Sunday, February 13, 2022

Recent Questions - Server Fault

Recent Questions - Server Fault

Mariadb using all cpu on Ubuntu VPS and makes server unresponsive

Posted: 13 Feb 2022 02:08 AM PST

I have couple of ecommerce websites on one Ubuntu VPS with 4 CPU cores and 16GB of RAM.

Nothing really intensive it ran perfectly fine even on shared hosting.

However now I am having issue with mariadb. Once mysql service is started it begins poping more and more processes until it takes whole CPU and then web page is taking forever to open.

I haven't touched anything in configuration, I am backend developer and not really into server administration so any advice would be much appreciated.

top usage

enter image description here

Letsencrypt certificate works only internally to the instance, but when queried externally cert is not valid anymore

Posted: 13 Feb 2022 12:31 AM PST

I have one instance on Heroku with a auto generated certificate for mysite.com I have created a EC2 instance on AWS and generated a letsencrypt certificate for api.mysite.com

From the EC2 instance, if I execute

curl https://api.mysite.com/

I get the proper response-

From a browser or postman, I get

SSL Error: Certificate is not yet valid

My nginx config:

server {      listen 443 ssl;       server_name api.mysite.com;      include snippets/letsencrypt.conf;        ssl_certificate /etc/letsencrypt/live/api.mysite.com/fullchain.pem;       ssl_certificate_key /etc/letsencrypt/live/api.mysite.com/privkey.pem;      ssl_trusted_certificate /etc/letsencrypt/live/api.mysite.com/chain.pem;        ssl_dhparam /etc/ssl/certs/dhparam.pem;        location / {          include uwsgi_params;          uwsgi_pass unix:/opt/app.sock;      }  }

Any idea what the issue could be?

Failed instance in google compute engine

Posted: 12 Feb 2022 11:48 PM PST

I have an GCE instance which has been running for several years. During night, the instance was restarted with following logs:

2022-02-13 04:46:36.370 CET compute.instances.hostError Instance terminated by Compute Engine.  2022-02-13 04:47:08.279 CET compute.instances.automaticRestart Instance automatically restarted by Compute Engine.

However the instance did not restart.

I can connect to the serial console where I see this:

serialport: Connected to ***.europe-west1-b.*** port 1 (  [ TIME ] Timed out waiting for device ***  [DEPEND] Dependency failed for File… ***.  [DEPEND] Dependency failed for /data.  [DEPEND] Dependency failed for Local File Systems.  [  OK  ] Stopped Dispatch Password …ts to Console Directory Watch.  [  OK  ] Stopped Forward Password R…uests to Wall Directory Watch.  [  OK  ] Reached target Timers.           Starting Raise network interfaces...  [  OK  ] Closed Syslog Socket.  [  OK  ] Reached target Login Prompts.  [  OK  ] Reached target Paths.  [  OK  ] Reached target Sockets.  [  OK  ] Started Emergency Shell.  [  OK  ] Reached target Emergency Mode.           Starting Create Volatile Files and Directories...  [  OK  ] Finished Create Volatile Files and Directories.           Starting Network Time Synchronization...           Starting Update UTMP about System Boot/Shutdown...  [  OK  ] Finished Update UTMP about System Boot/Shutdown.           Starting Update UTMP about System Runlevel Changes...  [  OK  ] Finished Update UTMP about System Runlevel Changes.  [  OK  ] Started Network Time Synchronization.  [  OK  ] Reached target System Time Set.  [  OK  ] Reached target System Time Synchronized.           Stopping Network Time Synchronization...  [  OK  ] Stopped Network Time Synchronization.           Starting Network Time Synchronization...  [  OK  ] Started Network Time Synchronization.  [  OK  ] Finished Raise network interfaces.  [  OK  ] Reached target Network.  [  OK  ] Reached target Network is Online.  You are in emergency mode. After logging in, type "journalctl -xb" to view  system logs, "systemctl reboot" to r  Cannot open access to console, the root account is locked.  See sulogin(8) man page for more details.  Press Enter to continue.

It seems that one of the disks cannot be connected – but what can I do about it now? The disk seems to be normally available within the compute engine.

Apt-Get Update Failing because of Certificate Validation

Posted: 13 Feb 2022 01:12 AM PST

Using Ubuntu Focal fossa. I was trying to install a checkpoint ssl software for VPN, but seems like something messed up all my certificates. Now whenever I try

sudo apt-get update

I get the following errors.

Get:1 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22  InRelease  Ign:1 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22  InRelease  Get:2 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22  Release [564 B]  Get:2 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22  Release [564 B]  Ign:3 https://dl.google.com/linux/chrome/deb stable InRelease  Ign:4 https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master stable InRelease          Err:5 https://dl.google.com/linux/chrome/deb stable Release                                            Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 74.125.68.91 443]  Ign:6 https://dl.winehq.org/wine-builds/ubuntu focal InRelease                                       Ign:7 https://gitlab.com/feren-os/feren-repositories-focal/raw/master stable InRelease               Err:8 https://dl.winehq.org/wine-builds/ubuntu focal Release                                           Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 199.232.46.217 443]  Ign:9 https://packages.microsoft.com/repos/azure-cli focal InRelease                                 Err:10 https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master stable Release             Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 172.65.251.78 443]  Ign:11 https://packages.microsoft.com/repos/ms-teams stable InRelease                                Err:12 https://gitlab.com/feren-os/feren-repositories-focal/raw/master stable Release                  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 172.65.251.78 443]  Err:13 https://packages.microsoft.com/repos/azure-cli focal Release                                    Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 40.65.182.21 443]  Ign:14 https://download.docker.com/linux/ubuntu focal InRelease                                      Ign:15 https://desktop-download.mendeley.com/download/apt stable InRelease                           Err:16 https://packages.microsoft.com/repos/ms-teams stable Release                                    Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 40.65.182.21 443]  Err:17 https://download.docker.com/linux/ubuntu focal Release                                          Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 13.33.33.8 443]  Err:19 https://desktop-download.mendeley.com/download/apt stable Release                               Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 162.159.130.86 443]  Ign:20 https://packagecloud.io/AtomEditor/atom/any any InRelease                                     Ign:21 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64  InRelease         Err:22 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64  Release             Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 152.199.39.144 443]  Hit:23 http://archive.ubuntu.com/ubuntu focal InRelease                                              Hit:24 http://archive.canonical.com/ubuntu focal InRelease                                           Ign:25 http://repo.vivaldi.com/stable/deb stable InRelease                                           Hit:26 http://repo.vivaldi.com/stable/deb stable Release                                             Hit:27 http://deb.volian.org/volian scar InRelease                                                   Get:28 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]                             Hit:29 http://ppa.launchpad.net/alessandro-strada/ppa/ubuntu focal InRelease                         Err:30 https://packagecloud.io/AtomEditor/atom/any any Release                                         Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 52.52.107.175 443]  Get:31 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]                           Hit:33 http://ppa.launchpad.net/inkscape.dev/stable/ubuntu focal InRelease                           Get:34 http://archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]                    Reading package lists... Done                                          W: https://dl.google.com/linux/chrome/deb/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.  W: https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.  W: https://dl.google.com/linux/chrome/deb/dists/stable/Release: No system certificates available. Try installing ca-certificates.  W: https://dl.winehq.org/wine-builds/ubuntu/dists/focal/InRelease: No system certificates available. Try installing ca-certificates.  W: https://gitlab.com/feren-os/feren-repositories-focal/raw/master/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.  E: The repository 'https://dl.google.com/linux/chrome/deb stable Release' no longer has a Release file.  N: Updating from such a repository can't be done securely, and is therefore disabled by default.  N: See apt-secure(8) manpage for repository creation and user configuration details.  W: https://dl.winehq.org/wine-builds/ubuntu/dists/focal/Release: No system certificates available. Try installing ca-certificates.  W: https://packages.microsoft.com/repos/azure-cli/dists/focal/InRelease: No system certificates available. Try installing ca-certificates.  E: The repository 'https://dl.winehq.org/wine-builds/ubuntu focal Release' no longer has a Release file.  N: Updating from such a repository can't be done securely, and is therefore disabled by default.  N: See apt-secure(8) manpage for repository creation and user configuration details.  W: https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master/dists/stable/Release: No system certificates available. Try installing ca-certificates.  E: The repository 'https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master stable Release' no longer has a Release file.  N: Updating from such a repository can't be done securely, and is therefore disabled by default.  N: See apt-secure(8) manpage for repository creation and user configuration details.  W: https://packages.microsoft.com/repos/ms-teams/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.  W: https://gitlab.com/feren-os/feren-repositories-focal/raw/master/dists/stable/Release: No system certificates available. Try installing ca-certificates.  E: The repository 'https://gitlab.com/feren-os/feren-repositories-focal/raw/master stable Release' no longer has a Release file.  N: Updating from such a repository can't be done securely, and is therefore disabled by default.  N: See apt-secure(8) manpage for repository creation and user configuration details.  W: https://packages.microsoft.com/repos/azure-cli/dists/focal/Release: No system certificates available. Try installing ca-certificates.  W: https://download.docker.com/linux/ubuntu/dists/focal/InRelease: No system certificates available. Try installing ca-certificates.  E: The repository 'https://packages.microsoft.com/repos/azure-cli focal Release' no longer has a Release file.  N: Updating from such a repository can't be done securely, and is therefore disabled by default.  N: See apt-secure(8) manpage for repository creation and user configuration details.  W: https://desktop-download.mendeley.com/download/apt/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.  W: https://packages.microsoft.com/repos/ms-teams/dists/stable/Release: No system certificates available. Try installing ca-certificates.  W: https://download.docker.com/linux/ubuntu/dists/focal/Release: No system certificates available. Try installing ca-certificates.  E: The repository 'https://packages.microsoft.com/repos/ms-teams stable Release' no longer has a Release file.  N: Updating from such a repository can't be done securely, and is therefore disabled by default.  N: See apt-secure(8) manpage for repository creation and user configuration details.  E: The repository 'https://download.docker.com/linux/ubuntu focal Release' no longer has a Release file.  N: Updating from such a repository can't be done securely, and is therefore disabled by default.  N: See apt-secure(8) manpage for repository creation and user configuration details.  W: https://desktop-download.mendeley.com/download/apt/dists/stable/Release: No system certificates available. Try installing ca-certificates.  E: The repository 'https://desktop-download.mendeley.com/download/apt stable Release' no longer has a Release file.  N: Updating from such a repository can't be done securely, and is therefore disabled by default.  N: See apt-secure(8) manpage for repository creation and user configuration details.  W: https://packagecloud.io/AtomEditor/atom/any/dists/any/InRelease: No system certificates available. Try installing ca-certificates.  W: https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/InRelease: No system certificates available. Try installing ca-certificates.  W: https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/Release: No system certificates available. Try installing ca-certificates.  E: The repository 'https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64  Release' no longer has a Release file.  N: Updating from such a repository can't be done securely, and is therefore disabled by default.  N: See apt-secure(8) manpage for repository creation and user configuration details.  W: https://packagecloud.io/AtomEditor/atom/any/dists/any/Release: No system certificates available. Try installing ca-certificates.  E: The repository 'https://packagecloud.io/AtomEditor/atom/any any Release' no longer has a Release file.  N: Updating from such a repository can't be done securely, and is therefore disabled by default.

what's the way out, save the nuclear option of reinstalling everything? N: See apt-secure(8) manpage for repository creation and user configuration details. N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://deb.volian.org/volian scar InRelease' doesn't support architecture 'i386'

Instance deployment failed to install application dependencies. The deployment failed

Posted: 12 Feb 2022 09:19 PM PST

I have finished my Django app and i want to deploy it in AWS elastic beanstalk .....and after some steps my environment health is read color and when i tray to use "Eb deploy " this error is happening

How to forward specific ip traffic to proxy port in openwrt

Posted: 12 Feb 2022 09:16 PM PST

I want to forward all 192.168.1.2 tcp traffic to socks5 proxy in gateway

openwrt gateway lan ip addr: 192.168.1.1, net.ipv4.ip_forward is 1

create ssh tunnel on openwrt

ssh -N -D 192.168.1.1:8888 user@remote_ssh_ip

the client ip addr: 192.168.1.2, test socks5 proxy is ok

curl -x socks://192.168.1.1:8888 httpbin.org/ip

add iptables rule in openwrt

iptables -t nat -A PREROUTING -p tcp -s 192.168.1.2 -j DNAT --to-destination 192.168.1.1:8888    iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.1 --sport 8888 -j SNAT --to-source 192.168.1.2    iptables -A FORWARD -p tcp -d 192.168.1.1 --dport 8888 -j ACCEPT

when iptables rules added, in client test

curl httpbin.org/ip  curl: (52) Empty reply from server

ZFS / Zpool with limited disk usage?

Posted: 12 Feb 2022 11:45 PM PST

I have a server with a JBOD of 36 x 14TB disks that have a total usage capacity of 12.7TB (Disks are WUH721414AL5201)

I have created two zpool's:

  • zpool1 which contains 3 vdev's (Each of them having 8 disks and being raidz-1) with the pool having 3 hot-spares.

  pool: zpool1   state: ONLINE  config:            NAME                        STATE     READ WRITE CKSUM          zpool1                      ONLINE       0     0     0            raidz1-0                  ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0            raidz1-1                  ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0            raidz1-2                  ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0          spares            scsi-35000                AVAIL            scsi-35000                AVAIL            scsi-35000                AVAIL

  • zpool2 which contains 1 vdev (With 9 disks and being raidz-2)

pool: zpool2   state: ONLINE  config:            NAME                        STATE     READ WRITE CKSUM          zpool2                      ONLINE       0     0     0            raidz2-0                  ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0              scsi-35000              ONLINE       0     0     0

As you can see, according to zfs the total usable size of zpool1 is ~306TB and zpool2 is ~115tb with both pools claiming to have multiple TB's of free space.


root:~# zpool list  NAME     SIZE  ALLOC   FREE  CKPOINT  EXPANDSZ   FRAG    CAP  DEDUP    HEALTH  ALTROOT  zpool1   306T   296T  9.55T        -         -    47%    96%  1.00x    ONLINE  -  zpool2   115T   110T  4.46T        -         -    26%    96%  1.00x    ONLINE  -

However when i run df -h i get the following:

root:~# df -h  Filesystem           Size  Used Avail Use% Mounted on  zpool1               250T  250T  5.5M 100% /zpool1  zpool2                85T   84T  684G 100% /zpool2

This is backed up by the filesystem throwing disk full exceptions when i attempt to add anymore data to the pools.

Can someone please confirm if there is some limit im hitting on either linux or zfs? My initial thoughts was there is a 250TB limit, however that does not explain why zpool2 is also at 100% capacity when there is only 85TB of data in the pool.

If my calculations are correct then pool1 should have at least 266.7TB of usable space and pool2 should have 88.9TB which is based on the following calculations:

pool1: 3 x raidz-1 vdevs (8 disks, 7 usable) = 7 * 3 = 21 disks * 12.7TB each = 266.7

pool2: 1 x raidz-2 vdev (9 disks, 7 usable) = 7 * 12.7TB each = 88.9TB

PS: Apologies for such a long post, i am quite new to storage so i have tried to explain as much as possible (Maybe too much!)

The server has returned the following error: invalid enumeration context

Posted: 12 Feb 2022 08:01 PM PST

This is command i am using... Can anyone help me on this..

Get-ADComputer -Filter * -Searchbase "OU=IN0010,OU=BU-L04-Glass,OU=CIN,OU=L00-SGTS-USS,DC=zl,DC=if,DC=atcsg,DC=net" -Properties * | Sort LastLogon | Select Name, LastLogonDate,@{Name='LastLogon';Expression={[DateTime]::FromFileTime($_.LastLogon)}} | export-csv -path c:\Temp\ADComputer.csv -NoTypeInformation

Where to use the SSL certification files for your server domain?

Posted: 13 Feb 2022 12:20 AM PST

I was learning to create a Telegram bot and I had to get a server with HTTPS prefix in order to use my bot on Telegram. I used free host, and a free domain, and a free net2FTP. So I can control nothing but my domain directories.

Right now, I'm on the last step to get a free SSL certification on my domain using SSLForFree and ZeroSSL. The problem is that they gave me an SSL certification files saying that all I need is to install them on my server, but all I did was just installing certificate.crt and ca_bundle.crt into my local machine. When I go to check the installation, it throws this error:

ZeroSSL install error

[Note: my server name is not available in the list of ZeroSSL servers] Server Name: aba.ae | Domain name: telebot0001.aba.vg

Also, there is a file called private.key, I'm not sure what all of these things mean, but any idea how to fix that error? I just need a server to upload my bot on it.

High util iostat

Posted: 13 Feb 2022 12:27 AM PST

I have server with oracle db. It works on Dell Unity storage. The server has very slow disk IO. How can I fix it?

Here are some details of my server:

    OS - OL8     Kernel - 5.4.17 uek     Storage - Dell Unity XT 880F (32 * SSD disk 1,92TB)    DB - Oracle 12.1

iostat output:

Device            r/s     w/s     rMB/s     wMB/s   rrqm/s   wrqm/s  %rrqm  %wrqm r_await w_await aqu-sz rareq-sz wareq-sz  svctm  %util  dm-2          3937.60 1732.00    148.54    110.53     3.70     0.40   0.09   0.02    1.89    7.01  16.68    38.63    65.35   0.17  98.33  dm-3            64.20 1375.50      0.25    135.57     0.00     3.00   0.00   0.22    1.38    1.45   1.34     4.02   100.92   0.64  92.29  dm-5          3941.30 1725.50    148.24    110.53     0.00     0.00   0.00   0.00    1.92    6.18  18.25    38.51    65.59   0.17  98.35  dm-7            64.30 1379.30      0.25    135.53     0.00     0.00   0.00   0.00    1.39    1.44   2.07     4.02   100.62   0.67  96.83  dm-8          3941.20 1725.50    148.23    110.53     0.00     0.00   0.00   0.00    1.93    6.19  18.27    38.51    65.59   0.17  98.35

What causes SSH error: kex_exchange_identification: Connection closed by remote host?

Posted: 12 Feb 2022 09:02 PM PST

I setup a SSH server online that is publicly accessible by anyone. Therefore, I get a lot of connections from IPs all over the world. Weirdly, none actually try to authenticate to open a session. I can myself connect and authenticate without any problem.

From time to time, I get the error: kex_exchange_identification: Connection closed by remote host in the server logs. What causes that?

Here is 30 minutes of SSH logs (public IPs have been redacted):

# journalctl SYSLOG_IDENTIFIER=sshd -S "03:30:00" -U "04:00:00"  -- Logs begin at Fri 2020-01-31 09:26:25 UTC, end at Mon 2020-04-20 08:01:15 UTC. --  Apr 20 03:39:48 myhostname sshd[18438]: Connection from x.x.x.207 port 39332 on 10.0.0.11 port 22 rdomain ""  Apr 20 03:39:48 myhostname sshd[18439]: Connection from x.x.x.207 port 39334 on 10.0.0.11 port 22 rdomain ""  Apr 20 03:39:48 myhostname sshd[18438]: Connection closed by x.x.x.207 port 39332 [preauth]  Apr 20 03:39:48 myhostname sshd[18439]: Connection closed by x.x.x.207 port 39334 [preauth]  Apr 20 03:59:36 myhostname sshd[22186]: Connection from x.x.x.83 port 34876 on 10.0.0.11 port 22 rdomain ""  Apr 20 03:59:36 myhostname sshd[22186]: error: kex_exchange_identification: Connection closed by remote host

And here is my SSH configuration:

# ssh -V  OpenSSH_8.2p1, OpenSSL 1.1.1d  10 Sep 2019  # cat /etc/ssh/sshd_config   UsePAM yes  AddressFamily any  Port 22  X11Forwarding no  PermitRootLogin prohibit-password  GatewayPorts no  PasswordAuthentication no  ChallengeResponseAuthentication no  PrintMotd no # handled by pam_motd  AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u  HostKey /etc/ssh/ssh_host_rsa_key  HostKey /etc/ssh/ssh_host_ed25519_key  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com  LogLevel VERBOSE  UseDNS no  AllowUsers root  AuthenticationMethods publickey  MaxStartups 3:100:60

After searching the web, I have seen references to MaxStartups indicating that it could be the reason for this error but after changing the default value as shown in my sshd_config and attempting more than 3 connections, the server unambiguously indicates the probem

Apr 20 07:26:59 myhostname sshd[31468]: drop connection #3 from [x.x.x.226]:54986 on [10.0.0.11]:22 past MaxStartups

So, what causes error: kex_exchange_identification: Connection closed by remote host?

-bash: ansible-playbook: command not found

Posted: 12 Feb 2022 06:03 PM PST

Fresh Fedora Server Netinstall. Updated. Installed only Git and Ansible latest versions from standard repo.

Want to execute Ansible against it's own host (localhost) to set up its host itself (not using ansible-pull). Copied ssh-keys. Connected via SSH as non-root user, but with root rights from some remote machine, Git-pulled my Ansible inventory.

$ ansible --version => ansible 2.9.6  $ python --version => Python 3.7.6

So, Ansible is installed and accessible. However, when running

ansible-paybook play/bastion.yml --tags nvim:install --ask-vault-pass

i do get -bash: ansible-playbook: command not found. Same for other sub-commands.

When going into machine directly with the same user ansible-playbook works as expected.

What could be wrong with SSH'ing into it?

Ideally i shouldn't (don't need) to SSHch into it, because eventually i will call ansible-pull. This is only for 'polishing' playbooks against vanilla machine because tty is not so comfortable to use.

Is it possible to block email sender names in sendmail on CentOS?

Posted: 13 Feb 2022 01:00 AM PST

We have been getting a lot of fake emails sent to employees acting like our CEO and our firewall is not capable of blocking specifically what we want. The emails come in from regular gmail accounts and their first and last name is the same as the CEO and they emails header looks something like this.

Subject: some minutes Date: Wed, 28 Aug 2019 18:04:39 +0100 From: CEO Name To: Employee@email.com

So for the not so tech savvy employees, they may think it is the CEO. I know in sendmail you can block emails by domain or username but is it possible to block by the name and we can whitelist our CEOs email.

The W3SVC service on Server2012R2 failed to stop in the timeout period

Posted: 12 Feb 2022 10:07 PM PST

Our Devs are trying to do a "push" and it is failing on a single IIS server (running Windows Server 2012 R2) because the push is unable to stop the WWW Publishing Service (W3SVC). We have been rebooting the Svr2012R2 VM as a workaround fix to the issue, but need to get to the heart of the problem.

I read here that the issue could be linked to SvcHost.exe process, but am unsure at this point. Any help or feedback appreciated, thank you.

Access Denied when accessing Service controller from application

Posted: 13 Feb 2022 12:03 AM PST

I have a web application written in c# mvc which is trying to check the status of windows service whether it is stopped or started. I have written the code but the issue is the code works fine on my local dev machine but when pushed to the server the code errors out stating access is denied.

I have the following code:

            try              {                  using (ServiceController sc = new ServiceController("Service"))                  {                      if (sc.Status == ServiceControllerStatus.Running)                      {                          //do something                      }                  }              }                 catch (Exception ex) { };              }

The above code keeps failing at Service controller itself.

I also tried to use the below code:

    StringBuilder sb = new StringBuilder();      Process process = new System.Diagnostics.Process();      ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo();        startInfo.FileName = @"sc";      startInfo.Arguments = "query \"My Service\"";      startInfo.UseShellExecute = false;      process.StartInfo = startInfo;      process.OutputDataReceived += (sender, args) =>       sb.AppendLine(args.Data);      process.StartInfo.RedirectStandardOutput = true;      process.Start();      process.BeginOutputReadLine();      process.WaitForExit();

Both of the above code keep failing at the Service controller / SC itself.

The error is

Cannot open Service Control Manager on computer '.'. This operation might require other privileges.

Our application is running in IIS under service account and we have given admin rights and remote access rights to this account.

Not sure what else needs to be given here. Is there any specific rights to access windows service?

What is wrong with my SASL?

Posted: 12 Feb 2022 08:02 PM PST

So the story goes: I have a score of CentOS 6.9 virtual machines, migrated to Microsoft's Azure cloud by VHD upload. Once deployed I found out that Azure doesn't allow to send out email directly from the VM – I am supposed to use an external relay. Microsoft seems to suggest Sendgrid and they have a free tier, so I signed up, configured Postfix according to their instructions (see below) and... nothing. I can't get Postfix to authenticate with the relay SMTP server, or any other external relay, like my own server at gzo.com (exim on cPanel ) or aruba.it (an italian hosting provider).

I made various attempt on ports 587, 2525 and 465 with all those relays, each time postmap-ping the SASL password file and restarting Postfix, and all failed with the following error:

Mar 14 11:17:34 Riprid postfix/postfix-script[6664]: stopping the Postfix mail system  Mar 14 11:17:34 Riprid postfix/master[60718]: terminating on signal 15  Mar 14 11:17:34 Riprid postfix/postfix-script[6736]: starting the Postfix mail system  Mar 14 11:17:34 Riprid postfix/master[6737]: daemon started -- version 2.6.6, configuration /etc/postfix  Mar 14 11:20:00 Riprid postfix/pickup[6739]: 90887634B3: uid=0 from=<root>  Mar 14 11:20:00 Riprid postfix/cleanup[6914]: 90887634B3: message-id=<20180314102000.90887634B3@Riprid.localdomain>  Mar 14 11:20:00 Riprid postfix/qmgr[6740]: 90887634B3: from=<root@Riprid.localdomain>, size=437, nrcpt=1 (queue active)  Mar 14 11:20:02 Riprid postfix/smtp[6916]: warning: SASL authentication failure: No worthy mechs found  Mar 14 11:20:02 Riprid postfix/smtp[6916]: 90887634B3: SASL authentication failed; cannot authenticate to server smtp.sendgrid.net[161.202.148.160]: no mechanism available  Mar 14 11:20:03 Riprid postfix/smtp[6916]: warning: SASL authentication failure: No worthy mechs found  Mar 14 11:20:03 Riprid postfix/smtp[6916]: 90887634B3: to=<dejan@kozina.com>, relay=smtp.sendgrid.net[169.38.103.39]:587, delay=3.2, delays=0.06/0.03/3.1/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.sendgrid.net[169.38.103.39]: no mechanism available)

The user credentials are correct: I indeed managed to connect from the Linux shell to all three servers via telnet, open a SMTP session, successfully authenticate both via AUTH PLAIN and AUTH LOGIN, and manually send a test message to myself. It's just Postfix that can't do it.

Still more puzzling: I copied the very same configuration to the original virtual machines from which the VMs in the cloud have been cloned (in-house Hyper-V on premises) and they connect and send mail thru the same servers without error. The machines on Azure are identical to those on premises, except for the modifications required to run on Azure as listed by Microsoft.

I've found dozens of suggestions googling around, and I've tried them all with no effect. I'm running out of ideas (and of time). Please suggest: where else should I look? What else could I try?

This is the configuration (user and password obscurated):

[root@Riprid zeta]# uname -a  Linux Riprid 2.6.32-696.20.1.el6.centos.plus.x86_64 #1 SMP Sun Jan 28 07:56:00 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux    [root@Riprid zeta]# postconf -n  alias_database = hash:/etc/aliases  alias_maps = hash:/etc/aliases  broken_sasl_auth_clients = yes  command_directory = /usr/sbin  config_directory = /etc/postfix  daemon_directory = /usr/libexec/postfix  data_directory = /var/lib/postfix  debug_peer_level = 2  header_size_limit = 4096000  html_directory = no  inet_interfaces = all  inet_protocols = ipv4  mailq_path = /usr/bin/mailq.postfix  manpage_directory = /usr/share/man  mynetworks_style = host  newaliases_path = /usr/bin/newaliases.postfix  readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES  relayhost = [smtp.sendgrid.net]:587  sample_directory = /usr/share/doc/postfix-2.6.6/samples  sendmail_path = /usr/sbin/sendmail.postfix  setgid_group = postdrop  smtp_generic_maps = hash:/etc/postfix/generic  smtp_sasl_auth_enable = yes  smtp_sasl_mechanism_filter = plain, login  smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd  smtp_sasl_type = cyrus  smtp_tls_CAfile = /etc/postfix/gd_bundle-g2-g1.crt  smtp_tls_security_level = may  smtpd_sasl_security_options = noanonymous  smtpd_sasl_tls_security_options = noanonymous  smtpd_tls_auth_only = no  unknown_local_recipient_reject_code = 550    [root@Riprid zeta]# cat /etc/postfix/sasl_passwd  [smtp.sendgrid.net]:587 azure_260************af88@azure.com:OL***0***w**    [root@Riprid zeta]# cat /etc/sasl2/smtpd.conf  pwcheck_method: saslauthd  mech_list: PLAIN LOGIN    [root@Riprid zeta]# service saslauthd status  saslauthd (pid  28917) is running...    [root@Riprid zeta]# postconf -A  cyrus    [root@Riprid zeta]# yum list postfix cyrus*  ...  Installed Packages  cyrus-sasl.x86_64                 2.1.23-15.el6_6.2                  @updates  cyrus-sasl-devel.x86_64           2.1.23-15.el6_6.2                  @updates  cyrus-sasl-lib.x86_64             2.1.23-15.el6_6.2                  @updates  cyrus-sasl-md5.x86_64             2.1.23-15.el6_6.2                  @base  cyrus-sasl-ntlm.x86_64            2.1.23-15.el6_6.2                  @base  cyrus-sasl-plain.x86_64           2.1.23-15.el6_6.2                  @base  postfix.x86_64                    2:2.6.6-8.el6.centos.plus          @centosplus

And, finally, this is the output of saslfinger:

[root@Riprid zeta]# saslfinger -c  saslfinger - postfix Cyrus sasl configuration Wed Mar 14 11:17:38 CET 2018  version: 1.0.2  mode: client-side SMTP AUTH    -- basics --  Postfix: 2.6.6  System: CentOS release 6.9 (Final)    -- smtp is linked to --          libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f79ea3db000)    -- active SMTP AUTH and TLS parameters for smtp --  relayhost = [smtp.sendgrid.net]:587  smtp_sasl_auth_enable = yes  smtp_sasl_mechanism_filter = plain, login  smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd  smtp_sasl_type = cyrus  smtp_tls_CAfile = /etc/postfix/gd_bundle-g2-g1.crt  smtp_tls_security_level = may      -- listing of /usr/lib64/sasl2 --  total 640  drwxr-xr-x.  2 root root  4096 Mar 12 22:49 .  dr-xr-xr-x. 68 root root 45056 Mar 14 03:25 ..  -rwxr-xr-x.  1 root root 18776 Mar 25  2015 libanonymous.so  -rwxr-xr-x.  1 root root 18776 Mar 25  2015 libanonymous.so.2  -rwxr-xr-x.  1 root root 18776 Mar 25  2015 libanonymous.so.2.0.23  -rwxr-xr-x.  1 root root 22936 Mar 25  2015 libcrammd5.so  -rwxr-xr-x.  1 root root 22936 Mar 25  2015 libcrammd5.so.2  -rwxr-xr-x.  1 root root 22936 Mar 25  2015 libcrammd5.so.2.0.23  -rwxr-xr-x.  1 root root 52088 Mar 25  2015 libdigestmd5.so  -rwxr-xr-x.  1 root root 52088 Mar 25  2015 libdigestmd5.so.2  -rwxr-xr-x.  1 root root 52088 Mar 25  2015 libdigestmd5.so.2.0.23  -rwxr-xr-x.  1 root root 18808 Mar 25  2015 liblogin.so  -rwxr-xr-x.  1 root root 18808 Mar 25  2015 liblogin.so.2  -rwxr-xr-x.  1 root root 18808 Mar 25  2015 liblogin.so.2.0.23  -rwxr-xr-x.  1 root root 35376 Mar 25  2015 libntlm.so  -rwxr-xr-x.  1 root root 35376 Mar 25  2015 libntlm.so.2  -rwxr-xr-x.  1 root root 35376 Mar 25  2015 libntlm.so.2.0.23  -rwxr-xr-x.  1 root root 18808 Mar 25  2015 libplain.so  -rwxr-xr-x.  1 root root 18808 Mar 25  2015 libplain.so.2  -rwxr-xr-x.  1 root root 18808 Mar 25  2015 libplain.so.2.0.23  -rwxr-xr-x.  1 root root 22784 Mar 25  2015 libsasldb.so  -rwxr-xr-x.  1 root root 22784 Mar 25  2015 libsasldb.so.2  -rwxr-xr-x.  1 root root 22784 Mar 25  2015 libsasldb.so.2.0.23    -- listing of /etc/sasl2 --  total 20  drwxr-xr-x.   2 root root  4096 Sep 19 15:39 .  drwxr-xr-x. 110 root root 12288 Mar 14 03:23 ..  -rw-r--r--.   1 root root    49 Feb 21 16:39 smtpd.conf    -- permissions for /etc/postfix/sasl_passwd --  -rw-------. 1 root root 90 Mar 14 11:17 /etc/postfix/sasl_passwd    -- permissions for /etc/postfix/sasl_passwd.db --  -rw-------. 1 root root 12288 Mar 14 11:17 /etc/postfix/sasl_passwd.db    /etc/postfix/sasl_passwd.db is up to date.    -- active services in /etc/postfix/master.cf --  # service type  private unpriv  chroot  wakeup  maxproc command + args  #               (yes)   (yes)   (yes)   (never) (100)  smtp      inet  n       -       n       -       -       smtpd  pickup    fifo  n       -       n       60      1       pickup  cleanup   unix  n       -       n       -       0       cleanup  qmgr      fifo  n       -       n       300     1       qmgr  tlsmgr    unix  -       -       n       1000?   1       tlsmgr  rewrite   unix  -       -       n       -       -       trivial-rewrite  bounce    unix  -       -       n       -       0       bounce  defer     unix  -       -       n       -       0       bounce  trace     unix  -       -       n       -       0       bounce  verify    unix  -       -       n       -       1       verify  flush     unix  n       -       n       1000?   0       flush  proxymap  unix  -       -       n       -       -       proxymap  proxywrite unix -       -       n       -       1       proxymap  smtp      unix  -       -       n       -       -       smtp  relay     unix  -       -       n       -       -       smtp          -o smtp_fallback_relay=  showq     unix  n       -       n       -       -       showq  error     unix  -       -       n       -       -       error  retry     unix  -       -       n       -       -       error  discard   unix  -       -       n       -       -       discard  local     unix  -       n       n       -       -       local  virtual   unix  -       n       n       -       -       virtual  lmtp      unix  -       -       n       -       -       lmtp  anvil     unix  -       -       n       -       1       anvil  scache    unix  -       -       n       -       1       scache    -- mechanisms on [smtp.sendgrid.net]:587 --    -- end of saslfinger output --

RDP suddenly stop working on 2 servers and 1 laptop

Posted: 12 Feb 2022 09:07 PM PST

we have like 10 servers (running as DC for each site), also some workstations/laptop working on each site. We use RDP to admin every DC server. This structure was working nice and well, BUT...

Today we have 2 servers (running Windows Server 2012 R2 full updated) that can't be accessed by RDP. We tried to diagnose the problem, this is the list of thing we checked:

  • Reboot the servers
  • Connect using mstsc and mstsc /admin using DNS name and IP
  • Check that Terminal Server service is up and running (we also restarted that service), also we disabled/enabled the service again.
  • Firewall is diabled
  • Ping is working OK, we have connectivity, we can access SMB shares for example...
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber have 3389 value
  • We generated a new certificate for Remote Desktop (using Certificates mmc console)

But we can't connect to the servers using RDP. We checked again the remote servers:

  • RDP is not listening
  • netstat -an | findstr 3389 shows nothing
  • qwinsta dosn't show any RDP-TCP connection
  • There is no visible eventlog in EventViewer
  • chkdsk /R didn't solved the issue
  • sfc /scannow didn't solved the issue

This is the error we get after trying to RDP on that servers:

Can somebody help us with this issue? We tried every google-search-solution, without success

Exchange 2013 -> 2016 Move Requests Stuck

Posted: 12 Feb 2022 07:02 PM PST

I'm trying to migrate users from Exchange 2013 to Exchange 2016 but when I create a move request, even with only 1 mailbox in the queue, with a size of a few kilobytes, it'll inevitably end up at RelinquishedWlmStall.

There are no performance issues on either server, and I initially ran the move overnight. Any pointers to solutions or where I could gather more information about the issue?

Here's what I've tried so far:

  • Changed HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchange ResourceHealth.
  • Used the Highest and Emergency priorities.
  • Adjusted MSExchangeMailboxReplication.exe.config.
  • Executed Get-ExchangeServer | ForEach {New-SettingOverride -Component "WorkloadManagement" -Name "$_ MRS Override" -Server $.Name -Section MailboxReplicationService -Reason "$ Temporary Move" -Parameters Classification=Urgent -MinVersion 15.0}
  • Restarted both servers multiple times.

Here are the move statistics:

ArchiveGuid                            :  Status                                 : InProgress  StatusDetail                           : RelinquishedWlmStall  SyncStage                              : None  Flags                                  : IntraOrg, Pull  RequestStyle                           : IntraOrg  Direction                              : Pull  IsOffline                              : False  Protect                                : False  DoNotPreserveMailboxSignature          : False  Priority                               : Normal  WorkloadType                           : Local  Suspend                                : False  SuspendWhenReadyToComplete             : False  IgnoreRuleLimitErrors                  : False  RecipientTypeDetails                   : UserMailbox  SourceVersion                          : Version 15.0 (Build 1320.0)  TargetVersion                          : Version 15.1 (Build 225.0)  SourceArchiveDatabase                  :  SourceArchiveVersion                   :  SourceArchiveServer                    :  TargetArchiveDatabase                  :  TargetArchiveVersion                   :  TargetArchiveServer                    :  RemoteHostName                         :  RemoteGlobalCatalog                    :  StartAfter                             :  CompleteAfter                          :  RemoteCredentialUsername               :  RemoteDatabaseName                     :  RemoteDatabaseGuid                     :  RemoteArchiveDatabaseName              :  RemoteArchiveDatabaseGuid              :  TargetDeliveryDomain                   :  ArchiveDomain                          :  BadItemLimit                           : 10  BadItemsEncountered                    : 0  LargeItemLimit                         : 0  LargeItemsEncountered                  : 0  AllowLargeItems                        : True  StartTimestamp                         :  InitialSeedingCompletedTimestamp       :  FinalSyncTimestamp                     :  CompletionTimestamp                    :  SuspendedTimestamp                     :  OverallDuration                        : 05:07:15.8805147  TotalFinalizationDuration              : 00:00:00  TotalDataReplicationWaitDuration       : 00:00:00  TotalSuspendedDuration                 : 00:00:00  TotalFailedDuration                    : 00:00:00  TotalQueuedDuration                    : 00:02:07.1040967  TotalInProgressDuration                : 01:50:11.4364136  TotalStalledDueToCIDuration            : 00:45:05.4836894  TotalStalledDueToHADuration            : 00:00:00  TotalStalledDueToMailboxLockedDuration : 00:00:00  TotalStalledDueToReadThrottle          : 00:00:00  TotalStalledDueToWriteThrottle         : 00:00:00  TotalStalledDueToReadCpu               : 00:00:00  TotalStalledDueToWriteCpu              : 00:00:00  TotalStalledDueToReadUnknown           : 00:00:00  TotalStalledDueToWriteUnknown          : 00:00:00  TotalTransientFailureDuration          : 00:00:00  TotalProxyBackoffDuration              : 00:00:00  TotalIdleDuration                      : 00:40:18.5876769  MRSServerName                          :  TotalMailboxSize                       : 64.08 MB (67,188,711 bytes)  TotalMailboxItemCount                  : 295  TotalArchiveSize                       :  TotalArchiveItemCount                  :  BytesTransferred                       : 0 B (0 bytes)  BytesTransferredPerMinute              : 0 B (0 bytes)  ItemsTransferred                       : 0  PercentComplete                        : 0  CompletedRequestAgeLimit               : 7.00:00:00  PositionInQueue                        :  InternalFlags                          : None  FailureCode                            :  FailureType                            :  FailureSide                            :  Message                                : Informational: The request has been temporarily postponed due to unfavorable                                           server health or budget limitations. MRS will attempt to continue processing                                           the request again after ****.  FailureTimestamp                       :  IsValid                                : True  ValidationMessage                      :  DiagnosticInfo                         :  Report                                 :  ObjectState                            : New

Here's a cleaned-up report:

[EXCHANGE2013] '' created move request.  [EXCHANGE2016] The Microsoft Exchange Mailbox Replication service 'exchange2016.hostname' (15.1.225.37 caps:7FFF) is examining the request.  [EXCHANGE2016] Connected to target mailbox 'uuid1 (Primary)', database 'Target Database', Mailbox server 'exchange2016.hostname' Version 15.1 (Build 225.0).  [EXCHANGE2016] Connected to source mailbox 'uuid1 (Primary)', database 'Source Database', Mailbox server 'exchange2013.hostname' Version 15.0 (Build 1320.0), proxy server 'exchange2013.hostname' 15.0.1320.0 caps:0400001F7FFFFFCB07FFFF.  [EXCHANGE2016] Relinquishing job because of large delays due to unfavorable server health or budget limitations.  [EXCHANGE2016] The Microsoft Exchange Mailbox Replication service 'exchange2016.hostname' (15.1.225.37 caps:7FFF) is examining the request.  [EXCHANGE2016] Connected to target mailbox 'uuid1 (Primary)', database 'Target Database', Mailbox server 'exchange2016.hostname' Version 15.1 (Build 225.0).  [EXCHANGE2016] Connected to source mailbox 'uuid1 (Primary)', database 'Source Database', Mailbox server 'exchange2013.hostname' Version 15.0 (Build 1320.0), proxy server 'exchange2013.hostname' 15.0.1320.0 caps:0400001F7FFFFFCB07FFFF.  [EXCHANGE2016] Relinquishing job because of large delays due to unfavorable server health or budget limitations.  [EXCHANGE2016] The Microsoft Exchange Mailbox Replication service 'exchange2016.hostname' (15.1.225.37 caps:7FFF) is examining the request.  [EXCHANGE2016] Connected to target mailbox 'uuid1 (Primary)', database 'Target Database', Mailbox server 'exchange2016.hostname' Version 15.1 (Build 225.0).  [EXCHANGE2016] Connected to source mailbox 'uuid1 (Primary)', database 'Source Database', Mailbox server 'exchange2013.hostname' Version 15.0 (Build 1320.0), proxy server 'exchange2013.hostname' 15.0.1320.0 caps:0400001F7FFFFFCB07FFFF.  [EXCHANGE2016] Relinquishing job because of large delays due to unfavorable server health or budget limitations.  [EXCHANGE2016] The Microsoft Exchange Mailbox Replication service 'exchange2016.hostname' (15.1.225.37 caps:7FFF) is examining the request.  [EXCHANGE2016] Connected to target mailbox 'uuid1 (Primary)', database 'Target Database', Mailbox server 'exchange2016.hostname' Version 15.1 (Build 225.0).  [EXCHANGE2016] Connected to source mailbox 'uuid1 (Primary)', database 'Source Database', Mailbox server 'exchange2013.hostname' Version 15.0 (Build 1320.0), proxy server 'exchange2013.hostname' 15.0.1320.0 caps:0400001F7FFFFFCB07FFFF.  [EXCHANGE2016] The Microsoft Exchange Mailbox Replication service 'exchange2016.hostname' (15.1.225.37 caps:7FFF) is examining the request.  [EXCHANGE2016] Connected to target mailbox 'uuid1 (Primary)', database 'Target Database', Mailbox server 'exchange2016.hostname' Version 15.1 (Build 225.0).  [EXCHANGE2016] Connected to source mailbox 'uuid1 (Primary)', database 'Source Database', Mailbox server 'exchange2013.hostname' Version 15.0 (Build 1320.0), proxy server 'exchange2013.hostname' 15.0.1320.0 caps:0400001F7FFFFFCB07FFFF.  [EXCHANGE2016] Relinquishing job because of large delays due to unfavorable server health or budget limitations.

And another related error I could find:

MigrationTransientException: Failed to communicate with the mailbox database. --> Failed to communicate with the mailbox database. --> MapiExceptionMdbOffline: Unable to make connection to the server. ‎(hr=0x80004005, ec=1142)‎ Diagnostic context: Lid: 41192 dwParam: 0x1 Lid: 63464 Lid: 34792 StoreEc: 0x6AB Lid: 51176 StoreEc: 0x80040115 Lid: 48104 Lid: 39912 StoreEc: 0x80040115 Lid: 41192 dwParam: 0x2 Lid: 49384 Lid: 51176 StoreEc: 0x476 Lid: 48104 Lid: 39912 StoreEc: 0x476 Lid: 41192 dwParam: 0x0 Lid: 49064 dwParam: 0x1 Lid: 37288 StoreEc: 0x6AB Lid: 49064 dwParam: 0x2 Lid: 38439 EMSMDBPOOL.EcPoolConnect called [length=48] Lid: 54823 EMSMDBPOOL.EcPoolConnect returned [ec=0x476][length=20][latency=31] Lid: 53361 StoreEc: 0x476 Lid: 51859 Lid: 33649 StoreEc: 0x476 Lid: 43315 Lid: 58225 StoreEc: 0x476 Lid: 39912 StoreEc: 0x476 Lid: 54129 StoreEc: 0x476 Lid: 50519 Lid: 59735 StoreEc: 0x476 Lid: 59199 Lid: 27356 StoreEc: 0x476 Lid: 65279 Lid: 52465 StoreEc: 0x476 Lid: 60065 Lid: 33777 StoreEc: 0x476 Lid: 59805 Lid: 52487 StoreEc: 0x476 Lid: 19778 Lid: 27970 StoreEc: 0x476 Lid: 17730 Lid: 25922 StoreEc: 0x476

Nginx - Force HTTPS only on main domain, and HTTP on all subdomains

Posted: 12 Feb 2022 07:02 PM PST

I have had a developer trying to create the SSL config for my Nginx server, but it still doesn't work the way it should. I want to force/redirect all my subdomains to HTTP, and only let the main domain with no subdomain, with SSL.

This is my current config:

set $ssl_rule "";  if ($scheme = http) {  set $ssl_rule "1";  }  if ($scheme = https) {      set $ssl_rule "0";  }    if ($host = "mystite.com") {  set $ssl_rule "${ssl_rule}1";  }  if ($host = "www.mysite.com") {      set $ssl_rule "${ssl_rule}1";  }    if ($host ~ (?!www).+.mysite\.com) {   set $ssl_rule "${ssl_rule}0";  }  if ($ssl_rule = "11") {   return 301 https://$host$request_uri;  }  #if ($ssl_rule = "00") {  #         return 301 http://$host$request_uri;  #}

Can anybody see what's wrong with my config?

Rabbit MQ Windows very high CPU with no workload

Posted: 12 Feb 2022 10:07 PM PST

Erl.exe is sat at 90%+ CPU whilst the rabbit server is basically idle. It's a fresh install on Windows 2012R2, Rabbit version 3.6.6 Nothing in the logs, but I have noticed that the figures for GC / context switching are sky high:

GC operations 84,190/s GC bytes reclaimed 325,660,781/s Context switch operations 284,047/s

Any ideas?

Kali linux Source lists fails

Posted: 13 Feb 2022 12:03 AM PST

I am trying to update kali Linux via the official source_lists
while when i do sudo apt-get update it fails saying W: Failed to fetch
The source list is as follows :- 

in /etc/apt/sources.list:  #regular repositories  deb http://http.kali.org/kali sana main non-free contrib  deb http://security.kali.org/kali-security sana/updates main contrib non-free    #sources respositories  deb-src http://http.kali.org/kali sana main non-free contrib  deb-src http://security.kali.org/kali-security sana/updates main contrib non-free

The output after installing some packagesapt-get update is :- 

W: Failed to fetch http://http.kali.org/kali/dists/sana/InRelease      W: Failed to fetch http://security.kali.org/kali-security/dists/sana/updates/InRelease  Unable to find expected entry 'non-fre/source/Sources' in Release file (Wrong sources.list entry or malformed file)    W: Failed to fetch http://security.kali.org/kali-security/dists/sana/updates/main/source/Sources  Unable to connect to security.kali.org:http:    W: Failed to fetch http://security.kali.org/kali-security/dists/sana/updates/contrib/source/Sources  Unable to connect to security.kali.org:http:    W: Failed to fetch http://http.kali.org/kali/dists/sana/Release.gpg  Unable to connect to http.kali.org:http:    W: Some index files failed to download. They have been ignored, or old ones used instead.

Please post feedback if anything else is to be updated

Mod_evasive not blocking a DOS attack using HEAD requests

Posted: 12 Feb 2022 11:05 PM PST

Using Apache/2.2.15 on RHEL6 with mod_evasive config:

DOSHashTableSize    3097  DOSPageCount        14  DOSPageInterval     2  DOSSiteCount        70  DOSSiteInterval     1  DOSBlockingPeriod   60

Unfortunately it didn't block this attack, which only came from 1 IP:

207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:53 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:53 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:53 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"  207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"

Mod_evasive does work, it blocks some IPs in other cases. Does it not work for HEAD requests?

EDIT: My apache is running in prefork mode. From what I've read mod_evasive has issues with it.

Pfsense Squid external ACL with a php script

Posted: 13 Feb 2022 02:02 AM PST

I want to use a PHP script to allow or deny Squid proxy request ina pfsense installation, so I'm using this configuration for external ACL:

external_acl_type mysqlAuth %SRC /usr/local/bin/php -f /var/scripts/mysqlacl.php  acl extGrant external mysqlAuth  http_access allow extGrant

My Mysql script looks like this:

<?php  file_put_contents("/var/scripts/out.txt",date("Y/m/d H:i:s")."Started\r\n",FILE_APPEND);    $STDIN=fopen("php://stdin", "r");  $STDOUT=fopen("php://stdout", "w"));      while (!feof($STDIN)) {          $line = trim(fgets($STDIN));          file_put_contents("/var/scripts/out.txt",date("Y/m/d H:i:s")." ".$line,FILE_APPEND);          fwrite($STDOUT, "OK\n");          //break;  }  ?>

If I run this script from the command line everything works, for each input line I get a "OK" output line.

The problem is that when Squid runs I got this errors (log from system.log):

squid[43190]: Squid Parent: (squid-1) process 56700 started

(squid-1): The mysqlAuth helpers are crashing too rapidly, need help!

squid[43190]: Squid Parent: (squid-1) process 56700 exited with status 1

squid[43190]: Squid Parent: (squid-1) process 56700 will not be restarted due to repeated, frequent failures

And this is the cache.log:

kid1| ipcCreate: /usr/local/bin/php: (2) No such file or directory

But this file surely exists and to be sure that this is not due to a file access error, I tried to set a shell to "proxy" user, and login as proxy user (su proxy) and here from the shell call /usr/local/bin/php -f /var/scripts/mysqlacl.php and it works!

This is my php version:

PHP 5.5.22 (cgi-fcgi) (built: Feb 26 2015 18:00:22) Copyright (c) 1997-2015 The PHP Group Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies with Suhosin v0.9.37.1, Copyright (c) 2007-2014, by SektionEins GmbH

What can it be?

Windows SBS 2011 Dashboard + Windows Server * Services will not start due to Windows Server Service Provider Registry service

Posted: 12 Feb 2022 06:03 PM PST

I have a Windows Server SBS 2011 Box that is having some strange issues related to the Windows Server Service Provider Registry. A number of windows server services were running into issues starting and I traced it back to this service. It's dependencies are started and running without errors that I can see.

This is the error I get when I try to start the service:

Error 1067: The process terminated unexpectedly.

The event viewer errors are listed below (2)

http://i.imgur.com/1vD6lsF.png

And a .Net Error:

Source: .Net Runtime  Event ID: 1025    Application: ProviderRegistryService.exe  Framework Version: v4.0.30319  Description: The application requested process termination through System.Environment.FailFast(string message).  Message: Unhandled exception in OnStart: System.InvalidOperationException: Service ServiceRegistryProvider was not found on computer '.'. ---> System.ComponentModel.Win32Exception: The specified service does not exist as an installed service     --- End of inner exception stack trace ---     at System.ServiceProcess.ServiceController.GenerateNames()     at System.ServiceProcess.ServiceController.get_DisplayName()     at Microsoft.WindowsServerSolutions.Common.ServiceUtility.GetDisplayName(String serviceName)     at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProductConfigurator.LogServiceStartFailure(String serviceName, String info)     at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderRegistry.ServiceShell.OpenHost()     at Microsoft.WindowsServerSolutions.Common.Services.WssgServiceBase.OnStart(String[] args)  Stack:     at System.Environment.FailFast(System.String, System.Exception)     at Microsoft.WindowsServerSolutions.Common.Services.WssgServiceBase.OnStart(System.String[])     at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)     at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)     at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)     at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()     at System.Threading.ThreadPoolWorkQueue.Dispatch()

After some research I found some similar cases, 1 dealt with the port used by the service which I cannot seem to find listed anywhere, including the config file for the service.

I recently ran an SFC Scan on the file and on the whole server which returned no errors. What I am looking for is if I need to work on trying to reinstall the service or if it could be a .Net error etc. Any help would be appreciated.

NGINX configuration for video streaming server

Posted: 13 Feb 2022 01:00 AM PST

I have purchased cloud server at digitalocean.com with 2GB RAM and DUAL CORE Processor. I want to set-up video proxy service i.e. to proxy youtube videos.

I have installed NGINX + PHP-FPM server and UFW firewall. But when more than 10 to 20 users stream, site slows down or becomes entirely unreachable.

Following are the configurations:

(NGINX CONFIGURATION) 

user www-data;  worker_processes 2;  pid /var/run/nginx.pid;    events {      worker_connections 19000;      multi_accept on;  }    worker_rlimit_nofile 20000;  http {        ##      # Basic Settings      ##        sendfile on;      tcp_nopush on;      tcp_nodelay on;      keepalive_timeout 65;      types_hash_max_size 2048;        include /etc/nginx/mime.types;      default_type application/octet-stream;        ##      # Logging Settings      ##        access_log off;      error_log /var/log/nginx/error.log crit;        ##      # Gzip Settings      gzip on;      gzip_disable "msie6";        include /etc/nginx/conf.d/*.conf;      include /etc/nginx/sites-enabled/*;  }

( PHP-FPM CONFIGURATION )

pm = static  pmm.max_children=1000  pm.process_idle_timeout = 10s

I also tried dynamic and ondemand configurations but no improvement. 

pm = dynamic  pm.max_children = 1000  pm.start_servers=2  pm.min_spare_servers = 2  pm.max_spare_servers = 6

Please help in configuring this server.

git repositories - how do I make it accessible to gitlist and my dev team

Posted: 12 Feb 2022 08:02 PM PST

I migrated my repositories from a Ubuntu server to Centos 6 serer. My repositories are located in /home/mydir/gitrepos

I installed nginx and gitlist and had to change the ownership and group of the /home/mydir/gitrepos to nginx:nginx so that gitlist could read and render the repository list on my browser

Today I tried pushing my changes from my laptop to the remote repository and got a fatal: /home/mydir/gitrepos/myproject.git does not appear to be a valid repository fatal: The remote end hung up unexpectedly

I tried pulling and ended up with the same message. I suspected that the repositories were not being read. So changed the ownership of the gitrepos directory and am able to clone, push etc but then gitlist doesn't display the repository list.

Is there a way to set the permissions in such a way that I am able to achieve the following

  1. Gitlist should be able to display the repository list page
  2. user1, user2 and other members of the devs group are able to clone, push and pull using ssh (e.g git clone ssh://user1@myip:9999/home/mydir/gitrepos/myproject.git)

“failed to load session “Ubuntu”" on virtualbox ubuntu guest

Posted: 12 Feb 2022 11:05 PM PST

I have a corrupt guest install of ubuntu 12.04 running on virtualbox 4.2.6. I cannot boot to graphical mode . I get an error "failed to load session "Ubuntu"" How can I remove information from the virtual disk or repair it? Networking is also disabled

collectd:Monitoring server not showing clients

Posted: 12 Feb 2022 09:07 PM PST

I have setup a monitoring server with the following setup.

<Plugin network>  Listen "0.0.0.0" "25826"  </Plugin>

Now my clients are sending data to the monitoring server(verified through tcpdump). Even the collection folder shows that the data is being dumped

/var/lib/collectd/rrd  [ec2-user at x rrd]$ ll  total 4  drwxr-xr-x 11 root root 4096 Nov 20 17:53 x-web-1.y.com  [ec2-user at x rrd]$

I have also verified with find . -mmin 1 to see if its being constantly updated.

[ec2-user@x rrd]$ find . -mmin 1  ./x-web-1.y.com/interface-eth0/if_errors.rrd  ./x-web-1.y.com/interface-eth0/if_packets.rrd  ./x-web-1.y.com/interface-eth0/if_octets.rrd  ./x-web-1.y.com/disk-xvda1/disk_time.rrd  ./x-web-1.y.com/disk-xvda1/disk_ops.rrd  ./x-web-1.y.com/disk-xvda1/disk_octets.rrd  ./x-web-1.y.com/disk-xvda1/disk_merged.rrd

But when i look it up through collectd-web, I don't see the clients enter image description here

What might be wrong in my setup?

A linux tftpd server that can log the incoming requests to stdout/stderr

Posted: 13 Feb 2022 02:02 AM PST

I find it crazy that this doesn't work out of the box, but neither atftpd nor tftpd-hpa seem to have any way to log to the console. I've run them in the foreground with verbosity right up but clearly that's not the right magic incantation.

I'm running a short-lived server for a firmware upload and I want to see the requests (and ideally when they've completed).
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)