Recent Questions - Server Fault

---

• App Engine Subdomain is showing 404 error
• How to do when EC2 got root account is locked issue in AWS?
• My phone keeps losing internet connection?
• Not able to write into the newly created directory in ubuntu, mounted to cloud storage using gcsfuse. Issues with permission of the server user
• AWS Architecture Advice - multiple EC2 instances with shared database / file system with dynamic start and stop
• IPTables to access resources on localhost via public IP
• Providing cloned virtual environment to multiple clients
• How log commands executed by user
• Windows Server 2019 not updating after restoring recent snapshot
• Centos - Deploy Web Application - What is the best way using non-apache User Account with SFTP/WinSCP
• MS Outlook keeps not responding when requesting data from Exchange
• Why do pods on a node that was recreated after being preempted get stuck in ContainerCreating?
• Is it possible to find a list of all DKIM keys for a domain?
• MariaDB-Server wont start after Server Reboot
• changing location for standalone.xml.tmp
• Unable to promote member server to domain controller
• Periodic broken connections between Nginx and uWSGI
• <IfModule prefork> in Apache 2.4 (Amazon) is not in httpd.conf
• apache httpd ProxyPass with client certificate performance
• Mailbox moves - MSExchange ResourceHealth registry key doesn't exist
• Exchange 2013 Internal and External URLs with multiple servers and certificates
• Change apache ssl configuration to nginx config
• nginx geoip redirect for first time only leads to redirect loop
• net err connection timed out
• Apache UseCanonicalName On isnt passing ServerName to CGI
• fsockopen(): unable to connect to 127.0.0.1:6379
• Users unable to search redirected profile folders
• Free Web Based Server Log Viewer/Monitor [closed]
• Restrict listing a "root" directory in ProFTPD
• certutil -ping fails with 30 seconds timeout - what to do?

App Engine Subdomain is showing 404 error Posted: 08 Aug 2021 10:02 PM PDT I have created my portfolio website on App Engine (website.tech). It is running fine except it doesn't automatically redirect to https (weird!). However, that is not why I am asking this question. I want to configure a subdomain (spaces.website.tech) and I have already done that. It was difficult enough to configure it. But I have already configured through DNS that the subdomain will not be served by Google, and it will contain something else hosted by another provider. For some reason, I am getting Google 404 page which means Google thinks it is their subdomain. How can I change that? I can put actual names too, but I just felt it may not be a good idea to do that on a public forum

How to do when EC2 got root account is locked issue in AWS? Posted: 08 Aug 2021 09:45 PM PDT EC2 ran with a high CPU load and can't login with SSH. When try to restart it, got this issue and the health check failed. Cannot open access to console, the root account is locked. This screen got from EC2's system log monitor dashboard. Can't operate anything in the system. Why it happened and how to resolve?

My phone keeps losing internet connection? Posted: 08 Aug 2021 09:15 PM PDT Sometimes it seems like your iPhone or Android phone has completely lost a data connection. Often this can be fixed by turning off Wi-Fi, since some phones will try to connect to open Wi-Fi networks that aren't actually providing data. There's a reason this happens: sometimes your wireless network, like AT&T, might have free Wi-Fi hotspots all over a city. It can be convenient if you're using a laptop, but sometimes your smartphone will automatically connect to those networks even if your regular cellular connection has a faster connection. If you have questions or need any assistance troubleshooting, just visit: Eero Installation | Belkin Extender Setup

Not able to write into the newly created directory in ubuntu, mounted to cloud storage using gcsfuse. Issues with permission of the server user Posted: 08 Aug 2021 08:05 PM PDT We are mounting the GCS bucket using gcsfuse. We installed the gcsfuse in the Ubuntu server as the admin of the server and by following the commands given in the documentation. Then, we created the directory. But while mounting the bucket, we got an error regarding permission level of the admin user. We tried doing the same thing as the root user and created directory in root. We could mount the bucket, but the admin is not able to write anything to the folder. So, we are constantly facing "permission level" issues for an admin to do any operation.

AWS Architecture Advice - multiple EC2 instances with shared database / file system with dynamic start and stop Posted: 08 Aug 2021 03:38 PM PDT I am very new at cloud architecture but have decent application development experience. Right now, I am in the process of making a large computational pipeline more accessible to 5-10 users via a web application and am setting this all up in AWS. My current implementation is a lightweight React web app that uses two APIs and a MySQL backend that allows users to queue up jobs with parameters and access end results through the web app or from emails sent to users after a run is done. In the middle of this pipeline is a dependency on a proprietary software piece that needs a very hefty machine to compute these steps (64GB ram, 16 cores, 1TB HDD) and can run for up to 1.5 days for just this one step. This is my biggest bottle neck of the entire pipeline. To save on costs as much as possible, I am trying to make the bottleneck/service piece scalable/cost-effective by having multiple EC2 instance "agents" available to be turned on, run the steps, send an email, write to the web app database, and then stop the instance via AWS lambda functions that would be triggered by an action from the web app. I am planning on hosting one EC2 instance for the web app, 2 APIs, and MySQL server on since concurrency/scalability on this piece is very small. I will also have another 1-3 instances for the bottleneck services to share concurrent runs from the 5-10 users which could allow up to 3 runs of the heavy step going at the same time. Since the bottleneck services require similar files to run the programs and the input to these steps can sometimes be file sizes of 150GB, I am thinking of using either EFS or S3 storage to hold the inputs so that I only have to worry about transferring the input files to one place that could be shared across EC2 instances and I wouldn't need to ensure they are started to do the transfer step. This is one manual piece that I also haven't figured out a good way to be more automated since the file sizes are so large. My questions are does my setup sound reasonable and do you see any holes in my implementation ideas? Currently I am using EBS storage for the service instances but I want to minimize the input locations for the 150GB transfers / maintenance. I also am unsure of the difference between S3 and EFS since they both seem to be multi-instance mountable, but which one should I use? And does it make sense to keep the web app, api's, and database on one EC2 instance if I need the service ones able to write to the database after they are done? That instance would be on all the time. Thank you for your help and forgive me if I have said anything naively.

IPTables to access resources on localhost via public IP Posted: 08 Aug 2021 02:53 PM PDT I have following setup: Proxmox Host dedicated server with one public IP and installed IPTables and bunch of Virtual Machines with docker installed. I use iptables to port forward port 443 to one of the VM's via DNAT and it works fine from outside of the Host ie Internet. But if i try to access resources within VM running on VM via the public IP it is not accessible. Use case: i have nginx with SSL as reverse proxy for services running in docker on VM (backend + frontend APP) and need to access backend from frontend via "public DNS, IP" because of SSL certificate is created for public dns pointing to public IP and port forwarded to VM's nginx. I have public interface bridged to vmbr0 and another brige vmbr172 (172.20.0.0/16) for VM's My Current IPTables rules: iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to 172.20.2.9:443 iptables -t nat -A POSTROUTING -s '172.20.0.0/16' -o vmbr0 -j MASQUERADE iptables -L -n -t nat -v Chain PREROUTING (policy ACCEPT 58449 packets, 3018K bytes) pkts bytes target prot opt in out source destination 1941 105K DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.20.2.9:443 Chain POSTROUTING (policy ACCEPT 5511 packets, 332K bytes) pkts bytes target prot opt in out source destination 212K 18M MASQUERADE all -- * vmbr0 172.20.0.0/16 0.0.0.0/0 I have tried to change out interface to any but connection seems to just "hang" and timeout. Guess i need some postrouting rule but cannot figure out how it should looks like.

Providing cloned virtual environment to multiple clients Posted: 08 Aug 2021 02:09 PM PDT I have a virtual environment created with vmware esxi consisting on a ipfire and a internal network with some vms. What would be the best way to clone this environment, on demand, so each client could have access to a vpn that leads to copies of the same vms on his own private network? (the client would only have a ovpn (or other) and connect to the vms. I wouldn't mind changing any of the software. I have tried using something like pritunl, but I can't segment a /24, so I can only make it work on 255 clients.

How log commands executed by user Posted: 08 Aug 2021 08:32 PM PDT first of all i have working some years with snoopy and its not what i need, also checking .history file isn't a solution for me. i have to give ROOT access to a developer to install a program on server and i know that he will remove history after exit session. i need to check what commands he run to protect server from abuse activity. any solution to how logging commands?

Windows Server 2019 not updating after restoring recent snapshot Posted: 08 Aug 2021 10:10 PM PDT I'm facing an issue regarding the Windows Server 2019 update. I have recently restored the Windows Server with a recent snapshot. Every time I install a Windows Update it's undoing changes, this is the error code list in event viewer 0x800f0922. Note: I'm installing updates through a WSUS server

Centos - Deploy Web Application - What is the best way using non-apache User Account with SFTP/WinSCP Posted: 08 Aug 2021 09:13 PM PDT I have a simple question, however, I am struggling to understand how to do this in a secure manner, I have a PHP-based web application that runs on Linux (Centos7), I have "user" access with Sudo privilege on the Linux server. The web server (Apache) runs as an "apache" user with an "apache" group, The problem is when I try to deploy applications using WinSCP, I get permission denied errors, the ONLY way I can solve this problem is to do a usermod -g apache myusername chmod 775 /var/www/html I don't want to give 775 to the entire web folder, I think it's a big security issue, What is the most secure way to archive this type of task? How can I deploy my app using Winscp with my user account but AS apache user? or any other suggestions on common industry practice that is considered safe?

MS Outlook keeps not responding when requesting data from Exchange Posted: 08 Aug 2021 03:07 PM PDT Looking for some pointers on this one…. MS Outlook keeps not responding when requesting data from Exchange The setup up… Three locations: one is the head office running Windows 2016 servers (AD environment), one of the servers is running Exchange 2016 (Latest CU13) with one CAS. In addition the site is also running ADConnect as the company is using MS Teams from 365. All mailboxes are stored on-premise. The addition of 365 Hybrid is only recent as the company wanted Teams during these current times we find ourselves in. However this issue I writing about today has been happening before the addition of Hybrid Exchange and 365. Note the hybrid exchange was only setup to allow MS Teams App to see the calendars one remote sites is connected to the head office via site-to-site VPNs using DrayTek routers. 2 users, so no servers just PCs running in a local workgroup. one remote sites is connected to the head office via site-to-site VPNs also using DrayTek routers. 3 users, running a window 2012 R2 servers in a different domain with trust relationships to HQ. All connections are at least 100Mbs On the remote sites when running MS Outlook 2016 or 2019; when clicking on an email or changing folders outlook goes to not responding. After a few seconds it comes back to life and works fine, until you change folders again. Checking the outlook connection status, I can see the connections to the server going via the VPN (using the local internal address, exchange.ad.example.com). Outlook has got this address correctly via Autodiscover. I checked the following so far: The setup with the MS Connectivity tool and nothing noteworthy there. I changed outlook from Cached Mode to Online and that made it worse. I checked the bandwidth and the traffic peaks at 3%, so that's not it. I checked the event viewer on the clients and the server and nothing noteworthy there either. I uninstalled MSOffice and reinstalled, no change I did however notice on the outlook connection status window some strange Avg Response times. One of the users has access to several mailboxes (all on the same server). The response time to most of the mailboxes is between 43 and 65, but on a couple of others its as high as 622. Could this be the cause of outlook to not respond? Waiting 622ms? Although it wasn't the mailbox the user was looking at, at the time. When you disconnect Outlook and connect again the results are different and the long waiting times are now on a different mailbox. I tried removing access to the remote mailboxes and using the main mailbox but still Outlook does a not-responding. Looking at the Req/Fail column there are 0 failures. Most connections say Cached, with a few saying foreground and background. I tried deleting the users local profile (and OST file) to rebuild their cached copy and it still does it. I checked the firewall settings, and between the sites internally its just the default settings from a typical windows & exchange installation. I read somewhere about changing the ActiveSync timeout on IIS, but that didn't resolve it either. When the users go into the HQ Office and log in on a hot desk and run Outlook there are no issues at all. So its only over the WAN (VPN) links. Any ideas?

Why do pods on a node that was recreated after being preempted get stuck in ContainerCreating? Posted: 08 Aug 2021 10:05 PM PDT I had a pod created by a deployment running on a preemptible node in a Google Kubernetes Engine cluster. The node was preempted and recreated. There were several FailedCreatePodSandBox events complaining: network: stat /var/lib/calico/nodename: no such file or directory: check that the calico/node container is running and has mounted /var/lib/calico/ The above events seem to be transient until Calico networking was fully running on the node. However, The final event entry mentioned by "kubectl describe" is different: Warning FailedCreatePodSandBox 95s (x3 over 101s) kubelet, (combined from similar events): Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "a1afa2a61b7b2260997f4b4719b9c315698d0016af47902923c78e4594e0dc6b" network for pod "pod_name": NetworkPlugin cni failed to set up pod "pod_name" network: Pod "pod_name" is invalid: spec: Forbidden: pod updates may not change fields other than spec.containers[*].image, spec.initContainers[*].image, spec.activeDeadlineSeconds or spec.tolerations (only additions to existing tolerations) The final event included the pod's entire specification in JSON. The pod remained in the ContainerCreating state for hours, so I assumed it would never recover. I then manually deleted the pod and the deployment immediately created a new one which started quickly on the same node. Did something in the pod specification need to change for the recreated node? I tried to simulate a preemption by resetting the node, but the pod came right back up in that case. It seems that though the node name stays the same in both cases, there must be some essential difference between recreating a preempted instance and resetting the instance without recreating it. It seems I encountered a bug, but I'm not sure if it's in Kubernetes proper, GKE's version of Kubernetes, or if it's something specific to Google Cloud Platform's preemption. I'm apparently not the only person to have this problem, since https://github.com/GoogleCloudPlatform/k8s-node-termination-handler exists. I am now using k8s-node-termination-handler and it does work around the problem. Perhaps it's filling in a gap in the functionality GKE provides?

Is it possible to find a list of all DKIM keys for a domain? Posted: 08 Aug 2021 09:41 PM PDT a DKIM-record is identified by its selector, which might be default, dkim or something else alltogether (and there might be multiple). When making sure that an e-mail's content is valid, the DKIM selector that is mentioned in the e-mail can be used to look up {selectorname}._domainkey.{hostname} (e.g: google._domainkey.protodave.com). However, when just wanting to make sure that a domain has at least one DKIM set up (to ensure that the administrator of that domain has done their due dilligence), we do not yet have a selector. How can we query the DNS without this selector? Is it even possible?

MariaDB-Server wont start after Server Reboot Posted: 08 Aug 2021 09:04 PM PDT I recently installed a Koha Library on Ubuntu VServer 16.04 with MariaDB 10.31. Everything ran smoothly until the Root restarted: Now I get: Software error: DBIx::Class::Storage::DBI::catch {...} (): DBI Connection failed: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (111) at /usr/share/perl5/DBIx/Class/Storage/DBI.pm line 1492. at /usr/share/koha/lib/Koha/Database.pm line 100 When i try to connect to the Site. I checked instantly if MySQL is running and it doesnt. So i tried to restart it - but i get an error mysql status: mysql.service - LSB: Start and stop the mysql database server daemon Loaded: loaded (/etc/init.d/mysql; bad; vendor preset: enabled) Active: failed (Result: exit-code) since Mi 2017-10-18 20:08:06 CEST; 1min 26s ago Docs: man:systemd-sysv-generator(8) Process: 4640 ExecStart=/etc/init.d/mysql start (code=exited, status=1/FAILURE) Okt 18 20:07:36 h273239.stratoserver.net mysqld[4815]: 171018 20:07:36 [Note] InnoDB: Shutdown completed; log sequence number 19026477 Okt 18 20:07:36 h273239.stratoserver.net mysqld[4815]: 171018 20:07:36 [Note] /usr/sbin/mysqld: Shutdown complete Okt 18 20:07:36 h273239.stratoserver.net mysqld[4815]: Okt 18 20:07:36 h273239.stratoserver.net mysqld_safe[4850]: mysqld from pid file /var/run/mysqld/mysqld.pid ended Okt 18 20:08:06 h273239.stratoserver.net /etc/init.d/mysql[5123]: 0 processes alive and '/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf ping' resulted in Okt 18 20:08:06 h273239.stratoserver.net /etc/init.d/mysql[5123]: [61B blob data] Okt 18 20:08:06 h273239.stratoserver.net /etc/init.d/mysql[5123]: error: 'Can't connect to local MySQL server through socket '/var/run/mysqld /mysqld.sock' (111 "Connection refused")' Okt 18 20:08:06 h273239.stratoserver.net /etc/init.d/mysql[5123]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists! Okt 18 20:08:06 h273239.stratoserver.net /etc/init.d/mysql[5123]: Okt 18 20:08:06 h273239.stratoserver.net mysql[4640]: ...fail! because we are a small NGO we cant pay for professional help - so you guys are my last resort - thanks in advance!

changing location for standalone.xml.tmp Posted: 08 Aug 2021 02:05 PM PDT We use wildfly 10.x as an application server. Our setup is much restrictive. So the AS user is not allowed to write to jboss.server.base.dir/configuration/ but at startup it wants to write the standalone.xml.tmp file to that location. Is there a way to change the location for that file to jboss.server.tmp.dir? I added also wildfly8 as a tag because it may be also a interesting thing for that version.

Unable to promote member server to domain controller Posted: 08 Aug 2021 08:03 PM PDT We have a domain called test-companyname.com containing three DCs, namely XXX01, XXX02, and XXX03. All three machines are running 2008 R2. We had to add a new DC into the domain, which would be a 2012 R2 machine. In the process, I have a user who is part of Domain / Enterprise / Schema Admins, with whom I am trying to promote my 2012 R2 member server to a DC. In the last phase I get an error - Adprep execution failed - System.ComponentModel.System32Exception (0x80004005) In Debug Logs: Adprep Log - If the error is "Insufficient Rights" (Ldap error code 50), please make sure the specified user has rights to read/write objects in the schema and configuration containers, or log off and log in as an user with these rights and rerun forestprep. In most cases, being a member of both Schema Admins and Enterprise Admins is sufficient to run forestprep. Entry DN: CN=Top,CN=Schema,CN=Configuration,DC=XXX,DC=local Add error on entry starting on line 617: Insufficient Rights The server side error is: 0x2098 Insufficient access rights to perform the operation. The extended server error is: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 An error has occurred in the program Working on this for past 12 hours with many teams and am unable to find the root cause. Really strange, this one!

Periodic broken connections between Nginx and uWSGI Posted: 08 Aug 2021 07:02 PM PDT My Django site is hosted under Nginx/uWSGI. The site becomes unreachable from time to time for a period from few minutes to few hours. It just returns 500 after long waiting. I can see harakiri messages in uWSGI log when this happens. Requests do not reach Django application (I've tried debugging). Instead I'm getting errors in Nginx log: 2016/12/03 01:18:40 [error] 1330#0: *363441461 upstream timed out (110: Connection timed out) while reading response header from upstream, client: <ip address>, server: site.com, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:///var/run/uwsgi/app/site/socket", host: "site.com", referrer: "<page url>" 2016/12/03 01:19:27 [error] 1330#0: *363441461 upstream timed out (110: Connection timed out) while reading response header from upstream, client: <ip address>, server: site.com, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:///var/run/uwsgi/app/site/socket", host: "site.com", referrer: "<page url>" 2016/12/03 01:20:15 [error] 1330#0: *363441461 upstream prematurely closed connection while reading response header from upstream, client: <ip address>, server: site.com, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:///var/run/uwsgi/app/site/socket:", host: "site.com", referrer: "<page url>" In uWSGI logs I see this kind of messages: Sat Dec 3 01:19:00 2016 - HARAKIRI [core 2] <ip address> - GET / since 1480727890 Sat Dec 3 01:20:15 2016 - HARAKIRI [core 2] <ip address> - GET / since 1480727999 Sat Dec 3 01:20:32 2016 - HARAKIRI [core 0] <ip address> - GET / since 1480727937 Sat Dec 3 05:04:15 2016 - uwsgi_response_write_headers_do(): Broken pipe [core/writer.c line 238] during GET / (<ip address>) It seems the uwsgi messages depend on harakiri value. I can't be sure because the problem is on the heavy loaded production server and I can't do enough experiments. I've set harakiri 15 the last time this pappened, and now I can't return previous value 40 because the site hangs up again. Nginx settings: uwsgi_read_timeout 30; limit_conn addr 100; location ^~ / { limit_conn session 5; limit_req zone=session_req burst=5; proxy_set_header X-Forwarded-Proto $scheme; uwsgi_pass unix:///var/run/uwsgi/app/site/socket; include uwsgi_params; uwsgi_param UWSGI_SCHEME $scheme; } uWSGI settings: module = deploy.wsgi:application master processes = 10 threads = 5 listen = 3072 thunder-lock cpu-affinity = 1 reload-on-rss = 200 harakiri = 15 reload-mercy = 20 py-autoreload = 0 vacuum What is the problem and how do I fix this?

<IfModule prefork> in Apache 2.4 (Amazon) is not in httpd.conf Posted: 08 Aug 2021 06:00 PM PDT I am running an AWS EC2 instance with LAMP (apache 2.4 (amazon). I am trying to tune the prefork module but I can't find it. I have checked the httpd.conf file and it is not in there. I have confirmed that it is running prefork mpm. I am looking for the somthing similar to the following: <IfModule prefork.c> StartServers 8 MinSpareServers 5 MaxSpareServers 20 ServerLimit 256 MaxClients 256 MaxRequestsPerChild 4000 # Example: # LoadModule foo_module modules/mod_foo.so # LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_alias_module modules/mod_authn_alias.so Does anyone know where those files are located?

apache httpd ProxyPass with client certificate performance Posted: 08 Aug 2021 05:02 PM PDT We have here a WebService running on wildfly 9. The web service is only available over ssl (https) and needs client certificates. If we change the wildfly configuration that the wildfly will communicates directly with the client (means: the wildfly will handle the https connections and will also checking the client certificates) in our testcase one client can makes between 12 and 15 requests per second (incl. getting the server answers). But if we put in front of the wildfly a apache httpd (V2.2 on CentOS6) proxy (which will then handle the https SSL stuff and will checking the client certificates) the client can then (in the same testcase) only 2 until 5 requests per second. The config of the httpd proxy is: Listen 58443 NameVirtualHost *:58443 <VirtualHost *:58443> # server SSL settings SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS # Server Certificate: SSLCertificateFile /etc/letsencrypt/live/mydomain.de/cert.pem # Server Private Key: SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.de/privkey.pem # Server Certificate Chain: SSLCertificateChainFile /etc/letsencrypt/live/mydomain.de/chain.pem Header always set Strict-Transport-Security "max-age=315360000" # Client certifacte authentication # Certificate Authority (CA): SSLCACertificateFile /etc/pki/webapp/cacert.pem SSLVerifyClient require SSLVerifyDepth 2 # proxy stuff <Proxy *> AddDefaultCharset Off Order Allow,Deny Allow from all </Proxy> # proxy to wildfly instance ProxyPass /myappSrv http://localhost:58080/myappSrv min=3 smax=5 ttl=600 iobuffersize=163840 # ProxyPass /myappSrv http://localhost:58080/myappSrv disablereuse=on # ProxyPassReverse /myappSrv http://localhost:58080/myappSrv </VirtualHost> We have already play around with several httpd configuration values: HostnameLookups is set to off Switching to "worker MPM" and playing around with several settings for that (MinSpareServers, MaxSpareServers, ThreadsPerChild, ...) AllowOverride is set to none Also we have play around with the ProxyPass parameters (see also comment out ProxyPass lines) All we did did not bring any significant improvement. But I can not believe the performance is so bad when we use a httpd proxy. Also not sure what's the bottle leck: the httpd proxy? Or the Client certificate check of httpd?

Mailbox moves - MSExchange ResourceHealth registry key doesn't exist Posted: 08 Aug 2021 07:02 PM PDT Migrating mailboxes from Exchange 2010 to Exchange 2016. It's going excruciatingly slowly, likely because the old and new VMs share the same relatively slow disks, and it keeps getting throttled. Everything on the internet says to go to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchange ResourceHealth] and set MRS to 0, to disable the throttling. I've found plenty of posts for both 2013 and 2016 that say to do that. But I don't have such a registry key. There is no MSExchange ResourceHealth. Has this changed in a newer update? Exchange 2010 server is version 14.3 (Build 123.4). Exchange 2016 server is version 15.1 (Build 466.34). So where is that registry key? Has that setting moved somewhere else?

Exchange 2013 Internal and External URLs with multiple servers and certificates Posted: 08 Aug 2021 09:50 PM PDT I'm building a lab with two Exchange 2013 Servers with different internal names and only one external URL, the naming schema is something like this: Internal Names: exchange1.local.example.com exchange2.local.example.com External URL: exchange.example.com In this schema local.example.com is the AD zone and example.com is my external domain. Both servers are using private IP addresses and there's port forwarding to make the server exchange1 able to talk with the WAN. My problem now is how to configure the internal and external URL's on Exchange Control Panel to avoid misconfiguration and certificate errors. A lot of guides on the internet says to put both URLs equal using the external name, but I'm not sure if this is the right way to do this. There's a DAG with both servers and I'm worried how this would work setting equal internal and external URLs on different servers. Another thing that keeps me confused, is about the certificates. I've two Wildcard certificates for those domains: *.local.example.com *.example.com How Exchange will match those certificates with different URL schemas? In the certificates selection I must choose which services will be guaranteed by the certificates, but I'm not able to use more than one certificate for a single server on ECP. Some guides on the web says that the certificate will match accordingly, but this isn't really what happens. Thanks in advance,

Change apache ssl configuration to nginx config Posted: 08 Aug 2021 09:04 PM PDT I want to ask your help to change my apache ssl config to nginx style. Actually i have tried it a googled but SSLEngine on SSLCertificateKeyFile /etc/apache2/ssl/key/netlime_tk.key SSLCertificateFile /etc/apache2/ssl/crt/www_netlime_tk.crt SSLCertificateChainFile /etc/apache2/ssl/crt/www_netlime_tk.cer SSLCACertificateFile /etc/apache2/ssl/crt/www_netlime_tk.cer SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!SSLv2:!SSLv3 Actually i have done this but in ssl_protools are missing the exclude of versions, also everytime i have done "connected" chain with certificates, the ssl testing websites reported that these are wrong so i dont really want to join certificates together. ssl_protocols TLSv1 TLSv1.1; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!SSLv2:!SSLv3; ssl_certificate /etc/nginx/ssl/crt/www_netlime_tk.crt; ssl_certificate_key /etc/nginx/ssl/key/netlime_tk.key; #ssl_certificate_chain /etc/nginx/ssl/crt/www_netlime_tk.cer; #ssl_ca_certificate /etc/nginx/ssl/crt/www_netlime_tk.cer; Thank you :-* if you can give some technical explanation witch will teach me something then please do it. Edit Thank for all for help and time the final config for "Grade A" on ssllabs is # SSL Configuration ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /etc/nginx/ssl/crt/www_netlime_tk.crt.bundle; ssl_certificate_key /etc/nginx/ssl/key/netlime_tk.key; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384.....very long string' ssl_prefer_server_ciphers on; ssl_dhparam /root/dhparams.pem;

nginx geoip redirect for first time only leads to redirect loop Posted: 08 Aug 2021 03:07 PM PDT I'm trying to configure nginx to perform geoIP checks on first-time visitors only. The idea is that first-time visitors should be redirected to the page version which has been customised for their language/country. I'm able to check whether or not a certain cookie exists. If it does, then nginx can proceed and not redirect. This set up means that all first-time visitors will be redirected to what it's likely to be the most appropriate version of the page for their country/language. And at the same time, those users that wish to, can still browse freely all versions available afterwards. I believe Google recommends this type of set up for multilingual/multisite webpages too. The problem is that I get a redirect loop if the rewrite directive is placed outside the root location. Yet, because the US version is the same as /root, rewrites within locations have proven even more difficult to configure. The geo_IP values are passed OK via fastcgi to php if no rewrite is specified, so I don't think there is anything wrong with the setup apart from the rewrite itself. This is my config: map $geoip2_data_country_code $country_url { default example.com; ##This is the US version GB example.com/uk; CA example.com/ca; } server { listen 443 ssl spdy default_server; server_name example.com; root /var/www/html; if ($http_cookie !~ "cookie_to_check") { rewrite ^ https://$country_url break; #Appending $request_uri to the rewrite yields very similar results } location / { try_files $uri $uri/ /index.php?$args; } location /uk { try_files $uri $uri/ /uk/index.php?$args; } location /ca { try_files $uri $uri/ /ca/index.php?$args; } ##Other locations }

net err connection timed out Posted: 08 Aug 2021 04:03 PM PDT I have Apache/2.2.22 on Ubuntu 12.04. Apache is set as reverse proxy server. So when accessed from a remote system, the page and contents are displayed. But after some time the server seems to refuse any further requests. The remote browser console gives "net::ERR_CONNECTION_TIMED_OUT" error.  But when the ip of the remote machine changes (using a dongle which changes ip after every connect/disconnect), the page/contents displays again. But the above said issues occur again. Their is tomcat7 running along with apache. Tomcat is serving the jsf page through port 8080. All the other requests are handled by apache, proxy it to a virtual machine. In apache2.conf file i mainly looked/changed these directives Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 2 Include proxy.conf ServerLimit 350 StartServers 20 MinSpareServers 75 MaxSpareServers 150 MaxClients 320 In proxy.conf <VirtualHost *:3000> ServerName server_name ErrorLog ${APACHE_LOG_DIR}/cartodb_error.log LogLevel debug CustomLog ${APACHE_LOG_DIR}/cartodb_custom.log combined <Proxy balancer://mycluster> BalancerMember http://cartodb.user:3002 </Proxy> ProxyPass / balancer://mycluster/ maxattempts=10000000 ProxyPassReverse / balancer://mycluster/ <VirtualHost *:8182> ServerName server_name ErrorLog ${APACHE_LOG_DIR}/windshaft_error.log LogLevel debug CustomLog ${APACHE_LOG_DIR}/windshaft_custom.log combined <Proxy balancer://mycluster> BalancerMember http://cartodb.user:8182 </Proxy> ProxyPass / balancer://mycluster/ maxattempts=10000000 ProxyPassReverse / balancer://mycluster/ also similar VirtualHost directives with port 8082, 8889 with similar settings. The "cartodb.user" has been aded in the /etc/hosts file to redirect it to virtual box. Also the firewall has been disabled for the virtualbox. virtual box is also having Ubuntu 12.04. In ports.conf NameVirtualHost *:80 NameVirtualHost *:8889 NameVirtualHost *:8082 NameVirtualHost *:8182 NameVirtualHost *:3000 Listen 80 Listen 8889 Listen 8082 Listen 8182 Listen 3000 The enabled modules are   actions.conf,actions.load,alias.conf,alias.load,authz_host.load, cache.load,cgid.conf,cgid.load,proxy_ajp.load,proxy_balancer.conf, proxy_balancer.load,proxy.conf,proxy_connect.load,proxy_ftp.conf,proxy_ftp.load, proxy_html.conf,proxy_html.load,proxy_http.load,proxy.load, proxy_scgi.load,rewrite.load On reqtimeout.conf RequestReadTimeout header=20-40,minrate=500 RequestReadTimeout body=10,minrate=500 Checked the Apache log files didn't give any error when LogLevel is put in debug. Please point out how to avoid this situation

Apache UseCanonicalName On isnt passing ServerName to CGI Posted: 08 Aug 2021 08:03 PM PDT On Apache 2.4 in in a virtualhost I have: UseCanonicalName On ServerName somename ServerAlias www.someothername.com According to the docs: With UseCanonicalName On Apache will use the hostname and port specified in the ServerName directive to construct the canonical name for the server. This name is used in all self-referential URLs, and for the values of SERVER_NAME and SERVER_PORT in CGIs. So in my Tomcat/CFML application when I visit the URL www.someothername.com I would expect to see in the CGI scope: server_name: somename but instead I get: server_name: www.someothername.com It's like the directive is totally ignored. # Proxy CFML files to Tomcat RewriteCond %{REQUEST_FILENAME} /[^/:]+\.cfml*($|/) RewriteRule (.*) ajp://%{HTTP_HOST}:8009$1 [P,L] I also tried: RewriteRule (.*) ajp://%{SERVER_NAME}:8009$1 [P,L] and using mod_proxy instead of AJP: RewriteRule (.*) http://%{SERVER_NAME}:8888$1 [P,L] The last 2 cause a DNS lookup on somename but still returns www.someothername.com in the CGI.SERVER_NAME field I should point out that the only reason I'm doing this is because I'm doing mass virtual-hosting with mod_cfml to automaticatically create tomcat contexts and I would like the context and application to use a short name derived from the vhost configuration. I guess I could just set a header (even rewrite the Host: header) but using ServerName seemed the most elegant solution. UPDATE: There is something I noticed in the client headers that is probably relevant. There are 2 headers I haven't seen before: x-forwarded-host: www.someothername.com x-forwarded-server: somename I need to know what set these headers and why. I'm assuming it was either Tomcat or mod_cfml. Can I rely on the x-forwarded-server value to always be ServerName?

fsockopen(): unable to connect to 127.0.0.1:6379 Posted: 08 Aug 2021 05:02 PM PDT Im running centOs 6.3, I installed redis-server via remi repository on my local machine. I can run the redis cli. But when I try to connect via php script I get fsockopen(): unable to connect to 127.0.0.1:6379 I tried running this after disabling the IPtables but even that did not work for me. here is my iptables rule when it runs target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:6379 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited I also tried running following command without success. setsebool -P httpd_can_network_connect 1 Edit: netstat -tan tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:54980 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:33000 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33103 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33065 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33070 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33099 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33069 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33058 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33150 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33052 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33140 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:51634 69.59.197.29:80 ESTABLISHED tcp 0 0 127.0.0.1:33137 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:44836 65.55.58.184:80 ESTABLISHED tcp 0 0 127.0.0.1:33036 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33126 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33138 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33032 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33039 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:58613 74.125.135.125:5222 ESTABLISHED tcp 0 0 127.0.0.1:33053 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33004 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33134 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33030 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33094 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33056 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33050 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33125 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33098 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33028 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33127 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33047 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33027 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33034 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33025 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33082 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33080 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33096 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33142 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33002 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33003 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33064 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33059 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33107 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33139 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33133 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33132 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33090 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33013 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33076 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33007 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33100 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33144 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33149 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33092 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33119 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:56835 74.125.236.151:80 ESTABLISHED tcp 0 0 127.0.0.1:33116 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33008 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33106 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33046 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33062 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33086 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33001 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:39717 69.192.223.144:80 ESTABLISHED tcp 0 0 127.0.0.1:33018 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33029 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33010 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33026 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33087 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33120 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33124 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:54740 69.59.197.29:80 ESTABLISHED tcp 0 0 127.0.0.1:33019 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33068 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33024 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33084 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:49277 74.125.236.134:443 ESTABLISHED tcp 0 0 127.0.0.1:33042 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33049 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33057 127.0.0.1:80 ESTABLISHED tcp 1 0 192.168.11.33:51642 69.59.197.29:80 CLOSE_WAIT tcp 0 0 127.0.0.1:33063 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33041 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33071 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33108 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33067 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:55675 173.194.69.93:443 ESTABLISHED tcp 0 0 127.0.0.1:33009 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33097 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33102 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33105 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33136 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:47970 74.125.236.131:80 ESTABLISHED tcp 0 0 127.0.0.1:33122 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33051 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33115 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33072 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:60243 108.161.188.213:80 TIME_WAIT tcp 0 0 127.0.0.1:33113 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33040 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33130 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33048 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:47559 74.125.236.134:80 ESTABLISHED tcp 0 0 127.0.0.1:33131 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33020 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33095 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:51535 74.125.236.102:80 ESTABLISHED tcp 0 0 127.0.0.1:33005 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:37953 192.168.11.11:5222 ESTABLISHED tcp 0 0 127.0.0.1:33022 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33077 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33101 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:49890 72.246.188.65:80 TIME_WAIT tcp 0 0 127.0.0.1:33109 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33055 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33093 127.0.0.1:80 ESTABLISHED tcp 609 0 192.168.11.33:51753 69.59.197.29:443 ESTABLISHED tcp 0 0 127.0.0.1:33074 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:48157 108.161.189.75:80 TIME_WAIT tcp 0 0 127.0.0.1:33088 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33079 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33128 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:50195 74.125.236.128:80 ESTABLISHED tcp 0 0 192.168.11.33:54815 115.112.1.4:80 ESTABLISHED tcp 0 0 127.0.0.1:33035 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:44316 74.125.236.143:443 ESTABLISHED tcp 0 0 127.0.0.1:33121 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33075 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33104 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33043 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33143 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:55772 69.59.197.29:80 ESTABLISHED tcp 0 0 127.0.0.1:33014 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:32999 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33147 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:46212 74.125.236.142:443 ESTABLISHED tcp 0 0 127.0.0.1:33111 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:59920 192.168.11.1:143 ESTABLISHED tcp 0 0 127.0.0.1:33135 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33017 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:39378 69.59.197.21:80 ESTABLISHED tcp 0 0 192.168.11.33:56836 74.125.236.151:80 ESTABLISHED tcp 0 0 127.0.0.1:33148 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33038 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33006 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33117 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33031 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33060 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:47560 74.125.236.134:80 TIME_WAIT tcp 0 0 127.0.0.1:33129 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33145 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33023 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33081 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33114 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33118 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33123 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:49531 74.125.31.95:80 TIME_WAIT tcp 0 0 127.0.0.1:33091 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33044 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33083 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33112 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33012 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33061 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:49893 72.246.188.65:80 TIME_WAIT tcp 0 0 127.0.0.1:33073 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33054 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33016 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33089 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:60242 108.161.188.213:80 TIME_WAIT tcp 0 0 127.0.0.1:33033 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33146 127.0.0.1:80 ESTABLISHED tcp 0 0 127.0.0.1:33085 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:51927 69.59.197.29:80 ESTABLISHED tcp 0 0 192.168.11.33:22 192.168.11.37:43447 ESTABLISHED tcp 0 0 127.0.0.1:33037 127.0.0.1:80 ESTABLISHED tcp 0 0 192.168.11.33:41758 74.125.236.159:80 ESTABLISHED

Users unable to search redirected profile folders Posted: 08 Aug 2021 10:05 PM PDT All of our clients are using Windows 7. Our file server is Server 2008 R2. We have redirected users' profile folders (My Documents, My Pictures, Favorites, My Videos) to a share on the file server (\\server\UserProfiles\). Inside the UserProfiles share is a folder for each user. When we created the UserProfiles folder, we gave it the following permissions to the users' group per MS's recommendations/best practices: Create Folder/Append Data, List Folder/Read Data, Read Attributes, Traverse Folder Apply to: This folder only Creator/Owner has full control of subfolders and files only. We have offline files enabled for the profile folders, and we have disabled indexing of offline files. Whenever users try to search their documents, they get an instant response stating "no items match your search." Those of us who are administrators (like me), we can search our files just fine. I ran across this thread, but our users already have read/traverse permissions for the root folder. What else can I check to fix this problem? It's affecting all of our users.

Free Web Based Server Log Viewer/Monitor [closed] Posted: 08 Aug 2021 03:48 PM PDT I'm not much of a server guy, but do need to monitor logs for my web server. Preferabbly, PHP, Apache and MySQL error logs. Could you guys offer any advice for free web-based solutions for monitoring these server logs? It's a linux server.

Restrict listing a "root" directory in ProFTPD Posted: 08 Aug 2021 08:10 PM PDT I have an FTP server set up where, off the root, there is a file structure laid out by city. Underneath each city's folder are more folders organized by project. I would like to be able to restrict my guest users (using a specific login/password) in such a way that they are unable to view the folders under the city name, but instead have be brought directly to them via an FTP link. Example: / --City1 ----Project1 ----Project2 ----Project3 --City2 ----Project4 --City3 ----Project5 link: ftp://ftp.company.com/City2/Project4

certutil -ping fails with 30 seconds timeout - what to do? Posted: 08 Aug 2021 04:03 PM PDT The certificate store on my Win7 box is constantly hanging. Observe: C:\>1.cmd C:\>certutil -? | findstr /i ping -ping -- Ping Active Directory Certificate Services Request interface -pingadmin -- Ping Active Directory Certificate Services Admin interface C:\>set PROMPT=$P($t)$G C:\(13:04:28.57)>certutil -ping CertUtil: -ping command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified. C:\(13:04:58.68)>certutil -pingadmin CertUtil: -pingadmin command FAILED: 0x80070002 (WIN32: 2) CertUtil: The system cannot find the file specified. C:\(13:05:28.79)>set PROMPT=$P$G C:\> Explanations: The first command shows you that there are –ping and –pingadmin parameters to certutil Trying any ping parameter fails with 30 seconds timeout (the current time is seen in the prompt) This is a serious problem. It screws all the secure communication in my app. If anyone knows how this can be fixed - please share. Thanks. P.S. 1.cmd is simply a batch of these commands: certutil -? | findstr /i ping set PROMPT=$P($t)$G certutil -ping certutil -pingadmin set PROMPT=$P$G EDIT1 I have succeeded to pin down the single windows API that causes the problem - DsGetDcName According to the windbg, the certutil -ping invokes it like so: PDOMAIN_CONTROLLER_INFO pdci; DWORD ret = ::DsGetDcName(NULL, NULL, NULL, NULL, DS_DIRECTORY_SERVICE_PREFERRED, &pdci); On my workstation it times out for 30 seconds and then returns error code 1355, which is ERROR_NO_SUCH_DOMAIN No domain controller is available for the specified domain or the domain does not exist. On another machine, which is accidentally a windows server 2003, it returns almost immediately with the correct domain controller name inside the returned DOMAIN_CONTROLLER_INFO structure. Now the question is what is missing on my workstation for that API to find the correct domain controller?

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States