| On CentOS 6 and 7 , I have a single user who cannot access his group's folder while all other users of this same group can Posted: 29 Aug 2021 10:27 PM PDT I'm new to serverfault, sorry to post yet another "Permission denied issue", but after checking out all the existing answers I still don't have the slightess clue of what's going on with our system. So our directories are set up like this: project_a
├── a_1
└── a_2 Info of each directory is: drwxr-x---. root group_a project_a drwxr-s---. root group_a1 a_1 drwxr-s---. root group_a2 a_2
As such, a non-root user would need to be in group_a and group_a1 at the same time to access directory a_1.
All users in my question are inside group_a, group_a1, group_a2, and can be verified so using the id command. Yet there's one of them who is unable to access a_1 or a_2, despite being in all three groups listed above. He could, however, access project_a, but that's it. Everyone else can access all three directories just fine. And so I haven't found any relevant solutions to my issue. Can anybody help me with this? Thanks!  |
| Change Kubernetes CNI from Weavenet to Calico Posted: 29 Aug 2021 09:02 PM PDT I have a Kubernetes cluster with 3 masters and 3 workers, this cluster uses Weavenet as network CNI and I want to change network CNI and use Calico, can I change it inplace without removing resources? this is my cluster version: $kubectl version Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:50:19Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"windows/amd64"} Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.3", GitCommit:"1e11e4a2108024935ecfcb2912226cedeafd99df", GitTreeState:"clean", BuildDate:"2020-10-14T12:41:49Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}
 |
| MYSQL: Many slave servers with smaller resources or less with larger resources Posted: 29 Aug 2021 09:47 PM PDT I want to create High availability with Master Slave replication (for Select query). I am wondering which one is better: - Having smaller resources slaves but more servers or
- Having larger resources slaves but less servers
I only use One Master for modify query: (update / insert / delete)  |
| Diiferent Hash values for CMD.EXE Posted: 29 Aug 2021 07:41 PM PDT While checking the SHA256 hash values for CMD.EXE I have found below values. 1.b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450 2.bc866cfcdda37e24dc2634dc282c7a0e6f55209da17a8fa105b07414c0e7c527 3.6f88fb88ffb0f1d5465c2826e5b4f523598b1b8378377c8378ffebc171bad18b Why there are 3 different CMD.EXE files ?  |
| Is it possible to backup a LVM disk to an external server? Posted: 29 Aug 2021 06:56 PM PDT Over the past month I've been putting my mind into how LVM works. The initial thought was that it is very flexible, I was surprised the system could still run while moving the disk to another local disk.
I couldn't find much info in this online, but it seem like a thing that should be possible to do. Maybe it's not practical, or generally not a good solution (?). The articles I read, were all surrounding local disks, not external. When I say backup, I mean the whole disk/partition, not snapshot. Let's say I have 4 servers all running LVM, and I would like to backup all the disks to a big storage server, is that possible? If it is possible, what would be the cons with such a configuration?  |
| DDOS Attack to http server and iptables doesn't help (i have access_log) Posted: 29 Aug 2021 06:25 PM PDT Im under a DDOS attack that target http server, i try iptables and other measures but nothing seems to work. Here is part of access_log: https://pastebin.com/6JFKmUi8 Lot of connections but iptables won't stop the attack, there is my iptables rules: iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -s 147.135.37.113 -j ACCEPT iptables -A INPUT -f -j DROP iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP iptables -N LOG_AND_DROP iptables -N PORT21 iptables -A PORT21 -m recent --set --name lp21 iptables -A PORT21 -m recent --update --seconds 30 --hitcount 3 --name lp21 -j DROP iptables -A PORT21 -m recent --update --seconds 300 --hitcount 10 --name lp21 -j LOG_AND_DROP iptables -N PORT22 iptables -A PORT22 -m recent --set --name lp22 iptables -A PORT22 -m recent --update --seconds 30 --hitcount 3 --name lp22 -j DROP iptables -A PORT22 -m recent --update --seconds 300 --hitcount 10 --name lp22 -j LOG_AND_DROP iptables -N PORT80 iptables -A PORT80 -m recent --set --name lp80 iptables -A PORT80 -m recent --update --seconds 30 --hitcount 20 --name lp80 -j LOG_AND_DROP iptables -N PORT443 iptables -A PORT443 -m recent --set --name lp433 iptables -A PORT443 -m recent --update --seconds 30 --hitcount 20 --name lp443 -j LOG_AND_DROP iptables -N PORT10000 iptables -A PORT10000 -m recent --set --name lp10000 iptables -A PORT10000 -m recent --update --seconds 30 --hitcount 20 --name lp10000 -j LOG_AND_DROP iptables -N PORT6900 iptables -A PORT6900 -m recent --set --name lp6900 iptables -A PORT6900 -m recent --update --seconds 30 --hitcount 10 --name lp6900 -j LOG_AND_DROP iptables -A PORT6900 -m recent --update --seconds 50 --hitcount 20 --name lp6900 -j LOG_AND_DROP iptables -N PORT6121 iptables -A PORT6121 -m recent --set --name lp6121 iptables -A PORT6121 -m recent --update --seconds 30 --hitcount 10 --name lp6121 -j LOG_AND_DROP iptables -A PORT6121 -m recent --update --seconds 50 --hitcount 20 --name lp6121 -j LOG_AND_DROP iptables -N PORT5121 iptables -A PORT5121 -m recent --set --name lp5121 iptables -A PORT5121 -m recent --update --seconds 30 --hitcount 10 --name lp5121 -j LOG_AND_DROP iptables -A PORT5121 -m recent --update --seconds 50 --hitcount 20 --name lp5121 -j LOG_AND_DROP iptables -A INPUT -p icmp --icmp-type echo-request -m hashlimit --hashlimit-name pings --hashlimit-mode srcip --hashlimit 10/min --hashlimit-burst 10 --hashlimit-htable-expire 30000 -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 5/min -j LOG --log-prefix "[Pings]" iptables -A INPUT -p icmp -j DROP iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j PORT21 iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j PORT22 iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j PORT80 iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j PORT443 iptables -A INPUT -p tcp --dport 10000 -m state --state NEW -j PORT10000 iptables -A INPUT -p tcp --dport 6900 -m state --state NEW -j PORT6900 iptables -A INPUT -p tcp --dport 6121 -m state --state NEW -j PORT6121 iptables -A INPUT -p tcp --dport 5121 -m state --state NEW -j PORT5121 iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -m hashlimit --hashlimit-name p80 --hashlimit-mode srcip --hashlimit 50/min --hashlimit-burst 100 --hashlimit-htable-expire 10000 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -m hashlimit --hashlimit-name p443 --hashlimit-mode srcip --hashlimit 50/min --hashlimit-burst 100 --hashlimit-htable-expire 10000 -j ACCEPT iptables -A INPUT -p tcp --dport 10000 -m hashlimit --hashlimit-name p10000 --hashlimit-mode srcip --hashlimit 50/min --hashlimit-burst 100 --hashlimit-htable-expire 10000 -j ACCEPT iptables -A INPUT -p tcp --dport 6900 -j ACCEPT iptables -A INPUT -p tcp --dport 6121 -j ACCEPT iptables -A INPUT -p tcp --dport 5121 -j ACCEPT iptables -A LOG_AND_DROP -m limit --limit 10/min -j LOG --log-prefix "[Log]" iptables -A LOG_AND_DROP -j DROP #iptables -A INPUT -m limit --limit 10/min -j LOG --log-prefix "[Default]" iptables -A INPUT -d 147.135.37.113 -j DROP
Any advice will be welcomed. I try everything but nothing works.  |
| active directory on Windows 2000: how to give rdp access and telnet acces to user? Posted: 29 Aug 2021 05:41 PM PDT I'm running an AD server on Windows 2000(i know is a little old, but is in a private network not connected to internet so is "safe"). I have created a user, it can connect from a pc of the network, but not from telnet or Remote desktop. How to give access to user?  |
| How to enable read permission on Kubernetes mount path Posted: 29 Aug 2021 05:04 PM PDT I have installed FluentD on Kind-Kubernetes cluster on CentOS VM running on my laptop. I'm having issues getting FluentD to read logs as it is throwing the following error. 2021-08-29 08:26:31 +0000 [warn]: #0 [tail_container_logs] /var/log/containers/myapp-77df6bfff9-jcnwc_default_myapp-4d82556157a94e991f011bac956d182e941a122b40b3d53fc67dfd6f39aef5d4.log unreadable. It is excluded and would be examined next time.
Below is my fluent.conf file. <system> @log_level debug </system> <source> @type tail @id tail_container_logs path /var/log/containers/*.log pos_file /var/fluent/log/containers.log.pos #time_format %Y-%m-%dT%H:%M:%S tag kubernetes.* format json_in_json read_from_head true </source> <filter kubernetes.**> @type kubernetes_metadata </filter> <match kubernetes.**> @type file @id output1 path /var/fluent/log/log/data.*.log append true #time_slice_format %Y%m%d #time_slice_wait 10m #time_format %Y%m%dT%H%M%S%z </match>
In the deployment YAML file I have the following configuration. spec: containers: - name: my-fluentd image: custom-fluentd imagePullPolicy: Never resources: limits: memory: 800Mi volumeMounts: - name: varlog mountPath: /var/log - name: varlogpods mountPath: /var/log/pods readOnly: true - name: varfluent mountPath: /var/fluent/log terminationGracePeriodSeconds: 30 volumes: - name: varlog hostPath: path: /var/log - name: varlogpods hostPath: path: /var/log/pods - name: varfluent hostPath: path: /var/fluent/logs
I have read in several threads related to similar issue but none of them seems to be particularly solving the issue I got. When I had a look at the log files in /var/log/containers on the FluentD pod, I can see they are symlink to /var/log/pods folder. Here is an sample output of the directory listing within '/var/log/containers' folder. lrwxrwxrwx 1 root root 93 Aug 29 05:02 myapp-77df6bfff9-jcnwc_default_myapp-4d82556157a94e991f011bac956d182e941a122b40b3d53fc67dfd6f39aef5d4.log -> /var/log/pods/default_myapp-77df6bfff9-jcnwc_23e368b2-0df8-49bd-b7d9-9af96a57626a/myapp/3.log
When looking at the file permission of the log file in FluentD pod, this is what I can see; /var/log/pods # ls -ltr total 0 drwxr-xr-x 3 root root 28 Aug 27 15:29 kube-system_kube-scheduler-kind-control-plane_69dd939498054a211c3461b2a9cc8d26 drwxr-xr-x 3 root root 37 Aug 27 15:29 kube-system_kube-controller-manager-kind-control-plane_46dac9a538838115821dfd9559149484 drwxr-xr-x 3 root root 28 Aug 27 15:29 kube-system_kube-apiserver-kind-control-plane_bd1c21fe1f0ef615e0b5e41299f1be61 drwxr-xr-x 3 root root 18 Aug 27 15:29 kube-system_etcd-kind-control-plane_24ba8551bcc724a32d591bb02c423d92 drwxr-xr-x 3 root root 24 Aug 27 15:30 kube-system_kube-proxy-hqdkp_6ea129ba-1b2e-425e-a77b-ad75dacc4cda drwxr-xr-x 3 root root 25 Aug 27 15:30 kube-system_kindnet-dsjr6_32cc1367-ce01-481d-b626-58c00ea9aa6c drwxr-xr-x 3 root root 36 Aug 27 15:30 local-path-storage_local-path-provisioner-547f784dff-5rj88_fc2f27cf-3779-4cfb-a517-00f4bf12ee0c drwxr-xr-x 3 root root 21 Aug 27 15:30 kube-system_coredns-558bd4d5db-lrzf4_6c526c83-f140-4e14-839c-ce00fa275890 drwxr-xr-x 3 root root 21 Aug 27 15:30 kube-system_coredns-558bd4d5db-bxp22_5b9836f4-66e0-42e4-a999-2428e910a557 drwxr-xr-x 3 root root 19 Aug 27 15:34 default_myapp-77df6bfff9-jcnwc_23e368b2-0df8-49bd-b7d9-9af96a57626a drwxr-xr-x 3 root root 24 Aug 29 23:47 default_my-fluentd-t4bq6_08921212-3c02-478c-83bd-4f9aad37b9cf /var/log/pods # /var/log/pods # /var/log/pods # cd default_myapp-77df6bfff9-jcnwc_23e368b2-0df8-49bd-b7d9-9af96a57626a/ /var/log/pods/default_myapp-77df6bfff9-jcnwc_23e368b2-0df8-49bd-b7d9-9af96a57626a # ls -ltr total 0 drwxr-xr-x 2 root root 32 Aug 29 05:02 myapp /var/log/pods/default_myapp-77df6bfff9-jcnwc_23e368b2-0df8-49bd-b7d9-9af96a57626a # cd myapp/ /var/log/pods/default_myapp-77df6bfff9-jcnwc_23e368b2-0df8-49bd-b7d9-9af96a57626a/myapp # ls -ltr total 772 -rw-r----- 1 root root 2974 Aug 29 05:02 2.log -rw-r----- 1 root root 729669 Aug 29 23:49 3.log /var/log/pods/default_myapp-77df6bfff9-jcnwc_23e368b2-0df8-49bd-b7d9-9af96a57626a/myapp
As you can see the log files i.e. 2.log, 3.log has no read permission for others. This is inherited from the host which the files are created. Therefore it seems to be an issue with permissions set by Docker logging driver when creating files. I would like to know how to enable read permission for files created by the containers. Appreciate if you could assist.  |
| vBulletin Script Problems Litespeed Posted: 29 Aug 2021 05:00 PM PDT I would like to change to Litespeed from Apache with mod_php I installed it on a testserver Centos 7, PHP 7.1.33, MySQL 5.7.33. The vBulletin forum 4.2.5 works fine. But I'm using a script which rewrites the forum into .html sites. The main page works but when i click a link i get a 404 error In the error log I find entries like this [ERROR] [18257] [123.60.100.100:35232] URI '/archiv/forum/425-2.html' refers to a static file with PATH_INFO [/425-2.html]. My htaccess is: AcceptPathInfo On ForceType application/x-httpd-php ForceType application/x-httpd-php Is there a possibility to get it work on Litespeed?  |
| Connecting two VMs running in KVM Posted: 29 Aug 2021 08:04 PM PDT Short: Get two VM's to talk to each other running on same hypervisor. I have two VMs running under KVM and I am trying to manage them via Cockpit. The hypervisor, and the vm's are running Ubuntu 20.04. VM's are configured using br0 (192.168.1.248/24) which points to enp2s0. They get their own local lan IPs such as: 192.168.1.152 192.168.1.220 These can been seen and pinged on the local lan. They however cannot ping or see each other. How can I connect them? Detail: They don't necessarily have to connect to each other via 192.168.* it can be over virtual network on the KVM host. But they do have to remain accessible on the lan. I've tried creating virtual network via Cockpit interface Tried: Creating Virtual Network via the VM interface, but the VMs do not seem to show the virtual interface via ifconfig - just local and enp1so Update: Not sure if this is related (I am blocked by this in Cockpit interface also, when trying to create virtual networks). sudo systemctl status libvirtd
● libvirtd.service - Virtualization daemon Loaded: loaded (/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2021-08-29 13:46:24 PDT; 6h ago TriggeredBy: ● libvirtd.socket ● libvirtd-admin.socket ● libvirtd-ro.socket Docs: man:libvirtd(8) https://libvirt.org Main PID: 1068 (libvirtd) Tasks: 20 (limit: 32768) Memory: 32.0M CGroup: /system.slice/libvirtd.service ├─ 1068 /usr/sbin/libvirtd ├─ 52826 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/virtual0.conf --leasefile-ro --dhcp-script=/usr/lib/libv> └─182682 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/virtual1.conf --leasefile-ro --dhcp-script=/usr/lib/libv> Aug 29 19:45:25 dio libvirtd[1068]: internal error: No more available PCI slots Aug 29 19:45:25 dio libvirtd[1068]: internal error: No more available PCI slots Aug 29 19:45:32 dio libvirtd[1068]: internal error: No more available PCI slots Aug 29 19:45:33 dio libvirtd[1068]: internal error: No more available PCI slots Aug 29 19:45:33 dio libvirtd[1068]: internal error: No more available PCI slots Aug 29 19:45:33 dio libvirtd[1068]: internal error: No more available PCI slots Aug 29 19:45:39 dio libvirtd[1068]: internal error: No more available PCI slots Aug 29 19:45:40 dio libvirtd[1068]: internal error: No more available PCI slots Aug 29 19:45:40 dio libvirtd[1068]: internal error: No more available PCI slots Aug 29 19:45:40 dio libvirtd[1068]: internal error: No more available PCI slots ~ ~
 |
| The user does not have RSoP data on brand new Windows 2019 Posted: 29 Aug 2021 09:49 PM PDT I've just installed a new Windows 2019 Server Essential (for my training) . All is working : DNS and AD. I can put my computers on the domain and I can login with my users which are on 'OU'. OU Presentation I created a simple rule which modify the desktop and I put it in my OU : GPO rules Login with my user, nothing happend so I checked with command gpresult /r and it sayed : INFO : The user does not have RSoP data So I tried to create new users and login in other computers (real machines or VM) but I everytime have the same problem... I think it's a bad server configuration but I really don't know where to find that? On the events of AD, i have some warnings but I'm not sure if it's really serious? Events on AD here After some research, I found some manipulation of the user's registry. I tried this but didn't work either. I'm just new on that setup (I'm learning) and maybe I'will need to give you more informations so do not hesitate to ask me if I have to give more. Thanks a lot ! Edit : complete GPSVC log GPSVC(3d8.644) 06:41:13:897 Server_ProcessRefresh:: bMachine = 1, SID = null, bForceRefresh = 1, bRefreshAllUsers = 0, dwTimeout = 600000 GPSVC(3d8.644) 06:41:13:897 CGPApplicationService::RefreshEvent fired. GPSVC(3d8.644) 06:41:13:897 CGPApplicationService::RefreshEvent for Machine. GPSVC(3d8.644) 06:41:13:897 CGPApplicationService::RefreshEvent Force Refresh = 1. GPSVC(3d8.644) 06:41:13:897 CGPApplicationService::RefreshEvent Refresh all users = 0. GPSVC(3d8.644) 06:41:13:897 CGPApplicationService::RefreshEvent Timeout = 600000. GPSVC(3d8.644) 06:41:13:897 User SID = <S-1-5-21-1263213983-2953676017-2886786574-1109> GPSVC(3d8.644) 06:41:13:897 CGPUserCollection::RWLock Lock Called to acquire READ Lock GPSVC(3d8.644) 06:41:13:897 CGPUserCollection::Adding reader to Reader list GPSVC(3d8.644) 06:41:13:897 Number of readers in the list = 1 GPSVC(3d8.644) 06:41:13:897 CGPUserCollection::RWLock Lock taken successfully with status 0x0 GPSVC(3d8.644) 06:41:13:897 CGPUserCollection::RWUnlock called GPSVC(3d8.644) 06:41:13:897 Setting lock state as notLocked GPSVC(3d8.644) 06:41:13:897 CGPUserCollection::RWUnlock exited with 0x0 GPSVC(3d8.644) 06:41:13:897 WaitForGroupPolicySessionThreadsToTerminate() checked. GPSVC(3d8.644) 06:41:13:897 WaitForGroupPolicySessionThreadsToTerminate() WaitForSingleObject released. GPSVC(3d8.644) 06:41:13:924 CGPApplicationService::RefreshEvent Wait to Make sure the service is completely initialized. GPSVC(3d8.644) 06:41:13:924 CGroupPolicySession::RefreshGroupPolicyForPrincipal: Beginning WaitForSingleObject. GPSVC(3d8.a8c) 06:41:13:924 GPOThread(Machine): Done waiting, forced manual refresh GPSVC(3d8.a8c) 06:41:13:924 RecentlyResumed: dwNow=119093. dwSinceResume=119093. recentlyResumed=0. GPSVC(3d8.a8c) 06:41:13:924 GPOThread(Machine): Setting up GP_FORCED_REFRESH; GPSVC(3d8.a8c) 06:41:13:930 GPOThread(Machine): Background forced refresh requested, calling GetUserNameEx to refresh DN cache which returned 0x0 GPSVC(3d8.a8c) 06:41:13:930 CanStartFromLocalDataStore:++ GPSVC(3d8.a8c) 06:41:13:930 CanLoadGPOsFromLocalCache:++ GPSVC(3d8.a8c) 06:41:13:930 GetFgPolicySettingImpl (bSync: 0) GPSVC(3d8.a8c) 06:41:13:930 CanLoadGPOsFromLocalCache: Not in Sync process mode. GPSVC(3d8.a8c) 06:41:13:930 CanLoadGPOsFromLocalCache:-- (FALSE) GPSVC(3d8.a8c) 06:41:13:930 CanStartFromLocalDataStore:-- (FALSE) GPSVC(3d8.a8c) 06:41:13:930 ResetDfsClientInfoIfRequired: dwResetDfsClientInfo is 0 (RegGetValue status was 2). GPSVC(3d8.a8c) 06:41:13:930 NlaQueryNetSignatures returned 1 networks GPSVC(3d8.a8c) 06:41:13:930 NSI Information (Network GUID) : {D9971157-CCE7-11EB-B0FC-806E6F6E6963} GPSVC(3d8.a8c) 06:41:13:930 NSI Information (CompartmentId) : 1 GPSVC(3d8.a8c) 06:41:13:930 NSI Information (SiteId) : 134217728 GPSVC(3d8.a8c) 06:41:13:930 NSI Information (Network Name) : GPSVC(3d8.a8c) 06:41:13:930 Found a intranet+auth network GPSVC(3d8.a8c) 06:41:13:930 # of interfaces : 1 GPSVC(3d8.a8c) 06:41:13:930 Interface ID: {3520017C-A5F8-4A26-BADF-0246009122B6} GPSVC(3d8.a8c) 06:41:13:930 Compartment ID: 1 selected GPSVC(3d8.a8c) 06:41:13:930 Setting the CompartmentId [1] on the current thread GPSVC(3d8.a8c) 06:41:13:930 ProcessGPOs(Machine): Send a network activate for AOAC. GPSVC(3d8.a8c) 06:41:13:956 Passive Network activated. GPSVC(3d8.a8c) 06:41:13:960 Opened Existing Registry key GPSVC(3d8.a8c) 06:41:13:960 UncPath :'\\mpsa.local\SYSVOL' GPSVC(3d8.a8c) 06:41:13:960 UncPath :'\\mpsa.local\NETLOGON' GPSVC(3d8.a8c) 06:41:13:960 GetDomainControllerConnectionInfo: Enabling bandwidth estimate. GPSVC(3d8.a8c) 06:41:14:272 Started bandwidth estimation successfully GPSVC(3d8.a8c) 06:41:14:272 GetDomainControllerConnectionInfo: Getting Ldap Handles. GPSVC(3d8.a8c) 06:41:14:272 GetLdapHandle: Getting ldap handle for host: MPSASRVPRINC.mpsa.local in domain: mpsa.local. GPSVC(3d8.a8c) 06:41:14:272 GetLdapHandle: Server connection established. GPSVC(3d8.a8c) 06:41:14:272 GetLdapHandle: Binding using only kerberos. GPSVC(3d8.a8c) 06:41:14:272 GetLdapHandle: Bound successfully. GPSVC(3d8.a8c) 06:41:14:272 ProcessGPOs: Network Name = home. GPSVC(3d8.a8c) 06:41:14:272 ProcessGPOs: DC IP Address = 192.168.1.10. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for AppManagementConfiguration.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\gpprefcl.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for AppManagementConfiguration.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\dskquota.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for gptext.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\gpprefcl.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\iedkcs32.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\tsworkspace.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for WorkFoldersGPExt.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for dmenrollengine.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\srchadmin.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\iedkcs32.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for hvsigpext.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for pwlauncher.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for pwlauncher.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\cscobj.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for gptext.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\iedkcs32.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for C:\Windows\system32\domgmt.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for dggpext.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for gptext.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for gptext.dll. GPSVC(3d8.a8c) 06:41:14:272 ReadGPExtensions: Rsop entry point not found for dggpext.dll. GPSVC(3d8.a8c) 06:41:14:272 GetGPOInfo: ******************************** GPSVC(3d8.a8c) 06:41:14:272 GetGPOInfo: Entering... GPSVC(3d8.a8c) 06:41:14:272 GetMachineToken: Looping for authentication again. GPSVC(3d8.a8c) 06:41:14:272 SearchDSObject: Searching <OU=Direction,OU=Bureau RDC,OU=Bureaux,DC=mpsa,DC=local> GPSVC(3d8.a8c) 06:41:14:272 SearchDSObject: Found GPO(s): <[LDAP://cn={E9FEC47D-7337-41C2-B6AB-D3D9006851D5},cn=policies,cn=system,DC=mpsa,DC=local;0]> GPSVC(3d8.a8c) 06:41:14:272 ProcessGPO(Machine): ============================== GPSVC(3d8.a8c) 06:41:14:272 ProcessGPO(Machine): Deferring search for <LDAP://cn={E9FEC47D-7337-41C2-B6AB-D3D9006851D5},cn=policies,cn=system,DC=mpsa,DC=local> GPSVC(3d8.a8c) 06:41:14:272 SearchDSObject: Searching <OU=Bureau RDC,OU=Bureaux,DC=mpsa,DC=local> GPSVC(3d8.a8c) 06:41:14:272 SearchDSObject: Found GPO(s): < > GPSVC(3d8.a8c) 06:41:14:272 SearchDSObject: Searching <OU=Bureaux,DC=mpsa,DC=local> GPSVC(3d8.a8c) 06:41:14:272 SearchDSObject: No GPO(s) for this object. GPSVC(3d8.a8c) 06:41:14:272 SearchDSObject: Searching <DC=mpsa,DC=local> GPSVC(3d8.a8c) 06:41:14:272 SearchDSObject: Found GPO(s): <[LDAP://cn={6AC1786C-016F-11D2-945F-00C04fB984F9},cn=policies,cn=system,DC=mpsa,DC=local;0][LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=mpsa,DC=local;0]> GPSVC(3d8.a8c) 06:41:14:272 ProcessGPO(Machine): ============================== GPSVC(3d8.a8c) 06:41:14:272 ProcessGPO(Machine): Deferring search for <LDAP://cn={6AC1786C-016F-11D2-945F-00C04fB984F9},cn=policies,cn=system,DC=mpsa,DC=local> GPSVC(3d8.a8c) 06:41:14:272 ProcessGPO(Machine): ============================== GPSVC(3d8.a8c) 06:41:14:272 ProcessGPO(Machine): Deferring search for <LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=mpsa,DC=local> GPSVC(3d8.a8c) 06:41:14:299 GetMachineDomainDS: Failed to connect with 81 GPSVC(3d8.a8c) 06:41:14:299 GetGPOInfo: Leaving with 0 GPSVC(3d8.a8c) 06:41:14:299 GetGPOInfo: ******************************** GPSVC(3d8.a8c) 06:41:14:299 ProcessGPOs(Machine): GetGPOInfo failed. GPSVC(3d8.a8c) 06:41:14:299 GetFgPolicySettingImpl (bSync: 0) GPSVC(3d8.a8c) 06:41:14:299 ProcessGPOs(Machine): No WMI logging done in this policy cycle. GPSVC(3d8.a8c) 06:41:14:305 OnPolicyApplicationComplete: Application complete with bConnectivityFailure = 0. GPSVC(3d8.a8c) 06:41:14:305 OnPolicyApplicationComplete: Signalling 1 Refresh Policy callers GPSVC(3d8.a8c) 06:41:14:305 ProcessGPOs(Machine): Send a network deactivate for AOAC. GPSVC(3d8.644) 06:41:14:305 CGroupPolicySession::RefreshGroupPolicyForPrincipal: Completed WaitForSingleObject. GPSVC(3d8.a8c) 06:41:14:305 Passive Network deactivated. GPSVC(3d8.a8c) 06:41:14:305 UpdateWNFTrigger called : bMachine = 1, bEnableWNFTRigger = 0 GPSVC(3d8.a8c) 06:41:14:305 StartTaskScheduler status: 0x0 GPSVC(3d8.a8c) 06:41:14:305 UpdateWNFTrigger has 2 triggers to process. GPSVC(3d8.928) 06:41:14:305 Server_ProcessRefresh:: bMachine = 0, SID = null, bForceRefresh = 1, bRefreshAllUsers = 0, dwTimeout = 600000 GPSVC(3d8.928) 06:41:14:305 CGPApplicationService::RefreshEvent fired. GPSVC(3d8.928) 06:41:14:305 CGPApplicationService::RefreshEvent for (null). GPSVC(3d8.928) 06:41:14:305 CGPApplicationService::RefreshEvent Force Refresh = 1. GPSVC(3d8.928) 06:41:14:305 CGPApplicationService::RefreshEvent Refresh all users = 0. GPSVC(3d8.928) 06:41:14:305 CGPApplicationService::RefreshEvent Timeout = 600000. GPSVC(3d8.928) 06:41:14:305 User SID = <S-1-5-21-1263213983-2953676017-2886786574-1109> GPSVC(3d8.928) 06:41:14:305 CGPApplicationService::GetUserSession Machine = 0 Session ID = 1. GPSVC(3d8.928) 06:41:14:305 User SID = <S-1-5-21-1263213983-2953676017-2886786574-1109> GPSVC(3d8.928) 06:41:14:305 CGPUserCollection::RWLock Lock Called to acquire READ Lock GPSVC(3d8.928) 06:41:14:305 CGPUserCollection::Adding reader to Reader list GPSVC(3d8.928) 06:41:14:305 Number of readers in the list = 1 GPSVC(3d8.928) 06:41:14:305 CGPUserCollection::RWLock Lock taken successfully with status 0x0 GPSVC(3d8.928) 06:41:14:305 CGPUserCollection::RWUnlock called GPSVC(3d8.928) 06:41:14:305 Setting lock state as notLocked GPSVC(3d8.928) 06:41:14:305 CGPUserCollection::RWUnlock exited with 0x0 GPSVC(3d8.928) 06:41:14:305 WaitForGroupPolicySessionThreadsToTerminate() checked. GPSVC(3d8.928) 06:41:14:305 WaitForGroupPolicySessionThreadsToTerminate() WaitForSingleObject released. GPSVC(3d8.928) 06:41:14:305 WaitForGroupPolicySessionThreadsToTerminate() WaitForMultipleObjectsEx released. GPSVC(3d8.928) 06:41:14:305 CGPApplicationService::RefreshEvent Wait to Make sure the service is completely initialized. GPSVC(3d8.928) 06:41:14:305 CGroupPolicySession::RefreshGroupPolicyForPrincipal: Beginning WaitForSingleObject. GPSVC(3d8.dcc) 06:41:14:305 GPOThread(User): Done waiting, forced manual refresh GPSVC(3d8.dcc) 06:41:14:305 RecentlyResumed: dwNow=119468. dwSinceResume=119468. recentlyResumed=0. GPSVC(3d8.dcc) 06:41:14:305 GPOThread(User): Setting up GP_FORCED_REFRESH; GPSVC(3d8.dcc) 06:41:14:325 GPOThread(User): Background forced refresh requested, calling GetUserNameEx to refresh DN cache which returned 0x0 GPSVC(3d8.dcc) 06:41:14:325 CanStartFromLocalDataStore:++ GPSVC(3d8.dcc) 06:41:14:325 CanLoadGPOsFromLocalCache:++ GPSVC(3d8.dcc) 06:41:14:325 GetFgPolicySettingImpl (bSync: 0) GPSVC(3d8.dcc) 06:41:14:325 CanLoadGPOsFromLocalCache: Not in Sync process mode. GPSVC(3d8.dcc) 06:41:14:325 CanLoadGPOsFromLocalCache:-- (FALSE) GPSVC(3d8.dcc) 06:41:14:325 CanStartFromLocalDataStore:-- (FALSE) GPSVC(3d8.dcc) 06:41:14:325 ResetDfsClientInfoIfRequired: dwResetDfsClientInfo is 0 (RegGetValue status was 2). GPSVC(3d8.dcc) 06:41:14:325 NlaQueryNetSignatures returned 1 networks GPSVC(3d8.dcc) 06:41:14:325 NSI Information (Network GUID) : {D9971157-CCE7-11EB-B0FC-806E6F6E6963} GPSVC(3d8.dcc) 06:41:14:325 NSI Information (CompartmentId) : 1 GPSVC(3d8.dcc) 06:41:14:325 NSI Information (SiteId) : 134217728 GPSVC(3d8.dcc) 06:41:14:325 NSI Information (Network Name) : GPSVC(3d8.dcc) 06:41:14:325 Found a intranet+auth network GPSVC(3d8.dcc) 06:41:14:325 # of interfaces : 1 GPSVC(3d8.dcc) 06:41:14:325 Interface ID: {3520017C-A5F8-4A26-BADF-0246009122B6} GPSVC(3d8.dcc) 06:41:14:325 Compartment ID: 1 selected GPSVC(3d8.dcc) 06:41:14:325 Setting the CompartmentId [1] on the current thread GPSVC(3d8.dcc) 06:41:14:325 ProcessGPOs(User): Send a network activate for AOAC. GPSVC(3d8.a8c) 06:41:14:343 UpdateWNFTrigger succeeded. GPSVC(3d8.a8c) 06:41:14:343 GPLockPolicySection: Sid = (null), dwTimeout = 600000, dwFlags = 0x0 GPSVC(3d8.a8c) 06:41:14:343 bMachine = 1 GPSVC(3d8.a8c) 06:41:14:343 Global Sync Lock Called GPSVC(3d8.a8c) 06:41:14:343 Writer Lock got immediately. GPSVC(3d8.a8c) 06:41:14:343 Global Lock taken successfully GPSVC(3d8.dcc) 06:41:14:343 Passive Network activated. GPSVC(3d8.a8c) 06:41:14:343 GarbageCollectNamespaces: Checking namespace:User GPSVC(3d8.dcc) 06:41:14:354 GPLockPolicySection: Sid = (null), dwTimeout = 30000, dwFlags = 0x12 GPSVC(3d8.dcc) 06:41:14:354 Registry Sync Lock Called GPSVC(3d8.dcc) 06:41:14:354 Registry Lock taken successfully GPSVC(3d8.dcc) 06:41:14:354 Setting lock state as notLocked GPSVC(3d8.dcc) 06:41:14:354 Failed to query GP Kerberos Armoring in Registry = 0x80070002 GPSVC(3d8.dcc) 06:41:14:354 Failed to query EnableCbacAndArmor in Manual Kerberos Armoring in Registry = 0x80070002 GPSVC(3d8.dcc) 06:41:14:354 Failed to query RequireFast in Manual Kerberos Armoring in Registry = 0x80070002 GPSVC(3d8.dcc) 06:41:14:354 Opened Existing Registry key GPSVC(3d8.dcc) 06:41:14:354 UncPath :'\\MPSA.LOCAL\SYSVOL' GPSVC(3d8.dcc) 06:41:14:354 UncPath :'\\MPSA.LOCAL\NETLOGON' GPSVC(3d8.dcc) 06:41:14:354 GetDomainControllerConnectionInfo: Enabling bandwidth estimate. GPSVC(3d8.a8c) 06:41:14:354 GarbageCollectNamespace: Converted WMI namespace:S_1_5_21_2571796958_2157856695_2502476189_1001 to SID S-1-5-21-2571796958-2157856695-2502476189-1001 GPSVC(3d8.a8c) 06:41:14:354 GarbageCollectNamespace: Profile for SID S-1-5-21-2571796958-2157856695-2502476189-1001 exists. Not garbage collecting. GPSVC(3d8.a8c) 06:41:14:354 CPolicyCriticalSectionCollection: Deleting critical section for UserSid <(null)> GPSVC(3d8.a8c) 06:41:14:354 Deleting machine GPSVC(3d8.a8c) 06:41:14:354 GPOThread(Machine): Waiting 0. GPSVC(3d8.dcc) 06:41:14:663 Started bandwidth estimation successfully GPSVC(3d8.dcc) 06:41:14:663 GetDomainControllerConnectionInfo: Getting Ldap Handles. GPSVC(3d8.dcc) 06:41:14:663 GetLdapHandle: Getting ldap handle for host: MPSASRVPRINC.mpsa.local in domain: MPSA.LOCAL. GPSVC(3d8.dcc) 06:41:14:663 GetLdapHandle: Will force the Kerbeors as this is not overriden GPSVC(3d8.dcc) 06:41:14:663 GetLdapHandle: Server connection established. GPSVC(3d8.dcc) 06:41:14:663 GetLdapHandle: Binding using only kerberos. GPSVC(3d8.dcc) 06:41:14:663 GetLdapHandle: Bound successfully. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for AppManagementConfiguration.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\gpprefcl.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for AppManagementConfiguration.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\dskquota.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for gptext.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\gpprefcl.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\iedkcs32.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\tsworkspace.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for WorkFoldersGPExt.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for dmenrollengine.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\srchadmin.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\iedkcs32.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for hvsigpext.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for pwlauncher.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for pwlauncher.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\cscobj.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for gptext.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for C:\Windows\System32\iedkcs32.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for C:\Windows\system32\domgmt.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for dggpext.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for gptext.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for gptext.dll. GPSVC(3d8.dcc) 06:41:14:663 ReadGPExtensions: Rsop entry point not found for dggpext.dll. GPSVC(3d8.dcc) 06:41:14:663 GetFgPolicySettingImpl (bSync: 0) GPSVC(3d8.dcc) 06:41:14:663 ProcessGPOs(User): No WMI logging done in this policy cycle. GPSVC(3d8.dcc) 06:41:14:663 OnPolicyApplicationComplete: Application complete with bConnectivityFailure = 0. GPSVC(3d8.dcc) 06:41:14:686 OnPolicyApplicationComplete: Signalling 1 Refresh Policy callers GPSVC(3d8.dcc) 06:41:14:686 ProcessGPOs(User): Send a network deactivate for AOAC. GPSVC(3d8.928) 06:41:14:686 CGroupPolicySession::RefreshGroupPolicyForPrincipal: Completed WaitForSingleObject. GPSVC(3d8.dcc) 06:41:14:686 Passive Network deactivated. GPSVC(3d8.dcc) 06:41:14:686 UpdateWNFTrigger called : bMachine = 0, bEnableWNFTRigger = 0 GPSVC(3d8.dcc) 06:41:14:686 StartTaskScheduler status: 0x0 GPSVC(3d8.dcc) 06:41:14:686 UpdateWNFTrigger has 2 triggers to process. GPSVC(3d8.dcc) 06:41:14:699 UpdateWNFTrigger succeeded. GPSVC(3d8.dcc) 06:41:14:699 GPOThread(User): Waiting 0. GPSVC(3d8.3c4) 06:41:24:954 Server_GetAppliedGroupPolicyObjectList: Entering. Extension = {35378EAC-683F-11D2-A89A-00C04FBBCFA2} GPSVC(3d8.644) 06:41:38:102 CGPUserCollection::RWLock Lock Called to acquire READ Lock GPSVC(3d8.644) 06:41:38:102 CGPUserCollection::Adding reader to Reader list GPSVC(3d8.644) 06:41:38:102 Number of readers in the list = 1 GPSVC(3d8.644) 06:41:38:102 CGPUserCollection::RWLock Lock taken successfully with status 0x0 GPSVC(3d8.644) 06:41:38:102 CGPUserCollection::RWUnlock called GPSVC(3d8.644) 06:41:38:102 Setting lock state as notLocked GPSVC(3d8.644) 06:41:38:102 CGPUserCollection::RWUnlock exited with 0x0 GPSVC(3d8.644) 06:41:38:102 bMachine = 1 GPSVC(3d8.928) 06:41:38:102 Setting lock state as notLocked GPSVC(3d8.928) 06:41:38:102 CPolicyCriticalSectionCollection: Deleting critical section for UserSid <(null)> GPSVC(3d8.928) 06:41:38:102 Deleting machine
 |
| Why a non-root installation can work across the whole cluster? Posted: 29 Aug 2021 05:46 PM PDT I recently installed anaconda (which includes a new python3) locally in my account folder on a cluster with a dozen of nodes (each node with several cores). I use it to install some package P that is used in my python programs.
--- In short, I probably can say I just non-root installed a python locally. I originally presumed that I can python3 run programs with P only on the node where I installed them, which is presumably the portal node of the cluster. However, I notice that I can actually even submit jobs of such programs running on any nodes on the cluster. I also made sure that I indeed use the newly installed python3.x from anaconda, not the python2.x already there long before. This happens on two different clusters (one with PBS job system, the other with LSF Lava). So why is this possible?  |
| Poor write performance with HP ProLiant ML 150 Gen9 Posted: 29 Aug 2021 04:04 PM PDT Transferring large files from one drive (USB or SATA to RAID) in my HP ProLiant ML150 Gen9 is slow. At the beginning we were thinking about the B140i controller - a pseudo-raid controller without any memory cache. This is the original B140i performance and the improvement after upgrading to smart array p440/4gbFWC.  
Raid configuration is RAID 10 with 4 x SSD 500GB drives on both cases. Although improved, the problem was still present: When transferring large files, speed drops dramatically after a couple of minutes, from 400 MB /S and remains at 6-7 MB/s till the end of the transfer:  I tried without success: Clean install of Windows 2012R2 Clean install of Windows 2019 Upgraded all firmware and drivers of using the latest ProLiant Service Pack
This is perfomance while copying a file from P440/4GB volume to the same volume: enter image description here Now machine is running 3 VM with only 18% of free memory. Older tests was done without any VM running.  |
| memory cache is too high and going to use swap Posted: 29 Aug 2021 09:05 PM PDT i have a centos server with 32 g RAM and the state of it, is (free -m): total used free shared buffers cached Mem: 32071 31488 583 0 244 19329 -/+ buffers/cache: 11914 20157 Swap: 17399 287 17112
the cached size is growth (between every restart app and clear cache) after 5 hours that i post my question the memory status is : total used free shared buffers cached Mem: 32071 31850 221 0 194 20124 -/+ buffers/cache: 11530 20541 Swap: 17399 299 17100
my java options is : -Xms12g -Xmx12g -XX:MaxNewSize=6g -XX:NewSize=6g -XX:+UseParallelOldGC -XX:+UseParallelGC -XX:+UseTLAB -XX:MaxTenuringThreshold=15 -XX:+DisableExplicitGC
as you see, cache size is too high and in the high load time on my server, the swap is used and the server is too slow (Unlike https://www.linuxatemyram.com/ , the memory is full and swap is used and my app is too slow) i used java for service. what can i do?  |
| RDP on premises with 2FA on Azure AD Posted: 29 Aug 2021 05:04 PM PDT We are looking to implement a two-factor authentication mechanism for our client's Remote Desktop servers (not running on Azure). All my clients have Azure Active Directory, so I thought I could integrate those two systems (RDP and Azure AD) so that connecting via RDP would require 2FA. Have any one tried this before? Cheers S.  |
| Error Log and Custom Log Limit in apache Posted: 29 Aug 2021 07:02 PM PDT I have used the Server version: Apache/2.4.6 (CentOS) I have written a domain configuration like below <virtualhost *:80> ServerName xxx.com ServerAlias www.xxx.com ServerAdmin xxx@yyy.in DocumentRoot "/var/sentora/hostdata/saravana/public_html/" ErrorLog "/var/logs/domains/xxx.com-error.log" CustomLog "/var/logs/domains/xxx.com-access.log" combined CustomLog "/var/logs/domains/xxx.com-bandwidth.log" common <Directory "/var/www/xxx/public_html/"> Options +FollowSymLinks -Indexes AllowOverride All Require all granted </Directory> AddType application/x-httpd-php .php3 .php ErrorDocument 510 /_errorpages/510.html ErrorDocument 403 /_errorpages/403.html ErrorDocument 404 /_errorpages/404.html ErrorDocument 500 /_errorpages/500.html DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm # Custom Global Settings (if any exist) # Custom VH settings (if any exist) </virtualhost>
if i have configured more domains then apache was not restarted. if i have commented the ErrorLog and CustomLog then the apache was restarted successfully. Is there any limitation for ErrorLog and CustomLog count ? I will need to create a 1000 of domains with similar configuration.Let me know the solution for this problem ?  |
| nginx redirect based on $request_uri Posted: 29 Aug 2021 10:00 PM PDT In my default site config file, I have the following redirect to enforce https : server { listen 80; server_name www.example.com example.com; return 301 https://example.com$request_uri; }
I want to add a subdomain, but to redirect it to the site wit a parameter. e.g. fr.example.com --> https://example.com?lang=fr If I do: return 301 https://example.com$request_uri&lang=fr;
It will add on '&lang=fr' whether there are any other parameters in $request_uri or not. How do I conditionally define '?' or '&', based on the content of $request_uri ? I tried the following: server { listen 80; server_name fr.example.com; if ($request_uri ~ ""){ return 301 https://example.com?tlang=fr; } return 301 https://example.com$request_uri&tlang=fr; }
but like this the site failed all-together. Thanks  |
| Configure Azure AD Connect Posted: 29 Aug 2021 08:01 PM PDT I'm trying to set up an domain in Azure AD Connect on a Workgroup computer. The challenge that we have is, we have a dedicated domain controller for the purpose of Azure AD Connect and the other domain controllers are in a non-routable network for AD Sync server (We chose not to install AD Connect on Domain Controller for various reasons). Sites & Services are configured properly but when we attempt to add the extra domain, we get the error "The Specified Domain does not exist or cannot be contacted." Routes exists, firewall rules allow standard AD traffic along with dedicated AD Sync server's traffic as well. If I attempt to join the computer to the domain, I am prompted for credentials which I think would be successful if I click OK.  |
| Windows Server firewall track connection state Posted: 29 Aug 2021 07:24 PM PDT |
| Netlogon - Domain Trust Secure Channel issues - Only on some DCs Posted: 29 Aug 2021 06:04 PM PDT We have a 2 domain environment. We were having issues with slow connections, authentication failures, and hung resources only during OFF-PEAK hours when there were very few users logged on. The issue occurred when a user from DOMAIN A is accessing a resource located on DOMAIN B and is using ntlm authentication. There are no issues with users from DOMAIN A accessing resources in DOMAIN A, or with users from DOMAIN B accessing resources in DOMAIN B. We were able to track down the problem to the secure channels that are used for netlogon traffic. When a resource from domain B had a secure channel with one particular DC (I'll call it DC-B1), then everything worked fine. We can follow the traffic chain from client(A)->resource(B)->DC-B1(B)->DC-A1(A) (for authentication) and then back again. However, if the resource server in B had a secure channel with any of the other DC's in DOMAIN B, the authentication would hang and never complete. So it looks like with the exception of DC-B1, every DC in DOMAIN B is having trouble talking creating a domain trust secure channel with DOMAIN A. To test, we ran nltest /sc_verify:DOMAINA from each DC in DOMAIN B. When run from DC-B1, the response was instantaneous. When run from any other DC on domain B, it hung for about 40 seconds before showing a success (never showed an error, just took a long time). Any ideas on why some DC's would be struggling with establishing and using the domain trust secure channel and another DC in the same domain never has an issue? For what it's worth, the DC that works is server 2008, the ones that don't work are server 2012 R2, however the problem existed on some domain controllers before migrated to 2012 R2, we just didn't pin-point the issue until after we were done migrating them. Thanks for the help. Edit: Additional Information... Compared a weekend's worth of NetLogon.log files for each of the Domain Controllers... Every [LOGON] SamLogon: Transitive Network logon of DOMAINA\testuser Entered
record in the DC-B1 log (this is the good DC) had a corresponding [LOGON] SamLogon: Transitive Network logon of DOMAINA\testuser Returns 0x0
however on the other DCs in Domain B each return had one of the following 3 errors: [LOGON] ... DOMAINA\testuser ... Returns 0xC0020017 [LOGON] ... DOMAINA\testuser ... Returns 0xC0020050 [LOGON] ... DOMAINA\testuser ... Returns 0xC000005E
And here is how often each of the different errors occured: 77% of errors were: 0xC0020017 RPC SERVER UNAVAILABLE 21% of errors were: 0xC0020050 RPC CALL CANCELED 1% of errors were: 0xC000005E NO LOGON SERVERS AVAILABLE 0% of returns were: 0x0 (no error)
We compared the all the security setting between the DCs that do not work and the one that does but couldn't find anything that would cause the RPC issues. Any suggestions on where we could look next? We are confused as to why the 2008 domain controller in "B" would have no trouble talking to 2012 DCs in "A", but the 2012 Dcs in "B" cannot use pass through authentication to "A". Edit: Additional Requested Information... Test run from DC-B2 & DC-B3 (same results) (pass through authentication originating here does not work) C:\>nltest /dsgetdc:DOMAINA.local DC: \\DC-A3.DOMAINA.local Address: \\555.555.555.127 Dom Guid: 9f3a0668-c245-4493-be03-0f7edf534d27 Dom Name: DOMAINA.local Forest Name: DOMAINA.local Dc Site Name: Company Our Site Name: Company Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9 The command completed successfully
Edit: Additional Information... Results from PortQry from Domain B -> Domain A (GC DC) TCP port 135 (epmap service): LISTENING TCP port 389 (ldap service): LISTENING UDP port 389 (unknown service): LISTENING or FILTERED TCP port 636 (ldaps service): LISTENING TCP port 3268 (msft-gc service): FILTERED TCP port 3269 (msft-gc-ssl service): FILTERED TCP port 53 (domain service): NOT LISTENING UDP port 53 (domain service): NOT LISTENING TCP port 88 (kerberos service): LISTENING UDP port 88 (kerberos service): LISTENING or FILTERED TCP port 445 (microsoft-ds service): LISTENING UDP port 137 (netbios-ns service): LISTENING or FILTERED UDP port 138 (netbios-dgm service): LISTENING or FILTERED TCP port 139 (netbios-ssn service): LISTENING TCP port 42 (nameserver service): FILTERED
 |
| redis server does not create socket file Posted: 29 Aug 2021 08:26 PM PDT I'm trying to install gitlab on my apache2 server using this tutorial : http://blog.florentlim.com/how-to-install-gitlab-on-debian-7-wheezy-on-apache2-http-server/ Everything seemed to go correctly, I've done every step, without any major problems. But now when I try to connect on my gitlab page, it shows up a "error 500 page". Looking at my gilab production.log , it looks like gilab can't connect on the /var/run/redis/redis.socket file, and sure enough, there is no such file. And I don't know why... I verified my /etc/redis/redis.conf file, the TCP port is set to 0, and I've got the lines unixsocket /var/run/redis/redis.sock unixsocketperm 770
So why does redis refuses to create my socket? Any help would be appreciated. Thanks  |
| How do I force NetworkManager to update /etc/resolv.conf? Posted: 29 Aug 2021 05:26 PM PDT If I add a new DNS server using nmcli connection modify eth0 +ipv4.dns 8.8.8.8, I still have to update /etc/resolv.conf for the resolver to pick up the changes, right? So how do I force the update? The only way I found was restarting the network service: /etc/init.d/network restart. Is there a less invasive way -- a nmcli command, perhaps?  |
| Where are the logs for ufw located on Ubuntu Server? Posted: 29 Aug 2021 05:10 PM PDT I have an Ubuntu server where I am blocking some IPs with ufw. I enabled logging, but I don't know where to find the logs. Where might the logs be or why might ufw not be logging?  |
| Possible for linux bridge to intercept traffic? Posted: 29 Aug 2021 07:02 PM PDT I have a linux machine setup as a bridge between a client and a server; brctl addbr0 brctl addif br0 eth1 brctl addif br0 eth2 ifconfig eth1 0.0.0.0 ifconfig eth2 0.0.0.0 ip link set br0 up
I also have an application listening on port 8080 of this machine. Is it possible to have traffic destined for port 80 to be passed to my application? I have done some research and it looks like it could be done using ebtables and iptables. Here is the rest of my setup: //set the ebtables to pass this traffic up to ip for processing; DROP on the broute table should do this ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp --ip-dport 80 -j redirect --redirect-target DROP //set iptables to forward this traffic to my app listening on port 8080 iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 8080 --tproxy-mark 1/1 iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 1/1 //once the flows are marked, have them delivered locally via loopback interface ip rule add fwmark 1/1 table 1 ip route add local 0.0.0.0/0 dev lo table 1 //enable ip packet forwarding echo 1 > /proc/sys/net/ipv4/ip_forward
However nothing is coming into my application. Am I missing anything? My understanding is that the target DROP on the broute BROUTING chain will push it up to be processed by iptables. Secondly, are there any other alternatives I should investigate? Edit: IPtables gets it at nat PREROUTING, but it looks like it drops after that; the INPUT chain (in either mangle or filter) doesn't see the packet.  |
| Ubuntu Server gateway networking issues on VMware Workstation Posted: 29 Aug 2021 06:04 PM PDT I have two Ubuntu 10 Server VMs on VMware Workstation, using bridged networking. I want to route internet traffic to ServerB through ServerA. At the moment, ServerA can access the internet, but not ServerB. Each server can successfully ping the other. ServerA /etc/network/interfaces (skipping the irrelevant stuff): # The primary network interface WAN auto eth0 iface eth0 inet static address 192.168.1.134 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 192.168.1.1 dns-search mydomain.com # The secondary network interface LAN auto eth1 iface eth1 inet static address 172.16.96.1 netmask 255.255.255.0 network 172.16.96.0 broadcast 172.16.96.255
Forwarding is enabled in /etc/sysctl.conf ServerB /etc/network/interfaces (skipping the irrelevant stuff): # The primary network interface auto eth0 iface eth0 inet static address 172.16.96.34 netmask 255.255.255.0 network 172.16.96.0 broadcast 172.16.96.255 gateway 172.16.96.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 172.16.96.1 dns-search mydomain.com
I've cleared out iptables on both machines, so that can be ruled out. Have I messed something up, or am I missing something vital (like a static route)?  |
| Windows Identity Foundation (WIF) application + ADFS 2.0 on Classic pipeline mode - Is it possible? Posted: 29 Aug 2021 08:01 PM PDT I have a working test application that uses Windows Idendity Foundation SDK and ADFS 2.0 for authentication, which runs on Windows Server 2008 R2, IIS 7.5, Integrated managed pipeline application pool mode. My problem is that the "real" application I need to setup with this kind of authentication can only run on Classic managed pipeline application pool mode due to a legacy code, and when I select it I recieve an "HttpException (0x80004005): Failed to Execute URL" error. Does anyone have an idea how to solve this problem? UPDATE: I have found out that https://example.com/myapplicatio/ gives me the error, but https://example.com/myapplicatio/Default.aspx works.  |
| The application attempted to perform an operation not allowed by the security policy Posted: 29 Aug 2021 10:00 PM PDT I ran this command on the server that has the share of code that my local IIS site set to (Via UNC to that share): http://support.microsoft.com/kb/320268 Drive:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe -m -ag 1 -url "file:////\\computername\sharename\*" FullTrust -exclusive on
(obviously I replaced Drive with C, and the actual computername and sharename with the one I'm sharing out). But when I run the ASP.NET site, I am still getting this runtime exception: Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.  |
| Hudson authentication via wget is return http error 302 Posted: 29 Aug 2021 09:05 PM PDT I'm trying to make a script to authenticate in hudson using wget and store the authentication cookie. The contents of the script is this: wget \ --no-check-certificate \ --save-cookies /home/hudson/hudson-authentication-cookie \ --output-document "-" \ 'https://myhudsonserver:8443/hudson/j_acegi_security_check?j_username=my_username&j_password=my_password&remember_me=true'
Unfortunately, when I run this script, I get: --2011-02-03 13:39:29-- https://myhudsonserver:8443/hudson/j_acegi_security_check? j_username=my_username&j_password=my_password&remember_me=true Resolving myhudsonserver... 127.0.0.1 Connecting to myhudsonserver|127.0.0.1|:8443... connected. WARNING: cannot verify myhudsonserver's certificate, issued by `/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=myhudsonserver': Self-signed certificate encountered. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://myhudson:8443/hudson/;jsessionid=087BD0B52C7A711E0AD7B8BD4B47585F [following] --2011-02-03 13:39:29-- https://myhudsonserver:8443/hudson/;jsessionid=087BD0B52C7A711E0AD7B8BD4B47585F Reusing existing connection to myhudsonserver:8443. HTTP request sent, awaiting response... 404 Not Found 2011-02-03 13:39:29 ERROR 404: Not Found.
There's no error log in any of hudson's tomcat log files. Does anyone has any idea about what might be happening? Thanks.  |
| Can't successfully run Sharepoint Foundation 2010 first time configuration Posted: 29 Aug 2021 05:04 PM PDT I'm trying to run the non-GUI version of configuration wizard using power shell because I would like to set config and admin database names. GUI wizard doesn't give you all possible options for configuration (but even though it doesn't do it either). I run this command: New-SPConfigurationDatabase -DatabaseName "Sharepoint2010Config" -DatabaseServer "developer.mydomain.pri" -AdministrationContentDatabaseName "Sharepoint2010Admin" -DatabaseCredentials (Get-Credential) -Passphrase (ConvertTo-SecureString "%h4r3p0int" -AsPlainText -Force)
Of course all these are in the same line. I've broken them down into separate lines to make it easier to read. When I run this command I get this error: New-SPConfigurationDatabase : Cannot connect to database master at SQL server a t developer.mydomain.pri. The database might not exist, or the current user does not have permission to connect to it. At line:1 char:28 + New-SPConfigurationDatabase <<<< -DatabaseName "Sharepoint2010Config" -Datab aseServer "developer.mydomain.pri" -AdministrationContentDatabaseName "Sharepoint 2010Admin" -DatabaseCredentials (Get-Credential) -Passphrase (ConvertTo-SecureS tring "%h4r3p0int" -AsPlainText -Force) + CategoryInfo : InvalidData: (Microsoft.Share...urationDatabase: SPCmdletNewSPConfigurationDatabase) [New-SPConfigurationDatabase], SPExcep tion + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletNewSPCon figurationDatabase
I created two domain accounts and haven't added them to any group: - SPF_DATABASE - database account
- SPF_ADMIN - farm account
I'm running powershell console as domain administrator. I've tried to run SQL Management studio as domain admin and created a dummy database and it worked without a problem. I'm running: - Windows 7 x64 on the machine where Sharepoint Foundation 2010 should be installed and also has preinstalled SQL Server 2008 R2 database
- Windows Server 2008 R2 Server Core is my domain controller that just serves domain features and nothing else
I've installed Sharepoint according to MS guides http://msdn.microsoft.com/en-us/library/ee554869%28office.14%29.aspx installing all additional patches that are related to my configuration. Any ideas what should I do to make it work?  |
No comments:
Post a Comment