Recent Questions - Server Fault

---

• Double port forwarding kubernetes + docker
• How to stop BIND9 from being an authoritative DNS server for a host?
• Enable https on EC2 Instance
• HPE StoreAll 8200 Gateway Storage - showing UptimeOverThreshold
• Who or what is permitted membership of a Mail Enabled Security Group
• Huawei HG8245Q2 connected with other router in bridge mode and WiFi with internet access
• Mapping FQDN to IP and Port number in HAProxy
• Had a wordpress site using Google Cloud Platform and i think it totally crashed
• Why does nsupdate fail with "operation canceled"?
• What is meant by collapse CNAME?
• netbios McAfee HIPS block
• HP ProLiant DL380 G7 (P410i) compatible drives
• Slow 4K read/write speed
• Connecting to exchange online with Powershell (Winrm)
• Deploying in-house ACME server for Microsoft ADCS?
• all required agent virtual machines are not currently deployed on host 'hostname'
• Btrfs check repair give device busy. How to see what it keeps busy?
• No 'Access-Control-Allow-Origin' header is present on the requested resource -- But it is?
• Routing to subdirectory as new route with nGinx
• Enabling SNI with appcmd.exe
• Configuring hostname on ubuntu 14.04 returns "unknown instance"
• Changing source MAC address of routed packets
• Cannot get web root to be /var/www/html, despite setting it in apache2.conf and 000-default.conf
• IPsec transport mode and MTU
• install-man5 Error 1 after running 'make install' after compiling NUT (Network UPS Tools)
• AWS connection error: Permission denied (publickey)
• Foreman errors out when provisioning using an ms-dhcp/dns smart proxy
• DNS and Active Directory configuration for a branch office
• Exim SMTP Smarthost Setup
• What naming convention do Windows DHCP logs use when they overflow?

Double port forwarding kubernetes + docker Posted: 06 Jun 2021 10:55 PM PDT Summary: I have a docker container which is running kubectl port-forward, forwarding the port (5432) of a postgres service running as a k8s service to a local port (2223). In the Dockerfile, I have exposed the relevant port 2223. Then I ran the container by publishing the said port (-p 2223:2223) Now when I am trying to access the postgres through psql -h localhost -p 2223, I am getting the following error: psql: server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request. However, when I do docker exec -ti to the said container and run the above psql command, I am able to connect to postgres. Dockerfile CMD: EXPOSE 2223 CMD ["bash", "-c", "kubectl -n namespace_test port-forward service/postgres-11-2 2223:5432"] Docker Run command: docker run -it --name=k8s-conn-12 -p 2223:2223 my_image_name:latest Output of the docker run command: Forwarding from 127.0.0.1:2223 -> 5432 So the port forwarding is successful, and I am able to connect to the postgres instance from inside the docker container. What I am not able to do is to connect from outside the container with the exposed and published port

How to stop BIND9 from being an authoritative DNS server for a host? Posted: 06 Jun 2021 09:23 PM PDT Until recently I've been using BIND9 on my on-premises server (Ubuntu 16.04 w/LAMP). But then I decided to move one of my site to remote 3rd party hosting. Obviously, I changed the DNS servers on site's registrar's website and the site works fine. The problem is that on my LOCAL machine (where BIND9 is), it still points me to my local installation of that host.

Enable https on EC2 Instance Posted: 06 Jun 2021 09:47 PM PDT I have an elastic public IP for my EC2 instance. I have an Nginx server running on it (and nodejs as a backend server). I'd like to enable HTTPS access to my server. My questions: Can I create an SSL certificate (not self-signed) using just my elastic public IP? If not, my department has a domain. let's say, https://www.example.com. How can I enter the record (and where?) so that https://www.example.com/base-route points to my elastic public IP without affecting any existing routes? If this is possible, do I create ssl certificate for https://www.example.com or https://www.example.com/base-route If I create a new SSL certificate for https://www.example.com/base-route, will it have any impact on the existing certificate for https://www.example.com/? Will new routes, say /route-2 on linked domain name point to correct route. For example, https://www.example.com/base-route/route-2 point to http://ip-address/route-2

HPE StoreAll 8200 Gateway Storage - showing UptimeOverThreshold Posted: 06 Jun 2021 07:29 PM PDT When checking the health of the HPE StoreAll 8200 Gateway Storage, the output of running this command ibrix_health -l shows UptimeOverThreshold. Could you please let me know what does it means, should I reboot the system to reset the system threshold? Below you can find an example of the output I received after running the command in the CLI. Host Summary Result Host ---- Result ---- Type ---- State ---- Network ---- Last Update XXXXXXXX1---- PASSED ---- Server---- Up, UptimeOverThreshold ---- XXXXXXXXXXXXXXX---- XXX Jun XXXX

Who or what is permitted membership of a Mail Enabled Security Group Posted: 06 Jun 2021 05:10 PM PDT I'm wanting to know a complete list of permitted objects that can be members of the Mail-Enabled Security Group. Is there some official documentation that lists these? Google hasn't been my friend today, and I don't have access to the portal.

Huawei HG8245Q2 connected with other router in bridge mode and WiFi with internet access Posted: 06 Jun 2021 05:04 PM PDT I have Huawei HG8245Q2 router with GPON WAN and 4 ethernet ports and powerful WiFi module. Behind this router I have second (Mikrotik) router and a L2TP server on it. Unfortunately - Huawei router in "normal" configuration does not allow me to have L2TP server behind it (I tried with DMZ with no success and there is no option like "VPN-passthru" like I saw in some other routers). I called my ISP tech support and consultant changed Huawei configuration and my WAN was "transparently" connected LAN1 port (bridged WAN<->LAN1?). I changed Mikrotik configuration to PPPoE and my L2TP server worked. However that change had side effect - other interfaces (LAN2, LAN3, LAN4, WiFi) on Huawei were not connected with internet. I had to restore Huawei to factory settings (to undo changes done by ISP consultant), switch Mikrotik back to normal (without PPPoE), my L2TP is not working again. Unfortunately I have not checked how remaining ports work (LAN2, LAN3, LAN4, WiFi), or more precisely whether they are bridged with each other. Also I can't reconfigure it back to "transparent" (bridge WAN<->LAN1?) mode myself. I don't want to ruin good relations with my ISP by calling too many times with a request to change the configuration (to check if it would work or not) which theoretically does not have to be made at all because my contract does not provide for such changes and I don't understand everything completely. So I'm asking here before I do that again and to improve my knowledge. This is how I understand how it works: L2TP working, WiFi without internet L2TP not working, WiFi internet OK And this is what I want: Question 1: Is it possible to connect one of Mikrotik LAN ports to one of remaining Huawei ports (LAN2 for example) and configure in such a way that Mikrotik would be a gateway for Huawei WiFi? If it is - how can I do that? I have idea like this (I'm not networking expert): connect Mikrotik ETH2 to Huawei LAN2 remove ETH2 from bridge on Mikrotik (now all ETH interfaces except WAN are bridged) set IP address 10.0.0.250 on ETH2 on Mikrotik to connect it to Huawei network (Huawei has 10.0.0.1 IP) turn off DHCP on Huawei because it does not allow to configure diffrent gateway add DHCP server on Mikrotik and somehow make it work for Huawei WiFi and assign 10.0.1.0/24 addresses and 10.0.1.1 gateway (Mikrotik) Does it make sense? Question 2: (extra) What is going on with LAN2, LAN3, LAN4, WiFi interfaces when Huawei is in "transparent" mode (bridge WAN->LAN1?). Are they still bridged with each other?

Mapping FQDN to IP and Port number in HAProxy Posted: 06 Jun 2021 10:45 PM PDT I have HAproxy in front of my K8s cluster. It works perfectly by IP address and port number. frontend kubernetes-test-frontend bind 10.138.1.187:30030 mode tcp option tcplog default_backend kubernetes-test-backend backend kubernetes-test-backend mode tcp option tcp-check balance roundrobin server k8master1 10.138.1.181:30030 check server k8master2 10.138.1.182:30030 check server k8node1 10.138.1.183:30030 check server k8node2 10.138.1.184:30030 check server k8node3 10.138.1.185:30030 check Can I have FQDN to replace IP and port number? For example, if I have www.test.com mapping to 10.138.1.187 in my internal DNS. Can I set up HAproxy to map www.test.com/test to node's IP:30030?

Had a wordpress site using Google Cloud Platform and i think it totally crashed Posted: 06 Jun 2021 04:36 PM PDT Any Idea whats going on? I was running a free tier wordpress install with the lowest computer on google cloud platofrm. following this guide on youtube: https://www.youtube.com/watch?v=2UDD-9cPXA8 my website is: www.malkimeansking.com I think i may have overloaded the server but I can't tell. I don't know whats going on I only know how to run wordpress and install it. Why is the site down and can someone here help? Thanks

Why does nsupdate fail with "operation canceled"? Posted: 06 Jun 2021 04:33 PM PDT I'm trying to dynamically update a DNS server using nsupdate, running nsupdate -k mykey.private -d -v ./my-nsupdate-commands.txt. But I get the error: Communication with 192.0.2.0#53 failed: operation canceled In which cases can nsupdate result in operation canceled? Full output: Creating key... Sending update to 192.0.2.0#53 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 47216 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1 ;; ZONE SECTION: ;example.com. IN SOA ;; UPDATE SECTION: mydomain.example.com. 0 ANY A mydomain.example.com. 61 IN A 212.51.139.142 ;; TSIG PSEUDOSECTION: mydomain.example.com. 0 ANY TSIG hmac-sha512. 1623020003 300 64 ... ... 47216 NOERROR 0 ; Communication with 192.0.2.0#53 failed: operation canceled

What is meant by collapse CNAME? Posted: 06 Jun 2021 02:53 PM PDT While I was working on a certain DNS traffic management tool (Akamai) I found a checkbox to enable Collapse CNAMEs. I did not find any useful resources on this topic. What does it mean and how it works? Any idea?

netbios McAfee HIPS block Posted: 06 Jun 2021 02:30 PM PDT All across my network random computers have been receiving a ton of McAfee HIPS blocks that state "Blocked outgoing UDP Source random IP netbios (137) destination IP". The only way we can resolve this is by putting the computers in rule exception which we can't have for long so essentially the computers are useless. I have already verified their place in DNS and DHCP and have ensured no duplicate IPs or hostnames exist. Any other thoughts would be greatly appreciated.

HP ProLiant DL380 G7 (P410i) compatible drives Posted: 06 Jun 2021 02:45 PM PDT I have recently been looking to do an upgrade on my server recently by upgrading to using SSDs (2.5 inch). I have done a lot of late night googling and have found that many drives have an issue with the RAID card in the machine where the fans will ramp up and even shutdown the system. With more looking, the recommendations are to just buy the HP drives, as they will have all of the monitoring features and are known to work. I have found a drive (HP 690816-001 MO0400FCTRP) that I think will work, but when I look it up on the compatibility list, I cannot find the drive. Is this drive compatible with my server?

Slow 4K read/write speed Posted: 06 Jun 2021 02:40 PM PDT I've a problem of random writing speed on a Lenovo X3650 M5 with ServeRAID M5210. The server has seven 600GB SAS disks divided into two logical groups: a RAID1 (2 disks) and a RAID10 (4 disks) The last disk is a global hot spare. The RAID 10 has 500MB/s in seq. reads and 250 MB/s in seq. writes and it almost double the speed of the RAID 1 array as expected. The problems rise during 4K write test with a result of less then 1 MB/S for both RAIDs in both writes and reads. The logical virtual disks properties: RAID 1: Write Policy: Write Through Read Policy: Always Read Ahead IO Policy: Direct IO Disk Cache Policy: Unchanged Background Initialization: Enabled RAID 10: Write Policy: Write Through Read Policy: Always Read Ahead IO Policy: Direct IO Disk Cache Policy: Disabled Background Initialization: Enabled The Server Profile: SERVER---     Server IP:               xxx.xxx.xxx.xxx     Server Name:             XXX     OS name:                 Windows Server 2012     OS Version:              6.2     OS Architecture:         x86_64     Driver Name:             megasas2.sys     Driver Version:          6.706.06.00     Application Version:     MegaRAID Storage Manager - 15.03.01.00 HARDWARE---                   Controller:              Controller0: ServeRAID M5210(Bus 21,Dev 0,Domain 0)     Status:                  Optimal     Firmware Package Version:24.7.0-0052     Firmware Version:        4.270.00-4288     BBU:                     NO     Enclosure(s):            1     Drive(s):                7     Virtual Drive(s):        2 Enclosures---     PRODUCT NAME             TYPE                     STATUS                        Backplane                Sgpio                    OK                        Drives---     CONNECTOR                PRODUCT ID               VENDOR ID                STATE                    DISK TYPE                CAPACITY                 POWER STATE                   Port 4 - 7               AL13SEB600               LENOVO-X                 Online                   SAS                      557.861 GB               On                                                     Port 4 - 7               AL13SEB600               LENOVO-X                 Online                   SAS                      557.861 GB               On                                                     Port 4 - 7               AL13SEB600               LENOVO-X                 Online                   SAS                      557.861 GB               On                                                     Port 4 - 7               AL13SEB600               LENOVO-X                 Online                   SAS                      557.861 GB               On                                                     Port 0 - 3               AL13SEB600               LENOVO-X                 Online                   SAS                      557.861 GB               On                                                     Port 0 - 3               AL13SEB600               LENOVO-X                 Online                   SAS                      557.861 GB               On                                                     Port 0 - 3               AL13SEB600               LENOVO-X                 Global Hot Spare         SAS                      557.861 GB               On                                                 Virtual Drive(s):---     TARGET ID                NAME                     CAPACITY                 STATE                    RAID LEVEL               MegaRAID RECOVERY             0                        -                        557.861 GB               Optimal                  RAID  1                  NO                                                     3                        VD_1                     1.090 TB                 Optimal                  RAID  10                 NO                                                 Anyone has any advice?

Connecting to exchange online with Powershell (Winrm) Posted: 06 Jun 2021 07:02 PM PDT After playing with the Microsoft Azure MDM Baselines I got blocked from using the Powershell for Exchange Online module . I have removed myself one time, and after some reboots and some quick config all went well. But this time I'm still not able to do New-ExoPSSession, I'm stuck with no more ideas to troubleshoot this. So I do: Connect-ExchangeOnline -UserPrincipalName john.doe@thatnice.place and get the: New-ExoPSSession : Connecting to remote server outlook.office365.com failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic. At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\0.3582.0\ExchangeOnl ineManagement.psm1:401 char:30 I have removed my user and machine from all Azure Profiles, and I'm able to use this commands in other machine. So I started to change the Local GPOs to ensure all was in place: PS C:\WINDOWS\system32> winrm get winrm/config returns: Config MaxEnvelopeSizekb = 500 MaxTimeoutms = 60000 MaxBatchItems = 32000 MaxProviderRequests = 4294967295 Client NetworkDelayms = 30000 URLPrefix = wsman AllowUnencrypted = true [Source="GPO"] Auth Basic = true [Source="GPO"] Digest = true [Source="GPO"] Kerberos = true Negotiate = true Certificate = true CredSSP = true [Source="GPO"] DefaultPorts HTTP = 5985 HTTPS = 5986 TrustedHosts = * [Source="GPO"] Service RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD) MaxConcurrentOperations = 4294967295 MaxConcurrentOperationsPerUser = 1500 EnumerationTimeoutms = 240000 MaxConnections = 300 MaxPacketRetrievalTimeSeconds = 120 AllowUnencrypted = true [Source="GPO"] Auth Basic = true [Source="GPO"] Kerberos = true Negotiate = true Certificate = false CredSSP = true [Source="GPO"] CbtHardeningLevel = Relaxed DefaultPorts HTTP = 5985 HTTPS = 5986 IPv4Filter = * [Source="GPO"] IPv6Filter = * [Source="GPO"] EnableCompatibilityHttpListener = true [Source="GPO"] EnableCompatibilityHttpsListener = true [Source="GPO"] CertificateThumbprint AllowRemoteAccess = true [Source="GPO"] Winrs AllowRemoteShellAccess = true IdleTimeout = 7200000 MaxConcurrentUsers = 2147483647 MaxShellRunTime = 2147483647 MaxProcessesPerShell = 2147483647 MaxMemoryPerShellMB = 2147483647 MaxShellsPerUser = 2147483647 and PS C:\WINDOWS\system32> winrm enumerate winrm/config/listener returns: Listener [Source="GPO"] Address = * Transport = HTTP Port = 5985 Hostname Enabled = true URLPrefix = wsman CertificateThumbprint ListeningOn = 10.10.16.63, 127.0.0.1, 169.254.1.145, 169.254.5.162, 169.254.175.225, 169.254.235.174,<a lot of IPv6> Listener [Source="Compatibility"] Address = * Transport = HTTP Port = 80 Hostname Enabled = true URLPrefix = wsman CertificateThumbprint ListeningOn = 10.10.16.63, 127.0.0.1, 169.254.1.145, 169.254.5.162, 169.254.175.225, 169.254.235.174, <a lot of IPv6> Listener [Source="Compatibility"] Address = * Transport = HTTPS Port = 443 Hostname = ooo-VASCO Enabled = true URLPrefix = wsman CertificateThumbprint ListeningOn = 10.10.16.63, 127.0.0.1, 169.254.1.145, 169.254.5.162, 169.254.175.225, 169.254.235.174, ::1, <a lot of IPv6> the PS C:\WINDOWS\system32> Get-Item WSMan:\localhost\Client\TrustedHosts shows: WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Client Type Name SourceOfValue Value ---- ---- ------------- ----- System.String TrustedHosts GPO * The event viwer saves this: Event ID 11: WSMan API Call :: Creating WSMan shell with the ResourceUri: http://schemas.microsoft.com/powershell/Microsoft.Exchange and ShellId: bla-bla-bla Event ID 254: :: Activity Transfer Event ID 161: User authentication :: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". even did a C:\WINDOWS\system32>winrm invoke Restore winrm/Config Restore_OUTPUT (edit) and yes id did:> winrm quickconfig several times during the troubleshooting, but the result is: WinRM service is already running on this machine. WinRM is already set up for remote management on this computer. (another edit) With another profile in the same machine, the connection fails. Using the same user in a new machine, connection is successful. (edit after testing with other computer) I was able to apply the same restrictive MDM policies on another device and revert them back. the other device is connecting with basic authentication, but the problematic device still won't do the authentication even with it set to true, as seen in the current config: PS C:\Windows\System32> winrm get winrm/config Config MaxEnvelopeSizekb = 500 MaxTimeoutms = 60000 MaxBatchItems = 32000 MaxProviderRequests = 4294967295 Client NetworkDelayms = 5000 URLPrefix = wsman AllowUnencrypted = false [Source="GPO"] Auth Basic = true [Source="GPO"] Digest = false [Source="GPO"] Kerberos = true Negotiate = true Certificate = true CredSSP = false DefaultPorts HTTP = 5985 HTTPS = 5986 TrustedHosts Service RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD) MaxConcurrentOperations = 4294967295 MaxConcurrentOperationsPerUser = 1500 EnumerationTimeoutms = 240000 MaxConnections = 300 MaxPacketRetrievalTimeSeconds = 120 AllowUnencrypted = false [Source="GPO"] Auth Basic = true [Source="GPO"] Kerberos = true Negotiate = true Certificate = false CredSSP = false CbtHardeningLevel = Relaxed DefaultPorts HTTP = 5985 HTTPS = 5986 IPv4Filter = * IPv6Filter = * EnableCompatibilityHttpListener = false EnableCompatibilityHttpsListener = false CertificateThumbprint AllowRemoteAccess = true Winrs AllowRemoteShellAccess = true IdleTimeout = 7200000 MaxConcurrentUsers = 2147483647 MaxShellRunTime = 2147483647 MaxProcessesPerShell = 2147483647 MaxMemoryPerShellMB = 2147483647 MaxShellsPerUser = 2147483647 Can any one share some path for this? Edit: Just moved to PS7 and the error changed a bit: New-ExoPSSession: C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\0.3582.0\ExchangeOnlineManagement.psm1:401 Line | 401 | … PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, | Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.. .

Deploying in-house ACME server for Microsoft ADCS? Posted: 06 Jun 2021 03:00 PM PDT I'm quite new to ACME, but already somewhat experienced with ADCS (Active Directory Certificate Services). We use ADCS for all our internal needs: client auth, VPN, EFS etc., also for issuing TLS certificates. Now, you may have already heard that Apple will no longer honor certificates with >1 year lifetime starting September 1st; this will put some strain on our limited webmaster resources (and to add insult to injury, every department has their own webmasters). I figured that maybe the easy way out is to implement in-house ACME using ADCS, but after some googling I have to admit I haven't found a solution that does it. Is it my poor googling skills, or there's just no such software?

all required agent virtual machines are not currently deployed on host 'hostname' Posted: 06 Jun 2021 09:03 PM PDT Getting the above error on a virtual machine. Powered it off, added more RAM, tried to power it on again. Now I get this error Does anyone know what this means or how to fix it?

Btrfs check repair give device busy. How to see what it keeps busy? Posted: 06 Jun 2021 05:03 PM PDT I am in a chicken-egg situation for my secondary harddrive (non boot): My BTRFS mount has gone readonly because no space left. btrfs filesystem resize only works on mounted volumes. I needed to umount this ro mount in force mode (because of device busy). If I try to mount rw it fails because of errors (most likely caused by no space left) If I try to run btrfs check --repair it gives device busy What to do to find out what keeps /dev/sda busy? My hdd is listed in /etc/fstab, does that matter (UUID=262a8d86-279a-4f6b-8968-32e200c32255 /mnt/hdd btrfs defaults,compress=zlib 0 1)??? I tried: lsof | grep /dev/s -> nothing lsof | grep /mnt/hdd-> nothing The same for fuser -> nothing So: mount -o recovery /dev/sda /mnt/hdd [63035.539792] BTRFS error (device sda): Remounting read-write after error is not allowed If I try to run: root@myhost:/mnt# btrfs check --repair /dev/sda enabling repair mode ERROR: cannot open device '/dev/sda': Device or resource busy ERROR: cannot open file system

No 'Access-Control-Allow-Origin' header is present on the requested resource -- But it is? Posted: 06 Jun 2021 03:04 PM PDT My /etc/apache2/sites-enabled/example.com.conf on a remote server looks like this... <VirtualHost *:80> ServerAdmin admin@example.com ServerName example.com ServerAlias images.example.com Header set Access-Control-Allow-Origin "*" DocumentRoot /home/username/var/www/example.com/public_html/ ErrorLog /home/username/var/www/example.com/logs/error.log CustomLog /home/username/var/www/example.com/logs/access.log combined </VirtualHost> I'm running a Django project on my local machine. The project makes a GET request to the remote server to read a JSON file: http://images.remote-server.com/dir/subdir/info.json But I see this error in my browser's console. Failed to load http://images.remote-server.com/dir/subdir/info.json: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access. I see nothing in my error.log. How do I correctly set the 'Access-Control-Allow-Origin' in my .conf file?

Routing to subdirectory as new route with nGinx Posted: 06 Jun 2021 04:04 PM PDT Here is my current server block (below). I have a separate wordpress blog installed on /blog and need to route /blog to the directory "/home/forge/example.com/public/blog". I've tried a few options and at a loss so any advice is gratefully received. # FORGE CONFIG (DOT NOT REMOVE!) include forge-conf/example.com/before/*; server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name example.com; root /home/forge/example.com/public; # FORGE SSL (DO NOT REMOVE!) ssl_certificate /etc/nginx/ssl/example.com/server.crt; ssl_certificate_key /etc/nginx/ssl/example.com/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'REMOVED FOR DEMO'; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparams.pem; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; index index.html index.htm index.php; charset utf-8; # FORGE CONFIG (DOT NOT REMOVE!) include forge-conf/example.com/server/*; location / { try_files $uri $uri/ /index.php?$query_string; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } access_log off; error_log /var/log/nginx/example.com-error.log error; error_page 404 /index.php; location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; fastcgi_index index.php; include fastcgi_params; } location ~ /\.(?!well-known).* { deny all; } } # FORGE CONFIG (DOT NOT REMOVE!) include forge-conf/example.com/after/*; Here is what I've tried adding: location /blog/ { root /home/forge/example.com/public/blog; try_files $uri $uri/ /index.php?$query_string; } # the images need a seperate entry as we dont want to concatenate that with index.php location ~ /blog/.+\.(jpg|jpeg|gif|css|png|js|ico|xml)$ { root /home/forge/example.com/public/blog; } # pass the PHP scripts to FastCGI server location ~ /blog/.+\.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; allow 127.0.0.1; # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini # With php5-fpm: fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; }

Enabling SNI with appcmd.exe Posted: 06 Jun 2021 07:02 PM PDT We currently use appcmd.exe to create IIS websites on the fly with the necessary http/https bindings, e.g. appcmd add site /name:www.example.com /bindings:"http://www.example.com:80","https://www.example.com:443" /physicalPath:"c:\sites\www.example.com" Is there a way to tell the https binding to use SNI? We're using IIS8.5 / Windows 2012 R2

Configuring hostname on ubuntu 14.04 returns "unknown instance" Posted: 06 Jun 2021 10:07 PM PDT I am having trouble understanding the concept of configuring the hostname on Ubuntu 14.04. The machine is configured to run several services like webserver, but also needs to have sendmail running. Therefore I am trying to configure the fqdn via /etc/hosts # IPv4 127.0.0.1 localhost 136.243.84.106 staging.mailserver.mydomain.com mail # IPv6 ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts 2a01:4f8:212:27c8::2 fx1 then I try to restart hostname: sudo service hostname restart This returns following error message: stop: Unknown instance: hostname stop/waiting What is the problem causing this? The configuration looks OK as far as I can tell. Thank you for any help ont this.

Changing source MAC address of routed packets Posted: 06 Jun 2021 06:04 PM PDT I have linux box with one network interface and IP forwarding enabled. Let's say my IP address is 192.168.1.1 and MAC is 11:11:11:11:11:11. When a packet which is not targeted for my host arrives, it gets routed by the kernel and the outgoing packet has source MAC address 11:11:11:11:11:11, i.e. the MAC address of my host. I want to change this behavior and set a predefined source MAC address for all routed packets. Is it possible to achieve this with the standard networking tools available in Linux? If not, is it possible to implement this in user space with libraries like pcap?

Cannot get web root to be /var/www/html, despite setting it in apache2.conf and 000-default.conf Posted: 06 Jun 2021 08:06 PM PDT new to Linux and trying to set up a basic web server. I'm currently a bit confused, as the document root when you visit the server in a browser appears to be /var/www/. In both apache2.conf and 000-default.conf the DocumentRoot is set to /var/www/html, and I have restarted the apache2 service numerous times with no luck. I'm unsure as to what could be causing this - I have installed mod_security, but I don't think that should have any effect. For reference, current apache2.conf and 000-default.conf (I know some values are insanely high, will sort it once I can get everything running). Server IP: http://167.114.71.100/ As expected from apache2.conf, this gives a 403 forbidden. 167.114.71.100/html does work, however. Any ideas how I can make the default root 167.114.71.100/html? Thanks! apache2.conf: # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. # See for detailed information about # the directives and /usr/share/doc/apache2/README.Debian about Debian specific # hints. # # # Summary of how the Apache 2 configuration works in Debian: # The Apache 2 web server configuration in Debian is quite different to # upstream's suggested way to configure the web server. This is because Debian's # default Apache2 installation attempts to make adding and removing modules, # virtual hosts, and extra configuration directives as flexible as possible, in # order to make automating the changes and administering the server as easy as # possible. # It is split into several files forming the configuration hierarchy outlined # below, all located in the /etc/apache2/ directory: # # /etc/apache2/ # |-- apache2.conf # | `-- ports.conf # |-- mods-enabled # | |-- *.load # | `-- *.conf # |-- conf-enabled # | `-- *.conf # `-- sites-enabled # `-- *.conf # # # * apache2.conf is the main configuration file (this file). It puts the pieces # together by including all remaining configuration files when starting up the # web server. # # * ports.conf is always included from the main configuration file. It is # supposed to determine listening ports for incoming connections which can be # customized anytime. # # * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ # directories contain particular configuration snippets which manage modules, # global configuration fragments, or virtual host configurations, # respectively. # # They are activated by symlinking available configuration files from their # respective *-available/ counterparts. These should be managed by using our # helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See # their respective man pages for detailed information. # # * The binary is called apache2. Due to the use of environment variables, in # the default configuration, apache2 needs to be started/stopped with # /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not # work with the default configuration. Include /etc/phpmyadmin/apache.conf # Global configuration # # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # NOTE! If you intend to place this on an NFS (or otherwise network) # mounted filesystem then please read the Mutex documentation (available # at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>); # you will save yourself a lot of trouble. # # Do NOT add a slash at the end of the directory path. # #ServerRoot "/etc/apache2" # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # Mutex file:${APACHE_LOCK_DIR} default # # PidFile: The file in which the server should record its process # identification number when it starts. # This needs to be set in /etc/apache2/envvars # PidFile ${APACHE_PID_FILE} # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to "Off" to deactivate. # KeepAlive On # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We recommend you leave this number high, for maximum performance. # MaxKeepAliveRequests 100 # # KeepAliveTimeout: Number of seconds to wait for the next request from the # same client on the same connection. # KeepAliveTimeout 5 # These need to be set in /etc/apache2/envvars User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} # # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). # The default is off because it'd be overall better for the net if people # had to knowingly turn this feature on, since enabling it means that # each client request will result in AT LEAST one lookup request to the # nameserver. # HostnameLookups Off # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. # ErrorLog ${APACHE_LOG_DIR}/error.log # # LogLevel: Control the severity of messages logged to the error_log. # Available values: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the log level for particular modules, e.g. # "LogLevel info ssl:warn" # LogLevel warn # Include module configuration: IncludeOptional mods-enabled/*.load IncludeOptional mods-enabled/*.conf # Include list of ports to listen on Include ports.conf # Sets the default security model of the Apache2 HTTPD server. It does # not allow access to the root filesystem outside of /usr/share and /var/www. # The former is used by web applications packaged in Debian, # the latter may be used for local directories served by the web server. If # your system is serving content from a sub-directory in /srv you must allow # access here, or in any related virtual host. <Directory /> Options FollowSymLinks AllowOverride None Require all denied </Directory> <Directory /usr/share> AllowOverride None Require all granted </Directory> <Directory /var/www/html> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> #<Directory /srv/> # Options Indexes FollowSymLinks # AllowOverride None # Require all granted #</Directory> # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <FilesMatch "^\.ht"> Require all denied </FilesMatch> # # The following directives define some format nicknames for use with # a CustomLog directive. # # These deviate from the Common Log Format definitions in that they use %O # (the actual bytes sent including headers) instead of %b (the size of the # requested file), because the latter makes it impossible to detect partial # requests. # # Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. # Use mod_remoteip instead. # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # Include of directories ignores editors' and dpkg's backup files, # see README.Debian for details. # Include generic snippets of statements IncludeOptional conf-enabled/*.conf # Include the virtual host configurations: IncludeOptional sites-enabled/*.conf 000-default.conf: <VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf </VirtualHost>

IPsec transport mode and MTU Posted: 06 Jun 2021 03:04 PM PDT [Similar to Right way to set the MTU of an IPsec Client (Linux/Racoon), but different in that there is no router on the responder side] I have a setup where machines in a local network need to talk to a Linux server in a datacenter. The router for the local network has a static external IP address, so I've configured a policy on both the router and the server to use IPsec in transport mode to speak to each other. This works fine for small packets, however the server cannot accurately determine the MTU for outgoing packets, leading to connection hangs. What is the best way to avoid these issues? Ideas so far: limit the MTU in the routing table. This requires a static route on the server and basically works, but breaks for mobile ("roadwarrior") clients when I introduce them in two weeks. use iptables to modify the TCPMSS setting on incoming packets. This appears to have no real effect, and would not work for UDP.

install-man5 Error 1 after running 'make install' after compiling NUT (Network UPS Tools) Posted: 06 Jun 2021 08:06 PM PDT In an attempt to solve my NUT energy-saving problem that I've asked about in a lengthy serverfault question, I read that in the latest NUT version, nutdriver_qx replaces blazer_ser and I think it's worth trying nutdriver_qx as it might allow me to disable energy-saving on my UPS. I've followed these steps to compile Network UPS Tools and have successfully compiled it, I have drivers/nutdriver_qx binary afterwards. I've tried copying the binary into /lib/nut but that didn't work. So now I'm trying make make install (as root) but got stuck with some error relating to manuals or something? make install Making install in include make[1]: Entering directory `/nut-master/include' NUT_VERSION: "2.7.2.5" test -f nut_version.h || cp _nut_version.h nut_version.h cmp -s _nut_version.h nut_version.h || cp _nut_version.h nut_version.h rm -f _nut_version.h make install-am make[2]: Entering directory `/nut-master/include' make[3]: Entering directory `/nut-master/include' make[3]: Nothing to be done for `install-exec-am'. make[3]: Nothing to be done for `install-data-am'. make[3]: Leaving directory `/nut-master/include' make[2]: Leaving directory `/nut-master/include' make[1]: Leaving directory `/nut-master/include' Making install in common make[1]: Entering directory `/nut-master/common' make[2]: Entering directory `/nut-master/common' make[2]: Nothing to be done for `install-exec-am'. make[2]: Nothing to be done for `install-data-am'. make[2]: Leaving directory `/nut-master/common' make[1]: Leaving directory `/nut-master/common' Making install in clients make[1]: Entering directory `/nut-master/clients' make[2]: Entering directory `/nut-master/clients' /bin/mkdir -p '/usr/local/ups/lib' /bin/bash ../libtool --mode=install /usr/bin/install -c libupsclient.la libnutclient.la '/usr/local/ups/lib' libtool: install: /usr/bin/install -c .libs/libupsclient.so.4.0.0 /usr/local/ups/lib/libupsclient.so.4.0.0 libtool: install: (cd /usr/local/ups/lib && { ln -s -f libupsclient.so.4.0.0 libupsclient.so.4 || { rm -f libupsclient.so.4 && ln -s libupsclient.so.4.0.0 libupsclient.so.4; }; }) libtool: install: (cd /usr/local/ups/lib && { ln -s -f libupsclient.so.4.0.0 libupsclient.so || { rm -f libupsclient.so && ln -s libupsclient.so.4.0.0 libupsclient.so; }; }) libtool: install: /usr/bin/install -c .libs/libupsclient.lai /usr/local/ups/lib/libupsclient.la libtool: install: /usr/bin/install -c .libs/libnutclient.so.0.0.0 /usr/local/ups/lib/libnutclient.so.0.0.0 libtool: install: (cd /usr/local/ups/lib && { ln -s -f libnutclient.so.0.0.0 libnutclient.so.0 || { rm -f libnutclient.so.0 && ln -s libnutclient.so.0.0.0 libnutclient.so.0; }; }) libtool: install: (cd /usr/local/ups/lib && { ln -s -f libnutclient.so.0.0.0 libnutclient.so || { rm -f libnutclient.so && ln -s libnutclient.so.0.0.0 libnutclient.so; }; }) libtool: install: /usr/bin/install -c .libs/libnutclient.lai /usr/local/ups/lib/libnutclient.la libtool: install: /usr/bin/install -c .libs/libupsclient.a /usr/local/ups/lib/libupsclient.a libtool: install: chmod 644 /usr/local/ups/lib/libupsclient.a libtool: install: ranlib /usr/local/ups/lib/libupsclient.a libtool: install: /usr/bin/install -c .libs/libnutclient.a /usr/local/ups/lib/libnutclient.a libtool: install: chmod 644 /usr/local/ups/lib/libnutclient.a libtool: install: ranlib /usr/local/ups/lib/libnutclient.a libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin" ldconfig -n /usr/local/ups/lib ---------------------------------------------------------------------- Libraries have been installed in: /usr/local/ups/lib If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,-rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- /bin/mkdir -p '/usr/local/ups/bin' /bin/bash ../libtool --mode=install /usr/bin/install -c upsc upslog upsrw upscmd '/usr/local/ups/bin' libtool: install: /usr/bin/install -c .libs/upsc /usr/local/ups/bin/upsc libtool: install: /usr/bin/install -c .libs/upslog /usr/local/ups/bin/upslog libtool: install: /usr/bin/install -c .libs/upsrw /usr/local/ups/bin/upsrw libtool: install: /usr/bin/install -c .libs/upscmd /usr/local/ups/bin/upscmd /bin/mkdir -p '/usr/local/ups/bin' /usr/bin/install -c upssched-cmd '/usr/local/ups/bin' /bin/mkdir -p '/usr/local/ups/sbin' /bin/bash ../libtool --mode=install /usr/bin/install -c upsmon upssched '/usr/local/ups/sbin' libtool: install: /usr/bin/install -c .libs/upsmon /usr/local/ups/sbin/upsmon libtool: install: /usr/bin/install -c upssched /usr/local/ups/sbin/upssched make[2]: Leaving directory `/nut-master/clients' make[1]: Leaving directory `/nut-master/clients' Making install in conf make[1]: Entering directory `/nut-master/conf' make[2]: Entering directory `/nut-master/conf' /bin/mkdir -p '/usr/local/ups/etc' /usr/bin/install -c -m 644 upsd.conf.sample upsd.users.sample nut.conf.sample ups.conf.sample '/usr/local/ups/etc' /bin/mkdir -p '/usr/local/ups/etc' /usr/bin/install -c -m 644 upssched.conf.sample upsmon.conf.sample '/usr/local/ups/etc' make[2]: Nothing to be done for `install-data-am'. make[2]: Leaving directory `/nut-master/conf' make[1]: Leaving directory `/nut-master/conf' Making install in data make[1]: Entering directory `/nut-master/data' Making install in html make[2]: Entering directory `/nut-master/data/html' make[3]: Entering directory `/nut-master/data/html' make[3]: Nothing to be done for `install-exec-am'. make[3]: Leaving directory `/nut-master/data/html' make[2]: Leaving directory `/nut-master/data/html' make[2]: Entering directory `/nut-master/data' make[3]: Entering directory `/nut-master/data' make[3]: Nothing to be done for `install-exec-am'. /bin/mkdir -p '/usr/local/ups/share' /usr/bin/install -c -m 644 cmdvartab '/usr/local/ups/share' /bin/mkdir -p '/usr/local/ups/share' /usr/bin/install -c -m 644 driver.list '/usr/local/ups/share' make[3]: Leaving directory `/nut-master/data' make[2]: Leaving directory `/nut-master/data' make[1]: Leaving directory `/nut-master/data' Making install in tools make[1]: Entering directory `/nut-master/tools' Making install in . make[2]: Entering directory `/nut-master/tools' make[3]: Entering directory `/nut-master/tools' make[3]: Nothing to be done for `install-exec-am'. make[3]: Nothing to be done for `install-data-am'. make[3]: Leaving directory `/nut-master/tools' make[2]: Leaving directory `/nut-master/tools' Making install in nut-scanner make[2]: Entering directory `/nut-master/tools/nut-scanner' make install-am make[3]: Entering directory `/nut-master/tools/nut-scanner' make[4]: Entering directory `/nut-master/tools/nut-scanner' /bin/mkdir -p '/usr/local/ups/lib' /bin/bash ../../libtool --mode=install /usr/bin/install -c libnutscan.la '/usr/local/ups/lib' libtool: install: /usr/bin/install -c .libs/libnutscan.so.1.0.0 /usr/local/ups/lib/libnutscan.so.1.0.0 libtool: install: (cd /usr/local/ups/lib && { ln -s -f libnutscan.so.1.0.0 libnutscan.so.1 || { rm -f libnutscan.so.1 && ln -s libnutscan.so.1.0.0 libnutscan.so.1; }; }) libtool: install: (cd /usr/local/ups/lib && { ln -s -f libnutscan.so.1.0.0 libnutscan.so || { rm -f libnutscan.so && ln -s libnutscan.so.1.0.0 libnutscan.so; }; }) libtool: install: /usr/bin/install -c .libs/libnutscan.lai /usr/local/ups/lib/libnutscan.la libtool: install: /usr/bin/install -c .libs/libnutscan.a /usr/local/ups/lib/libnutscan.a libtool: install: chmod 644 /usr/local/ups/lib/libnutscan.a libtool: install: ranlib /usr/local/ups/lib/libnutscan.a libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin" ldconfig -n /usr/local/ups/lib ---------------------------------------------------------------------- Libraries have been installed in: /usr/local/ups/lib If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,-rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- /bin/mkdir -p '/usr/local/ups/bin' /bin/bash ../../libtool --mode=install /usr/bin/install -c nut-scanner '/usr/local/ups/bin' libtool: install: /usr/bin/install -c .libs/nut-scanner /usr/local/ups/bin/nut-scanner make[4]: Leaving directory `/nut-master/tools/nut-scanner' make[3]: Leaving directory `/nut-master/tools/nut-scanner' make[2]: Leaving directory `/nut-master/tools/nut-scanner' make[1]: Leaving directory `/nut-master/tools' Making install in docs make[1]: Entering directory `/nut-master/docs' Making install in man make[2]: Entering directory `/nut-master/docs/man' Using existing nut.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing ups.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsd.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsd.users.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsmon.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upssched.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing nutupsdrv.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsc.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upscmd.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsd.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsdrvctl.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upslog.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsmon.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsrw.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upssched.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing nut-scanner.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing nut-recorder.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing al175.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing apcsmart.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing apcsmart-old.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing bcmxcp.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing belkin.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing belkinunv.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing bestfortress.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing bestuferrups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing bestups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing bestfcom.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing blazer_ser.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing clone.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing dummy-ups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing etapro.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing everups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing gamatronic.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing genericups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing isbmex.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing ivtscd.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing liebert.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing liebert-esp2.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing masterguard.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing metasys.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing mge-shut.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing mge-utalk.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing nutdrv_qx.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing oneac.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing microdowell.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing optiups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing powercom.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing powerpanel.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing rhino.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing riello_ser.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing safenet.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing solis.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing tripplite.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing tripplitesu.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upscode2.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing victronups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing apcupsd-ups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. make[3]: Entering directory `/nut-master/docs/man' make[3]: Nothing to be done for `install-exec-am'. Using existing nut.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing ups.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsd.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsd.users.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsmon.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upssched.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. /bin/mkdir -p '/usr/local/ups/share/man/man5' /usr/bin/install -c -m 644 ./nut.conf.5 ./ups.conf.5 ./upsd.conf.5 ./upsd.users.5 ./upsmon.conf.5 ./upssched.conf.5 '/usr/local/ups/share/man/man5' /usr/bin/install: cannot stat `./nut.conf.5': No such file or directory /usr/bin/install: cannot stat `./ups.conf.5': No such file or directory /usr/bin/install: cannot stat `./upsd.conf.5': No such file or directory /usr/bin/install: cannot stat `./upsd.users.5': No such file or directory /usr/bin/install: cannot stat `./upsmon.conf.5': No such file or directory /usr/bin/install: cannot stat `./upssched.conf.5': No such file or directory make[3]: *** [install-man5] Error 1 make[3]: Leaving directory `/nut-master/docs/man' make[2]: *** [install-am] Error 2 make[2]: Leaving directory `/nut-master/docs/man' make[1]: *** [install-recursive] Error 1 make[1]: Leaving directory `/nut-master/docs' make: *** [install-recursive] Error 1 in response to a comment, the make command runs without errors $ make Making all in include make[1]: Entering directory `/nut-master/include' NUT_VERSION: "2.7.2.5" test -f nut_version.h || cp _nut_version.h nut_version.h cmp -s _nut_version.h nut_version.h || cp _nut_version.h nut_version.h rm -f _nut_version.h make all-am make[2]: Entering directory `/nut-master/include' make[2]: Leaving directory `/nut-master/include' make[1]: Leaving directory `/nut-master/include' Making all in common make[1]: Entering directory `/nut-master/common' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/nut-master/common' Making all in clients make[1]: Entering directory `/nut-master/clients' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/nut-master/clients' Making all in conf make[1]: Entering directory `/nut-master/conf' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/nut-master/conf' Making all in data make[1]: Entering directory `/nut-master/data' Making all in html make[2]: Entering directory `/nut-master/data/html' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/nut-master/data/html' make[2]: Entering directory `/nut-master/data' make[2]: Nothing to be done for `all-am'. make[2]: Leaving directory `/nut-master/data' make[1]: Leaving directory `/nut-master/data' Making all in tools make[1]: Entering directory `/nut-master/tools' Making all in . make[2]: Entering directory `/nut-master/tools' make[2]: Nothing to be done for `all-am'. make[2]: Leaving directory `/nut-master/tools' Making all in nut-scanner make[2]: Entering directory `/nut-master/tools/nut-scanner' make all-am make[3]: Entering directory `/nut-master/tools/nut-scanner' make[3]: Nothing to be done for `all-am'. make[3]: Leaving directory `/nut-master/tools/nut-scanner' make[2]: Leaving directory `/nut-master/tools/nut-scanner' Regenerating the SNMP helper files. Regenerating the USB helper files. make[1]: Leaving directory `/nut-master/tools' Making all in docs make[1]: Entering directory `/nut-master/docs' Making all in man make[2]: Entering directory `/nut-master/docs/man' Using existing nut.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing ups.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsd.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsd.users.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsmon.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upssched.conf.5 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing nutupsdrv.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsc.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upscmd.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsd.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsdrvctl.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upslog.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsmon.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upsrw.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upssched.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing nut-scanner.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing nut-recorder.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing al175.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing apcsmart.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing apcsmart-old.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing bcmxcp.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing belkin.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing belkinunv.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing bestfortress.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing bestuferrups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing bestups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing bestfcom.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing blazer_ser.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing clone.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing dummy-ups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing etapro.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing everups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing gamatronic.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing genericups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing isbmex.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing ivtscd.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing liebert.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing liebert-esp2.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing masterguard.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing metasys.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing mge-shut.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing mge-utalk.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing nutdrv_qx.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing oneac.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing microdowell.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing optiups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing powercom.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing powerpanel.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing rhino.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing riello_ser.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing safenet.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing solis.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing tripplite.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing tripplitesu.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing upscode2.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing victronups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. Using existing apcupsd-ups.8 manual page, since 'asciidoc', 'xmllint' or 'xsltproc' were not found. make[2]: Leaving directory `/nut-master/docs/man' make[2]: Entering directory `/nut-master/docs' make[2]: Nothing to be done for `all-am'. make[2]: Leaving directory `/nut-master/docs' make[1]: Leaving directory `/nut-master/docs' Making all in drivers make[1]: Entering directory `/nut-master/drivers' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/nut-master/drivers' Making all in lib make[1]: Entering directory `/nut-master/lib' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/nut-master/lib' Making all in scripts make[1]: Entering directory `/nut-master/scripts' Making all in augeas make[2]: Entering directory `/nut-master/scripts/augeas' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/nut-master/scripts/augeas' Making all in devd make[2]: Entering directory `/nut-master/scripts/devd' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/nut-master/scripts/devd' Making all in hotplug make[2]: Entering directory `/nut-master/scripts/hotplug' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/nut-master/scripts/hotplug' Making all in python make[2]: Entering directory `/nut-master/scripts/python' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/nut-master/scripts/python' Making all in systemd make[2]: Entering directory `/nut-master/scripts/systemd' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/nut-master/scripts/systemd' Making all in udev make[2]: Entering directory `/nut-master/scripts/udev' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/nut-master/scripts/udev' Making all in Solaris make[2]: Entering directory `/nut-master/scripts/Solaris' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/nut-master/scripts/Solaris' make[2]: Entering directory `/nut-master/scripts' make[2]: Nothing to be done for `all-am'. make[2]: Leaving directory `/nut-master/scripts' make[1]: Leaving directory `/nut-master/scripts' Making all in server make[1]: Entering directory `/nut-master/server' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/nut-master/server' Making all in tests make[1]: Entering directory `/nut-master/tests' make[1]: Nothing to be done for `all'. make[1]: Leaving directory `/nut-master/tests' make[1]: Entering directory `/nut-master' make[1]: Nothing to be done for `all-am'. make[1]: Leaving directory `/nut-master'

AWS connection error: Permission denied (publickey) Posted: 06 Jun 2021 06:04 PM PDT Sorry if this sounds redundant to you but trust me its not. I have tried almost majority of the links related to this problem but nothing is working for me so far. I even tried this article two. Below is what I have tried so far Permission of the keys 400 as well 600 ubuntu as the username because its the Ubuntu 14.04 IP is correct and I even tried public dns as well Key is attached to the instance AWS Java client (MindTerm) using FireFox browser. But it gives error after i press enter when it shows me this line against my IP. Even if I get lucky it would just ask username which i give ubuntu and then it exits giving error "I/O error - read failed: unknown error" or either just take me back to the IP step. MindTerm home: /home/waqas/.mindterm/ SSH Server/Alias: 54.191.37.141 Connected to server running SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 Server's hostkey (ssh-rsa) fingerprint: openssh md5: 95:44:f1:40:07:90:00:2a:7d:9a:1f:49:a1:71:8a:0b bubblebabble: xilon-segen-tufep-manir-rekad-lucag-fetoz-sover-hyhuh-kafiz-kixox The last thing I did before this issue was that 2 days ago I was trying to install the FTP server on my client using this link http://www.krizna.com/ubuntu/setup-ftp-server-on-ubuntu-14-04-vsftpd/. Unfortunately this link didnt work as expected and I ended up with no success in FTP logins. And today when I tried to login using my keypair its giving me error. Below is the log for my ssh attempt waqas@waqas-itu:~/Downloads/key$ ssh -v -i test.pem ubuntu@54.191.37.141 OpenSSH_6.0p1 Debian-3ubuntu1.2, OpenSSL 1.0.1c 10 May 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 54.191.37.141 [54.191.37.141] port 22. debug1: Connection established. debug1: identity file test.pem type -1 debug1: identity file test.pem-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-3ubuntu1.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA 80:dd:8f:50:a3:80:81:00:39:06:e4:05:6e:f3:1f:16 debug1: Host '54.191.37.141' is known and matches the ECDSA host key. debug1: Found key in /home/waqas/.ssh/known_hosts:108 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: testserverpem.pem debug1: Authentications that can continue: publickey debug1: Offering RSA public key: waqas.jamal@***.com debug1: Authentications that can continue: publickey debug1: Trying private key: test.pem debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey debug1: No more authentication methods to try. Permission denied (publickey).

Foreman errors out when provisioning using an ms-dhcp/dns smart proxy Posted: 06 Jun 2021 09:03 PM PDT Im running foreman, with smart-proxy on a win2k12 r2 box running ad/dhcp/dns. When i try to provision smart proxy dumps this to the logs: Changed the current scope context to 192.168.20.0 scope. The specified option does not exist. E, [2014-09-11T19:31:03.050843 #6068] ERROR -- : Unknown error while processing '' E, [2014-09-11T19:34:20.342416 #6068] ERROR -- : Netsh failed: Changed the current scope context to 192.168.20.0 scope. The specified option does not exist. E, [2014-09-11T19:34:20.342416 #6068] ERROR -- : Unknown error while processing '' foreman web interface says Create DHCP Settings for testbox2.devita.co task failed with the following error: ERF12-6899 [ProxyAPI::ProxyException]: Unable to set DHCP entry ([RestClient::BadRequest]: 400 Bad Request) for proxy https://win1.devita.co:8443/dhcp smart-proxy stdout looks like this: 92.168.20.105 - - [11/Sep/2014 19:30:44] "GET /dhcp/192.168.20.0/unused_ip?from 192.168.20.100&to=192.168.20.200 HTTP/1.1" 200 23 1.4821 oreman.devita.co - - [11/Sep/2014:19:30:42 US Mountain Standard Time] "GET /dhc /192.168.20.0/unused_ip?from=192.168.20.100&to=192.168.20.200 HTTP/1.1" 200 23 -> /dhcp/192.168.20.0/unused_ip?from=192.168.20.100&to=192.168.20.200 92.168.20.105 - - [11/Sep/2014 19:31:03] "POST /dhcp/192.168.20.0 HTTP/1.1" 400 33 1.0671 oreman.devita.co - - [11/Sep/2014:19:31:01 US Mountain Standard Time] "POST /dh p/192.168.20.0 HTTP/1.1" 400 33 -> /dhcp/192.168.20.0 he system cannot find the path specified. 92.168.20.105 - - [11/Sep/2014 19:32:33] "GET /dhcp/192.168.20.0/unused_ip?from 192.168.20.100&to=192.168.20.200 HTTP/1.1" 200 23 1.4941 oreman.devita.co - - [11/Sep/2014:19:32:32 US Mountain Standard Time] "GET /dhc /192.168.20.0/unused_ip?from=192.168.20.100&to=192.168.20.200 HTTP/1.1" 200 23 -> /dhcp/192.168.20.0/unused_ip?from=192.168.20.100&to=192.168.20.200 he system cannot find the path specified. 92.168.20.105 - - [11/Sep/2014 19:34:00] "GET /dhcp/192.168.20.0/unused_ip?from 192.168.20.100&to=192.168.20.200 HTTP/1.1" 200 23 1.5431 oreman.devita.co - - [11/Sep/2014:19:33:59 US Mountain Standard Time] "GET /dhc /192.168.20.0/unused_ip?from=192.168.20.100&to=192.168.20.200 HTTP/1.1" 200 23 -> /dhcp/192.168.20.0/unused_ip?from=192.168.20.100&to=192.168.20.200 92.168.20.105 - - [11/Sep/2014 19:34:20] "POST /dhcp/192.168.20.0 HTTP/1.1" 400 33 0.9841

DNS and Active Directory configuration for a branch office Posted: 06 Jun 2021 04:04 PM PDT We've got a branch office with no on-site services at the moment, and we'd like to change that. The biggest goal is to setup some file servers but faster logins and DNS resolution will be welcome as well. I'm doing some experiments with some VMs on a separate subnet/VLAN so let's say I've got forest and domain domain.com: There is a single site Office with a subnet 192.168.1/24 and a single Primary DNS zone domain.com Added a secondary site TestSite with a subnet 192.168.100/24 Created 192.168.100 reverse lookup zone in DNS Created a VM Branch-DC01 running Server 2012, with IP address 192.168.100.1 Added to domain.com as member Installed AD DS as a Read Only Domain Controller (RODC) in TestSite The main DNS server for Branch-DC01.domain.com is 127.0.0.1 Setup DHCP scope for the new server and configured for DHCP to always update DNS Created Branch-PC01 VM running Windows 8 and added to domain.com Branch-PC01 got IP address of 192.168.100.20 from DHCP, DNS server 192.168.100.1, entry for the member in the forward lookup zone domain.com present but not in the reverse lookup zone (significant?) On Branch-PC01 executed nslookup domain.com - result came back with IP addresses of the main DCs from the Office site (192.168.1 subnet) Now this isn't right in my mind - shouldn't it return 192.168.100.1? Or am I misunderstanding the whole concept--and how are the logons supposed to be quicker? Do I need a separate DNS zone (how would that work without a subdomain which I don't want to create, unless required)? Any ideas/articles which I can be pointed to would be great; I've read through a bunch of TechNet articles and am none the wiser. Thanks Update Many thanks to @TheCleaner and @charleswj81 your efforts are appreciated. I've just tried nltest and the result is the same from the branch DC and client PC: U:\>nltest /dsgetdc:domain.com /server:Branch-DC01.domain.com DC: \\Branch-DC01.domain.com Address: \\192.168.100.1 Dom Guid: d97516d3-4afb-4f0a-8c3f-04a800cd69fb Dom Name: domain.com Forest Name: domain.com Dc Site Name: TestSite Our Site Name: TestSite Flags: GC DS LDAP KDC TIMESERV DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE P ARTIAL_SECRET WS DS_8 The command completed successfully Update 2 Cleaned DNS entries so any _sites containers with TestSite has only SRV records for Branch-DC01 which after restart of the client didn't help. nltest on the client: `U:>nltest /dsgetdc:domain.com DC: \\DC01.domain.com Address: \\192.168.1.3 Dom Guid: d97516d3-4afb-4f0a-8c3f-04a800cd69fb Dom Name: domain.com Forest Name: domain.com Dc Site Name: Office Our Site Name: TestSite Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST FULL_SECRET WS The command completed successfully`

Exim SMTP Smarthost Setup Posted: 06 Jun 2021 05:03 PM PDT I used these settings to set up exim to use gmail as a smarthost, which worked. However, I don't seem to be able to use these settings against other smtp servers, such as Yahoo or Fastmail (both with port 465 instead of 587). Both of these fail with the message defer (-18): Remote host smtp.example.com [x.x.x.x] closed connection in response to initial connection. Is there anything wrong with these settings? What could be going wrong? my_route: driver = manualroute domains = ! +local_domains transport = my_relay route_list = * smtp.mail.yahoo.com my_relay: driver = smtp port = 465 hosts_require_auth = $host_address hosts_require_tls = $host_address my_login: driver = plaintext public_name = LOGIN hide client_send = : my_username@yahoo.com : my_password

What naming convention do Windows DHCP logs use when they overflow? Posted: 06 Jun 2021 10:07 PM PDT We have some issues with DNS and DHCP interacting, so we're archiving the DHCP event logs using PowerShell and dumping the contents to an SQL database for later analysis. However, the archive script is only grabbing files named 'DhcpSrvLog-$day.log' (where $day is Mon, Tue, etc.). However, the log files are limited to 10MB in size. After that point, they overflow, but we can't find any documentation on what the next log file is called. It doesn't overflow often, but on the days that it does the first file often rolls over or overflows at 3pm. I'd like to be able to archive the complete log files on the days the system is logging so much, and I'm assuming Windows doesn't just stop writing the logs. Is there any way to either increase the log size (I believe this is fixed) or can someone tell me the convention for the second log of a given day? OS is Windows Server 2008 R2 x64. [For reference, the issues we're looking for themselves are likely related to the system being upgraded continually since the mid 90's. It was originally a Novell domain, then NT 3.51 --> NT 4 --> 2k --> 2k3 --> 2k8 --> 2k8 R2... plus several custom schema extensions which don't work well at all and a history of administrators who had no idea what they were doing. The domain has more issues than Time magazine, so this problem doesn't surprise anyone. We're in the process of moving to a brand new domain, but we're trying to troubleshoot this DHCP/DNS issue to make sure the same problem doesn't happen on the new domain, too.]

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States