Recent Questions - Server Fault

---

• Securing SSH access with YubiKey: ed25519-sk vs. pam_yubico
• Cannot install CentOS nor Ubuntu on HP ProLiant DL360p Gen8
• This is about virtualization [closed]
• console not show , supermicro server
• SCCM: Where can I find the ccmsetup.exe or .msi installer for download?
• can http clients configure if they want persistent or non-persistent connections with the http server?
• MySQL "Cannot allocate memory for the buffer pool" at 73% memory usage?
• Is "-s loglevel" option ignored when olcLogLevel is set while "-d" overwrites
• Does http protocol standard support long polling?
• Centos7 cannot connect to FTP server , 200 PORT command successful. Consider using PASV. 425 Failed to establish connection
• How do I check if Log4j is installed on my server?
• Cloud Platform Create Project error
• Oracle Cloud: Gradle in Compute Arm Instance: jcenter.bintray.com FORBIDDEN
• Limiting ARC Size for the proposed system
• How to run openstack components' cli without SSL validation?
• SSH Tunnel Through Multiple Hosts to Forward Traffic to Device
• Getting IP address like "10.8.0.33/-1" when setting static IP address with OpenVPN
• ansible not working become
• PPTP VPN connects but does not have access to network resources
• Linux: where to store Java trusted CAs
• AD / SYSVOL Version Mismatch on Default Domain Policy
• Windows Server 2012 NLB logging
• msi for Web Deploy 3.6 for Hosting Servers... where to find?
• No Graphs available in Munin
• How to troubleshoot GRE tunnel issues?
• Proxy connections to certain addresses on Linux
• How to: Make X.509 Certificates Accessible to WCF
• aptitude: list all previous recommended packages
• Password mismatch while logging to sql server
• Can I execute an SSRS report from a windows batch file?

Securing SSH access with YubiKey: ed25519-sk vs. pam_yubico Posted: 12 Dec 2021 03:34 AM PST I just got some YubiKeys to secure my important accounts and am now wondering about the best way of securing access to some VPS boxes I have. Up until now, I have disabled password-based login and used SSH keys to connect to the servers. As far as I can tell from some research, there are two ways to secure SSH access with a YubiKey: Generating a ed25519-sk key pair which can only be used together with the YubiKey Using the pam_yubico module on the server to only allow access with a regular SSH key and the YubiKey as a second factor Is there any reason to prefer one of these over the other for security or convenience?

Cannot install CentOS nor Ubuntu on HP ProLiant DL360p Gen8 Posted: 12 Dec 2021 03:28 AM PST I've attempted to install CentOS Steam 8 and Ubuntu 20.04 as of right now, and each time I try to install them, it gives me the same error and doesn't work. The error that it gives me is: /dev/loop2 Can't open blockdev, and after about 10-30 seconds it gives another error: failed unmounting /cdrom and then it just stays in that state and does nothing. After 120 seconds it times out and won't really do anything else. I'm not really sure what this problem is, I have already searched, and found a thread about the same issue that I have (https://superuser.com/questions/1559234/cannot-install-ubuntu-20-04-server-on-virtualbox), however that is in a virtual machine, and this is on real hardware, so I'm really unsure about what to do, how would I fix this? I copied this question from my superuser post: https://superuser.com/questions/1692561/cannot-install-centos-nor-ubuntu-on-hp-proliant-dl360p-gen8, because I believe this is a more appropriate community for this.

This is about virtualization [closed] Posted: 12 Dec 2021 02:56 AM PST You are required to design three virtual machines on a server in an IT Company. This server has 16GB RAM, 8 Core CPUs, 512 SSD, and 1TB HDD. Each virtual machine required 4GB RAM, 4 Core CPU, and 24GB HDD to complete its work. a) How will you split the resources between each virtual machine? b) Draw the Diagram of each Virtual machine. c) Do the resource distribution calculation.

console not show , supermicro server Posted: 12 Dec 2021 02:33 AM PST hope you have a good day. This is my first time to configure a server. I'm facing small issue, after I login to super micro server "remotely", the console not showing. note that I already install java and update it. I tried in different devices and different browsers

SCCM: Where can I find the ccmsetup.exe or .msi installer for download? Posted: 12 Dec 2021 01:24 AM PST I'm trying to setup SCCM on a remote machine running Windows 10 and I need to know where to download the SCCM setup from, other than extracting it from a server ISO or something like that. Context: The machine in question is a regular PC that has been installed by my company in another firm's organization to run our proprietary software and act as a server, and we have full remote access to it via RDP and a VPN, but from that server PC, we'd like to remotely control and manage a second PC (also ours) that's a client to the server PC, for maintenance purposes. Our customer is a hospital and is very picky about remote access on second-tier PCs such as this client PC; they won't even let us install UltraVNC on it. The only way we can maintain our software on this PC would be by actually sitting in front of it, and that's not a viable solution. Both machines are supplied by us and run our own Windows 10 ghost with all the necessary software on them; the server PC hosts our proprietary applications, and the client connects to the server PC to access the applications and read/write data in an SQL database that's part of our software package. The server PC has access to the Internet through the client's organization proxy, but the client PC doesn't. My question is, Where can we download ccmsetup.exe or ccmsetup.msi from, so that we can deploy it on our server PC, and from it remotely manage the client PC while staying within the client's security guidelines? RDP is not an option because it would mean the people using the client PC would have to let us disconnect them to connect in their place, when what we really want is to observe the issues and problems they encounter while using our software. Ideally, we'd use UltraVNC, but as I mentioned earlier, this customer won't allow that. Basically, all I need is a download link for the x64 and/or x86 SCCM setup files. I've searched the Web for it and found lots of entries on how to fetch the console install files from a local server and install them, which I already know how to do, but no direct download link to a Microsoft repository. Any help to that effect would be greatly appreciated.

can http clients configure if they want persistent or non-persistent connections with the http server? Posted: 12 Dec 2021 12:49 AM PST I want to understand, if depending on how client configures the http connection, the server can behave in non-persistent manner or persistent manner, so in effect some clients can connect in persistent mode and some clients can connect in non-persistent mode. Any sample code esp in java would be helpful.

MySQL "Cannot allocate memory for the buffer pool" at 73% memory usage? Posted: 12 Dec 2021 01:20 AM PST I am hosting a WordPress website on a DigitalOcean droplet (1GB RAM). The website's MySQL database crashes occasionally, which causes the website to show "Error establishing database connection". Memory usage dropped around 2:40 am, indicating that this is when the database crashed. I checked the MySQL log file for that day, and the earliest entry was at 10:47 am. Here is the beginning of the log file: 2021-12-06T10:47:14.800977Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timest$ 2021-12-06T10:47:14.806192Z 0 [Note] /usr/sbin/mysqld (mysqld 5.7.36-0ubuntu0.18.04.1) starting as process 2810 ... 2021-12-06T10:47:14.819674Z 0 [Note] InnoDB: PUNCH HOLE support available 2021-12-06T10:47:14.819711Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins 2021-12-06T10:47:14.819716Z 0 [Note] InnoDB: Uses event mutexes 2021-12-06T10:47:14.819720Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier 2021-12-06T10:47:14.819723Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.11 2021-12-06T10:47:14.819727Z 0 [Note] InnoDB: Using Linux native AIO 2021-12-06T10:47:14.820551Z 0 [Note] InnoDB: Number of pools: 1 2021-12-06T10:47:14.823342Z 0 [Note] InnoDB: Using CPU crc32 instructions 2021-12-06T10:47:14.825847Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M 2021-12-06T10:47:14.826246Z 0 [ERROR] InnoDB: mmap(137428992 bytes) failed; errno 12 2021-12-06T10:47:14.826258Z 0 [ERROR] InnoDB: Cannot allocate memory for the buffer pool 2021-12-06T10:47:14.826262Z 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error 2021-12-06T10:47:14.826270Z 0 [ERROR] Plugin 'InnoDB' init function returned error. 2021-12-06T10:47:14.826274Z 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed. 2021-12-06T10:47:14.826278Z 0 [ERROR] Failed to initialize builtin plugins. 2021-12-06T10:47:14.826282Z 0 [ERROR] Aborting 2021-12-06T10:47:14.832237Z 0 [Note] Binlog end 2021-12-06T10:47:14.832297Z 0 [Note] Shutting down plugin 'CSV' 2021-12-06T10:47:14.832572Z 0 [Note] /usr/sbin/mysqld: Shutdown complete Based on the log file, it appears MySQL is running out of memory. However, memory usage for the droplet was steady around 73%, until the database crash around 2:40 am, when it dropped down to 32%. It seems to have plenty of memory available, so why is it crashing?

Is "-s loglevel" option ignored when olcLogLevel is set while "-d" overwrites Posted: 12 Dec 2021 12:25 AM PST The number of debug-level of '-d' command line option and syslog-level of '-s' command line option in slapd have the same meaning as we can confirm by: $ slapd -d '?' $ slapd -s '?' The only difference between '-d' and '-s' is that '-d' is for foreground debug and '-s' is background logging level, I think. Confirm "-d" debug-level Even when slapd is running under olcLogLevel: 0: $ sudo grep olcLogLevel /etc/openldap/slapd.d/cn=config.ldif olcLogLevel: 0 slapd -d runs to overwrite olcLogLevel setting as I expect: $ sudo systemctl stop slapd # to avoid port conflict $ sudo slapd -d 256 # run slapd with loglevel 256 in foreground (*a) do ldapsearch in another terminal: $ ldapsearch -x -H ldap://localhost -b dc=... -s base ... (*a) shows loglevel=256 logs as I expect: 61b552f9 slapd starting 61b55313 conn=1000 fd=15 ACCEPT from IP=[::1]:40918 (IP=[::]:389) ... 61b55313 conn=1000 fd=15 closed I can confirm -d -1 (all logging) works as well: (stop (*a) slapd by ctrl-c) $ sudo slapd -d -1 ... (a lot of logs) while ldapsearch in another terminal: $ ldapsearch -x -H ldap://localhost -b dc=... -s base ... Confirm "-s syslog-level" kill 'slapd -d' I started at (*a) and start slapd with -s 256 in background: (stop (*a) slapd by ctrl-c) $ sudo cat /etc/sysconfig/slapd ... SLAPD_OPTIONS="-s 256" $ sudo systemctl start slapd I can confirm the option by ps: $ ps xafu | grep slapd ldap 10109 0.0 0.0 543936 10444 ? Ssl 10:50 0:00 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// ldaps:/// -s 256 however, I cannot confirm any logs by the following command. $ sudo journalctl --follow _SYSTEMD_UNIT=slapd.service While I change olcLogLevel to other than 0 (e.g. 256) by: $ sudo ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF dn: cn=config changetype: modify replace: olcLogLevel olcLogLevel: 256 EOF (I can confirm if it is set by the following command) $ sudo grep olcLogLevel /etc/openldap/slapd.d/cn=config.ldif olcLogLevel: 256 then do ldapsearch: $ ldapsearch -x -H ldap://localhost -b dc=csc -s base ... so we see loglevel=256 logs by: $ sudo journalctl --follow _SYSTEMD_UNIT=slapd.service Dec 12 10:59:40 my-host slapd[10537]: conn=1003 fd=13 ACCEPT from IP=[::1]:41078 (IP=[::]:389) Dec 12 10:59:40 my-host slapd[10537]: conn=1003 fd=13 closed ... This means: -d overwrite olcLogLevel -s doesn't overwrite olcLogLevel Is my understanding right? If yes, what is the '-s' option? My OS version is: $ cat /etc/centos-release CentOS Linux release 7.9.2009 (Core) slpad version is: $ sudo yum list installed | grep openldap openldap.x86_64 2.4.44-23.el7_9 @updates

Does http protocol standard support long polling? Posted: 12 Dec 2021 12:51 AM PST I recently read about long-polling concept which can be used with http. I want to understand, if any http protocol standard itself supports long-polling concept, so that depending on how client configures the http connection, the server can behave in short-polling manner or long-polling manner, so in effect some clients can connect in short-polling mode and some clients can connect in long-polling mode. Any sample code esp in java would be helpful.

Centos7 cannot connect to FTP server , 200 PORT command successful. Consider using PASV. 425 Failed to establish connection Posted: 11 Dec 2021 09:48 PM PST i'm trying to connect linux ftp server in window command prompt it works fine when ftp port is default (20, 21) it's not working after i changed the default port of FTP , FTP-DATA yes i did checked firewall ( it's the same when even stop the firewall), and yes i did checked vsftpd.conf file is there a something else to check if port are changes ? i thought only vsftpd.conf is the one what effected to FTP and FTP-DATA port works fine when the port is default (20, 21) 425 Failed to establish connection. when i changed the port and this is my /etc/vsftpd/vsftpd.conf file anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 listen_port=39021 # add this dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=NO ftp_data_port=39020 # add this xferlog_std_format=YES ftpd_banner=Welcome to blah FTP service. chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd/chroot_list listen=YES port_enable=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=NO pasv_enable=YES # add this pasv_min_port=60019 # add this pasv_max_port=60020 # add this pasv_address=[My IP] # add this allow_writeable_chroot=YES port_promiscuous=YES # add this

How do I check if Log4j is installed on my server? Posted: 12 Dec 2021 02:55 AM PST I read about security vulnerabilities related to Log4j. How do I check if Log4j is installed on my server? I installed many third-party packages and maybe some of them contain it. Is there a command to run on my server to check if Log4j is installed? My specific servers use Ubuntu 18.04.6 LTS.

Cloud Platform Create Project error Posted: 12 Dec 2021 12:36 AM PST New user to GCP. I'm set up as administrator of all groups, have created the billing and am up to Step 5 of Set up Your Foundation. Enabled GSuite/Workspace Apps > Additional Google services: Google Cloud Platform, Google Developers. In Manage Resources (step 5), my org is checked and I'm listed in Permissions as the Org Admin and Project Creator. When I click Create Project, I keep getting the error message: "Create Project: Google Cloud Platform service has been disabled. Please contact your administrator to turn the service on in the Google Workspace Admin console." As noted above, I am the admin and the service is enabled. Do I have the correct service? How can I create my project? Can someone please help me? Thank you soooo much!

Oracle Cloud: Gradle in Compute Arm Instance: jcenter.bintray.com FORBIDDEN Posted: 12 Dec 2021 02:15 AM PST I'm trying to build some project on a free Canonical-Ubuntu-20.04-aarch64-2021.10.15-0 (ARM machine) for example launching ./gradlew clean On this project: https://github.com/ReactiveX/RxJava but I have some problems with the dependencies (seems all related to jcenter) for example Could not GET 'https://jcenter.bintray.com/com/github/javaparser/javaparser-symbol-solver-model/3.13.5/javaparser-symbol-solver-model-3.13.5.jar'. Received status code 403 from server: Forbidden Actually doing a ping to the URL: ping jcenter.bintray.com Is resolves as: 180.74.95.34.bc.googleusercontent.com (34.95.74.180) Same problem with a wget (using --debug), so this is not related to certificate of JVM (I think): <p>Your client does not have permission to get URL <code>/com/github/javaparser/javaparser-symbol-solver-model/3.13.5/javaparser-symbol-solver-model-3.13.5.jar</code> from this server. <ins>That's all we know.</ins> ] done. 2021-12-09 10:05:50 ERROR 403: Forbidden. And it seems SSL is correctly handled: Initiating SSL handshake. Handshake successful; connected socket 3 to SSL handle 0x0000aaaafdff9d80 certificate: subject: CN=*.bintray.com issuer: CN=GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US X509 certificate successfully verified and matches host jcenter.bintray.com I can reach the URL with no problem from my machine. VM Machine have a subnet with egress rule that allows all traffic for all ports. I don't know IpTables but i try to see the configuration and I can't find nothing about a Rule to block this request (may be someone could help me on that). Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 InstanceServices all -- anywhere link-local/16 I'm not a gradle expert nor a network expert so, i'm missing something i think.... BTW someone with the right reputation can create a tag oracle-cloud-infrastructure :)? Any hint is welcome :)

Limiting ARC Size for the proposed system Posted: 11 Dec 2021 10:22 PM PST I have a pool of 5 x enterprise 12Gps SSD that I use for internal storage for a proxmox server. This pool is used to stand up VMs and containers. The problem is that it is eating up a lot of my available RAM which is 192G! Here is the summary: As you can see the Max size is 94.4GiB!!! My question is: What should be the optimal value for this? and how to change it? This is my production server and I want to be 100% sure of the process. (I already looked here but my server is also not honouring the arc size :( ) Any help or suggestions would be highly appreciated!

How to run openstack components' cli without SSL validation? Posted: 12 Dec 2021 02:42 AM PST (I use IPv6_Address instead of real IP address) .openrc setting: export OS_CLOUD=mycloud export OS_USERNAME=myusername export OS_PASSWORD=mypassword export OS_PROJECT_NAME=myproject export OS_AUTH_URL=https://[IPv6_Address]:5000/v3 If set this config in the clouds.yml file: mycloud: identity_api_version: "3" region_name: RegionOne verify: False auth: auth_url: https://[IPv6_Address]:5000/v3 user_domain_name: "Default" project_name: "myproject" project_domain_name: "default" Run openstack server list can work. But this time run nova list got No handlers could be found for logger "keystoneauth.identity.generic.base" ERROR (SSLError): SSL exception connecting to https://[IPv6_Address]:5000/v3/auth/tokens: HTTPSConnectionPool(host='IPv6_Address', port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),)) Try nova list --insecure got /usr/lib/python2.7/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) /usr/lib/python2.7/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) /usr/lib/python2.7/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) /usr/lib/python2.7/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) usage: nova [--version] [--debug] [--os-cache] [--timings] [--os-region-name <region-name>] [--service-type <service-type>] [--service-name <service-name>] [--os-endpoint-type <endpoint-type>] [--os-compute-api-version <compute-api-ver>] [--os-endpoint-override <bypass-url>] [--insecure] [--os-cacert <ca-certificate>] [--os-cert <certificate>] [--os-key <key>] [--timeout <seconds>] [--collect-timing] [--os-auth-type <name>] [--os-auth-url OS_AUTH_URL] [--os-system-scope OS_SYSTEM_SCOPE] [--os-domain-id OS_DOMAIN_ID] [--os-domain-name OS_DOMAIN_NAME] [--os-project-id OS_PROJECT_ID] [--os-project-name OS_PROJECT_NAME] [--os-project-domain-id OS_PROJECT_DOMAIN_ID] [--os-project-domain-name OS_PROJECT_DOMAIN_NAME] [--os-trust-id OS_TRUST_ID] [--os-default-domain-id OS_DEFAULT_DOMAIN_ID] [--os-default-domain-name OS_DEFAULT_DOMAIN_NAME] [--os-user-id OS_USER_ID] [--os-username OS_USERNAME] [--os-user-domain-id OS_USER_DOMAIN_ID] [--os-user-domain-name OS_USER_DOMAIN_NAME] [--os-password OS_PASSWORD] <subcommand> ... error: unrecognized arguments: --insecure Try 'nova help ' for more information. If don't have SSL certificate file local to connect to openstack https api, how to run nova, glance commands? Is there a .novarc, .glancerc config file to use them? I also tried to create a nova.rc file with the same configuration as openrc then source it. But the same.

SSH Tunnel Through Multiple Hosts to Forward Traffic to Device Posted: 11 Dec 2021 09:03 PM PST I am attempting to minimize my Public facing attack surface. Allowing only traffic from a specific IP address. I want to prevent all input access to the remote WAN/Edge Router's management port from the public side. So I want to create a tunnel to a server on private side and forward traffic from there to the WAN/Edge router. I have a Dynamic IP at home but have a DigitalOcean Droplet which to tunnel through which will always be static. I believe a VPN would accomplish the same result but I really didn't want to setup and maintain a VPN when, if I could determine the tunnel sequence, SSH tunnel would allow me to create and tear down at will, also using SSH key auth. So my connection would look something like this. My destination port on the WAN/Edge Router is user definable. So to obfuscate the destination let's say it's port 3333. So from my workstation I would point my management utility to port 3333 on my localhost. Directing traffic over the tunnel to the internal interface of the WAN/Cable modem. Home workstation (utility port 3333) -> digital_ocean_jump_host -> [---> Passing through the Dest Network WAN/Edge Router with a Firewall/NAT Rule --->] -> internal_jump_host -> WAN/Edge Router's Private Interface on Port 3333 After many Google queries and multiple attempts at this I just can't quite make it work. At best I can ssh through to the internal server. What SSH foo might I be missing here. Ideally I would like to make the tunnel an automated service. But a two step process would be acceptable.

Getting IP address like "10.8.0.33/-1" when setting static IP address with OpenVPN Posted: 11 Dec 2021 10:06 PM PST I'm trying to build an internal network with OpenVPN. Many services require static IPs so I referred to this However after configuring, when I tried to connect, the client displayed the following error: Sun Dec 10 09:08:09 2017 /sbin/ip link set dev tun0 up mtu 1500 Sun Dec 10 09:08:09 2017 /sbin/ip addr add dev tun0 10.8.0.33/-1 broadcast 255.255.255.255 Error: inet prefix is expected rather than "10.8.0.33/-1". Sun Dec 10 09:08:09 2017 Linux ip addr add failed: external program exited with error status: 1 Sun Dec 10 09:08:09 2017 Exiting due to fatal error I can see that the client got an IP address "10.8.0.33/-1", which is invalid. Any ideas? All kinds of help would be highly appreciated.

ansible not working become Posted: 12 Dec 2021 02:03 AM PST I'm using task ansible playbook.yml --- - hosts: servers remote_user: user become: True become_user: user become_method: sudo gather_facts: no tasks: - name: ┆ ┆ copy: ┆ ┆ ┆ src: editProxy.sh ┆ ┆ ┆ dest: /tmp/editProxy.sh ┆ ┆ ┆ mode: 0755 ┆ - name: run edit proxy settings for apt ┆ ┆ command: /tmp/editProxy.sh editProxy.sh #!/bin/bash if grep -q "old_proxy" /etc/apt/apt.conf; then sed -i 's/old_proxy/new_proxy/g' /etc/apt/apt.conf; fi run playbook ansible-playbook palybook.yml --extra-vars='ansible_become_pass=passwd script copy to servers, and not return error changed: [10.1.1.1] But changes on the server do not happen, if you run the script manually on the server, the changes take place. What could be the problem

PPTP VPN connects but does not have access to network resources Posted: 11 Dec 2021 11:00 PM PST I have a Windows server 2012 R2 which is connected to a router which is connected to modem. The server is also a domain controller and DNS server with the static ip address 192.168.0.201 Routing and Remote Access is set up on the server and VPN server is also set up. LAN and demand-dial routing is enabled A static address pool is used for VPN client and the pool has no overlap with address pool by DHCP. Also on the client VPN setup, I cleared "use default gateway on remote network" IPconfig /all from the server: Windows IP Configuration Host Name . . . . . . . . . . . . : DC-SERVER Primary Dns Suffix . . . . . . . : test.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : Yes WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : test.local PPP adapter : Media State . . . . . . . . . . . : Media unoperational Connection-specific DNS Suffix . : Description . . . . . . . . . . . : RAS (Dial In) Interface Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Autoconfiguration IPv4 Address. . : 169.254.0.36(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter NIC2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2 Physical Address. . . . . . . . . : 11-97-36-C6-H7-XE DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : ee80::973e:8e5f:ac05:512b%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.201(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 219191350 DHCPv6 Client DUID. . . . . . . . : 00-01-00-09-5F-8E-86-94-10-98-63-Z6-B7-BD DNS Servers . . . . . . . . . . . : ::1 127.0.0.1 192.168.0.201 NetBIOS over Tcpip. . . . . . . . : Enabled 4. route print from the server Interface List 37...........................RAS (Dial In) Interface 13...11 97 36 C6 H7 XE ......Broadcom NetXtreme Gigabit Ethernet #2 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.201 266 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.201 266 192.168.0.201 255.255.255.255 On-link 192.168.0.201 266 192.168.0.255 255.255.255.255 On-link 192.168.0.201 266 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.0.201 266 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.0.201 266 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.0.1 Default Nslookup from the VPN client: DNS request timed out timeout was 2 seconds. Default server: unknown Address: 192.168.0.201 ipconfig /all from the VPN client: Windows IP Configuration Host Name . . . . . . . . . . . . : laptop2 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No PPP adapter Integra PPTP: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : test PPTP Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.0.231(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 192.168.0.201 NetBIOS over Tcpip. . . . . . . . : Enabled Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Qualcomm Atheros QCA9377 Wireless Network Adapter Physical Address. . . . . . . . . : 94-E9-79-82-36-43 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2605:6000:e984:f700:9bc:a0bf:1379:71b7(Preferred) Temporary IPv6 Address. . . . . . : 2605:6000:e984:f700:dd58:63bc:4c1:5cb5(Preferred) Link-local IPv6 Address . . . . . : fe80::9bc:a0bf:1379:71b7%12(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.24(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Monday, September 25, 2017 4:27:56 PM Lease Expires . . . . . . . . . . : Tuesday, September 26, 2017 9:58:16 AM Default Gateway . . . . . . . . . : fe80::9a6b:3dff:fee7:f7f7%12 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 76867961 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-A4-63-4A-54-AB-3A-F4-E1-FE DNS Servers . . . . . . . . . . . : 209.18.47.62 209.18.47.61 NetBIOS over Tcpip. . . . . . . . : Enabled ping from the VPN client: ping 192.168.0.201: request timed out ping www.google.com is successful 8. route print from VPN client: Interface List 8...54 ab 3a f4 e1 fe ......Realtek PCIe GBE Family Controller 21...96 e9 79 82 36 43 ......Microsoft Wi-Fi Direct Virtual Adapter 48...........................Integra PPTP 12...94 e9 79 82 36 43 ......Qualcomm Atheros QCA9377 Wireless Network Adapter 1...........................Software Loopback Interface 1 6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.24 55 50.84.123.102 255.255.255.255 192.168.0.1 192.168.0.24 56 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.0.0 255.255.255.0 On-link 192.168.0.24 311 192.168.0.0 255.255.255.0 192.168.0.230 192.168.0.231 46 192.168.0.24 255.255.255.255 On-link 192.168.0.24 311 192.168.0.231 255.255.255.255 On-link 192.168.0.231 301 192.168.0.255 255.255.255.255 On-link 192.168.0.24 311 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.0.24 311 224.0.0.0 240.0.0.0 On-link 192.168.0.231 301 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.0.24 311 255.255.255.255 255.255.255.255 On-link 192.168.0.231 301 Persistent Routes: None

Linux: where to store Java trusted CAs Posted: 12 Dec 2021 12:00 AM PST I need an advice regarding the best practice of storing organisational CA on Linux servers for Java. Basically, JRE installation contains a list of trusted CAs in cacerts file, which is used by default by java applications running on the server. In order to support the organisation CA we are currently adding the CAs into the cacerts manually. This approach works, however, the issue is that when you update the JRE the cacerts gets overwritten and so you have to add the certificates again. I'm looking for some better solution for the process. So, is there a way to keep the organisational CAs in some different file and use some global Linux/Java setting that would instruct java applications searching for CA in this file if not found in the cacerts?

AD / SYSVOL Version Mismatch on Default Domain Policy Posted: 12 Dec 2021 03:07 AM PST I've created two test VMs in VMWare, both Server 2012 R2 Standard. One was promoted to a DC, with the domain name being test2.local. I modified the DNS record on the other server, and joined it to the test domain. Then I did (from an administrative command prompt) gpupdate /force and the gpresult /H gpresult.html. I looked in the gpresult.html file and saw a warning on the Default Domain Policy. It says: A fast link was detected (not worrying about now) and "AD / SYSVOL Version Mismatch" on Default Domain Policy. Opening up the Default Domain Policy under Applied GPOs shows that the SYSVOL number is 65535. From what I have been able to gather, this mismatch occurs when there is security filtering and/or WMI filtering in place. I don't think I'm using either one of those, unless they are applied by default. At this point, I just want a clean base that applies the unchanged Default Domain Policy to a machine without any errors. Then I can keep testing the GPO I'm building without wondering where the errors/warnings are coming from.

Windows Server 2012 NLB logging Posted: 11 Dec 2021 10:06 PM PST Can somebody clarify to me what are the best practices when it comes to configuring logging and monitoring for Windows Server 2012 NLB. I believe there are 2 types of logging from management service and network driver. One of them (not sure which) can be enabled in NLB Manager. I'm interested to know what is tried or recommended logging configuration here. As it quite often happens my interest triggered by case when one of the nodes physically went down (some underlying hyper visor failure) and there were no network connectivity to this node (no pings) and according to unconfirmed statements NLB continued to try to serve clients from failed node. I want to investigate/verify this from NLB POV why it not handled node failure properly. Though my current understanding is that NLB logging is disabled by default and there is not much I can gather from other logs. How can I investigate such case?

msi for Web Deploy 3.6 for Hosting Servers... where to find? Posted: 12 Dec 2021 01:04 AM PST On Win2012-R2 The Web Platform Installer offers an option (that I need...): "Web Deploy 3.6 for Hosting Servers" I would like to get this into my dsc script, but cannot find the discrete msi(s) on download.microsoft.com or elsewhere on microsoft.com. How to automate the installation of this puppy?

No Graphs available in Munin Posted: 12 Dec 2021 02:03 AM PST I have a problem using munin (on Ubuntu 10.05 LTS). No graphs are available. Instead, an image placeholder is shown. I tried different settings, but it does not work. I used http://munin-monitoring.org/wiki/CgiHowto2 to set up CGI. I also tried to find my error using http://munin-monitoring.org/wiki/FAQ_no_graphs. But still, no graph is available. My settings and logs and telnet test: https://gist.github.com/Bjoernsen/bd7b9ab506ac55748292 Tell me, if I did not share all information

How to troubleshoot GRE tunnel issues? Posted: 11 Dec 2021 09:03 PM PST I commonly run into issues where a GRE tunnel (CentOS server to server, not router based) works and pings fine from both ends but the IP / Range being tunneled does not function. This almost always turns out to be some routing issue at the tunnel source but it's a joke trying to get these issues solved as the impetus is basically on me, the client to prove to the provider the issue is not with the tunnel itself. Other than ping and route command read outs what are some methods to troubleshoot such an issue? Please list the tools and example commands if possible.

Proxy connections to certain addresses on Linux Posted: 12 Dec 2021 03:07 AM PST I need to find a way to proxy all connections to example.com through a proxy server, it needs to work on the command line, as well as automatically within Python (much like exporting http_proxy would), but I want all other traffic to go through the network as it normally does.

How to: Make X.509 Certificates Accessible to WCF Posted: 12 Dec 2021 01:04 AM PST I have followed the instructions here http://msdn.microsoft.com/en-us/library/aa702621.aspx I runnning windows 2003 IIS6 with a seperate user account for the Application pool I give this user access to the private key using cacls.exe. This works fine. However whenever something changes with the asp.net site or IIS the permission if lost. For example if I change the web.config file. restart IIS, wait 5 hours then the call to the SSL certifiate fails and I can no longer access it from my client that is trying to consume the WFC service. I logon as the APP POOL account run the cacls.exe again and it fixes it. How do i fix this perminatly as currently it stops every 5 hours or so. Update I have actually gone backwards. Now I cannot get it to work at all. These are the steps I follow C:\FindPrivateKey>FindPrivateKey.exe Trustedpeople currentuser Private key directory: C:\Documents and Settings\MYUSER\Application Data\Microsoft\Crypto\RSA\S--5-21-2205538328-2105125954-533649117-1053 Private key file name: ab715bc6d3b1ae3bdb1a9e8e21a3b851_817f45df-79ce-4f15-9345-15b5c81281a1 Give permssions Cacls.exe "C:\Documents and Settings\MYUSER\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2205538328-2105125954-533649117-1053\ab715bc6d3b1ae3bdb1a9e8e21a3b851_817f45df-79ce-4f15-9345-15b5c81281a1" /E /G "WWWTEST2\MYUSER":R Check permissions Cacls.exe "C:\Documents and Settings\MYUSER\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2205538328-2105125954-533649117-1053\ab715bc6d3b1ae3bdb1a9e8e21a3b851_817f45df-79ce-4f15-9345-15b5c81281a1" Everyone:R WWWTEST2\MYUSER:F Set owner subinacl /file "C:\Documents and Settings\MYUSER\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2205538328-2105125954-533649117-1053\ab715bc6d3b1ae3bdb1a9e8e21a3b851_817f45df-79ce-4f15-9345-15b5c81281a1" /setowner=WWWTEST2\MYUSER Error I get from asp.net site trying to consume the sevice Exception: System.InvalidOperationException Message: Cannot find the X.509 certificate using the following search criteria: StoreName 'TrustedPeople', StoreLocation 'CurrentUser', FindType 'FindByThumbprint', FindValue 'b33e04f057a52cb73007aec81eee86d2f75e3c69'. Source: System.ServiceModel at System.ServiceModel.Security.SecurityUtils When I login as MYUSER the account running the IIS app pool and go to "mmc" cetertifates snap in I can see the certificate in My User account under TrustedPeople UPDATE I was able to get it working by installing the cert on Local Machine / Personal and using winhttpcertcfg instead of cacls

aptitude: list all previous recommended packages Posted: 12 Dec 2021 01:46 AM PST Sometimes when installing a package, aptitude recommends several other packages. Is there a way to show all previous recommended packages of all installed packages? Edit: Thanks for the replys so far. I already tried: aptitude show ~i | grep '^Recommends' | cut -d ' ' -f 2- Thats mostly ok. But it gives also things back like: console-setup | console-data (>= 2002.12.04dbs-1) I want an easy way, to install all missing recommended packages. So aptitude install console-setup | console-data (>= 2002.12.04dbs-1) won't work ;-) Is there a way, without manual checking all entries, to do this?

Password mismatch while logging to sql server Posted: 12 Dec 2021 12:00 AM PST Alright, I have a classic asp application and I have a connection string to try to connect to db. MY connection string looks as follows: Provider=SQLOLEDB;Data Source=MYPC\MSSQLSERVER;Initial Catalog=mydb;database=mydb;User Id=me;Password=123 Now when I'm accessing db though front-en I get this error: Microsoft OLE DB Provider for SQL Server error '80040e4d' Login failed for user 'me'. I looked in the sql profiler and I got this: Login failed for user 'me'. Reason: Password did not match that for the login provided. [CLIENT: <named pipe>] Error: 18456, State:8. What I've tried: checked 100 times that my password is actually correct. Tried this: alter login me with check_policy off (Do not even know why I did this) Enable ALL possible permissions for this account in SSMS. I've tried this connection string: Provider=SQLOLEDB;Data Source=MYPC\MSSQLSERVER;Initial Catalog=mydb;database=mydb; Integrated Security = SSPI And I got this error: Microsoft OLE DB Provider for SQL Server error '80004005' Cannot open database mydb requested by the login. The login failed.

Can I execute an SSRS report from a windows batch file? Posted: 11 Dec 2021 11:00 PM PST We are using SQLServer 2008R2 and would like to run and SSRS report from a windows batch file. We're loading data warehouse tables using a third party scheduler program and at the end our dataload we want to run a data quality report using SSRS. I can create report subscribtions to email the report but how do I communicate to the report server that the job is done and it's time to run the report? OUr scheduler application can run batch files so if I could pass this to the report server through a batch file that would be great...

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States