 Mar 2021 06:00 PM PDT

I know this should be very basic and simple in theory, but I need to complete this task, I'm new to this and for some reason I can't find a suitable example that works for me.

I am running apache 2.2 in windows 8. I need to access a website, let's call it x.com, through my proxy. The reason is that I need to show it in an iframe and also programmatically log in on it, for which I need to use javascript. This is prevented by cross domain ajax security constraints. By proxying the site I could do that.

I have installed Apache http server. Uncommented the following line

LoadModule proxy_module modules/mod_proxy.so

in file "httpd.conf" and overwritten file conf\extra\httpd-vhosts.conf with the following:

NameVirtualHost *:80    <VirtualHost *:80>      ServerAdmin webmaster@dummy-host.localhost      DocumentRoot "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/docs/dummy-host.localhost"      ServerName 127.0.0.1:80      ProxyRequests off      ProxyPass /feature http://x.com/      ProxyPassReverse /feature https://x.com/      ProxyPassReverseCookieDomain x.com localhost      ErrorLog "logs/dummy-host.localhost-error.log"      CustomLog "logs/dummy-host.localhost-access.log" common      <Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.2/docs/dummy-host.localhost">          AllowOverride all          Order Deny,Allow          Deny from all          Allow from 127.0.0.1      </Directory>  </VirtualHost>

I restarted the apache service, now I go to :

http://localhost/feature

and get

Not Found

The requested URL /feature was not found on this server.

What could be wrong with this set up? Is there something else I need to configure?

Thank you

Securing RDP for a public web server

Posted: 23 Mar 2021 08:39 PM PDT

I'm a developer of a server-based web application. My client has organised a virtual server to be hosted with one of their ISPs. The server is running Windows Server 2008 R2. It's a completely standalone machine (i.e. no domain, no policies pushed down, etc) and I have total control over it. I should note that while I know a reasonable amount about Windows, I'm not a server admin myself and don't know a great deal about how to manage servers.

However, the ISP doesn't provide any sort of VPN or other security for accessing the machine. They've opened the ports I need publicly open, but the RDP ports are causing me some concern. I need to be able to RDP in from a few machines, and unfortunately some of these have dynamic IPs due to being mobile machines.

Although the application is minimal risk, I still really don't like having RDP open to the world as well - unfortunately, the options they've given me are:

  • open RDP to the world so I can use Windows Firewall on the server to manage the IPs that are allowed to access the machine
  • open RDP to specific IPs at their firewall level

I was wondering if there are any other solutions anyone can think of which will let me secure RDP but somehow open it to particular IPs as I need to, and that would work on a standalone machine like this?

in house DNS server

Posted: 23 Mar 2021 06:20 PM PDT

We are curently using the DNS of our ISP but i would like to setup our own in house dns server so that we could manage local names, and in short use this in house DNS server instead of .hosts file on all of our computers.

I would like the DNS server to resolve DNS only to certain IP's (so this way i could filter internet access in a way, by providing DNS resolution only to domains that are of use to our business and accordingly to IP's -something like openDns) -i know i could setup a transparent squid to do filtering, but i've been interested in seting up a local DNS server and could not find the necesary resources online.

I am interested in a unix, debian, friendly app (windows is accepted also).

any thoughts ?
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)