Recent Questions - Server Fault

---

• Error 0x800706BA Restoring Windows Server 2012 from System Image
• No network connectivity between pods inside a fresh bare-metal kubernetes cluster
• Ceph connect to local node
• Docker expose a port of a container but restrict network access
• Dovecot SMTP issues
• pfSense as IPSec remote access client
• Strange requests keep coming to my gateway API on AWS
• Nginx rewrite with proxypass
• Postfix unintentionally rewriting email addresses with virtual domains
• Forward broadcast packets to dynamic / wildcard
• Auditd not sending logs to centralized auditd log server
• Is it possible to force the DHCP server to assign a different IP address each time the address is renewed?
• Setup l2tp using Strongswan
• `GLIBCXX_3.4.20' not found Centos7
• 503 Service Unavailable with ambassador QOTM service
• Single DNS and E-Mail server with multiple public IP addresses
• How to set up HTTP-based domain validation on nginx (how to reroute specifically one url to a text file)
• Schannel Event ID 36888 and 36884 Certificate Error
• How to enable LDAP over SSL/TLS in AD without installing AD Certificate Services
• Mikrotik - routing a single address, part of a direct accessed subnet
• Yet Another NFS Permissions Error: Linux NFS4 Access Denied ('Auth Bogus Credentials (seal broken)') from NAT'd VM
• Wake-on-lan to trigger virtual-machine with kvm and libvirt
• htaccess rewriting all subdomains to subdirectories
• Windows XP laptop doesn't appear in WSUS All computers list
• Sync Exchange Calendar to Google Calendar
• How set owner of file cms.war for ftpuser and owner of cms folder for tomcat user?
• Error after having configured IIS for CF 6.1
• How to restrict user to change Account setting in Outlook 2007?

Error 0x800706BA Restoring Windows Server 2012 from System Image Posted: 02 Oct 2021 08:21 PM PDT We've been running Windows Server 2012 in a VMware virtual machine for a few years now. The VM has the OS, apps, and user data on one virtual disk and automated system image backups on another virtual disk. I've tested the backups in the past, and they seemed to be fine, but I'm running into trouble now. A few days ago, the VM refused to boot: it was caught in a repair loop that I couldn't extricate it from. After a few hours of troubleshooting, it seemed like it would be less work to restore from the most recent backup; unfortunately, that turned out to not be the case. I dug up the Windows Server 2012 installation media and booted the VM from the ISO with the two virtual disks mounted. I chose the "Repair my PC" option instead of trying to reinstall the OS, and then clicked the "Troubleshoot" button. From there, I got to the "System Image Recovery" wizard. The wizard found my backup on drive D:, but when I clicked through to start the restoration process, an error message popped up after a few seconds. The message read, "The system image restore failed. Error details: The RPC server is unavailable. (0x800706BA)". I've attached a screen shot for reference: No matter what options I select in the restoration process, I end up with that message. Is there something I can do to get past this point and restore the system? Any guidance would be very much appreciated.

No network connectivity between pods inside a fresh bare-metal kubernetes cluster Posted: 02 Oct 2021 06:35 PM PDT I noticed connectivity problems when trying to generate TLS certificates using cert-manager. I can successfully connect to different pods from the outside world (ingress works), but I can't reach the outside from within my pods. To rule out any problems due to existing configurations, I re-created the complete cluster, without success, then again on a different machine with different network etc., without success. I tried Antrea and Flannel as the CNI. Spinning up a short busybox pod shows that pinging the host node works, but no other pods on the same host, not curling them (even though an appropriate service was created), no DNS lookups and no global network reachability like ping 1.1.1.1. The only reachable interface from within was 10.224.0.1 aka cni0 on the host network. Related questions: Bare metal kubernetes DNS not forwarding doesn't apply, I'm sure nothing overlaps. My Pod CIDR is 10.224.0.0/16, the host network is 10.0.0.0/24, the service network appears to be 10.196.0.0/16. https://stackoverflow.com/questions/69414858/pods-in-kubernetes-can-not-communicate-with-other-pods-and-outside-cluster-hosts doesn't apply, since a) I have no security policies, b) I have no connectivity between a hostNetwork: true pod towards other pods and vice versa and c) it's only one node. AFAICT, I closely followed the installation instructions (example below on a fresh Debian 11 with Docker and the other tools installed): kubeadm init --control-plane-endpoint k8s-0.local --pod-network-cidr "10.224.0.0/16" --node-name k8s-0.local --service-cidr "10.196.0.0/16" kubectl taint nodes --all node-role.kubernetes.io/master- wget https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml kubectl apply -f kube-flannel.yaml (I did make sure that the pod CIDR reflects the one flannel uses by default.) Watching the pods and services during the last step of the installation, it shows that the CoreDNS was previously pending but changed to running. Afterwards, all pods are up and running successfully: NAMESPACE NAME READY STATUS RESTARTS AGE kube-system pod/coredns-78fcd69978-7bgdp 1/1 Running 0 5m52s kube-system pod/coredns-78fcd69978-v5ptc 1/1 Running 0 5m52s kube-system pod/etcd-k8s-0.local 1/1 Running 2 6m8s kube-system pod/kube-apiserver-k8s-0.local 1/1 Running 0 6m5s kube-system pod/kube-controller-manager-k8s-0.local 1/1 Running 0 6m5s kube-system pod/kube-flannel-ds-fszkm 1/1 Running 0 108s kube-system pod/kube-proxy-6s26v 1/1 Running 0 5m53s kube-system pod/kube-scheduler-k8s-0.local 1/1 Running 2 6m5s Any further help or guidance would be highly appreciated :)

Ceph connect to local node Posted: 02 Oct 2021 06:05 PM PDT I have an idea for an application that I'd like to build and one of the requirements is a globally replicated filesystem. Things like Ceph and GlusterFS exist, but I'm not sure they meet my particular use case. Let's say I have 3 app servers in 3 different regions [US, Europe, Asia] Then I have a 3 node Ceph setup with 1 node in each of those regions [US, Europe, Asia] Can I have each app server connect directly to the Ceph node in their region or do I have to go through some centralized orchestration node? I ask because I want to keep file system latency to a minimum and just use Ceph to synchronize changes between all the nodes. If I can't connect directly to the "local" node, I think latency would be quite high. Any help understanding this would be greatly appreaciated!

Docker expose a port of a container but restrict network access Posted: 02 Oct 2021 05:18 PM PDT I have a server A, and it runs a container B (say an SSH server). I want to allow people doing some computation on B that does not access the network. Using docker run --publish=${MY_PORT}:22 ..., I expose container B's port to allow people to connect into B. This way people can ssh into B using A's ${MY_PORT} port. However, people can initiate TCP connections to other servers (e.g. 8.8.8.8), so they can use server A a jump host to do bad things. Is it possible to isolate container B's network? That is, only allow access to the published port, and deny all other network traffic. I am thinking of something similar to --network=none --publish=${MY_PORT}:22. Is it possible to achieve this without editing Docker's iptables?

Dovecot SMTP issues Posted: 02 Oct 2021 04:48 PM PDT I had bought a domain mydomain.tld and a vps, and I used iredmail to set up a mailserver. Not wanting iredmail to mess up with my nginx, I decided to install nginx and roundcube by myself. However, it says the SMTP server doesn't support auth. SMTP is all right. [02-Oct-2021 23:40:16 +0000]: <5gl20r7b> PHP Error: SMTP server does not support authentication (POST /?_task=mail&_unlock=loading1633218016462&_framed=1&_action=send) [02-Oct-2021 23:40:16 +0000]: <5gl20r7b> SMTP Error: Authentication failure: in /var/www/mail/program/lib/Roundcube/rcube.php on line 1702 (POST /?_task=mail&_unlock=loading1633218016462&_framed=1&_action=send) Here is my dovecot -n dovecot -n # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 4.15.0-158-generic x86_64 Ubuntu 18.04.6 LTS auth_master_user_separator = * auth_mechanisms = PLAIN LOGIN deliver_log_format = from=%{from}, envelope_sender=%{from_envelope}, subject=%{subject}, msgid=%m, size=%{size}, delivery_time=%{delivery_time}ms, %$ dict { acl = mysql:/etc/dovecot/dovecot-share-folder.conf lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf } first_valid_uid = 2000 last_valid_uid = 2000 listen = * [::] login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k session=<%{session}> mail_gid = 2000 mail_location = maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/ mail_plugins = quota mailbox_alias acl mail_log notify stats mail_uid = 2000 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace { inbox = yes location = mailbox Archive { auto = no special_use = \Archive } mailbox Archives { auto = no special_use = \Archive } mailbox "Deleted Messages" { auto = no special_use = \Trash } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox "Junk E-mail" { auto = no special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Items" { auto = no special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Spam { auto = no special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } namespace { list = children location = maildir:%%Lh/Maildir/:INDEX=%%Lh/Maildir/Shared/%%Ld/%%Ln prefix = Shared/%%u/ separator = / subscriptions = yes type = shared } passdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-master-users driver = passwd-file master = yes } plugin { acl = vfile acl_shared_dict = proxy::acl last_login_dict = proxy::lastlogin last_login_key = last-login/%s/%u/%d mail_log_events = delete undelete expunge copy mailbox_create mailbox_delete mailbox_rename mail_log_fields = uid box msgid size from subject flags mailbox_alias_new = Sent Messages mailbox_alias_new2 = Sent Items mailbox_alias_old = Sent mailbox_alias_old2 = Sent quota = dict:user::proxy::quotadict quota_grace = 10%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Mailbox is full quota_status_success = DUNNO quota_warning = storage=100%% quota-warning 100 %u quota_warning2 = storage=95%% quota-warning 95 %u quota_warning3 = storage=90%% quota-warning 90 %u quota_warning4 = storage=85%% quota-warning 85 %u sieve = ~/sieve/dovecot.sieve sieve_before = /var/vmail/sieve/dovecot.sieve sieve_dir = ~/sieve sieve_global_dir = /var/vmail/sieve sieve_max_redirects = 30 sieve_vacation_send_from_recipient = yes stats_refresh = 30 secs stats_track_cmds = yes } protocols = pop3 imap sieve lmtp service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service dict { unix_listener dict { group = vmail mode = 0660 user = vmail } } service imap-login { process_limit = 500 service_count = 1 } service lmtp { executable = lmtp -L inet_listener lmtp { address = 127.0.0.1 port = 24 } process_min_avail = 5 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = vmail } service managesieve-login { inet_listener sieve { address = 127.0.0.1 port = 4190 } } service pop3-login { service_count = 1 } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { address = 127.0.0.1 port = 12340 } } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } service stats { fifo_listener stats-mail { group = vmail mode = 0644 user = vmail } inet_listener { address = 127.0.0.1 port = 24242 } unix_listener stats-writer { group = vmail mode = 0660 user = vmail } } ssl = required ssl_cert = </etc/ssl/certs/iRedMail.crt ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH ssl_key = # hidden, use -P to show it ssl_prefer_server_ciphers = yes syslog_facility = local5 userdb { args = /etc/dovecot/dovecot-mysql.conf driver = sql } protocol lda { lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_plugins = quota mailbox_alias acl mail_log notify stats sieve } protocol lmtp { lmtp_save_to_detail_mailbox = yes mail_plugins = quota mailbox_alias acl mail_log notify stats sieve recipient_delimiter = + } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_max_userip_connections = 30 mail_plugins = quota mailbox_alias acl mail_log notify stats imap_quota imap_acl imap_stats last_login } protocol pop3 { mail_max_userip_connections = 30 mail_plugins = quota mailbox_alias acl mail_log notify stats last_login pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv }

pfSense as IPSec remote access client Posted: 02 Oct 2021 04:47 PM PDT I have a pfSense router in a residential environment and need to use IPSec/IKEv2 as a remote access client to a commercial VPN provider. I know the pfSense web UI doesn't support the router being the remote access client, but the underlying FreeBSD OS should. My questions is would setting up the connection in the underlying OS mess up any routing/firewall settings or have interfaces not show up in pfSense? If not, then is this the best guide for setting it up on the base OS?

Strange requests keep coming to my gateway API on AWS Posted: 02 Oct 2021 09:47 PM PDT I have a simple HTTP service built with AWS lambda and API gateway. The Domain pointing to the gateway is hosted by Route53 and the gateway uses certificate from Certificate Manager. Pretty standard setup. All neatly connected using Terraform, works like a charm... except strange requests coming to the API every few seconds (!). I checked every possible probing, healthchecks available on AWS – everything is disabled, but the requests keep coming. Dump of the request from the lambda: { ... "headers": { "accept": "*/*", "accept-encoding": "gzip, deflate", "content-length": "0", "host": "sub-b.sub-a.my-domain.com", "user-agent": "python-requests/2.26.0", "x-amzn-trace-id": "Root=1-6158e0d5-0d266e5d0a84add227005a79", "x-forwarded-for": "3.85.226.144", "x-forwarded-port": "443", "x-forwarded-proto": "https" }, ... "http": { "method": "GET", "path": "/", "protocol": "HTTP/1.1", "sourceIp": "3.85.226.144", "userAgent": "python-requests/2.26.0" }, "requestId": "GmgRbgATFiAEMtQ=", "routeKey": "$default", "stage": "$default", "time": "02/Oct/2021:22:44:37 +0000" ... } The 3.85.226.144 IP is EC2 instance in North Virgina, so it's us-east-1 AWS region (mine is eu-central-1). And that agent python-requests/2.26.0. It looks like an AWS service. Especially that I have experimented with changing domain which does not alter the final result as the request start appearing instantly after setting up my service again with different subdomain. The volume is about 3000 requests per 1h. I have already spent hours googling and checking anything that came to my mind, but even tough I work quite often with infrastructure I am literally helpless. What the hell is responsible for those requests?! All sorts of ideas and suggestions highly appreciated.

Nginx rewrite with proxypass Posted: 02 Oct 2021 03:17 PM PDT I have an Nginx running in the front of a node js server (next.js). I'm trying to write my Nginx config in order to achieve this behavior, I want to add the hostname as the first part in the path before proxy_pass to node js. for example, the client will write a.com/ or a.com/product/... or a.com/**. my nextjs application except for something like http://a.com/[:domainname]/.... while the domain name is the same as the host. so the goal is to change the URL from a.com/** to a.com/a.com/**, before passing that to nextjs server. the nginx config i created : location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. # try_files $uri $uri/ =404; # if ($host = a.com) { proxy_pass http://site/a/; } # if ($host = b.com) { proxy_pass http://site/b/; } rewrite ^(/.*)$ /$host/$1 ; proxy_pass http://site; } but that didn't work.

Postfix unintentionally rewriting email addresses with virtual domains Posted: 02 Oct 2021 02:32 PM PDT I have had a postfix mail server running for some time mostly just taking mail for a couple of personal domains for me. I was recently asked if I could email services for a family member, and I'm having a bit of trouble setting everything up. If I send a test email to dave@domaintwo.tld, it gets rewritten as david@domainone.tld. The dave->david conversion is done in the virtual map. However the domain name changes, too. This changed second domain then gets caught in my catchall for domainone, resulting in the email going to the wrong place. I'm sure this is something simple to do with how I've set up the virtual domains, but I think I've tried every possible combination, and can't get it to work correctly! Any help greatly appreciated. The error: postfix/local[2512]: 66BD219F511: to=<david@domainone.tld>, orig_to=<dave@domaintwo.tld>, relay=local, delay=0.46, delays=0.42/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION") /etc/procmail/main.cf: mydomain = domainone.tld smtpd_banner = $myhostname ESMTP $mail_name biff = no append_dot_mydomain = no delay_warning_time = 1h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/letsencrypt/live/mail.domainone.tld/cert.pem smtpd_tls_key_file=/etc/letsencrypt/live/mail.domainone.tld/privkey.pem smtpd_tls_CAfile=/etc/letsencrypt/live/mail.domainone.tld/chain.pem smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 smtp_tls_security_level = may smtpd_tls_mandatory_ciphers = high myhostname = mail.domainone.tld myorigin = $mydomain alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = localhost, domainone.tld, domaintwo.tld, domainthree.tld, domainfour.tld #virtual_alias_domains = virtual_alias_maps = hash:/etc/postfix/virtual #relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = ipv4 home_mailbox = Maildir/ mailbox_command = procmail -a "$EXTENSION" message_size_limit = 51200000 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/blacklist_recipients, check_sender_access hash:/etc/postfix/blacklist_senders, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client virbl.dnsbl.bit.nl relay_domains = $mydestination, anotherserver.tld relay_recipient_maps = /etc/postfix/virtual: george@domainone.tld george test@domainone.tld george @domainone.tld george dave@domaintwo.tld david @domaintwo.tld david webmaster@domaintwo.tld george alice@domainthree.tld alice @domainthree.tld alice webmaster@domainthree.tld george aaron@domainfour.tld aaron @domainfour.tld aaron webmaster@domainfour.tld george What I think happens: Email comes in to dave@domaintwo.tld from an external server virtual map matches dave@domaintwo.tld (I want server to delivery to mailbox for used david.) Server redirects to david@domainone.tld (domainone.tld is the server's domain) david@domainone.tld is then matched by @domainone.tld and delivered to user george. This happens to any address other than george@domainone.tld. Server details: postfix: mail_version = 3.1.15 procmail: procmail v3.23pre Thanks!

Forward broadcast packets to dynamic / wildcard Posted: 02 Oct 2021 06:25 PM PDT I have set up a dynamic ppp service on a linux machine where clients will connect and get a private IP. The rules I have set up in iptables are currently: sysctl -w net.ipv4.ip_forward=1 sysctl -w net.ipv4.ip_dynaddr=1 iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE iptables -A INPUT -i ppp+ -j ACCEPT iptables -A FORWARD -i ppp+ -j ACCEPT iptables -I PREROUTING -t nat -i ppp+ -p udp -s 10.0.10.3 -j DNAT --to 10.0.10.2 iptables -I PREROUTING -t nat -i ppp+ -p udp -s 10.0.10.2 -j DNAT --to 10.0.10.3 My intended functionality is for anyone who connects on the ppp interface to inherit the IP of the host and to have access to the internet and to be able to communicate with peers on the same network. Success! With the exception of broadcast packets. Anything sent to 255.255.255.255 or the like does not reach anyone. To mitigate, I have hardcoded the rules in bold from above, however this is not a dynamic solution and adds up based on the number of connected clients. My question is, what can I do to have a 'wildcard' iptables solution to this? Specifically, I ideally need a single-line solution that will forward any udp packet from ppp interfaces to other ppp interfaces, while not interfering with the other rules or tcp packets. Thank you in advance. Edit I caved in and tried to hardcode the rules for 100 IPs to at least get it running normally. Even in the shortest format I could find, I encountered the issue that only the first rule will take effect for a given packet, meaning that I cannot create multiple rules for the same packet, and cannot create a catch-all rule for a single IP to the entire network either because it will send the packet in question to the source as well, leading to a similar failure: Screenshot of rules

Auditd not sending logs to centralized auditd log server Posted: 02 Oct 2021 03:00 PM PDT We have set up centralized logging of auditd messages for two machines: machine (www22.domain.com) is the source (centos8) machine (cls.domain.com) is the centralized log server (centos7) This was done in the standard way using auditd+audisp plugin sending to auditd server listening on port 60, e.g. like described here: https://luppeng.wordpress.com/2016/08/06/setting-up-centralized-logging-with-auditd/ But then when I observe the audit log on the centralized log server after restarting auditd client on the source, the only thing that appears are the lines node=cls.domain.com type=DAEMON_CLOSE msg=audit(1632773977.760:3884): addr=::ffff:x.y.z.152 port=42652 res=success node=cls.domain.com type=DAEMON_ACCEPT msg=audit(1632773988.330:3885): addr=::ffff:x.y.z.152 port=44282 res=success where ::ffff:x.y.z.152 is obviously due to some packet(s) from IP address x.y.x.152 (address of www22.domain.com). So the TCP connection between client-server gets established and it seems further message logging should work. But then the only new lines that ever appear in the log file are those that originate on cls.domain.com. There are never audit messages from www22.domain.com. I've checked what happens if auditd www22.domain.com is set up to write also to local audit log file; then the local file gets lots of messages from audit. But still nothing is sent over the network. How to make sure the auditd client sends the same messages over the network?

Is it possible to force the DHCP server to assign a different IP address each time the address is renewed? Posted: 02 Oct 2021 09:14 PM PDT I need to detect IP address renewals in my C++ Linux application and check if the new address is different from the old one. I have access to a router running OpenWrt. I can change the lease time, but I can't find a way to force an address change with each renewal process. Is this even possible? Maybe once assigned the IP address is never changed at renewal and the only way is to get the address after the lease time without renewal and hope my old address is assigned to another client? Thank you in advance for any suggestions.

Setup l2tp using Strongswan Posted: 02 Oct 2021 09:04 PM PDT I setup ikev2 using Strongswan, Now I need to add l2tp support to that What is the best and easy method to add l2tp support to Strongswan? Appreciate for any help

`GLIBCXX_3.4.20' not found Centos7 Posted: 02 Oct 2021 05:00 PM PDT while starting deepstream output show like this how can i resolve this issue. I installed the latest version which is not available in yum repo by using rpm file and i can't remove this package too..shows the same error. please help deepstream: /lib64/libstdc++.so.6: version GLIBCXX_3.4.20' not found (required by deepstream) deepstream: /lib64/libstdc++.so.6: versionGLIBCXX_3.4.21' not found (required by deepstream) deepstream: /lib64/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by deepstream)

503 Service Unavailable with ambassador QOTM service Posted: 02 Oct 2021 07:06 PM PDT I have a kubernetes master/node setup in cent os. After setting up ambassador as an API gateway, I have tried a sample route with QOTM service for which when I send a http request to the route, I receive 503 Service unavailable in the response with body as = "no healthy upstream". But the same qotm service when I ran it as a stand alone docker container it worked for the route. Is there any thing specific to be taken care in kubernetes to setup ambassador. kubectl exec ambassador-589c864695-cg556 -- curl -v 10.101.64.22/qotm/* > no healthy upstream* Trying 10.101.64.22... > * TCP_NODELAY set > % Total % Received % Xferd Average Speed Time Time Time Current > Dload Upload Total Spent Left Speed > 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* > Connected to 10.101.64.22 (10.101.64.22) port 80 (#0) > GET /qotm/* HTTP/1.1 > Host: 10.101.64.22 > User-Agent: curl/7.63.0 > Accept: */* > < HTTP/1.1 503 Service Unavailable < content-length: 19 < content-type: text/plain < date: Fri, 22 Mar 2019 03:54:16 GMT < server: envoy < { [19 bytes data] 100 19 100 19 0 0 19000 0 --:--:-- --:--:-- --:--:-- 19000 * Connection #0 to host 10.101.64.22 left intact

Single DNS and E-Mail server with multiple public IP addresses Posted: 02 Oct 2021 03:05 PM PDT On our site we have two internet providers, with public IPs on each link. We manage locally our DNS and SMTP server. We want to publish our DNS and SMTP server on both links, to get redundancy. My question is how to publish the NS records and especially the PTR records? For example, let assume this : link1: dns server public ip : 192.168.1.2 mail server public ip : 192.168.1.3 link 2: dns server public ip : 10.10.10.2 mail server public ip : 10.10.10.3 How can we declare the name server and the smtp server and especially their PTR records on each link? Does the SMTP banner matter if we use different names for the SMTP server on each link? Regards.

How to set up HTTP-based domain validation on nginx (how to reroute specifically one url to a text file) Posted: 02 Oct 2021 09:51 PM PDT I am having trouble redirecting properly. server { listen 80; server_name www.website.com website.com; location /.well-known/pki-validation/HASHHASH.txt { root /var/www/comodo; } } does not seem to work (can't find it). Any advice very much appreciated. With HASHHASH.txt in /var/www/comodo

Schannel Event ID 36888 and 36884 Certificate Error Posted: 02 Oct 2021 04:03 PM PDT I'm receiving the two following errors every ~60 seconds on a Windows 2008R2 SP1 Server running SQL Server 2008R2: First: Log Name: System Source: Schannel Date: 5/25/2016 9:23:02 AM Event ID: 36888 Task Category: None Level: Error Keywords: User: SYSTEM Computer: sql1.contoso.com Description: The following fatal alert was generated: 43. The internal error state is 552. Second: Log Name: System Source: Schannel Date: 5/25/2016 9:23:02 AM Event ID: 36884 Task Category: None Level: Error Keywords: User: SYSTEM Computer: sql1.contoso.com Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is sql1. The SSL connection request has failed. The attached data contains the server certificate. The server name in the second errors description is the same hostname as the FQDN in the Computer field. Is the SSL Connection failure from sql1.contoso.com to another computer, from another computer to sql1.contoso.com, for from sql1.contoso.com to itself? If there is another server involved, how can I determine which server is either the source or the target? Any help on tracking down the source of the issue and a resolution is greatly appreciated.

How to enable LDAP over SSL/TLS in AD without installing AD Certificate Services Posted: 02 Oct 2021 03:05 PM PDT I am installing a Sonicwall firewall into my organization. I've connected the Sonicwall with the Active Directory domain, however now on the status page of the appliance there is a huge warning: WARNING: LDAP is being used without TLS - this is highly insecure. I understand that connection between the FW and the DC is made with clear text and although this is not much of a problem because the Sonicwall and the Domain Controllers are in the local network and in the same subnet, we still want to encrypt the traffic to comply with our regulations. As I made my search on other forums people are mentioning that I need to apply a certificate to the Domain Controller as per this MS article which is also mentioning the installation of AD Certificate services. Is there any other way to do encrypt the LDAP traffic without installation of the additional role (AD CS) on the Domain Controller? Installing additional role to the Domain Controller, just for one simple task seems like an overkill to me - like nailing a needle with a sledgehammer. Also If I am really to install and deploy a Certification Authority to our organization what would be the impact on it? I don't have experience working with it, so are there any implications and/or problems for which I am to be aware of?

Mikrotik - routing a single address, part of a direct accessed subnet Posted: 02 Oct 2021 05:00 PM PDT I have a Mikrotik RB2011 and several TP-Links - WR740N, located at different geo locations, part of my ISP MAN network. My ISP provides me with an (static) address/mask and a gateway for each device. Ie: routerboard - 192.168.5.10/24 - gate 192.168.5.1 TPLink1 - 192.168.10.5/24 - gate 192.168.10.1 TPLink2 - 192.168.20.10/24 - gate 192.168.20.1 TPLink3 - 192.168.30.15/24 - gate 192.168.30.1 etc... Because the routerboard has more than one WAN address, I configured the routes to the networks from above this way: accessing TPLink1 - 192.168.10.0/24 -> 192.168.5.1 accessing TPLink2 - 192.168.20.0/24 -> 192.168.5.1 accessing TPLink3 - 192.168.30.0/24 -> 192.168.5.1 and so on... Everything goes fine. I'm able to access each TPLink from the routerboard. But I have a TPLinkX with an assigned address 192.168.5.6/29 and its network (5.0/29) is physically different from the routerboards one (5.0/24). So, I added a new route (routerboard site) - 192.168.5.6/32 -> 192.168.5.1 and everything works, but after some time (5-10-15-20 minutes) this route becomes ignored. If I disable the route and enable it again - it becomes to work again (again for a short period of time). By the way, I'm surprised that it even works (although for a brief), because by default I have a dynamic route - 192.168.5.0/24 -> interface with a distance of 0 (generated because the static WAN address). Is there any way to "bypass" the default route just for one host (or another approach) ? Thanks in advance EDIT /ip routes # jan/22/2015 13:38:30 by RouterOS 6.25 # software id = 8IZ2-4V85 0 A S dst-address=192.168.5.6/32 gateway=192.168.5.1 gateway-status=192.168.5.1 reachable via ether1-gateway distance=1 scope=30 target-scope=10 1 ADS dst-address=0.0.0.0/0 gateway=XXX.XXX.XXX.XXX gateway-status=XXX.XXX.XXX.XXX reachable via pppoe distance=1 scope=30 target-scope=10 3 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.1 gateway=ether2 gateway-status=ether2 reachable distance=0 scope=10 4 A S dst-address=192.168.8.0/24 gateway=192.168.5.1 gateway-status=192.168.5.1 reachable via ether1-gateway distance=1 scope=30 target-scope=10 14 A S dst-address=192.168.12.0/24 gateway=192.168.5.1 gateway-status=192.168.5.1 reachable via ether1-gateway distance=1 scope=30 target-scope=10 15 A S dst-address=192.168.20.0/24 gateway=192.168.5.1 gateway-status=192.168.5.1 reachable via ether1-gateway distance=1 scope=30 target-scope=10 16 A S dst-address=192.168.24.0/24 gateway=192.168.5.1 gateway-status=192.168.5.1 reachable via ether1-gateway distance=1 scope=30 target-scope=10 17 ADC dst-address=192.168.5.0/22 pref-src=192.168.5.11 gateway=ether1-gateway gateway-status=ether1-gateway reachable distance=0 scope=10 23 ADC dst-address=XXX.XXX.XXX.XXX/32 pref-src=XXX.XXX.XXX.XXX gateway=pppoe client gateway-status=pppoe reachable distance=0 scope=10 The problematic one is the first route. It works for a while, but then suddenly becomes ignored.

Yet Another NFS Permissions Error: Linux NFS4 Access Denied ('Auth Bogus Credentials (seal broken)') from NAT'd VM Posted: 02 Oct 2021 07:06 PM PDT Inside the VM, host address is 10.0.2.2, local address is 10.0.2.15. (VirtualBox). This gets translated to 127.0.0.1 on the host side. To connect: sudo mount -vvvt nfs4 -o clientaddr=127.0.0.1 10.0.2.2:/srv /mnt I specified clientaddr because I figured the problem could be due to the addresses not matching, but it doesn't change anything. After a few minutes the client returns the usual Permission Denied message, access denied by server. On the server side, I run # rpc.mountd -d all -F # rpc.idmapd -vvvf # rpc.nfsd -d I use systemd, so I am also monitoring the journal for any output. When I make the mount request, the following is visible over the network: reply ERR 20: Auth Bogus Credentials (seal broken) but nothing appears in the journal (which should have the output of rpc.nfsd) or in the output of rpc.mountd or rpc.idmapd, aside from some startup messages. Actually, in the case of rpc.mountd, I get the following occasionally: rpc.mountd: auth_unix_ip: inbuf 'nfsd 127.0.0.1' rpc.mountd: auth_unix_ip: client (nil) 'DEFAULT' As far as I am aware (please correct me!) there is no other source for information about NFS's functioning, and there is also no configuration involved. I have specified the verbose modes for each command, so I'm at a loss for how I am supposed to diagnose this issue. I am assuming that it is a problem with my exports file, which is as follows: /srv 127.0.0.1(rw,sync,no_subtree_check,no_root_squash) But I would rather actually get some feedback from the system about what is going wrong than fiddle with my exports file by trial and error. So, does anyone know where I can find out more about what's going on? Thanks! EDIT I recently ran exportfs -rav and now the client immediately returns 'Operation not permitted', and rpc.mountd outputs: rpc.mountd: auth_unix_ip: inbuf 'nfsd 127.0.0.1' rpc.mountd: v4root_create: path '/' flags 0x12401 rpc.mountd: v4root_create: path '/srv' flags 0x10401 rpc.mountd: auth_unix_ip: client 0x1d69d70 '127.0.0.1' rpc.mountd: nfsd_fh: inbuf '127.0.0.1 1 \x00000000' rpc.mountd: nfsd_fh: found 0x1d73e90 path / but this output may just be related to having run exportfs. (Note that I restarted the daemons several times before, so I don't know how exportfs made a difference) OK, it seems that adding the 'insecure' option has fixed it: secure This option requires that requests originate on an Internet port less than IPPORT_RESERVED. (1024). This option is on by default. To turn it off, specify insecure. This is odd, since I was running the NFS client as root. In any case, why wasn't this issue made apparent to the operator (myself) ? I don't see how a piece of software can be considered fit for production use if its diagnostics are kept completely hidden, so as to render it inaccessible to non-experts.. I don't mean to bash NFS here, but it seems like a notoriously obfuscated system that could really use some more transparency given how frequently it is used.. Anyway thanks for reading.

Wake-on-lan to trigger virtual-machine with kvm and libvirt Posted: 02 Oct 2021 03:30 PM PDT I'm doing virtualization with KVM and managing it via the Libvirt daemon. How do I configure Libvirt or KVM to listen for Wake-On-Lan packets sent the the Virtual Machine's NIC's MAC address and to start the Virtual Machine when such a packet is received?

htaccess rewriting all subdomains to subdirectories Posted: 02 Oct 2021 06:00 PM PDT I'm trying to build a catch-all for any subdomains (not captured by previous rewrite rules) for a certain domain, and serve a website from a subdirectory that resides in the same folder as the .htaccess file. I already have my vhosts.conf to send all unmapped requests to a "playground" folder, where I want to easily create new subdomains by simply adding a subfolder. So, my structure looks like this: /var/www/playground |-> /foo |-> /bar The .htacces living inside the /playground folder and /foo and /bar being seperate websites. I want http://foo.domain.com to point to /foo and http://bar.domain.com to /bar. Here is my .htaccess file: RewriteEngine On RewriteCond %{HTTP_HOST} ^([^.]+).domain.com$ [NC] RewriteCond %{REQUEST_URI} !^/%1/(.*) RewriteRule ^(.*) /%1/$1 [L] This is supposed to capture the subdomain, add it as a subfolder in RewriteRule, then append after the slash and path information. The second RewriteCond is there to prevent an infinite loop. My idea was that %1 in the second RewriteCond would be able to capture the capture group in the first RewriteCond. But so far I haven't had any success, it's always ending up in a redirect loop. If I would replace %1 in the second RewriteCond with hardcoded 'foo' or 'bar', it works, which leads me to believe that you cannot refer to a capture group inside a RewriteCond. Is is true? Or am I missing something?

Windows XP laptop doesn't appear in WSUS All computers list Posted: 02 Oct 2021 08:08 PM PDT I have this one laptop that doesn't appear in WSUS all computers list. We have about 23-25 PCs/laptops/servers in the network, all, but one are listed in WSUS. This is what I have done so far: 1) Changing Updates on local PC: Go to your Windows XP client and start a new Microsoft Management Console (MMC). At Start, Run, type MMC. Use Ctrl+M to add a new snap-in. Click Add, and then add the Group Policy Object Editor for the Local Computer. Click Close, and then click OK. Expand the Local Computer Policy. Under Computer Configuration, go to Administrative Templates, Windows Components, Windows Update. In the right-hand pane, double-click Specify intranet Microsoft update service location. Configure the settings to reflect my WSUS server. Click OK and then close the MMC without saving it. executed wuauclt.exe /detectnow 2) Edited registry key to be pushed to the PCs using GPO [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] "WUServer"=http://wsusserver "TargetGroupEnabled"=dword:00000001 "TargetGroup"="WINXP" "WUStatusServer"=http://wsuswerver 3) executed wuauclt /resetauthorization /detectnow 4)Synchronised and refreshed the group I am running out of ideas here. The client is running Windows XP pro, WSUS version is 3.0 and is running on Windows 2008 R2 64-bit. Please, help! Thanks! EDIT 13.IX.2012 @ 15.40 CT I should have also mentioned that we do have a Windows Update GPO for workstations group and that laptop is a part of that group. EDIT 13.IX.2012 @ 18.03 CT Here are the . Now, after googling the error that's the solution I came across and it didn't help: -> Stop the Automatic Updates service and BITS service. net stop wuauserv net stop bits -> Delete "%windir%\softwaredistribution" directory. -> Start the Automatic Updates service and BITS service. When these two services have been started, they will auto-create "softwaredistribution" and its subfolder at system directory. net start wuauserv net start bits -> After the "%windir%\softwaredistribution" directory has been generated, please let the client contact the WSUS server immediately. wuauclt.exe /resetauthorization /detectnow -> After 15 minutes, please check the client to confirm whether it detects needed updates. Edit 14.IX.2012 @ 9.59 CT 1) Okay, I ran nslookup on the WSUS server: Server: xxxx.xxxxxxx.local Address: x.x.x.2 Name: xxx-xxx.xxxxxxx.local Address: x.x.x.36 2) I pinged the WSUS server (name): Pinging xxx-xxx.xxxxxx.local [x.x.x.36] with 32 bytes of data: Reply from x.x.x.36: bytes=32 time=1ms TTL=128 Reply from x.x.x.36: bytes=32 time<1ms TTL=128 Reply from x.x.x.36: bytes=32 time<1ms TTL=128 Reply from x.x.x.36: bytes=32 time<1ms TTL=128 Ping statistics for x.x.x.36: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms 3) I pinged the WSUS server (IP): Pinging x.x.x.36 with 32 bytes of data: Reply from x.x.x.36: bytes=32 time<1ms TTL=128 Reply from x.x.x.36: bytes=32 time<1ms TTL=128 Reply from x.x.x.36: bytes=32 time<1ms TTL=128 Reply from x.x.x.36: bytes=32 time<1ms TTL=128 Ping statistics for 10.3.1.36: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms I don't believe it's a DNS issue, but I might be mistaken. Anything you need to run to check DNS issue?

Sync Exchange Calendar to Google Calendar Posted: 02 Oct 2021 04:03 PM PDT Without having access to the Exchange server, is there an app I can run on my OS X desktop to sync my Exchange-based calendar to Google Calendar? I really don't mind if it just duplicates the events from Exchange to Google Cal. Thanks

How set owner of file cms.war for ftpuser and owner of cms folder for tomcat user? Posted: 02 Oct 2021 09:04 PM PDT I'm using Tomcat Server. I would like the owner of the file cms.war to be the ftp user the tomcat user to be the owner of the cms/ folder. When I uploaded cms.war it was automatically deployed in cms/ folder and when I deleted cms.war the cms/ folder was deleted.

Error after having configured IIS for CF 6.1 Posted: 02 Oct 2021 08:08 PM PDT I have configured IIS 7 for CF 6.1 as per the following link: http://www.communitymx.com/content/article.cfm?page=1&cid=224AA But am still getting the following error: Server Error in Application "DEFAULT WEB SITE" Internet Information Services 7.5 Error Summary HTTP Error 404.17 - Not Found The requested content appears to be script and will not be served by the static file handler. Detailed Error Information Module StaticFileModule Notification ExecuteRequestHandler Handler StaticFile Error Code 0x80070032 Requested URL http://127.0.0.1:80/CFIDE/administrator/index.cfm Physical Path C:\inetpub\wwwroot\CFIDE\administrator\index.cfm Logon Method Anonymous Logon User Anonymous Most likely causes: •The request matched a wildcard mime map. The request is mapped to the static file handler. If there were different pre-conditions, the request will map to a different handler. Things you can try: •If you want to serve this content as a static file, add an explicit MIME map. What can I do to resolve this error?

How to restrict user to change Account setting in Outlook 2007? Posted: 02 Oct 2021 06:00 PM PDT In our company we have a local mail server (MDaemon). Every user has a local mail server account which is bind with his company mail id. In Outlook 2007 of every user's machine the Account setting is configured with his company mail id, local mail server as POP and SMTP account and credentials for his local mail server account. Now in Outlook under Account setting if someone changes the User Informations (Your Name and E-mail Address fields), then the outgoing mail from that Outlook contains that Name and Email address in From field. Suppose my name is Arion Ban and my email address is arion.ban@mycompany.com. And my account setting looks like this - User Informations Your Name : Arion Ban E-mail Address: arion.ban@mycompany.com Server Information Account Type: POP3 Incoming mail server: mail.mycomapny.com Outgoing mail server (SMTP): mail.mycomapny.com Logon Informations User Name: arion.ban Password: password My colleague's name is John Hanks and his email id is john.hanks@mycompany.com. Now I put John's name and email Id in my Outlook's User Informations under Account Setting. I keep Server Informations and Login Information unchanged. Now my Account Settings looks like this - User Informations Your Name : John Hanks E-mail Address: john.hanks@mycompany.com Server Information Account Type: POP3 Incoming mail server: mail.mycomapny.com Outgoing mail server (SMTP): mail.mycomapny.com Logon Informations User Name: arion.ban Password: password Now I am sending mail to somebody, the mail will be delivered with Form field contains John's name and email id. I think it is very much a Company security concern. I have to stop this slip-out issue. Is there any option to restrict the account setting, so that no one can change his Outlook's account setting? Or is there any changes I have to make in our Local Mail Server, may be SMTP authentication (not sure)? Please help.

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States