| Selenium: The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed Posted: 29 May 2021 09:45 PM PDT I am trying to install and configure the Selenium command line runner in Amazon EC2 Ubuntu 20.04 instance. https://www.selenium.dev/selenium-ide/docs/en/introduction/command-line-runner But when running the command selenium-side-runner Mynew.side, I faced the following error. info: Running Mynew.side FAIL ./MySuiteOne.test.js ● Test suite failed to run WebDriverError: unknown error: Chrome failed to start: exited abnormally. (unknown error: DevToolsActivePort file doesn't exist) (The process started from chrome location /usr/bin/google-chrome is no longer running, so ChromeDriver is assuming that Chrome has crashed.) at Object.throwDecodedError (../../usr/local/lib/node_modules/selenium-side-runner/node_modules/selenium-webdriver/lib/error.js:550:15) at parseHttpResponse (../../usr/local/lib/node_modules/selenium-side-runner/node_modules/selenium-webdriver/lib/http.js:560:13) at Executor.execute (../../usr/local/lib/node_modules/selenium-side-runner/node_modules/selenium-webdriver/lib/http.js:486:26) Test Suites: 1 failed, 1 total
Here is the (.side) I exported from file Selenium IDE as an extension of the chrome browser { "id": "6fe36969-3843-4f1d-ab08-c4c2887f44ed", "version": "2.0", "name": "Mynew", "url": "https://opensource-demo.orangehrmlive.com/index.php/auth/login", "tests": [{ "id": "f227a3fa-4d62-4a4d-9f11-8b461a727c23", "name": "MytestOne", "commands": [{ "id": "4c29844f-7f52-4b27-a20d-73eb392c3f09", "comment": "", "command": "open", "target": "https://opensource-demo.orangehrmlive.com/index.php/auth/login", "targets": [], "value": "" }, { "id": "b19287f1-0dd4-426f-91dc-029e33c2768a", "comment": "", "command": "setWindowSize", "target": "1050x708", "targets": [], "value": "" }, { "id": "7b1eb8bb-850a-426a-a037-715fab5e38a2", "comment": "", "command": "click", "target": "id=txtUsername", "targets": [ ["id=txtUsername", "id"], ["name=txtUsername", "name"], ["css=#txtUsername", "css:finder"], ["xpath=//input[@id='txtUsername']", "xpath:attributes"], ["xpath=//div[@id='divUsername']/input", "xpath:idRelative"], ["xpath=//div[2]/input", "xpath:position"] ], "value": "" }, { "id": "8888ace2-2c67-4b05-b113-aef8c69c6bdb", "comment": "", "command": "type", "target": "id=txtUsername", "targets": [ ["id=txtUsername", "id"], ["name=txtUsername", "name"], ["css=#txtUsername", "css:finder"], ["xpath=//input[@id='txtUsername']", "xpath:attributes"], ["xpath=//div[@id='divUsername']/input", "xpath:idRelative"], ["xpath=//div[2]/input", "xpath:position"] ], "value": "Admin" }, { "id": "ad27d038-0e59-4bfd-afb1-ae190c58960f", "comment": "", "command": "click", "target": "id=frmLogin", "targets": [ ["id=frmLogin", "id"], ["css=#frmLogin", "css:finder"], ["xpath=//form[@id='frmLogin']", "xpath:attributes"], ["xpath=//div[@id='divLoginForm']/form", "xpath:idRelative"], ["xpath=//form", "xpath:position"] ], "value": "" }, { "id": "8912fdd1-f7dc-4a6a-876e-4473d21a5198", "comment": "", "command": "click", "target": "id=txtPassword", "targets": [ ["id=txtPassword", "id"], ["name=txtPassword", "name"], ["css=#txtPassword", "css:finder"], ["xpath=//input[@id='txtPassword']", "xpath:attributes"], ["xpath=//div[@id='divPassword']/input", "xpath:idRelative"], ["xpath=//div[3]/input", "xpath:position"] ], "value": "" }, { "id": "1cae4fd9-ad05-41d5-886d-da15c80aa53f", "comment": "", "command": "type", "target": "id=txtPassword", "targets": [ ["id=txtPassword", "id"], ["name=txtPassword", "name"], ["css=#txtPassword", "css:finder"], ["xpath=//input[@id='txtPassword']", "xpath:attributes"], ["xpath=//div[@id='divPassword']/input", "xpath:idRelative"], ["xpath=//div[3]/input", "xpath:position"] ], "value": "admin123" }, { "id": "cdd370c8-3197-4484-8177-d38497d8e435", "comment": "", "command": "click", "target": "id=btnLogin", "targets": [ ["id=btnLogin", "id"], ["name=Submit", "name"], ["css=#btnLogin", "css:finder"], ["xpath=//input[@id='btnLogin']", "xpath:attributes"], ["xpath=//div[@id='divLoginButton']/input", "xpath:idRelative"], ["xpath=//div[5]/input", "xpath:position"] ], "value": "" }, { "id": "6a9375a3-b0f5-4139-b970-74e255008439", "comment": "", "command": "click", "target": "id=welcome", "targets": [ ["id=welcome", "id"], ["linkText=Welcome Peter", "linkText"], ["css=#welcome", "css:finder"], ["xpath=//a[contains(text(),'Welcome Peter')]", "xpath:link"], ["xpath=//a[@id='welcome']", "xpath:attributes"], ["xpath=//div[@id='branding']/a[2]", "xpath:idRelative"], ["xpath=//a[contains(@href, '#')]", "xpath:href"], ["xpath=//a[2]", "xpath:position"], ["xpath=//a[contains(.,'Welcome Peter')]", "xpath:innerText"] ], "value": "" }, { "id": "20fb027f-f8c1-4dd1-825c-d6f0ed938baa", "comment": "", "command": "click", "target": "linkText=Logout", "targets": [ ["linkText=Logout", "linkText"], ["css=#welcome-menu li:nth-child(3) > a", "css:finder"], ["xpath=//a[contains(text(),'Logout')]", "xpath:link"], ["xpath=//div[@id='welcome-menu']/ul/li[3]/a", "xpath:idRelative"], ["xpath=//a[contains(@href, '/index.php/auth/logout')]", "xpath:href"], ["xpath=//li[3]/a", "xpath:position"], ["xpath=//a[contains(.,'Logout')]", "xpath:innerText"] ], "value": "" }, { "id": "4ccf113b-b7bb-4ca9-b8be-acf7c90ade36", "comment": "", "command": "close", "target": "", "targets": [], "value": "" }] }], "suites": [{ "id": "1943d405-1ba8-4bc5-b54e-6e4fe64708d7", "name": "MySuiteOne", "persistSession": false, "parallel": true, "timeout": 300, "tests": ["f227a3fa-4d62-4a4d-9f11-8b461a727c23"] }], "urls": ["https://opensource-demo.orangehrmlive.com/index.php/auth/login"], "plugins": [] }
Please let me know what I am missing.  |
| Hardware token/UUID for authentication of software Posted: 29 May 2021 09:22 PM PDT Is there a unique hardware token or a UUID on every computer motherboard/BIOS that can be used to create a "strongly coupled" software? I am working on writing a proprietary software for a client and I can't afford anyone to create copies of the same, since unauthorized duplication and installation can cause the entire setup to malfunction which would lead to loss of life and property. The setup works on multiple hardware devices on a LAN each one having its own security key and creates a setup similar to "blockchain". I wanted to know if there's a special hardware device/IC on motherboards (like BIOS), which is unique for all computers manufactured in the world? I read through a few articles and I figured out following alternatives: - BIOS has a unique serial number - Issue: Not all BIOS manufacturers ensure writing a serial number to their chips. My current computer is one such example. Motherboard manufacturer is
MSI and BIOS produced by AMI. When queried, I get Default string as result. - USB token devices - Issue: USB devices are detachable, and it may be migrated to a new system without much effort along with the software.
- MAC address - Issue: It can be changed very easily. I dont want to client to have trouble by just changing the network card.
- MFA (Multi-factor authentication) - Issue: The LAN would have no connectivity to WWW, so it may not be possible to implement this at all.
Is there an alternative to this? I want to have a strongly coupled system so that it because very tough (if not impossible) to create copies. Any maintenance needed can only be carried out by trained and authorized personnel.  |
| windows installed to raw partition run in virtualbox Posted: 29 May 2021 08:25 PM PDT A desktop system ships with an installation of Windows 10. Subsequently, the main Windows partition is collapsed to make space for a Linux installation. The system boots to Linux normally, with the Windows installation unused. Without affecting the volume layout, it is desired to boot the Windows installation in a virtual machine through Oracle VirtualBox. In principle, doing so seems possible through VMDK raw images. A straightforward strategy is to import the UEFI boot partition into the raw image, for booting the virtual machine. However, support for UEFI emulation in VirtualBox is not fully functional, and MBR emulation is preferred. Then, since the physical partition has no MBR data, it is necessary to import the Windows partition into the raw image, and somehow add to the virtual machine additional media that boot the Windows installation. Is such a strategy viable? If so, how? Is another strategy more optimal?  |
| Desktop VNC clients (linux/win/mac) which can connect to vnc-over-websocket (websockify)? Posted: 29 May 2021 08:11 PM PDT I have a ~50-user websockify turbovnc installation, that is to say, it serves vnc/rfb protocol wrapped inside a websocket. Clients must connect through the websocket to access VNC, no direct non-https port access is possible in this installation. Users currently access their desktops in their web browser using the noVNC javascript client, which connects to their personal websockify-wrapped Xturbovnc process using a websocket URL, say https://myip.com/username/turbovnc_websocket. This works great for most of my users, who value the convenience of "only browser needed to access my linux apps" over framerate, local resource usage, and latency. Recently, several users with GIS workloads started using my turbovnc service, and after some testing and discussion, it seems likely they would experience better performance with a native VNC client than (even a fairly well tuned) javascript vnc client like noVNC. Does anyone know of native desktop VNC clients for Linux, Mac, or Windows, open source strongly preferred, which can connect directly to an https websocket URL that serves VNC? If there isn't such a thing, does anyone know of an approach (preferably cross-platform?) by which I might be able to install a local reverse-websockify proxy, or another approach to use a native client WITHOUT websocket support with a websocket using a shim or reverse proxy.  |
| GCP Indonesian Can't Connect From Telkom Indihome Network Posted: 29 May 2021 06:41 PM PDT I use google compute engine in Indonesian region. Some of Telkom Indihome Indonesian users can't access google compute engine indonesian ip public since about 1 week It seems that google compute engine Indonesian IP address doesn't link to Indonesian IIX network yet. Some of Telkom ip address : 180.252.124.205 36.85.218.110 114.5.251.12 If I try to mtr to those ip addresses, doesn't show route path  |
| Accessing console of Hyper-V guest when guest has no network configured remotely Posted: 29 May 2021 05:49 PM PDT Is there a way to get console access (possibly remote desktop access) to a Hyper-V guest remotely when the guest has no network connection? I'd like to provide console access to the owner of the guest without them logging into the Hyper-V host machine. Locally, VMConnect application does this. However, this requires login to the Hyper-V Host. Think it as a IPMI remote console but for a Hyper-V guest. Use case: - Ability to have the owner of the guest to install their own OS manually and remotely.
 |
| Why is ther no DNS after OpenVPN connect via Tunnelblick on OSX? Posted: 29 May 2021 02:10 PM PDT I have installed OpenVPN Server on a remote Ubunut 20.04 machine and I connect from Mac OS 11.4 to it via Tunnelblick. The connection works, but I loose DNS. After the connect I can only use IP Adresses and no DNS resolution is possible anymore. I tried every setting in Tunnelblick I could think off, but no change. There is an older setup to another similar server that workes perfectly also via tunnel blick and I do not see any difference despite the IP Adress. This seems to be a common problem as this tutorial is all about the problem, however in my case I could not figure out a way to get it to work. https://tunnelblick.net/cConnectedBut.html I have set the google DNS servers within the clients DNS settings. This is the log file from the client: 2021-05-29 23:02:06.802449 *Tunnelblick: macOS 11.4 (20F71); Tunnelblick 3.8.5a (build 5671); prior version 3.8.5 (build 5670) 2021-05-29 23:02:07.255442 *Tunnelblick: Attempting connection with m360 prod using shadow copy; Set nameserver = 769; monitoring connection 2021-05-29 23:02:07.256239 *Tunnelblick: openvpnstart start m360\ prod.tblk 49921 769 0 1 0 34718000 -ptADGNWradsgnw 2.4.11-openssl-1.1.1k 2021-05-29 23:02:07.282309 *Tunnelblick: openvpnstart starting OpenVPN 2021-05-29 23:02:08.048682 OpenVPN 2.4.11 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Apr 21 2021 2021-05-29 23:02:08.048832 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10 2021-05-29 23:02:08.055654 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:49921 2021-05-29 23:02:08.055699 Need hold release from management interface, waiting... 2021-05-29 23:02:08.520898 *Tunnelblick: openvpnstart log: OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line): /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.11-openssl-1.1.1k/openvpn --daemon --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sandy-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sm360 prod.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_34718000.49921.openvpn.log --cd /Library/Application Support/Tunnelblick/Users/andy/m360 prod.tblk/Contents/Resources --machine-readable-output --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5671 3.8.5a (build 5671)" --verb 3 --config /Library/Application Support/Tunnelblick/Users/andy/m360 prod.tblk/Contents/Resources/config.ovpn --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/andy/m360 prod.tblk/Contents/Resources --verb 3 --cd /Library/Application Support/Tunnelblick/Users/andy/m360 prod.tblk/Contents/Resources --management 127.0.0.1 49921 /Library/Application Support/Tunnelblick/pdcdjeghcidlbmbjaeiljeabolbcfkaicmdkkpge.mip --management-query-passwords --management-hold --script-security 2 --route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -o -w -ptADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -o -w -ptADGNWradsgnw 2021-05-29 23:02:08.529283 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:49921 2021-05-29 23:02:08.554471 MANAGEMENT: CMD 'pid' 2021-05-29 23:02:08.554551 MANAGEMENT: CMD 'auth-retry interact' 2021-05-29 23:02:08.554672 MANAGEMENT: CMD 'state on' 2021-05-29 23:02:08.554734 MANAGEMENT: CMD 'state' 2021-05-29 23:02:08.554933 MANAGEMENT: CMD 'bytecount 1' 2021-05-29 23:02:08.556361 *Tunnelblick: Established communication with OpenVPN 2021-05-29 23:02:08.581476 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info 2021-05-29 23:02:08.583078 MANAGEMENT: CMD 'hold release' 2021-05-29 23:02:08.585077 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2021-05-29 23:02:08.597350 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2021-05-29 23:02:08.597417 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2021-05-29 23:02:08.598459 TCP/UDP: Preserving recently used remote address: [AF_INET]65.21.89.153:1194 2021-05-29 23:02:08.598583 Socket Buffers: R=[786896->786896] S=[9216->9216] 2021-05-29 23:02:08.598599 UDPv4 link local: (not bound) 2021-05-29 23:02:08.598609 UDPv4 link remote: [AF_INET]65.21.89.153:1194 2021-05-29 23:02:08.598688 MANAGEMENT: >STATE:1622322128,WAIT,,,,,, 2021-05-29 23:02:08.649733 MANAGEMENT: >STATE:1622322128,AUTH,,,,,, 2021-05-29 23:02:08.649781 TLS: Initial packet from [AF_INET]65.21.89.153:1194, sid=916cb05c 49ea9ae4 2021-05-29 23:02:08.702226 VERIFY OK: depth=1, CN=Easy-RSA CA 2021-05-29 23:02:08.703008 VERIFY KU OK 2021-05-29 23:02:08.703071 Validating certificate extended key usage 2021-05-29 23:02:08.703091 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-05-29 23:02:08.703101 VERIFY EKU OK 2021-05-29 23:02:08.703110 VERIFY OK: depth=0, CN=server 2021-05-29 23:02:08.761808 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1586', remote='link-mtu 1602' 2021-05-29 23:02:08.761872 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC' 2021-05-29 23:02:08.761897 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256' 2021-05-29 23:02:08.762012 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA 2021-05-29 23:02:08.762077 [server] Peer Connection Initiated with [AF_INET]65.21.89.153:1194 2021-05-29 23:02:10.008486 MANAGEMENT: >STATE:1622322130,GET_CONFIG,,,,,, 2021-05-29 23:02:10.008667 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) 2021-05-29 23:02:10.058706 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' 2021-05-29 23:02:10.058862 OPTIONS IMPORT: timers and/or timeouts modified 2021-05-29 23:02:10.058881 OPTIONS IMPORT: --ifconfig/up options modified 2021-05-29 23:02:10.058890 OPTIONS IMPORT: route options modified 2021-05-29 23:02:10.058900 OPTIONS IMPORT: route-related options modified 2021-05-29 23:02:10.058910 OPTIONS IMPORT: peer-id set 2021-05-29 23:02:10.058920 OPTIONS IMPORT: adjusting link_mtu to 1625 2021-05-29 23:02:10.058930 OPTIONS IMPORT: data channel crypto options modified 2021-05-29 23:02:10.058942 Data Channel: using negotiated cipher 'AES-256-GCM' 2021-05-29 23:02:10.059078 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2021-05-29 23:02:10.059131 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2021-05-29 23:02:10.059547 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16) 2021-05-29 23:02:10.059583 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16) 2021-05-29 23:02:10.059747 Opened utun device utun2 2021-05-29 23:02:10.059802 MANAGEMENT: >STATE:1622322130,ASSIGN_IP,,10.8.0.2,,,, 2021-05-29 23:02:10.059829 /sbin/ifconfig utun2 delete ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address 2021-05-29 23:02:10.066799 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure 2021-05-29 23:02:10.066882 /sbin/ifconfig utun2 10.8.0.2 10.8.0.2 netmask 255.255.255.0 mtu 1500 up 2021-05-29 23:02:10.070217 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0 add net 10.8.0.0: gateway 10.8.0.2 2021-05-29 23:02:10.076198 /sbin/route add -net 65.21.89.153 192.143.0.1 255.255.255.255 add net 65.21.89.153: gateway 192.143.0.1 2021-05-29 23:02:10.084088 /sbin/route add -net 0.0.0.0 10.8.0.1 128.0.0.0 add net 0.0.0.0: gateway 10.8.0.1 2021-05-29 23:02:10.087514 /sbin/route add -net 128.0.0.0 10.8.0.1 128.0.0.0 add net 128.0.0.0: gateway 10.8.0.1 23:02:10 *Tunnelblick: ********************************************** 23:02:10 *Tunnelblick: Start of output from client.up.tunnelblick.sh 23:02:12 *Tunnelblick: NOTE: No network configuration changes need to be made. 23:02:12 *Tunnelblick: WARNING: Will NOT monitor for other network configuration changes. 23:02:12 *Tunnelblick: WARNING: Will NOT disable IPv6 settings. 23:02:12 *Tunnelblick: DNS servers '8.8.8.8 8.8.4.4' will be used for DNS queries when the VPN is active 23:02:12 *Tunnelblick: The DNS servers include only free public DNS servers known to Tunnelblick. 23:02:12 *Tunnelblick: Flushed the DNS cache via dscacheutil 23:02:12 *Tunnelblick: /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil 23:02:12 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed 23:02:12 *Tunnelblick: Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running 23:02:12 *Tunnelblick: End of output from client.up.tunnelblick.sh 23:02:12 *Tunnelblick: ********************************************** 2021-05-29 23:02:12.459253 Initialization Sequence Completed 2021-05-29 23:02:12.459475 MANAGEMENT: >STATE:1622322132,CONNECTED,SUCCESS,10.8.0.2,65.21.89.153,1194,, 2021-05-29 23:02:13.685928 *Tunnelblick: DNS address 8.8.4.4 is being routed through the VPN 2021-05-29 23:02:13.794665 *Tunnelblick: DNS address 8.8.8.8 is being routed through the VPN 2021-05-29 23:02:29.680839 *Tunnelblick: Disconnecting; 'Disconnect all' menu command invoked 2021-05-29 23:02:29.824428 *Tunnelblick: Disconnecting using 'kill' 2021-05-29 23:02:29.988280 event_wait : Interrupted system call (code=4) 2021-05-29 23:02:29.989151 /sbin/route delete -net 65.21.89.153 192.143.0.1 255.255.255.255 delete net 65.21.89.153: gateway 192.143.0.1 2021-05-29 23:02:29.991522 /sbin/route delete -net 0.0.0.0 10.8.0.1 128.0.0.0 delete net 0.0.0.0: gateway 10.8.0.1 2021-05-29 23:02:29.994161 /sbin/route delete -net 128.0.0.0 10.8.0.1 128.0.0.0 delete net 128.0.0.0: gateway 10.8.0.1 2021-05-29 23:02:29.997076 Closing TUN/TAP interface 2021-05-29 23:02:29.997536 /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -o -w -ptADGNWradsgnw utun2 1500 1553 10.8.0.2 255.255.255.0 init 23:02:30 *Tunnelblick: ********************************************** 23:02:30 *Tunnelblick: Start of output from client.down.tunnelblick.sh 23:02:31 *Tunnelblick: WARNING: Not restoring network settings because no saved Tunnelblick DNS information was found. 23:02:31 *Tunnelblick: Flushed the DNS cache with dscacheutil -flushcache 23:02:31 *Tunnelblick: Notified mDNSResponder that the DNS cache was flushed 23:02:31 *Tunnelblick: End of output from client.down.tunnelblick.sh 23:02:31 *Tunnelblick: ********************************************** 2021-05-29 23:02:31.207592 SIGTERM[hard,] received, process exiting 2021-05-29 23:02:31.207660 MANAGEMENT: >STATE:1622322151,EXITING,SIGTERM,,,,, 2021-05-29 23:02:31.862451 *Tunnelblick: Expected disconnection occurred.
 |
| Some questions about SFP+ fiber networking in general Posted: 29 May 2021 04:54 PM PDT Ok. So I'm completely new to the world of fiber. I've used Ethernet all my life. We're looking to upgrade some of our infrastructure, and I'm thinking of getting a few of these: 10G Dual SFP+ NIC https://www.fs.com/products/75600.html for our servers and a couple of these to connect them POE Switch with 4x10G SFP+ Uplinks https://www.fs.com/products/90132.html But I'm a bit confused about this transceiver stuff. Do these NICs and Switches just have holes in them that I'm supposed to put transceivers in? I'm used to regular switches with regular ethernet, I get a patch cable rated for the speed I want and plug it in at each point and call it a day. I know I want 10G Fiber to and from my servers, and then 1G Ethernet is fine everywhere else. What am I missing? Am I just worrying for nothing? Anything? What kinds of wires do I even need? There are so many, and with ethernet I just know all this stuff already. But I don't even know what to search for when it comes to fiber.  |
| Stuck on "Instance is being verified" Posted: 29 May 2021 07:26 PM PDT I've created instance groups of min. 2-instances by using Google Cloud. When I hover over the state of the instance group it says it is transforming while the instances are being verified. Please help, 
 |
| Azure VM Scale Set: When exactly is a state change considered 'complete'? Posted: 29 May 2021 09:39 PM PDT I'm asking because this is relevant for the autorepair grace period.
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-instance-repairs#grace-period When an instance goes through a state change operation because of a PUT, PATCH or POST action performed on the scale set (for example reimage, redeploy, update, etc.), then any repair action on that instance is performed only after waiting for the grace period. Grace period is the amount of time to allow the instance to return to healthy state. The grace period starts after the state change has completed. We use a stock image, and then use the custom scripts extension to configure the machine. These scripts take a long time, think ~30 minutes. I've seen that when the custom scripts throw an error, that the VM creation is then marked as a failure. What's not clear to me, is whether the run time of these custom scripts is included in the 'state change' or not. Has anyone tested this, is there documentation of this somewhere?  |
| Issues with apt-get update Posted: 29 May 2021 02:00 PM PDT I have a digitalocean cloud server (Ubuntu 16.04) that I have setup my ufw on. When I try to run apt-get update, I get the following: Err:1 http://mirrors.digitalocean.com/ubuntu xenial InRelease Temporary failure resolving 'mirrors.digitalocean.com' Err:2 http://mirrors.digitalocean.com/ubuntu xenial-updates InRelease Temporary failure resolving 'mirrors.digitalocean.com' Err:3 http://mirrors.digitalocean.com/ubuntu xenial-backports InRelease Temporary failure resolving 'mirrors.digitalocean.com' Err:4 http://security.ubuntu.com/ubuntu xenial-security InRelease Temporary failure resolving 'security.ubuntu.com' Err:5 http://ppa.launchpad.net/ondrej/php/ubuntu xenial InRelease Temporary failure resolving 'ppa.launchpad.net' Reading package lists... Done W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'mirrors.digitalocean.com' W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'mirrors.digitalocean.com' W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/xenial-backports/InRelease Temporary failure resolving 'mirrors.digitalocean.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Failed to fetch http://ppa.launchpad.net/ondrej/php/ubuntu/dists/xenial/InRelease Temporary failure resolving 'ppa.launchpad.net' W: Some index files failed to download. They have been ignored, or old ones used instead.
What I've tried: mv /var/lib/apt/lists /var/lib/apt/lists.old apt-get clean apt-get update #<= Err:1 http://mirrors.digitalocean.com/ubuntu xenial InRelease Temporary failure resolving 'mirrors.digitalocean.com' Err:2 http://mirrors.digitalocean.com/ubuntu xenial-updates InRelease Temporary failure resolving 'mirrors.digitalocean.com' Err:3 http://mirrors.digitalocean.com/ubuntu xenial-backports InRelease Temporary failure resolving 'mirrors.digitalocean.com' Err:4 http://security.ubuntu.com/ubuntu xenial-security InRelease Temporary failure resolving 'security.ubuntu.com' Err:5 http://ppa.launchpad.net/ondrej/php/ubuntu xenial InRelease Temporary failure resolving 'ppa.launchpad.net' Reading package lists... Done W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/xenial/InRelease Temporary failure resolving 'mirrors.digitalocean.com' W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/xenial-updates/InRelease Temporary failure resolving 'mirrors.digitalocean.com' W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/xenial-backports/InRelease Temporary failure resolving 'mirrors.digitalocean.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Failed to fetch http://ppa.launchpad.net/ondrej/php/ubuntu/dists/xenial/InRelease Temporary failure resolving 'ppa.launchpad.net' W: Some index files failed to download. They have been ignored, or old ones used instead.
The output of my resolv.conf and my name servers: cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN cat /etc/network/interfaces.d/50-cloud-init.cfg # This file is generated from information provided by # the datasource. Changes to it will not persist across an instance. # To disable cloud-init's network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} auto lo iface lo inet loopback dns-nameservers 67.207.67.2 67.207.67.3
ufw has been configured to allow apt-get by allowing port 53 and port 123. Even disabling ufw produces the same results, I've been googling the problem and it seems very common, but none of the fixes for it have worked for me, does anybody know of any fixes for this issue?
 |
| DMARC fails on forwarded mails without DKIM Posted: 29 May 2021 07:03 PM PDT I am running a mail server (postfix) on a VPS that is set up to forward all mail sent to an address in my private domain to a GMail address. SPF, SRS, DKIM, and DMARC are set up for my mail server and work fine for most mail, i.e. forwarded mails equipped with SPF, DKIM, and DMARC are delivered into my GMail inbox and the GMail servers report them as passing SPF, DKIM, and DMARC. There are, however, senders that send mails with only SPF and DMARC, but no DKIM, e.g. deutschepost.de. This particular sender also has a DMARC reject policy implemented which leads to problems: When my server forwards the mail, SRS rewrites its envelope sender, so that SPF still passes when the message arrives at GMail. The rewritten envelope sender, however, leads to failure of DMARC's SPF alignment check, resulting in the message being rejected by GMail. As I understand from this explanation, this behavior is to be expected. But is there also a way to deal with it on my (i.e. the forwarder's) side? TL;DR How to forward mails with SPF and DMARC but no DKIM without breaking DMARC? EDIT: According to Jacob's comment, an option would be to rewrite the From header to my domain. Is it possible to do this with postfix only for mail that have SPF and DMARC, but no DKIM? Because those with DKIM would fail the alignment check after rewriting.  |
| How to properly install redis on opensuse Leap 42.3 Posted: 29 May 2021 06:05 PM PDT I have a big problem. I new in Owncloud. I have installed a owncloud 10.0.3 (newest), but in administrator panel I have a few warnings. So im trying to fix these. One of these are: transactional file locking should be configured to use memory-based locking, not the default slow database-based locking so, i read the manual of owncloud> https://doc.owncloud.org/server/latest/admin_manual/configuration/server/caching_configuration.html Next, they say that I must install a redis module..so now I stand in front of wall.. Maybe I will write what I did till now. But i think the best way will be that someone shows me from the begining how to proprly install redis on opensuse. Installed Redis by: wget http://download.redis.io/releases/redis-4.0.2.tar.gz tar xzf redis-4.0.2.tar.gz cd redis-4.0.2 make make install
add also php7-redis and extension=redis.so Created file: /etc/redis/redis.conf supervised systemd and then dir /var/lib/redis
I have an entry Owncloud Configuration added: This example config.php configuration uses Redis for the local server cache: 'memcache.local' => '\OC\Memcache\Redis', 'redis' => [ 'host' => 'localhost', 'port' => 6379, ], 'memcache.locking' => '\OC\Memcache\Redis', // Add this for best performance
Now I tried to change redis.service file, so i pasted in: /etc/systemd/system/redis.service [Unit] Description=Redis In-Memory Data Store After=network.target [Service] Type=forking User=redis Group=redis Environment=statedir=/run/redis PermissionsStartOnly=true PIDFile=/run/redis/redis.pid ExecStartPre=/bin/touch /var/log/redis.log ExecStartPre=/bin/chown redis:redis /var/log/redis.log ExecStartPre=/bin/mkdir -p ${statedir} ExecStartPre=/bin/chown -R redis:redis ${statedir} ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf ExecStop=/usr/local/bin/redis-cli shutdown ExecReload=/bin/kill -USR2 $MAINPID Restart=always RestartSec=3 [Install] WantedBy=multi-user.target
and error text from start redis serivice is: linux-kye3:/srv/www/htdocs/owncloud # systemctl status redis.service ● redis.service Loaded: loaded (/etc/systemd/system/redis.service; disabled; vendor preset: disabled) Active: activating (auto-restart) (Result: exit-code) since śro 2017-10-04 11:09:57 CEST; 1s ago Process: 13568 ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf (code=exited, status=1/FAILURE) Process: 13564 ExecStartPre=/bin/chown -R redis:redis ${statedir} (code=exited, status=0/SUCCESS) Process: 13560 ExecStartPre=/bin/mkdir -p ${statedir} (code=exited, status=0/SUCCESS) Process: 13556 ExecStartPre=/bin/chown redis:redis /var/log/redis.log (code=exited, status=0/SUCCESS) Process: 13554 ExecStartPre=/bin/touch /var/log/redis.log (code=exited, status=0/SUCCESS) Main PID: 13275 (code=exited, status=1/FAILURE) paź 04 11:09:57 vesta systemd[1]: redis.service: Control process exited, code=exited status=1 paź 04 11:09:57 vesta systemd[1]: Failed to start redis.service. paź 04 11:09:57 vesta systemd[1]: redis.service: Unit entered failed state. paź 04 11:09:57 vesta systemd[1]: redis.service: Failed with result 'exit-code'.
Please somene smart to help.  |
| How can I list the logged in users with PowerShell? Posted: 29 May 2021 03:00 PM PDT I'm trying to get a list of the logged on users from PowerShell. Is there a command that returns a list of the logged in users, regardless of whether their session is connected or disconnected? I'm only looking for local sessions, but remote sessions would be nice too.  |
| Apache not starting; httpd not working Posted: 29 May 2021 04:01 PM PDT I have apache installed on RHEL 7.2 and here is what I see upon starting apache as a root user: [root@exampledomain conf]# sudo apachectl start Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details. [root@exampledomain conf]# systemctl status httpd.service ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2017-03-06 10:13:04 CST; 13s ago Docs: man:httpd(8) man:apachectl(8) Process: 6068 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE) Process: 6061 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) Main PID: 6061 (code=exited, status=1/FAILURE) Mar 06 10:13:04 exampledomain.com systemd[1]: Starting The Apache HTTP Server... Mar 06 10:13:04 exampledomain.com httpd[6061]: (99)Cannot assign requested address: AH00072: make_sock: could not bind to address XX.XX.XXX.XX:80 Mar 06 10:13:04 exampledomain.com httpd[6061]: no listening sockets available, shutting down Mar 06 10:13:04 exampledomain.com httpd[6061]: AH00015: Unable to open logs Mar 06 10:13:04 exampledomain.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE Mar 06 10:13:04 exampledomain.com kill[6068]: kill: cannot find process "" Mar 06 10:13:04 exampledomain.com systemd[1]: httpd.service: control process exited, code=exited status=1 Mar 06 10:13:04 exampledomain.com systemd[1]: Failed to start The Apache HTTP Server. Mar 06 10:13:04 exampledomain.com systemd[1]: Unit httpd.service entered failed state. Mar 06 10:13:04 exampledomain.com systemd[1]: httpd.service failed. [root@exampledomain conf]#
After running the other command as a root user journalctl -xe, I saw the following: [root@exampledomain conf]# journalctl -xe Mar 06 10:10:07 exampledomain.com systemd[1]: Stopping user-0.slice. -- Subject: Unit user-0.slice has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit user-0.slice has begun shutting down. Mar 06 10:13:00 exampledomain.com polkitd[15042]: Registered Authentication Agent for unix-process:5884:119511260 (system bus name :1.10361 [/usr/bin Mar 06 10:13:00 exampledomain.com systemd[1]: Cannot add dependency job for unit microcode.service, ignoring: Unit is not loaded properly: Invalid ar Mar 06 10:13:00 exampledomain.com systemd[1]: Starting The Apache HTTP Server... -- Subject: Unit httpd.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit httpd.service has begun starting up. Mar 06 10:13:00 exampledomain.com httpd[5890]: (99)Cannot assign requested address: AH00072: make_sock: could not bind to address XX.XX.XXX.XX:80 Mar 06 10:13:00 exampledomain.com httpd[5890]: no listening sockets available, shutting down Mar 06 10:13:00 exampledomain.com httpd[5890]: AH00015: Unable to open logs Mar 06 10:13:00 exampledomain.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE Mar 06 10:13:00 exampledomain.com kill[5898]: kill: cannot find process "" Mar 06 10:13:00 exampledomain.com systemd[1]: httpd.service: control process exited, code=exited status=1 Mar 06 10:13:00 exampledomain.com systemd[1]: Failed to start The Apache HTTP Server. -- Subject: Unit httpd.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit httpd.service has failed. -- -- The result is failed. Mar 06 10:13:00 exampledomain.com systemd[1]: Unit httpd.service entered failed state. Mar 06 10:13:00 exampledomain.com systemd[1]: httpd.service failed. Mar 06 10:13:00 exampledomain.com polkitd[15042]: Unregistered Authentication Agent for unix-process:5884:119511260 (system bus name :1.10361, object Mar 06 10:13:04 exampledomain.com sudo[6052]: akhare : TTY=pts/1 ; PWD=/etc/httpd/conf ; USER=root ; COMMAND=/sbin/apachectl start Mar 06 10:13:04 exampledomain.com polkitd[15042]: Registered Authentication Agent for unix-process:6055:119511697 (system bus name :1.10362 [/usr/bin Mar 06 10:13:04 exampledomain.com systemd[1]: Cannot add dependency job for unit microcode.service, ignoring: Unit is not loaded properly: Invalid ar Mar 06 10:13:04 exampledomain.com systemd[1]: Starting The Apache HTTP Server... -- Subject: Unit httpd.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit httpd.service has begun starting up. Mar 06 10:13:04 exampledomain.com httpd[6061]: (99)Cannot assign requested address: AH00072: make_sock: could not bind to address XX.XX.XXX.XX:80 Mar 06 10:13:04 exampledomain.com httpd[6061]: no listening sockets available, shutting down Mar 06 10:13:04 exampledomain.com httpd[6061]: AH00015: Unable to open logs Mar 06 10:13:04 exampledomain.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE Mar 06 10:13:04 exampledomain.com kill[6068]: kill: cannot find process "" Mar 06 10:13:04 exampledomain.com systemd[1]: httpd.service: control process exited, code=exited status=1 Mar 06 10:13:04 exampledomain.com systemd[1]: Failed to start The Apache HTTP Server. -- Subject: Unit httpd.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit httpd.service has failed. -- -- The result is failed. Mar 06 10:13:04 exampledomain.com systemd[1]: Unit httpd.service entered failed state. Mar 06 10:13:04 exampledomain.com systemd[1]: httpd.service failed. Mar 06 10:13:05 exampledomain.com polkitd[15042]: Unregistered Authentication Agent for unix-process:6055:119511697 (system bus name :1.10362, object
I saw this post with the same error and tried to see the list of ports using the command mentioned over there netstat -punta | grep LISTEN but couldn't figure out what's the problem. The result of netstat -punta command is as follows: [root@termsprweb1 conf]# netstat -punta Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1350/smbd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 AAA.AAA.AAA.A:53 0.0.0.0:* LISTEN 2641/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1718/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1563/cupsd tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1350/smbd tcp 0 0 XX.XX.XXX.XX:22 YY.YY.YY.YYY:55863 ESTABLISHED 13706/sshd: myusername tcp 0 36 XX.XX.XXX.XX:22 YY.YY.YY.YYY:55025 ESTABLISHED 7497/sshd: myusername [ tcp 0 0 XX.XX.XXX.XX:22 YY.YY.YY.YYY:62755 ESTABLISHED 11633/sshd: myusername tcp 0 0 XX.XX.XXX.XX:22 CC.CC.CC.CCC:54496 ESTABLISHED 9475/sshd: otherusername tcp 0 0 XX.XX.XXX.XX:22 YY.YY.YY.YYY:55027 ESTABLISHED 7499/sshd: myusername [ tcp 0 0 XX.XX.XXX.XX:22 YY.YY.YY.YYY:62723 ESTABLISHED 11423/sshd: myusername tcp6 0 0 :::3306 :::* LISTEN 1799/mysqld tcp6 0 0 :::139 :::* LISTEN 1350/smbd tcp6 0 0 :::111 :::* LISTEN 1916/rpcbind tcp6 0 0 :::22 :::* LISTEN 1718/sshd tcp6 0 0 :::445 :::* LISTEN 1350/smbd udp 0 0 AAA.AAA.AAA.A:53 0.0.0.0:* 14932/dnsmasq udp 0 0 AAA.AAA.AAA.A:53 0.0.0.0:* 2641/dnsmasq udp 0 0 0.0.0.0:67 0.0.0.0:* 14932/dnsmasq udp 0 0 0.0.0.0:67 0.0.0.0:* 2641/dnsmasq udp 0 0 0.0.0.0:111 0.0.0.0:* 1916/rpcbind udp 0 0 XX.XX.XXX.XX:123 0.0.0.0:* 2968/ntpd udp 0 0 AAA.AAA.AAA.A:123 0.0.0.0:* 2968/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 2968/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 2968/ntpd udp 0 0 0.0.0.0:43237 0.0.0.0:* 1672/avahi-daemon: udp 0 0 0.0.0.0:819 0.0.0.0:* 1916/rpcbind udp 0 0 0.0.0.0:5353 0.0.0.0:* 1672/avahi-daemon: udp6 0 0 :::111 :::* 1916/rpcbind udp6 0 0 :::123 :::* 2968/ntpd udp6 0 0 :::819 :::* 1916/rpcbind where YY.YY.YY.YYY is my system IP address. XX.XX.XXX.XX is the server on which Apache is installed
 |
| A linked mailbox user sometimes connects to wrong Exchange organization Posted: 29 May 2021 08:06 PM PDT Configuration is as follows: - Domain hosting.contoso.com hosts an on-premises Exchange 2013 organization, that hosts several second level domains, including the contoso.com domain. The domain is in a separate forest, and has a forest trust with domain office.contoso.com, which is also a root domain of a separate forest.
- There is a VPN connection established between office.contoso.com and hosting.contoso.com, and all Exchange servers are available to both sides via internal IP ranges.
- Users in domain office.contoso.com have an UPN suffix of contoso.com, and connect to Exchange organization via MAPI over HTTPS resolved to external IP ranges of Exchange servers on hosting.contoso.com domain.
- The contoso.com name server is a standalone DNS server exposed as NS1.contoso.com to the Internet, and hosts all required MX, A, TXT and SRV records for contoso.com Exchange organization necessary to locate it from outside. OWA is also published and working.
- The office.contoso.com domain has recently been integrated with AD FS to Microsoft Office 365 tenant organization, which happens to have an Exchange organization of their own, however none of the DNS records of contoso.com are pointing to microsoft.com, office.com, outlook.com or elsewhere from Microsoft. All configuration is complete, neither side reports problems with AD integration.
A user from office.contoso.com has sent a message with Outlook 2016 from within internal network of office.contoso.com domain to a third party, with a CC address of one of public folder mailboxes in on-premises Exchange organization, and didn't get the message in that public folder. Investigation eventually discovered that the e-mail got sent via Office 365's Exchange organization which does not have the public folder's e-mail address registered, therefore an NDR was generated and placed into a cloud-based Exchange mailbox associated with this user. The third party had received the message properly, despite the SPF record of contoso.com domain that should have prevented Microsoft's servers to successfully send that email, as their external IP addresses do not reversely resolve to any of the contoso.com DNS names. (Third party mail server configuration is out of scope of this question) The question is: - HOW can Outlook discover that there is another Exchange organization set up to both connect and send e-mails for domain office.contoso.com?
- WHY did it actually decide to connect elsewhere but the primary Exchange account already configured to use the address from @contoso.com?
- WHY did Outlook NOT show the contents of the wrong mailbox after such a failover, and WHY did Outlook post the "Sent" message to the right mailbox, while sending it via wrong mailbox?
- HOW COME Office 365's Outlook installed on a PC in an external network connects to Office 365's organization despite valid autodiscover address existing in contoso.com domain? If a standalone installation of same Office version that's not using Office 365 for activation is used, autodiscovery process completes in a snap, with it getting connected with RPC/MAPI over HTTPS to the on-premises Exchange CAS server.
- What should the systems administrator of office.contoso.com domain perform to BOTH allow Office 365's Exchange organization to exist, and completely eliminate any chance of users' Outlooks to ever connect to it unless directly specified?
 |
| Postifx and Dovecot: fatal: no SASL authentication mechanisms Posted: 29 May 2021 08:06 PM PDT When I sent an test mail from my Gmail to my server, I get this error: fatal: no SASL authentication mechanisms Here is all my configuration files and log files, to help us: /var/log/maillog Nov 4 14:42:49 ns1 postfix/postfix-script[2147]: stopping the Postfix mail system Nov 4 14:42:49 ns1 postfix/master[1340]: terminating on signal 15 Nov 4 14:42:49 ns1 postfix/postfix-script[2228]: starting the Postfix mail system Nov 4 14:42:49 ns1 postfix/master[2230]: daemon started -- version 2.10.1, configuration /etc/postfix Nov 4 14:45:37 ns1 postfix/smtpd[2314]: connect from mail-oi0-f51.google.com[209.85.218.51] Nov 4 14:45:37 ns1 postfix/smtpd[2314]: fatal: no SASL authentication mechanisms Nov 4 14:45:38 ns1 postfix/master[2230]: warning: process /usr/libexec/postfix/smtpd pid 2314 exit status 1 Nov 4 14:45:38 ns1 postfix/master[2230]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Nov 4 14:47:18 ns1 postfix/anvil[2317]: statistics: max connection rate 1/60s for (smtp:209.85.218.51) at Nov 4 14:45:37 Nov 4 14:47:18 ns1 postfix/anvil[2317]: statistics: max connection count 1 for (smtp:209.85.218.51) at Nov 4 14:45:37 Nov 4 14:47:18 ns1 postfix/anvil[2317]: statistics: max cache size 1 at Nov 4 14:45:37
systemctl status dovecot -l [root@ns1 ~]# systemctl status dovecot -l dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2016-11-04 14:43:28 BRST; 35s ago Process: 2246 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS) Main PID: 2250 (dovecot) CGroup: /system.slice/dovecot.service ├─2250 /usr/sbin/dovecot -F ├─2251 dovecot/anvil ├─2252 dovecot/log └─2254 dovecot/config Nov 04 14:43:28 ns1.domain.com.br systemd[1]: Starting Dovecot IMAP/POP3 email server... Nov 04 14:43:28 ns1.domain.com.br systemd[1]: Started Dovecot IMAP/POP3 email server.
systemctl status postfix -l [root@ns1 ~]# systemctl status postfix -l postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2016-11-04 14:42:49 BRST; 1min 55s ago Process: 2141 ExecStop=/usr/sbin/postfix stop (code=exited, status=0/SUCCESS) Process: 2158 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS) Process: 2154 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS) Process: 2152 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS) Main PID: 2230 (master) CGroup: /system.slice/postfix.service ├─2230 /usr/libexec/postfix/master -w ├─2231 pickup -l -t unix -u └─2232 qmgr -l -t unix -u Nov 04 14:42:49 ns1.domain.com.br systemd[1]: Starting Postfix Mail Transport Agent... Nov 04 14:42:49 ns1.domain.com.br postfix/postfix-script[2228]: starting the Postfix mail system Nov 04 14:42:49 ns1.domain.com.br postfix/master[2230]: daemon started -- version 2.10.1, configuration /etc/postfix Nov 04 14:42:49 ns1.domain.com.br systemd[1]: Started Postfix Mail Transport Agent.
systemctl status saslauthd -l [root@ns1 ~]# systemctl status saslauthd -l saslauthd.service - SASL authentication daemon. Loaded: loaded (/usr/lib/systemd/system/saslauthd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2016-11-03 12:19:08 BRST; 1 day 2h ago Process: 1978 ExecStart=/usr/sbin/saslauthd -m $SOCKETDIR -a $MECH $FLAGS (code=exited, status=0/SUCCESS) Main PID: 1979 (saslauthd) CGroup: /system.slice/saslauthd.service ├─1979 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r ├─1980 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r ├─1981 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r ├─1982 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r └─1983 /usr/sbin/saslauthd -m /run/saslauthd -a pam -r Nov 03 12:19:08 ns1.domain.com.br systemd[1]: Starting SASL authentication daemon.... Nov 03 12:19:08 ns1.domain.com.br saslauthd[1979]: detach_tty : master pid is: 1979 Nov 03 12:19:08 ns1.domain.com.br saslauthd[1979]: ipc_init : listening on socket: /run/saslauthd/mux Nov 03 12:19:08 ns1.domain.com.br systemd[1]: Started SASL authentication daemon..
/etc/postfix/main.cf # MY CONFIGS myhostname = mail.domain.com.br mydomain = domain.com.br myorigin = $mydomain inet_protocols = ipv4 mydestination = $myhostname, localhost, ns1.domain.com.br mynetworks = 168.100.189.0/28, 127.0.0.0/8 relay_domains = $mydestination alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases home_mailbox = Maildir/ mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME virtual_alias_maps = hash:/etc/postfix/virtual sender_bcc_maps = hash:/etc/postfix/bcc recipient_bcc_maps = hash:/etc/postfix/bcc queue_directory = /var/spool/postfix milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 # SASL broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_security_options = noanonymous noplaintext smtpd_sasl_local_domain = domain.com.br smtpd_recipient_restrictions = check_policy_service unix:/var/spool/postfix/postgrey/socket # TLS smtpd_use_tls = yes smtpd_tls_key_file = /etc/postfix/ssl/mail.domain.com.br.key smtpd_tls_cert_file = /etc/postfix/ssl/mail.domain.com.br.crt smtpd_tls_security_level=encrypt smtpd_tls_auth_only = yes smtpd_sasl_tls_security_options = noanonymous, noplaintext
/etc/postfix/master.cf smtp inet n - n - - smtpd
/etc/dovecot/dovecot.conf protocols = imap pop3 listen = *
/etc/dovecot/10-auth.conf disable_plaintext_auth = no auth_mechanisms = plain login
/etc/dovecot/10-master.conf service auth { unix_listener auth-userdb { #mode = 0660 #user = postfix #group = postfix } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } # Auth process is run as this user. #user = $default_internal_user }
Thanks for the atention. @UPDATE 01 Here is the log file: Nov 6 11:02:35 ns1 postfix/smtpd[3950]: connect from mail-oi0-f47.google.com[209.85.218.47] Nov 6 11:02:35 ns1 postfix/smtpd[3950]: fatal: no SASL authentication mechanisms Nov 6 11:02:36 ns1 postfix/master[12735]: warning: process /usr/libexec/postfix/smtpd pid 3950 exit status 1 Nov 6 11:02:36 ns1 postfix/master[12735]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Nov 6 11:04:16 ns1 postfix/anvil[3952]: statistics: max connection rate 1/60s for (smtp:209.85.218.47) at Nov 6 11:02:35 Nov 6 11:04:16 ns1 postfix/anvil[3952]: statistics: max connection count 1 for (smtp:209.85.218.47) at Nov 6 11:02:35 Nov 6 11:04:16 ns1 postfix/anvil[3952]: statistics: max cache size 1 at Nov 6 11:02:35
Here is the postconf -n [root@ns1 ~]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 home_mailbox = Maildir/ html_directory = no inet_protocols = ipv4 mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man milter_default_action = accept milter_protocol = 2 mydestination = $myhostname, localhost.$mydomain, $mydomain mydomain = domain.com.br myhostname = mail.domain.com.br mynetworks = 168.100.189.0/28, 127.0.0.0/8 myorigin = domain.com.br newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = inet:localhost:8891 readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES recipient_bcc_maps = hash:/etc/postfix/bcc sample_directory = /usr/share/doc/postfix-2.10.1/samples sender_bcc_maps = hash:/etc/postfix/bcc sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_milters = inet:localhost:8891 smtpd_recipient_restrictions = check_policy_service unix:/var/spool/postfix/postgrey/socket permit_mynetworks permit_inet_interfaces smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous noplaintext smtpd_sasl_tls_security_options = noanonymous, noplaintext smtpd_sasl_type = dovecot smtpd_sender_login_maps = hash:/etc/postfix/virtual smtpd_sender_restrictions = reject_sender_login_mismatch smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/ssl/mail.domain.com.br.crt smtpd_tls_key_file = /etc/postfix/ssl/mail.domain.com.br.key smtpd_tls_security_level = encrypt smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_exchange_name = /var/lib/postfix/prng_exch tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual
Here is the versions: postfix-2.10.1-6.el7.x86_64 dovecot-2.2.10-5.el7.x86_64 CentOS Linux 7.2.1511 Kernel Linux 4.8.5-1.el7.elrepo.x86_64 on x86_64 @UPDATE 02 Here is my doveconf -n: [root@ns1 ~]# doveconf -n # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 4.8.5-1.el7.elrepo.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core ) auth_mechanisms = plain login disable_plaintext_auth = no listen = * mail_location = maildir:~/Maildir mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { driver = passwd }
 |
| How to preform a core dump on MongoDB Posted: 29 May 2021 05:00 PM PDT I am in the process of investigating a potential memory leak within MongoDB, last night I experienced an issue where the resident memory in use, had an unexpect climb to +10GB. I am trying to preform a core dump to examine the contents of the memory, but am having an issue doing so. I tried using the procedure found here, using kill -SIGQUIT 9999, however this does not seem to produce an actual core dump from mongod, instead, the only thing I can find is what appears to be a few useless lines at the end of my log file. 2016-04-27T14:28:01.413+0000 F - [initandlisten] Got signal: 3 (Quit). 0x1310252 0x130f189 0x130f992 0x349f40f500 0x349f0e0d03 0x12b4fc4 0x977f26 0x97a9bd 0x349f01ecdd 0x974881 ----- BEGIN BACKTRACE ----- {"backtrace":[{"b":"400000","o":"F10252","s":"_ZN5mongo15printStackTraceERSo"},{"b":"400000","o":"F0F189"},{"b":"400000","o":"F0F992"},{"b":"349F400000","o":"F500"},{"b":"349F000000","o":"E0D03","s":"__select"},{"b":"400000","o":"EB4FC4","s":"_ZN5mongo8Listener13initAndListenEv"},{"b":"400000","o":"577F26","s":"_ZN5mongo13initAndListenEi"},{"b":"400000","o":"57A9BD","s":"main"},{"b":"349F000000","o":"1ECDD","s":"__libc_start_main"},{"b":"400000","o":"574881"}],"processInfo":{ "mongodbVersion" : "3.2.4", "gitVersion" : "e2ee9ffcf9f5a94fad76802e28cc978718bb7a30", "compiledModules" : [], "uname" : { "sysname" : "Linux", "release" : "2.6.39-300.17.2.el6uek.x86_64", "version" : "#1 SMP Wed Nov 7 17:48:36 PST 2012", "machine" : "x86_64" }, "somap" : [ { "elfType" : 2, "b" : "400000", "buildId" : "5FD49352786BCEAEC14C2C99263D7EDCC9F681FD" }, { "b" : "7FFF433DF000", "elfType" : 3, "buildId" : "1E333CA5361BDB0097E9F47A6280B1AB5EEF4F0A" }, { "path" : "/usr/lib64/libssl.so.10", "elfType" : 3, "buildId" : "145F7FE3952D398F1580F65D309F7B84C170C46B" }, { "path" : "/usr/lib64/libcrypto.so.10", "elfType" : 3, "buildId" : "04B2B7E614BF9844F5191F8A81E15B0F60A1EF3A" }, { "path" : "/lib64/librt.so.1", "elfType" : 3, "buildId" : "A34F8F7191C98A2AAEC9150CD504EE6E3E1BA7CD" }, { "path" : "/lib64/libdl.so.2", "elfType" : 3, "buildId" : "15B0822C819020F18BBF0E0C0286373155E03BE2" }, { "path" : "/usr/lib64/libstdc++.so.6", "elfType" : 3, "buildId" : "1A4BC78E7DA0FA025262D516D00E04AFD1B0F429" }, { "path" : "/lib64/libm.so.6", "elfType" : 3, "buildId" : "4506D67E9AC196C2A4C51CF9804C469B5465AA89" }, { "path" : "/lib64/libgcc_s.so.1", "elfType" : 3, "buildId" : "CE152B8676517F23E7F54AD6408330979BE41443" }, { "path" : "/lib64/libpthread.so.0", "elfType" : 3, "buildId" : "7A688BCD17DD94352FD083FB9A64DCAF6296428E" }, { "path" : "/lib64/libc.so.6", "elfType" : 3, "buildId" : "9482B5DFEC6960CE8D5D90CECF6C77DC18A11272" }, { "path" : "/lib64/ld-linux-x86-64.so.2", "elfType" : 3, "buildId" : "CBC6E7266FCF291CEE239F38D1DD7B59D82AADBD" }, { "path" : "/lib64/libgssapi_krb5.so.2", "elfType" : 3, "buildId" : "5A849E6F82D34BFDF59D7B3ACD00BE9A7E24B6F1" }, { "path" : "/lib64/libkrb5.so.3", "elfType" : 3, "buildId" : "C2F73DA1AF5D07B0B72F82ED3690456C4EDF3E0E" }, { "path" : "/lib64/libcom_err.so.2", "elfType" : 3, "buildId" : "6A8EE2F10B2BB3A361B366DB93A0884E70A4D03B" }, { "path" : "/lib64/libk5crypto.so.3", "elfType" : 3, "buildId" : "2C7D5C2761C37E2B0B9F2719A8AF6ADA48D4895C" }, { "path" : "/lib64/libz.so.1", "elfType" : 3, "buildId" : "209A7EBEAB54483FED76E2A984B4AEAE29C66D69" }, { "path" : "/lib64/libkrb5support.so.0", "elfType" : 3, "buildId" : "DE4E1481ECA0ADF2F15A4D830CF2C43A29350087" }, { "path" : "/lib64/libkeyutils.so.1", "elfType" : 3, "buildId" : "8A8734DC37305D8CC2EF8F8C3E5EA03171DB07EC" }, { "path" : "/lib64/libresolv.so.2", "elfType" : 3, "buildId" : "E48B7A85C3EE7A22CBCAC817C407458CC0A9D47F" }, { "path" : "/lib64/libselinux.so.1", "elfType" : 3, "buildId" : "A287DC6B86A9823038F057105CE64671E0B392EC" } ] }} mongod(_ZN5mongo15printStackTraceERSo+0x32) [0x1310252] mongod(+0xF0F189) [0x130f189] mongod(+0xF0F992) [0x130f992] libpthread.so.0(+0xF500) [0x349f40f500] libc.so.6(__select+0x33) [0x349f0e0d03] mongod(_ZN5mongo8Listener13initAndListenEv+0x4B4) [0x12b4fc4] mongod(_ZN5mongo13initAndListenEi+0x1316) [0x977f26] mongod(main+0x15D) [0x97a9bd] libc.so.6(__libc_start_main+0xFD) [0x349f01ecdd] mongod(+0x574881) [0x974881] ----- END BACKTRACE -----
Any idea how I can go about getting a core dump here?  |
| How to ProxyPass to a '/path/' instead of root '/'? Posted: 29 May 2021 10:01 PM PDT I am using Ubuntu-15.10 wily, Apache-2.4.12 I've been trying to use ProxyPass in an SSL enabled VirtualHost like so: ProxyRequests Off ProxyPreserveHost On <Proxy *> Require all granted </Proxy> ProxyPass /myapp/ http://127.0.0.1:8090/ ProxyPassReverse /myapp/ http://127.0.0.1:8090/
With above configuration, I assumed that whatever is being served by the server on that port, e.g. web will be appended to https://www.example.com/myapp/web. However, this is not what I get. In Apache logs I get: ... File does not exist: /var/www/html/web, referer: https://www.example.com/myapp/
Is this because I don't understand what ProxyPass is supposed to do? Or is there something wrong with my configuration that I need to correct? ADDENDUM (18 Feb 2016) I have turned on logging for mod_proxy and I see the following which doesn't make sense: ... connecting http://127.0.0.1:8090/ to 127.0.0.1:8090 ... connected / to 127.0.0.1:8090 ... fam 2 socket created to 127.0.0.1 ... connection established with 127.0.0.1:8090 (127.0.0.1) ... connection complete to 127.0.0.1:8090 (127.0.0.1) ... http: has released connection for (127.0.0.1) ... proxy: connection shutdown
I am assuming that one of the addresses in the first line is the intrnal placeholder and the other is the URL being retrieved. But why in the second line the retrieved url gets connected to / instead of /myapp/ as per ProxyPass?  |
| How to Retain Proxy URL for all request using Apache load balancer Posted: 29 May 2021 09:06 PM PDT I am trying to serve the requests to my Site through Proxy machine using Load balancer. When i try to access the Site by hitting http://PROXYSERVER.com, the HomePage comes up fine retaining the address bar URL with http://PROXYSERVER.com. Now, when i try to access internal links for example, http://PROXYSERVER.com/services/ then the address bar URLchanges to the APPSERVER URL http://APPSERVER01.com/services/
NOTE: The Page comes up fine but the address bar URL is getting changed.
Expected behaviour is when user requests http://PROXYSERVER.com/services/ then the address bar should retain the proxy URL while serving the request
Here is my code for load balancing,
ProxyRequests off ServerName PROXYSERVER.com # WebHead1 BalancerMember http://APPSERVER01:80/ route=node1 # WebHead2 BalancerMember http://APPSERVER02:80/ route=node2 Order Deny,Allow Deny from none Allow from all ProxySet lbmethod=byrequests #ProxySet lbmethod=bybusyness ProxySet stickysession=BALANCEID SetHandler balancer-manager Order deny,allow Allow from all # Point of Balance ProxyPass /balancer-manager ! ProxyPass / balancer://mycluster/ Any suggestions will be appreciated.  |
| Error: KDC has no support for encryption type Posted: 29 May 2021 09:06 PM PDT I have intermittent authentication issues on my ubuntu 15.04 servers. Periodically, authentication will just stop working. Eventually it will start working again on its own. Or, if I restart both smbd and sssd it will start working again right away. Around the same times as the auth problems, I see this error in /var/log/syslog: [sssd[ldap_child[4199]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: KDC has no support for encryption type. Unable to create GSSAPI-encrypted LDAP connection. My googling has pointed me towards adding "allow_weak_crypto = true" to the libdefaults section of /etc/krb5.conf. I've tried that but to no avail. I have a bunch of CentOS 6 servers configured for AD authentication the same way (same smb and sssd config, etc.) and they all work fine without any issues. Anyone have any other ideas?  |
| What happens when I "offline" a disk and is there a difference between diskpart.exe and the disk management snap-in? Posted: 29 May 2021 10:01 PM PDT - What actions does Windows take when I "Offline" a disk in the Disk Management GUI?
- What actions does Windows take when I "Offline" a disk in Diskpart?
- Are there any differences between the two scenarios?
 |
| ldap_add: Constraint violation (19) additional info: some attributes not unique Posted: 29 May 2021 05:00 PM PDT Well I have already gone through ldap_add: Constraint violation (19) but couldn't solve my problem! Problem I'm facing is that, when I'm trying to add users from bckup.ldif file by issuing following command ldapadd -x -D "dc=admin,dc=domain,dc=lcl -f bckup.ldif -W
It's throwing following error adding new entry "uid=doctor.lcl,ou=People,dc=domain,dc=lcl" ldap_add: Constraint violation (19) additional info: some attributes not unique
I took backup by using ldapsearch only not slapcat So my question is What causing the error and How to resolve the error?  |
| Apache/PHP ldap stops working. Requires restart of apache Posted: 29 May 2021 04:01 PM PDT I currently have a setup where users log in to a website using LDAP credentials. It's all internal so I don't really care a ton about certificates. So, in my /etc/openldap/ldap.conf file I have TLS_REQCERT never. Before adding that to the file I was always getting the error Error Binding to LDAP: TLS: hostname does not match CN in peer certificate. After adding that everything seemed to work fine. However now I'm finding that after some time, maybe a few hours to a day, the logins will fail again, and I'll start getting that error. If I restart apache everything works fine again for a while. Then the error pops up again. What could be causing this to keep happening? The server is a CentOS 6.5.  |
| Is it possible to configure a reverse VPN tunnel? Posted: 29 May 2021 09:11 PM PDT Basically, my goal is to have a 100% portable and independent server. I'm building it using a Raspberry Pi powered by solar panels and batteries, and it is to be connected to the internet using a 4g hotspot. It only needs to have 2 functions, an SSH service, and a VPN service. Here is my problem. I initially started this project thinking that my biggest issue will be IP roaming. I set myself up a Dynamic DNS domain and wrote a cron that updated it every 60 seconds. I then port forwarded my hotspot to the Pi (the hotspot is basically a router, and the pi has a wifi dongle). However, I was unable to connect to the hotspot router using it's public IP. It is then that I realized that all 4G LTE devices receive IP's on a subnet to a much larger NAT. This is apparently a new practice with 4G. 3G devices used to receive a reachable public IP. Basically I need a way to reach a VPN server that doesn't have a unique IP. Is it possible for a VPN server to establish connections with clients, kinda like a reverse SSH tunnel? Like it could either continuously poll a set of IP addresses (or a dynamic DNS domain) until one of them accepts a connection, or maybe poll another server that would contain a list of IP's currently "wanting" a connection (and those IP's would essentially poll that server to ask for a VPN connection). I know it's retarded and breaks the client server model, but I'm kind of desperate here. Is it possible?  |
| Suddenly cannot reach (ping) remote server on a remote site Posted: 29 May 2021 06:05 PM PDT We have 2 sites linked together with VPN tunnel (Fortigate 60C devices). On each site I have ESXi server with a couple of VMs. Normally, everything works fine. Site 1 (S1) subnet is 192.168.254.0/24, with Machine A1, A2 on ESXi1
Site 2 (S2) subnet is 192.168.253.0/24, with Machine B1, B2 on ESXi2
All ping between those machines works normally through VPN tunnel. Suddently, S1-A1 cannot ping S2-B1 anymore, but S2-B1 still ping S1-A1. All pings (using IP addresses) accross all machines (VMs and ESXi) works except from S1-A1 -> S2-B1. Traceroute results were:
S1-A1 -> S2-B1 -> through Internet (?????)
S1-A1 -> S2-B2 -> through VPN Tunnel
S2-B2 -> S1-A1 -> through VPN Tunnel
S1-A1 -> S2-ESXi2 -> through VPN Tunnel
Machine A1 is a Windows 2003 R2 - SP2. There is 5 IP addresses binded on the NIC. I tried to disable and enable the NIC but the network management stopped responding. Only a reboot fixed the problem. route print did not change. Gateway is the same and no specific route to reach B2.
arp -a did not show anything related to 192.168.253.0/24.
I don't understand why S1-A1 -> S2-ESXi2 worked but but not S1-A1 -> S2-B1 because B2 (192.168.253.18) is running on ESXi2 (192.168.253.23). Registry entry of the Network Interface Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0E114693-5FC8-4AA4-AB98-14CE43E24DE5}] "UseZeroBroadcast"=dword:00000000 "EnableDeadGWDetect"=dword:00000001 "EnableDHCP"=dword:00000000 "IPAddress"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,32,00,35,00,\ 34,00,2e,00,31,00,35,00,00,00,31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,\ 00,32,00,35,00,34,00,2e,00,31,00,32,00,00,00,31,00,39,00,32,00,2e,00,31,00,\ 36,00,38,00,2e,00,32,00,35,00,34,00,2e,00,31,00,33,00,00,00,31,00,39,00,32,\ 00,2e,00,31,00,36,00,38,00,2e,00,32,00,35,00,34,00,2e,00,31,00,35,00,31,00,\ 00,00,31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,32,00,35,00,34,00,2e,\ 00,34,00,30,00,00,00,00,00 which is 192.168.254.15 192.168.254.12 192.168.254.13 192.168.254.151 192.168.254.40 "SubnetMask"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,00,35,\ 00,35,00,2e,00,30,00,00,00,32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,\ 32,00,35,00,35,00,2e,00,30,00,00,00,32,00,35,00,35,00,2e,00,32,00,35,00,35,\ 00,2e,00,32,00,35,00,35,00,2e,00,30,00,00,00,32,00,35,00,35,00,2e,00,32,00,\ 35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,30,00,00,00,32,00,35,00,35,00,2e,\ 00,32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,30,00,00,00,00,00 which is 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 "DefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,32,00,\ 35,00,34,00,2e,00,32,00,35,00,34,00,00,00,00,00 which is 192.168.254.254 "DefaultGatewayMetric"=hex(7):30,00,00,00,00,00 "NameServer"="192.168.254.254" "Domain"="" "RegistrationEnabled"=dword:00000001 "RegisterAdapterName"=dword:00000000 "TCPAllowedPorts"=hex(7):30,00,00,00,00,00 "UDPAllowedPorts"=hex(7):30,00,00,00,00,00 "RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00 "NTEContextList"=hex(7):00,00 "DhcpClassIdBin"=hex: "DhcpServer"="255.255.255.255" "Lease"=dword:00000e10 "LeaseObtainedTime"=dword:51185713 "T1"=dword:51185e1b "T2"=dword:51186361 "LeaseTerminatesTime"=dword:51186523 "IPAutoconfigurationAddress"="0.0.0.0" "IPAutoconfigurationMask"="255.255.0.0" "IPAutoconfigurationSeed"=dword:00000000 "AddressType"=dword:00000000
I exclude the Fortigates as part of the problem since just needed to reboot A1. 2013-09-19 : Issue again. Seems to occur everytime the VPNs drops between the Fortigates. HOCHELAGA_2 # get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default S* 0.0.0.0/0 [10/0] via 64.15.130.49, wan1 C 10.10.10.0/24 is directly connected, dmz C 10.100.254.1/32 is directly connected, fat C 10.100.254.2/32 is directly connected, fat C 64.15.130.48/28 is directly connected, wan1 is directly connected, wan1 is directly connected, wan1 is directly connected, wan1 is directly connected, wan1 is directly connected, wan1 S 192.168.200.0/24 [10/0] via 10.100.254.2, fat C 192.168.250.0/24 is directly connected, internal S 192.168.252.0/24 [10/0] is directly connected, hoch st-bruno S 192.168.253.0/24 [10/0] is directly connected, HOCH-KAN C 192.168.254.0/24 is directly connected, internal is directly connected, internal is directly connected, internal HOCHELAGA_2 # diagnose ip route list tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.100.254.2/32 pref=10.100.254.1 gwy=0.0.0.0 dev=11(fat) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->64.15.130.48/28 pref=64.15.130.56 gwy=0.0.0.0 dev=3(wan1) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.0.64/26 pref=169.254.0.66 gwy=0.0.0.0 dev=16(havdlink1) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->192.168.200.0/24 pref=0.0.0.0 gwy=10.100.254.2 dev=11(fat) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->192.168.250.0/24 pref=192.168.250.254 gwy=0.0.0.0 dev=5(internal) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.10.10.0/24 pref=10.10.10.1 gwy=0.0.0.0 dev=4(dmz) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->192.168.252.0/24 pref=0.0.0.0 gwy=0.0.0.0 dev=9(hoch st-bruno) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->192.168.253.0/24 pref=0.0.0.0 gwy=0.0.0.0 dev=10(HOCH-KAN) tab=254 vf=0 scope=253 type=1 proto=2 prio=0 0.0.0.0/0.0.0.0/0->192.168.254.0/24 pref=192.168.254.254 gwy=0.0.0.0 dev=5(internal) tab=254 vf=0 scope=0 type=1 proto=11 prio=0 0.0.0.0/0.0.0.0/0->0.0.0.0/0 pref=0.0.0.0 gwy=64.15.130.49 dev=3(wan1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->64.15.130.63/32 pref=64.15.130.56 gwy=0.0.0.0 dev=3(wan1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.255.255.255/32 pref=127.0.0.1 gwy=0.0.0.0 dev=7(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.10.10.1/32 pref=10.10.10.1 gwy=0.0.0.0 dev=4(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.10.10.0/32 pref=10.10.10.1 gwy=0.0.0.0 dev=4(dmz) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.100.254.1/32 pref=10.100.254.1 gwy=0.0.0.0 dev=11(fat) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->64.15.130.59/32 pref=64.15.130.59 gwy=0.0.0.0 dev=2(wan2) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->192.168.254.2/32 pref=192.168.254.254 gwy=0.0.0.0 dev=5(internal) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->64.15.130.58/32 pref=64.15.130.56 gwy=0.0.0.0 dev=3(wan1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.0.66/32 pref=169.254.0.66 gwy=0.0.0.0 dev=16(havdlink1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->192.168.250.0/32 pref=192.168.250.254 gwy=0.0.0.0 dev=5(internal) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->192.168.254.1/32 pref=192.168.254.254 gwy=0.0.0.0 dev=5(internal) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->64.15.130.57/32 pref=64.15.130.56 gwy=0.0.0.0 dev=3(wan1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->192.168.254.0/32 pref=192.168.254.254 gwy=0.0.0.0 dev=5(internal) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->64.15.130.56/32 pref=64.15.130.56 gwy=0.0.0.0 dev=3(wan1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.0.64/32 pref=169.254.0.66 gwy=0.0.0.0 dev=16(havdlink1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->64.15.130.54/32 pref=64.15.130.56 gwy=0.0.0.0 dev=3(wan1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->169.254.0.127/32 pref=169.254.0.66 gwy=0.0.0.0 dev=16(havdlink1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->64.15.130.53/32 pref=64.15.130.56 gwy=0.0.0.0 dev=3(wan1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->64.15.130.52/32 pref=64.15.130.56 gwy=0.0.0.0 dev=3(wan1) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->10.10.10.255/32 pref=10.10.10.1 gwy=0.0.0.0 dev=4(dmz) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/32 pref=127.0.0.1 gwy=0.0.0.0 dev=7(root) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->192.168.254.254/32 pref=192.168.254.254 gwy=0.0.0.0 dev=5(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->192.168.250.255/32 pref=192.168.250.254 gwy=0.0.0.0 dev=5(internal) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.1/32 pref=127.0.0.1 gwy=0.0.0.0 dev=7(root) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->64.15.130.48/32 pref=64.15.130.56 gwy=0.0.0.0 dev=3(wan1) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->192.168.250.254/32 pref=192.168.250.254 gwy=0.0.0.0 dev=5(internal) tab=255 vf=0 scope=253 type=3 proto=2 prio=0 0.0.0.0/0.0.0.0/0->192.168.254.255/32 pref=192.168.254.254 gwy=0.0.0.0 dev=5(internal) tab=255 vf=0 scope=254 type=2 proto=2 prio=0 0.0.0.0/0.0.0.0/0->127.0.0.0/8 pref=127.0.0.1 gwy=0.0.0.0 dev=7(root)
PING succesfull on a server diagnose sniffer packet any "host 192.168.253.23" 4 23.232067 internal in 192.168.254.15 -> 192.168.253.23: icmp: echo request 23.232329 HOCH-KAN out 192.168.254.15 -> 192.168.253.23: icmp: echo request 23.248800 HOCH-KAN in 192.168.253.23 -> 192.168.254.15: icmp: echo reply 23.248932 internal out 192.168.253.23 -> 192.168.254.15: icmp: echo reply
PING failed on a server diagnose sniffer packet any "host 192.168.253.18" 4 8.212249 internal in 192.168.254.15 -> 192.168.253.18: icmp: echo request 8.212479 wan1 out 64.15.130.56 -> 192.168.253.18: icmp: echo request 10.508155 internal in 192.168.254.15.1113 -> 192.168.253.18.139: syn 1271941747 10.508436 wan1 out 64.15.130.56.42334 -> 192.168.253.18.139: syn 1271941747 11.706287 internal in 192.168.254.15.1112 -> 192.168.253.18.445: syn 341420858 11.706540 wan1 out 64.15.130.56.42332 -> 192.168.253.18.445: syn 341420858
Why the route taken is different for the server on the same network ? I don't use any RIP, OSPF, BGP routing. No policy routing. Juste a static route between VPNs. Nothing is showing a dynamic route for 192.168.253.23 and the Fortigate decide to route it into the wan1 interface instead. Anything I could check next time it happens ? Thank in advance
And sorry if is not fully clear, french is my mother language
S.  |
| New HDD swap in SAS 6 ir shows it is missing? Posted: 29 May 2021 02:00 PM PDT SETUP: Dell Poweredge T410 with Windows Server 2003, SAS 6 IR Raid-1. Both the original drives were Dell Certified Seagate Barracudas for enterprise, 250gb. The new HDD is a Seagate Barracuda 500gb, not Dell-certified. When I swap the failed drive with the new one, the SAS console shows that the drive status is "missing" -- and continues to show the primary drive from the original RAID-1 setup as the only one connected. Does the swapped drive need to be dell-certified to work, or am I doing something wrong?  |
| Dynamic ARP Entries turning into Static ARP entries Posted: 29 May 2021 07:03 PM PDT I recently acquired a client that has a strange ARP caching issue on one of thier servers. I have a server that will eventually start turning it's dynamic ARP entries into static ARP entries. This causes problems because when the machine that has a static ARP entries on this server receives a new IP via DHCP, then the server is not able to communicate with the clients. Clearing the ARP cache resolves the issue and the server is fine for about a week and then it starts slowly turning ARP entries into static ARP entries. I haven't narrowed it down to when or how many it starts to do, but slowly you start seeing 1 static ARP and then 5 and then 10. The server in question is a Windows Server 2003 SP2. It is a DC, DHCP, and DNS server. I've checked the DHCP scope options and there's nothing in there that would indicate anything to do with static ARP entries. The only thing different between this DNS server and our other DNS server is that the 'Dynamically Update DNA A and PTR records for DHCP clients that do not request updates' is checked on the problematic server. I've done a bit of research about this and it seems that this may happen if any PXE type services are running, from what I can tell, there is nothing running a PXE server. I'm a bit lost as I have never seen dynamic ARP entries start to turn into static ARP entries. Right now my solution is a schedule task that runs every 24 hours to clear the ARP cache (arp -d *). I would like to not rely on this schedule task. Has anybody seen this before or have any suggestions on how to troubleshoot this?  |
| How to customize Windows Failover clustering to trigger on failure of custom window service? Posted: 29 May 2021 03:00 PM PDT i'm a total newbie on windows failover clustering. and what i want to do now is to setup the FC (failover clustering) on two win 2008 R2 server. and right now i have my custom window service running on both machine. But they cannot run concurrently as it will mess up the DB, thus i just want one to be available at all time (high availability). so i'm wondering if there's any way to set the failover policy to include this custom window service that i've installed on these machines so that if this service goes down or die, then it will automatically trigger the failover to the second node. - is this possible?
- or must it be done programatically?
- and if so what is the best way?
thanks ~m  |
| How to reset MongoDB replica set settings Posted: 29 May 2021 07:26 PM PDT I want to start over the configurations of replica, is it possible? How to reset it? In group people saying to remove the database content, but are there any work around?  |
No comments:
Post a Comment