Monday, February 28, 2022

Recent Questions - Server Fault

Recent Questions - Server Fault


Can Application Experience service recyle an AppPool?

Posted: 28 Feb 2022 08:25 AM PST

I'm experiencing the mysterious recycling of an app pool once in a day or two. The event log says "An administrator has requested a recycle of all worker processes in application pool 'API'", but the only person logged in was me, and I'm pretty sure I didn't do it. Every time, just a few seconds before the recycle, the Application Experience service was started. Could it cause the recycling somehow, and how?

Windows Server 2021 R2, IIS 8.5.

How to restore or fix bootloader on a PC with SSD/Win10 and a hard drive with dual boot Ubuntu and Win 10?

Posted: 28 Feb 2022 08:15 AM PST

I wanted to configure my system so that I have master SSD drive which will be main booting device and a slave 1TB hard drive where I will install software files and games. The hard drive already had dual boot Ubuntu and Windows 10. But now since I wasn't thinking much and installed parallel Win 10 on the SSD drive, now the PC boots into the Windows-like option menu to choose which Windows to boot with, the one from the SSD or the one from the hard drive. The option to choose Ubuntu is gone.

I might have some files in the Ubuntu system. Should I just make a bootable Ubuntu usb and run from there, which will fix the boot loader and find Ubuntu so that I can log in to it and get my files?

Or should I do something else?

Note: Is EasyBCD powerful enough to find all three operating systems? I can reinstall Windows after, just want to check the files on Ubuntu

Unbound DNS resolver is restarting constantly

Posted: 28 Feb 2022 07:29 AM PST

I have Unbound 1.13.1 installed on Debian 11.0 (bullseye) but it's restarting frequently due unknown reasons, below are log entries between restarts:

Feb 28 13:54:56 raspberrypi systemd[1]: Stopping Unbound DNS server...  Feb 28 13:54:56 raspberrypi unbound[20793]: [20793:0] info: server stats for thread 0: requestlist max 1 avg 0.5 exceeded 0 jostled 0  Feb 28 13:54:56 raspberrypi unbound[20793]: [20793:0] info: average recursion processing time 0.262341 sec  Feb 28 13:54:56 raspberrypi unbound[20793]: [20793:0] info: histogram of recursion processing times  Feb 28 13:54:56 raspberrypi unbound[20793]: [20793:0] info: [25%]=0.032768 median[50%]=0.349525 [75%]=0.436907  Feb 28 13:54:56 raspberrypi unbound[20793]: [20793:0] info: lower(secs) upper(secs) recursions  Feb 28 13:54:56 raspberrypi unbound[20793]: [20793:0] info:    0.016384    0.032768 1  Feb 28 13:54:56 raspberrypi unbound[20793]: [20793:0] info:    0.262144    0.524288 3  Feb 28 13:54:56 raspberrypi systemd[1]: unbound.service: Succeeded.  Feb 28 13:54:56 raspberrypi systemd[1]: Stopped Unbound DNS server.  Feb 28 13:54:56 raspberrypi systemd[1]: Starting Unbound DNS server...  Feb 28 13:54:56 raspberrypi unbound[21137]: [21137:0] notice: init module 0: subnet  Feb 28 13:54:56 raspberrypi unbound[21137]: [21137:0] notice: init module 1: validator  Feb 28 13:54:56 raspberrypi unbound[21137]: [21137:0] notice: init module 2: iterator  Feb 28 13:54:56 raspberrypi unbound[21137]: [21137:0] info: start of service (unbound 1.13.1).  Feb 28 13:54:56 raspberrypi systemd[1]: Started Unbound DNS server.  Feb 28 13:55:01 raspberrypi unbound[21137]: [21137:0] info: generate keytag query _ta-4f66. NULL IN  Feb 28 13:55:01 raspberrypi unbound[21137]: [21137:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN  Feb 28 13:55:13 raspberrypi unbound[21137]: [21137:0] info: service stopped (unbound 1.13.1).  Feb 28 13:55:13 raspberrypi unbound[21137]: [21137:0] info: server stats for thread 0: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting  Feb 28 13:55:13 raspberrypi unbound[21137]: [21137:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0  Feb 28 13:55:13 raspberrypi unbound[21137]: [21137:0] info: average recursion processing time 0.375382 sec  Feb 28 13:55:13 raspberrypi systemd[1]: Stopping Unbound DNS server...  Feb 28 13:55:13 raspberrypi unbound[21137]: [21137:0] info: histogram of recursion processing times  Feb 28 13:55:13 raspberrypi unbound[21137]: [21137:0] info: [25%]=0 median[50%]=0 [75%]=0  Feb 28 13:55:13 raspberrypi unbound[21137]: [21137:0] info: lower(secs) upper(secs) recursions  Feb 28 13:55:13 raspberrypi unbound[21137]: [21137:0] info:    0.262144    0.524288 1  Feb 28 13:55:13 raspberrypi systemd[1]: unbound.service: Succeeded.  Feb 28 13:55:13 raspberrypi systemd[1]: Stopped Unbound DNS server.  Feb 28 13:55:13 raspberrypi systemd[1]: Starting Unbound DNS server...  Feb 28 13:55:13 raspberrypi unbound[21539]: [21539:0] notice: init module 0: subnet  Feb 28 13:55:13 raspberrypi unbound[21539]: [21539:0] notice: init module 1: validator  Feb 28 13:55:13 raspberrypi unbound[21539]: [21539:0] notice: init module 2: iterator  Feb 28 13:55:13 raspberrypi unbound[21539]: [21539:0] info: start of service (unbound 1.13.1).  Feb 28 13:55:13 raspberrypi systemd[1]: Started Unbound DNS server.  

What might be the reason for these restarts?

Ubuntu Server External Connection Issues

Posted: 28 Feb 2022 07:38 AM PST

I am currently attempting to run a server for Lego Universe using some sort of windows UBUNTU CLI. (Not familiar with linux or CLI, just followed a tutorial to set it up.)

Ubuntu was installed using wsl --install-d ubuntu. It runs on my Windows PC.

I'm sorry if any information is missing, I'm not sure what to include.

This server runs perfectly fine for singleplayer as long as the game client is launched on the same machine that is hosting the server.

The problem starts when I try to connect to the server using a different device, even when I am on the same network.

My assumption is that there is some sort of gap that needs to be bridged between the linux based server and my router since the server is technically a VM (I think). Therefore even though I have forwarded all the ports in my router settings and in the ufw firewall, external devices can't jump the gap.

If this is the case, is there a way to get my router to recognise the (what I'm assuming is a) VM as a standalone device in order to direct external connection attempts directly to the server, or a way to redirect external devices to the VM once they have reached my machine?

If not, any help will be appreciated.

Side note: My knowledge of coding etc doesn't really extend past GCSE level python and HTML or anything I have briefly looked at online so please go easy on me.

Thanks to anyone that even bothers to read this btw, probably painful AF.

Edit: Somebody suggested using hyper-v before the parent comment got deleted. I don't have windows 10 pro so if there isn't a free workaround, it's not gonna work for me.

BBB Not Storing Recordings in NFS

Posted: 28 Feb 2022 06:31 AM PST

I have a big blue button server configured and a scalelite where NFS mount is created and shared with BBB. However, BBB still stores the recordings in the same server. I have tried the answer provided by Fred in the link: https://groups.google.com/g/bigbluebutton-setup/c/Wmn92ejPJxg, but no luck still. My ls -al doesnt show mapping to the NFS mount folder.

Any help or workaround would really be appreciated.

Samba server with copied SID fails mounts with STATUS_INVALID_SID

Posted: 28 Feb 2022 06:15 AM PST

In my Linux based infrastructure I run MIT Kerberos and LDAP for authentication. For the very few Windows VM clients I use a Samba stand-alone file server. It has it accounts stored in LDAP as well. The infrastructure is decades old and is the remainder of a NT domain.

I now have a second site. I cloned my file server and set-up a new Samba server. I followed this post or this post in the past and simply had my stand alone servers all with the same SID, since otherwise the servers are not able to authenticate users.

So, I copied the SID for my workgroup to the new sambaDomainName entry created by my new server. Just as I did a couple of years ago for the old server.

While I still can mount the shares of my old server, trying to mount shares from the new server produces ERROR_INVALID_SID from Win10. Similarly, CIFS mount yields

[247902.830949] CIFS: Attempting to mount //new_server/public  [247902.994871] CIFS: Status code returned 0xc0000078 STATUS_INVALID_SID  [247902.994889] CIFS: VFS: \\new_server Send error in SessSetup = -5  [247902.994925] CIFS: VFS: cifs_mount failed w/return code = -5  

Any idea why the SID is invalid? I don't see any difference to the other SID; neither by net getlocalsid, nor by ldapsearch or ApacheDirectoryStudio.

I know it's a hacky solution. Moving to AD is no option. Since I heard that NT domains may be be dropped by Microsoft soon, I don't want to set up another PDC / BDC system. Actually, the copy SID solution was a work around during a time where samba had a known bug with net join.

Is there another method to have multiple samba servers using the same ldapsam?

Linux server quota in percentage? [closed]

Posted: 28 Feb 2022 05:44 AM PST

Hi is there any way to use quota with a percentage of disk space left? I am trying to prevent Linux users on a shared remote server from making the / disk completely full while they are using conda / docker...

What happens if same user are in two different ntfs-group with different permissions

Posted: 28 Feb 2022 05:12 AM PST

I have two domain local groups

  1. ntfs-change-group
  2. ntfs-read-group

two of my users (User A & B) are in both groups.

I want that the both groups have permission on my "Data" Folder. My question is, what permission whould the user A & B have ?

Change or only read permission ?

Redirect specific trafic throw a vpn interface

Posted: 28 Feb 2022 05:41 AM PST

I,

I wold like to redirect specific ports throw a specific interface.

Until now what i acomplished it was

cat /etc/iproute2/rt_tables | grep "200 force.route" > /dev/null

if [ $? != 0 ]; then

echo "200 force.route" >> /etc/iproute2/rt_tables

fi

ip rule del from all fwmark 200 table force.route

ip rule add from all fwmark 200 table force.route

ip route del 0.0.0.0/1 via 92.240.245.1 dev tun_02 table force.route

ip route add 0.0.0.0/1 via 92.240.245.1 dev tun_02 table force.route

ip route flush cache

iptables -A OUTPUT -t mangle -o br0 -p icmp -j MARK --set-mark 200

but,....

when i ping the packages go throw the specific device see with

tcpdump -i tun_02 , then, expecting response but i don't have a

respose to echo-request.

How can i acomplish that ?

Until now is what i acomplished.

Best Regards,

Ricardo Matos.

SuperMicro 16-Bay chassis only recognizes 12 drives

Posted: 28 Feb 2022 05:04 AM PST

I recently purchased two refurbished Supermicro SC836TQ (3U, 16bay) chassis with SAS backplanes (Standard SAS836-TQ planes).

One works perfectly fine, but the other fails to recognize/initialize any disks installed in the right-most column.

Unfortunately, I'm a little out of my depth in this, so I'm looking for common causes and/or ways to troubleshoot or fix.

Any help would be greatly appreciated!

OpenVPN IPv6 address-less tap interface

Posted: 28 Feb 2022 04:43 AM PST

I am trying to upgrade an openvpn server and I have an issue regarding IPv6 config. I can't figure how to configure a tap interface without an IPv6 address, and still be able to assign IPv6 addresses to the connected clients.

For reasons linked to the structure or our network, the VPN has to be in bridge mode (tap interface), and all routing from / to VPN clients is done on a separate router device (the openvpn server is a dedicated linux box that I only use to offload VPN processing from that router, it does no routing / forwarding by itself).

In my current setup, the tap virtual interfaces have no IPv4 nor IPv6 addresses, they are bridged with physical or VLAN interfaces, and the only addresses clients see are those of the router. The openvpn box just distributes IPv4/IPv6 addresses to the clients when they connect.

Excerpt of my current server config (only relevant parts) :

dev tap-vpn  [...]  server-bridge 192.0.2.1 255.255.255.128 192.0.2.11 192.0.2.40  tun-ipv6  ifconfig-ipv6 2001:db8:1234:5678::1/64 2001:db8:1234:5678::1  ifconfig-ipv6-pool 2001:db8:1234:5678::11/64  [...]  push "tun-ipv6"  push "route 192.x.y.z"  push "route-ipv6 2001:db8:1234:4321::/64"  

This works exactly as expected in OpenVPN 2.3 : the box has no address attached to the tap-vpn interface, and distributes addresses IPv4 192.0.2.11 - 192.0.2.40 and IPv6 starting from 2001:db8:1234:5678::11 , and it pushes routes as expected to the clients, with gateways 192.0.2.1 and 2001:db8:1234:5678::1 .

For security reasons, I disable IPv6 at kernel level on that interface :

echo 1 >/proc/sys/net/ipv6/conf/tap-vpn/disable_ipv6  

Upgrading to a more recent version breaks this setup, in the sense that ifconfig-ipv6 now wants to assign an IPv6 address to the interface, and having IPv6 disabled at kernel level simply prevents openvpn from starting. Removing the ifconfig-ipv6 directive is also not possible, as ifconfig-ipv6-pool needs it.

I know that tun-ipv6 is now deprecated, but removing / adding it doesn't seem to change anything. I have read various documentation, including of course the man page, and reviewed this, this and this thread, but none of these seems to address my concern.

If it is really impossible to achieve the setup I am intending, then I will find other ways to secure the VPN machine, like a local firewall, but I would find more elegant to just have no IPv6 address on the tap (like I have no IPv4) and just use it as a bridging component.

FWIW, I am using slackware64 15.0 on a PCEngines APU mini-PC, but the issue is probably not at OS layer.

Any help or pointer to a working example would be much appreciated.

Connecting Azure Site-to-Site VPN to On-prem Gateway with 2 public IP's

Posted: 28 Feb 2022 05:55 AM PST

I have a cisco ISR on-prem with 2 endpoints (primary and secondary) and I want to connect my Azure VPN Gateway to both endpoints through a single connection (same local address space for both IP's).

When creating an Azure local network gateway I can only enter 1 public IP address, not 2. Is there a way to connect with 2 IP's from the Azure VPN Gateway?

Thank you

Where is IIS output cache location, and how can I relocate it?

Posted: 28 Feb 2022 08:28 AM PST

I've successfully configured IIS output cache. However after repeated google pagespeed tests it seems that the page speed is even slower with output caching compared to without output cache configuration.

My guess it is because the very slow system drive. I have an SSD data drive too in the system, so just for the proof of concept I would like to test a configuration where the IIS output cache is on that drive.

I found the application pool temp folder, and the temp compressed files folder, what are have some information how to relocate them, but I think neither is the output cache disk location.

Is it possible to relocate the output cache location?

can fail2ban add deny rules to nginx instead of using iptables

Posted: 28 Feb 2022 06:36 AM PST

I'm having one server, that is behind a reverse proxy, that I don't control. I'd like to use fail2ban to block nginx traffic under certain conditions.

normally fail2ban useses iptables to block traffic originating from the intruder's IP

However my server is behind a reverse proxy and from my server's point of view all traffic originates from the reverse proxy:

I found following url https://forums.freebsd.org/threads/fail2ban-behind-a-proxy.55041/ that suggests tu use iptables with package intropspection like for example:

actionban = iptables -I fail2ban-<name> 1 -p tcp --dport 80 -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP  

However the reverse proxy that I cannot control forwards the traffic as https traffic, meaning, that I cannot introspect the traffic for X-Forwarded-For headers as they would be encrypted.

Thus my question.

Do others have a similar scenario and is there an existing actionban = that adds Deny rules to nginx ?

Or do I have to handcraft a script trying to do this (edit nginx the nginx configuration and reload nginx)

What other solution would allow me to tell nginx dynamically which requests (containing specific X-Forwarded-For: headers) to block

block nginx connection after multiple 404 s

Posted: 28 Feb 2022 06:57 AM PST

I'd like to protect two servers against attackers who blindly probe for urls.

my idea is to block requests after a certain amount of 404 status codes.

I could do this with fail2ban.

However one of the servers is behind a reverse proxy that I do not control that does not communicate the originating IP address (and it will need a very long time before the request of forwarding the originating IP address will be handled), meaning that from nginx's point of few all requests originate from the revere proxy and obviously I don't want to block all incoming traffic if somebody provoques too many 404s.

Is there any way (without fail2ban, with fail2ban or with any other tool) to detect at least 404 errors from the same https connection and to terminate this connection or to let it 404 unconditionally for any subsequent request?

Please tell me if my question is not clear and I'll try to rephrase it, to give more information.

How to download millions of s3 files and compress them on the fly?

Posted: 28 Feb 2022 06:08 AM PST

I have an S3 bucket with millions of files, and I want to download all of them. Since I don't have enough storage, I would like to download them, compress them on the fly and only then save them. How do I do this?

To illustrate what I mean: aws s3 cp --recursive s3://bucket | gzip > file

rsync a directory with its own descendant

Posted: 28 Feb 2022 07:56 AM PST

tl;dr: I want to rsync a directory to its own descendant, and then rsync the said descendant back to the original directory--including deletions and exclusions in both directions.

Before you ask the obvious question, "Why would you want to do that?" or point out how much better another approach would be, this is a business requirement. It's not my choice, and I'm aware of the risks, so just indulge me. I do not intend to justify the approach any further. 🙂

Details:

I want to rsync a directory to its own descendant--i.e., a directory "underneath" or "inside" it, like parent to parent/child, for example--and then sync changes to the descendant back to the original directory, e.g., parent/child to parent, including deletions and exclusions in both directions. Visually, I need to do this:

parent -> parent/child  parent <- parent/child  

The difficulties are to...

  1. Prevent infinite recursion when going from the ancestor to the descendant
  2. Not delete the source files mid-operation when syncing the descendant back to its ancestor (manifested as "file has vanished" errors)
  3. Respect the exclusions all the while

MySQL connector/ODBC connection error following a DNS mismatch

Posted: 28 Feb 2022 08:18 AM PST

I have troubles configuring a new MySQL connection with ODBC Data Sources (64bits) utility on a Windows Server 2019. I'm using MySQL Workbench to define remote accesses as follow:

enter image description here

The user is granted a SELECT only access:

enter image description here

I have noticed that the server from which I need to initiate the connection (srv-bo) has a static IP address that had already been used in the past by another server (srv-mooc). The ancient remote server entry persisted in the domain controller DNS, so I deleted it. Since then, the ODBC Data Sources (64bits) utility keeps trying to connect with the ancient server's name (srv-mooc)... It seems that some connection informations are kept in memories somewhere but I can't figure it out.

So far, I have tried to flush the DNS cache on my Windows Server 2019 from which I initiate the connection. I have also tried to set up the connection from another user session and after server reboot. Issue is still there:

enter image description here

Error message:

enter image description here

The user credentials work fine from another Windows Server 2019, so connection details are good.

Any idea to help?

Thomas

Library Won't Update

Posted: 28 Feb 2022 07:11 AM PST

I'm trying to update my libarchive library on CentOS 7. Currently, I have version 3.1.2. If I type the following command, here is the result:

# rpm -q libarchive  libarchive-3.1.2-10.el7_2.x86_64  

I was able to find an .rpm file, online, which provides libarchive 3.5.2. I'd like to update to this newer version. So, I attempted to install the package by typing the following:

# rpm -i libarchive-3.5.2-1.el9.src.rpm  warning: user mockbuild does not exist -- using root  warning: group mock does not exist -- using root  warning: user mockbuild does not exist -- using root  warning: group mock does not exist -- using root  warning: user mockbuild does not exist -- using root  warning: group mock does not exist -- using root  warning: user mockbuild does not exist -- using root  warning: group mock does not exist -- using root  

Even though it shows warnings, I would expect that it installed. After all, they're warnings, not errors. However, if I type the following command, it doesn't show that the package was installed.

# rpm -lq libarchive  /usr/lib64/libarchive.so.13  /usr/lib64/libarchive.so.13.1.2  /usr/share/doc/libarchive-3.1.2  /usr/share/doc/libarchive-3.1.2/COPYING  /usr/share/doc/libarchive-3.1.2/NEWS  /usr/share/doc/libarchive-3.1.2/README  /usr/share/man/man5/cpio.5.gz  /usr/share/man/man5/mtree.5.gz  /usr/share/man/man5/tar.5.gz  

I've also tried compiling from source, based on a downloaded .tar file from the libarchive.org website. The procedure seems to go well, but I still only show the old, 3.1.2 version of libarchive when typing the rpm -lq libarchive command, or the rpm -q libarchive command.

So, how would I update this library? If it has been updated, why don't these commands show that it has been updated?

Thanks for your time.

A TLS fatal alert has been received with exim4 in debian 9

Posted: 28 Feb 2022 07:05 AM PST

I am trying to configure my server to send mail and I receive an "TLS fatal alert" error every time I try to send mail.

I have followed the steps indicated in this post related to my problem to try to overcome the problem, but it finally gives me the error that I describe:

apt install gnutls-bin  cd /etc/exim4/  certtool --generate-privkey --outfile exim.key  certtool --generate-request --load-privkey exim.key --outfile exim.csr  
  • Common name: gestiondecorreos.es

  • the rest I leave it blank(enter)

  • url: http://www.cacert.org/

  • login to CACert => click on "Server Certificates" => New

  • It will ask you to paste in the certificate request: I paste the content of the exim.csr file.

  • CACert will ask you to confirm the hostname.

  • After that it will show a certificate in the resulting web page. Put the certificate in a new file named exim.crt

    cd /etc/exim4/ chgrp Debian-exim exim.key chmod g+r exim.key vim /etc/exim4/conf.d/main/000_local (new file)

  • and insert inside:

    MAIN_LOG_SELECTOR=+tls_cipher +tls_peerdn MAIN_TLS_ENABLE=t

    update-exim4.conf /etc/init.d/exim4 restart

I try to connect to my mail server by tls:

gnutls-cli -s -p 587 gestiondecorreos.es  ehlo gestiondecorreos.es  starttls  ^D (ctr+d)  
  • the error result:

*** Starting TLS handshake  - Certificate type: X.509  - Got a certificate list of 1 certificates.  - Certificate[0] info:   - subject `EMAIL=eguz*****@gmail.com,CN=server.example.com,OU=IT,O=Vesta Control Panel,L=San Francisco,ST=California,C=US', issuer `EMAIL=eguz*****@gmail.com,CN=server.example.com,OU=IT,O=Vesta Control Panel,L=San Francisco,ST=California,C=US', serial 0x0086e738bec1714309, RSA key 4096 bits, signed using RSA-SHA256, activated `2020-02-04 15:42:00 UTC', expires `2021-02-03 15:42:00 UTC', key-ID `sha256:6095e39dc286060d74d300f494814744d803ad2f5c55587ca38a2d7ed2b58194'     Public Key ID:        sha1:5f4b******************        sha256:6095****************     Public key's random art:        +--[ RSA 4096]----+        |        ..o    .o|        |       .   o   +.|        *******************        |             .oo.|        +-----------------+    - Status: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected.  *** PKI verification of server certificate failed...  *** Fatal error: Error in the certificate.  *** Handshake has failed  

I dont know why appear CN=server.example.com like subject.

The /var/log/exim4/mainlog file said:

TLS error on connection from lixxxxxx.members.linode.com ([127.0.0.1]) [xxxxxxxxxxx] (gnutls_handshake): A TLS fatal alert has been received.  

In my linode-vps the main domain is gestiondecorreos.es and orbelanet.com is another domain i am running smtp tests on.

Thanks in advance! Mikel

Can I enable TLS 1.3 with Certbot?

Posted: 28 Feb 2022 08:07 AM PST

I am working with Nginx and Certbot, I have secured a domain with HTTPS. I would like to get the domain up to TLS 1.3.

The Nginx server block for my domain get's it's SSL protocols from the included file Certbot creates.

The file /etc/letsencrypt/options-ssl-nginx.conf states that if I modify the file Certbot will be unable to automatically provide security updates.

I want to modify the file's ssl_protocols line by adding TLSv1.3 to the end, but I do not want to break certbot's automatic updates.

Is is possible to tell certbot to enable TLS 1.3?

Software Versions

  • Nginx 1.14.0
  • OpenSSL 1.1.1
  • Certbot 0.31.0
  • Ubuntu 18.04

How to fix the "Redis is busy running a script" error

Posted: 28 Feb 2022 08:07 AM PST

My servers are repeatedly crashing due to receiving the following error from Redis:

BUSY Redis is busy running a script. You can only call SCRIPT KILL or SHUTDOWN NOSAVE.  

However, I can't seem to find a way to determine what is this "script" the message is referring to, and how I may terminate the script. Any help would be appreciated.

Can not open website hosted on LAN web server by browser, though No-IP Dynamic DNS through router OK

Posted: 28 Feb 2022 06:06 AM PST

My LAN server is using IIS ver 10.
No-IP Dynamic DNS through router with URL _.ddns.net is rightly resolving to changing external dynamic IP address supplied by internet service provider.
I can ping to URL _.ddns.net in command prompt when connected through router.
I have configured my router to assign fixed private (LAN) IP address as 192.168.1.2 and it working fine.
I have done port forwarding to my LAN web server for HTTP port 80, but don't know how to test it.
When I type URL 'localhost' OR http://192.168.1.2/ in the browser, I can see my default website. But when I type URL _.ddns.net, I see error: This site can't be reached.

Someone told that the problem is because my LAN web server is behind the router. So I directly connected my web server pc to cable bypassing the router. But then also I get the same error when I type URL _.ddns.net OR external IP address:port in the browser.
I can not ping to URL _.ddns.net in command prompt when connected through cable.

What other settings should I do to solve this problem?

The output of Ipconfig /all is here when my pc is connect to internet by cable.
I have noted that external IP address given by WhatsMyIp = _.ddns.net = 43.241.144.210 is not seen anywhere in Ipconfig /all listing.

C:\Users\niranjan>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-HH2O346
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi
Direct Virtual Adapter Physical Address. . . . . . . . . : 02-0F-02-80-03-AC DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 00-0F-02-80-03-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
Physical Address. . . . . . . . . : 00-27-0E-18-F0-B2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::40c8:cb1e:2e96:30f2%6(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.48.242(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 100673294
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-78-61-B1-00-27-0E-18-F0-B2
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

PPP adapter GTPL BB 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : GTPL BB 2
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.140.234.119(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 182.237.9.10
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Disabled

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8188FTV Wireless LAN 802.11n
USB 2.0 Network Adapter
Physical Address. . . . . . . . . : 00-0F-02-80-03-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6941:48e4:93c5:86a0%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, December 29, 2019 6:37:30 PM
Lease Expires . . . . . . . . . . : Monday, December 30, 2019 6:43:06 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234884866
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-78-61-B1-00-27-0E-18-F0-B2
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Sorry for lengthy post.

Can't stop Azure AD Connect Service

Posted: 28 Feb 2022 05:07 AM PST

Have an on-prem server for Azure AD Connect service. Today I noticed that a Delta Import (we run a delta sync on the scheduler every 30 mins) was In-Progress with no estimated end time. It is sitting like that until the next scheduled sync, then it terminates it and starts the cycle over again.

I think I have pinpointed the issue (it's with a change to the ADSYNC account) but I am unable to stop the AD Connect service to change the run profile properties.

I have: - tried to stop the run profile from MSIClient (it just saying stopping and then running again immediately) - tried to force stop the scheduler from powershell (hangs forever) - tried to force stop the service on the server (hangs forever then errors out)

No windows updates have been applied in the last week and no one has touched the sync service on the server for over a month.

Event logs aren't providing any information at all other than ProvisioningServiceAdapter::ExecuteWithRetry: Action: ImportV1 will be retried after 00:00:15. Attempt 0 of 5.

Is there any way to force stop this service beyond what I have tried? Anyone else experiencing this problem?

Sync Problem

megacli commands return exit code: 0x00 with PERC H200

Posted: 28 Feb 2022 06:15 AM PST

Megacli does not want to talk to a PERC H200 adapter on one of our systems. This is what happens (all commands run as "root"):

megacli -AdpAllInfo      -aAll      Exit Code: 0x00  

System description (I did not configure this system):

CentOS release 6.6 (Final)  Rocks release 6.2 (SideWinder)  

Relevant (probably) dmesg lines:

DMI: Dell Inc. PowerEdge T110 II/015TH9, BIOS 1.3.1 11/10/2011  PERCPU: Embedded 30 pages/cpu @ffff880028200000 s90968 r8192 d23720 u262144  mpt2sas0: Dell PERC H200 Adapter: Vendor(0x1000), Device(0x0072), SSVID(0x1028), SSDID(0x1F1D)    megacli -v        MegaCLI SAS RAID Management Tool  Ver 8.07.14 Dec 16, 2013    lspci -v  01:00.0 Serial Attached SCSI controller: LSI Logic / Symbios Logic SAS2008 PCI-Express Fusion-MPT SAS-2 [Falcon] (rev 03)          Subsystem: Dell PERC H200 Adapter          Flags: bus master, fast devsel, latency 0, IRQ 16          I/O ports at 4000 [size=256]          Memory at c1440000 (64-bit, non-prefetchable) [size=64K]          Memory at c1400000 (64-bit, non-prefetchable) [size=256K]          Expansion ROM at c1700000 [disabled] [size=1M]          Capabilities: [50] Power Management version 3          Capabilities: [68] Express Endpoint, MSI 00          Capabilities: [d0] Vital Product Data          Capabilities: [a8] MSI: Enable- Count=1/1 Maskable- 64bit+          Capabilities: [c0] MSI-X: Enable+ Count=15 Masked-          Capabilities: [100] Advanced Error Reporting          Capabilities: [138] Power Budgeting <?>          Kernel driver in use: mpt2sas          Kernel modules: mpt2sas  

All other megacli commands tried return nothing but "Exit Code: 0x00".

Is some other tool needed to talk to an H200?

How to set custom $_SERVER variable for PHP

Posted: 28 Feb 2022 05:07 AM PST

I'm working on a PHP web app which ALSO has some command line tools. I need the command line tools to detect the environment so that they connect with the correct DB credentials etc. The web app does this easily by checking $_SERVER['SERVER_NAME'] but that doesn't work for a shell script.

I'd like to create my own $_SERVER variable that the shell script can check. Ex: $_SERVER['MYAPP_ENVIRONMENT']. How do I do this?

I found this solution, but I don't see the same files in /etc/apache2/. I also found this, but they're using .htaccess and I'm not sure if I have mod_env and also my app uses it's own .htaccess file, so it would have to be edited every time I deploy.

I'm on a Dreamhost VPS, which runs Ubuntu 12.04 LTS

Nginx proxy_pass not working for subpages

Posted: 28 Feb 2022 07:05 AM PST

I'm trying to set up an nginx proxy_pass that does the following

url is example1.com

this needs to redirect to example2.com, but keep saying example1.com.

This works for the root page, but not for the subpages.

Here is what I have so far

server {    listen       80;    server_name  example1.com;    root /home/<route>/public;    rails_env staging;    location / {    proxy_pass        http://example2.com/example_one/;    add_header 'Access-Control-Allow-Origin' *;    add_header 'Access-Control-Allow-Methods' "GET, POST, PUT, DELETE, OPTIONS";    add_header 'Access-Control-Allow-Headers' "X-Requested-With, X-Prototype-Version";    add_header 'Access-Control-Max-Age' 1728000;    rewrite ^(/api/)(.*)$ http://example2.com/api/$2 permanent;    }  gzip on;   location ^~ /assets/ {    expires max;     add_header Cache-Control public;   }  #  root /home/<root>/public;  #  rails_env staging;  }  #  }   

What we want is for all example1.com/page to go to the correct page on example2.com/page but keep displaying example1 in the url

send NameID claim without encryption in ADFS 2.0

Posted: 28 Feb 2022 07:03 AM PST

My Service Provider issues a SAML 2.0 AuthRequest with a NameIDPolicy tag like so:

<samlp:NameIDPolicy AllowCreate="true"          Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>  

This causes ADFS 2.0 to correctly issue a SAML Response containing an encrypted NameID token created by a rule similar to the one found here

<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">              MyeHAMeGLojBt7fcc2DQtntXXFka0kybkR42ZTitTUs=</NameID>  

So far so good, however, my Service Provider doesn't seem to understand the encrypted NameID claim and is expecting it to be unencrypted while at the same time having the name-format as transient

As per this document, ADFS2.0 treats request for transient or persistent NameID formats as privacy scenarios (and hence the encryption)

So my question then would be: Is there any way to have ADFS 2.0 generate the NameID claim with Format=transient and an unencrypted NameID like so:

<NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">Joe</NameID>   

How to redirect request at the haproxy level to fetch file from CDN?

Posted: 28 Feb 2022 06:06 AM PST

For a given url pattern, I want the contents of the file to be fetched from a CDN and not from my web server.

example:

www.example.com/some/path/ford/new?a=1&b=2  

I need to extract:

ford new 1 2

I want to fetch the file from the s3 (or CDN) like:

example-com.s3.com/customers/ford.new.1.2.html  

Is this possible at the HAProxy level or would I have to do this in nginx somehow?

The earlier in the pipeline the better obviously.

How much RAM does a server actually need?

Posted: 28 Feb 2022 05:55 AM PST

I have a quite a few servers deployed around the world. They are running Windows 2003 x64 with SQL Server 2005 x64 with 6 GB of RAM. The boxes do not have the best (or even an acceptable) configuration, because the guy that ordered them years ago didn't really know what he was doing.

The boxes are fairly consistently running out of memory, end up using the paging file and everything slows down. Typically the commit charge is 5.8GB and then when someone needs to do something intensive (e.g. run a report), that number goes through the roof.

I've been trying to get the powers that be order more memory, but I am getting massive opposition (e.g. make the software more performant, costs too much for all these servers, or prove that the box does not have enough memory, etc...).

Are there guidelines (or a formula) for how much RAM a box needs that I can present to non-techies, so that we can finally order more memory?

No comments:

Post a Comment