Recent Questions - Server Fault

---

• Wildfly : Too many open files
• Why some companies like cisco follow different syslog messaging format rather than rfc 3164 (BSD syslog) and rfc 5424 (IETF syslog)?
• What is the Apache equivalent of Nginx set_real_ip_from and real_ip_header for proxy protocol?
• Options to improve docker mount's SMB metadata operations performance
• Windows Server 2019 with 1 NIC and 1 IP network setup for Hyper-V
• Can You Find Education And Teaching Study Resources (on the Web)?
• windows server 2019 std restarting on boot
• My site no longer loads correctly
• I want to reset a FC_HOST before the multipath tries to mount paths from it
• Keepalived going split brain when Firewalld is running
• How to convert or display data of excel on github readme [closed]
• Postgresql 13 - Speed up pg_dump to 5 minutes instead of 70 minutes
• Logrotate- restart service only if it was running
• Add sender to my exchange out of office mails which are sent via postfix with an empty sender
• netdata: view other servers from one dashboard
• "Couldn't resolve host name: Could not resolve host:" in Zabbix
• exim rewrite Subject line if Reply-To domain does not match From domain
• Robocopy - Exclude specific file from purge within subdirectory
• Joining a server to AD via AWS cloudformation
• Exchange 2016 keeps giving away it's default Self-signed certificate instead of CA one
• Disabling cloud-init if metadata server cannot be reached
• SSH works locally but not remotely

Wildfly : Too many open files Posted: 28 Mar 2022 03:41 AM PDT We recently got a "too many open files" error in our production Wildfly 17 on debian 9. A simple restart of the wildfly service got rid of the error but I'd like to avoid the problem to come back. I'd like to increase the limit but I'm not sure what I should change and how can i know the configuration as been taken into account. I checked the ulimit for the loginless wildfly user : sudo su - wildfly -c 'ulimit -a' -s '/bin/bash' core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 117724 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 117724 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited The limit seems to be set at 1024 for the user. However I can check the number of open files by my wildfly processes and I have this : sudo ls -l /proc/PID/fd |wc -l 1296 Which is bigger than the limit and I'm not getting any error right now. Is there a way to set the limit higher permanently ? Maybe in the wildfly configuration files ? I'm a bit lost.

Why some companies like cisco follow different syslog messaging format rather than rfc 3164 (BSD syslog) and rfc 5424 (IETF syslog)? Posted: 28 Mar 2022 03:46 AM PDT According to my understanding the popular syslog formats are: RFC 3124 (BSD syslog): Format: < priority >timestamp hostname application: message Example: <133>Feb 25 14:09:07 webserver syslogd: restart RFC 5424 (IETF syslog): Format: < priority >VERSION ISOTIMESTAMP HOSTNAME APPLICATION PID MESSAGEID STRUCTURED-DATA MSG Example: <34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8 But Lets see other company's log formats: Cisco: Example: *Jan 18 03:02:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down Fortinet (Here you can see syslog in key-value pair. Is this even syslog?) Example: <190>date=2015-03-30 time=14:42:11 logid=0508020503 type=utm subtype=emailfilter eventtype=smtp level=information vd="root" sessionid=83879670 srcip=12.130.136.122 srcport=48137 dstip=x.x.x.x dstport=25 proto=6 service=SMTP profile="EF_Example" action=log-only from="newsletterslatin@trendmicro.rsys1.com" to="mail2@x.x" sender="newsletterslatin@trendmicro.rsys1.com" recipient="mail2@x.x" sentbyte=15369 rcvdbyte=46 direction=outgoing msg="general email log" subject="Novos Treinamentos para Certificação Trend Micro" size="15360" attachment=no Does that mean syslog format can be modified according to their needs. Then how can SIEM softwares can parse these logs if different companies follow different syslog formats?. What's the point of having a RFC then if different companies follow different logging practice? My Last question, Are these even syslog formats?

What is the Apache equivalent of Nginx set_real_ip_from and real_ip_header for proxy protocol? Posted: 28 Mar 2022 03:19 AM PDT Nginx has set_real_ip_from and real_ip_header proxy_protocol directive to restrict the trusted IP address of the TCP load balancer. https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/ But Apache only have RemoteIPTrustedProxy, which only works on the traditional X-Forwarded-For header. What is the Apache equivalent of Nginx set_real_ip_from, real_ip_header for proxy protocol?

Options to improve docker mount's SMB metadata operations performance Posted: 28 Mar 2022 02:47 AM PDT Question Are there any ways to improve metadata operation performance between a Linux based container running under Azure App Service and a mounted volume hosted in Azure Files? Context I recently migrated a solution which had everything on one server to an Azure based solution where: The code runs on a container hosted under Azure App Service. Those files which are part of the business data are on Azure Files (i.e. a share under an Azure Storage Account) / mounted on the container (via the app service's Settings > Configuration > Path Mappings section). This has introduced some performance issues with operations which search through a folder to see if certain files exist. That's currently done via PHP's file-exists function. When testing on my local device, I can improve performance by appending :cached to the bind parameter; e.g. --mount type=bind,source=d:\my\host\path,target=/var/my/container/path:cached; but I can't find an option to do anything similar in Azure App Service. My container's running Linux (Ubuntu:21:10); and I've read that SMB metadata operations (including checking if a file exists) have a higher overhead in Linux than Windows; so perhaps that's related (i.e. as Azure Files uses SMB); though I'm not certain (as the path is mounted to the container, so the container OS may not be aware of the underlying implementation). I've enabled large file shares to increase the IOPs available to the file share; but it's made no difference (which given this is a metadata rather than IO performance issue, makes sense). At present I'm thinking the solution would be to update the code to keep a representation of the file structure in the app's database so we can query that to get the same information faster; but this has the downside that every operation to upload or deleted a file needs to also update the database to keep disk and db info in sync / duplicates where information's held; so I'm keen to solve this infrastructure issue rather than recode if possible.

Windows Server 2019 with 1 NIC and 1 IP network setup for Hyper-V Posted: 28 Mar 2022 02:36 AM PDT I have VDS Windows Server 2019 with 1 NIC and 1 WAN IP with Hyper-V role on it. I can't set it up so that VMs have internet connection. Can anyone tell me exact parameters in Hyper-V or Windows to do that? Next, can i some how setup PFSENSE or VyOS in Hyper-V environment, so that Hyper-V host will be connected through it?

Can You Find Education And Teaching Study Resources (on the Web)? Posted: 28 Mar 2022 01:40 AM PDT As a result of online tutoring, parents are no longer required to drive their children to after-school educational centers. Does online tutoring pay off? Can online tutoring and homework help give your child an edge in the classroom? Yes! The award-winning service offers tutoring and educational software to students from kindergarten to adults. Even when students are not at home, they can contact tutors through the Homework help website at any time. The friendly and It is a popular educational supplement because of its friendly and supportive approach. Could someone help me find the best Education & Teaching Homework Help?

windows server 2019 std restarting on boot Posted: 28 Mar 2022 01:16 AM PDT We have installed a service of our software on clean windows server 2019 STD VM. The service requires .NET 4.8 to run. The service uses a Domain account with local admin rights. The service is set to an automatic delayed start. After I start the server, it is up in less than a minute. After about 3:08 min the server restarts. In Windows Event Viewer System event log, I have these errors: ID 7009 A timeout was reached (30000 milliseconds) while waiting for the Cloudsfer OPA Agent service to connect. ID 7000 The Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. ID 7007 The system reverted to its last known good configuration. The system is restarting.... If I login just after the boot, there are no issues, and the service starts as it should. I have no errors in the Application Events log. What could be the reason? Thanks Itamar

My site no longer loads correctly Posted: 28 Mar 2022 01:07 AM PDT Since yesterday, my site is no longer loading correctly. This is a server with Matomo installed. I did not modify anything, I did not update and it displays errors in the console. Do you have an idea, because I don't understand what is causing the problem :

I want to reset a FC_HOST before the multipath tries to mount paths from it Posted: 27 Mar 2022 11:50 PM PDT I have an HPE SN1100Q 2port 16G HBA card on my hpe proliant gen10 server which is connected to HPE 3par storage direct attach. And some wierd stuff happening. Im using qla2xxx driver version 10.01.00.19-k which comes built-in in ubuntu 20.04. When my servers restart the connection between my server and 3par become unaccessible. But when i reset my fc_ports with this commands the connection accessible again. echo 1 > /sys/class/fc_host/host7/issue_lip echo 1 > /sys/class/fc_host/host9/issue_lip So i want to reset this ports before the server tries mount the paths. I wrote a systemd service and reset-hba script for this. But multipath trying to access paths before my script reset the ports. How can i fix this problem? Here is my systemd service: [Unit] Description=Reset hba ports on startup Before=multipathd.service [Service] Type=oneshot ExecStartPre=/sbin/modprobe -a qla2xxx ExecStart=/bin/bash -c "/opt/hpe-hba/reset_hba_ports.sh" [Install] WantedBy=sysinit.target And my reset script: #/bin/bash FC_HOST_PATH="/sys/class/fc_host" modprobe qla2xxx until [ ! -z "$(ls $FC_HOST_PATH)" ] do sleep 1 echo "Waiting for FC hosts..." done echo "HBA port reset in progess..." for host in $(ls $FC_HOST_PATH);do RPORT=$(ls $FC_HOST_PATH/$host/device/ | grep rport) TPORT=$(ls $FC_HOST_PATH/$host/device/$RPORT | grep target) if [ -z "${TPORT}" ] then echo "$host not connected. Resetting FC port" echo 1 > /sys/class/fc_host/$host/issue_lip; fi done echo "Waiting for the FC communication to be established." try_count=0 while [ $try_count -le 3 ] do err=0 for host in $(ls $FC_HOST_PATH) do RPORT=$(ls $FC_HOST_PATH/$host/device/ | grep rport) TPORT=$(ls $FC_HOST_PATH/$host/device/$RPORT | grep target) echo "Target port for $host is $TPORT" if [ -z "${TPORT}" ] then echo "HBA FC port is not ready yet. Target is not available! Waiting for 10 sec..." err=1 sleep 5 fi done if [ $err -eq 0 ] then break fi ((try_count++)) done echo "FC port init complated!" DATE=$(/usr/bin/date) echo $DATE >> /opt/hpe-hba/last_run.txt

Keepalived going split brain when Firewalld is running Posted: 28 Mar 2022 12:58 AM PDT I'm using keepalived to provide availability between two Alma 8 Nginx servers (hosted on VMWare if that's of any relevance). When firewalld is enabled, despite a rich rule being set for VRRP, when I bring firewalld up both hosts start to respond on the virtual IP: root@dca-nfs01:~# arping 172.31.5.233 60 bytes from 00:50:56:84:ac:d0 (172.31.5.233): index=39 time=1.960 usec 60 bytes from 00:50:56:84:ac:d0 (172.31.5.233): index=40 time=20.660 usec 60 bytes from 00:50:56:84:52:ed (172.31.5.233): index=41 time=24.930 usec 60 bytes from 00:50:56:84:ac:d0 (172.31.5.233): index=42 time=534.616 msec 60 bytes from 00:50:56:84:52:ed (172.31.5.233): index=43 time=534.646 msec My keepalived config is taken from a standard tutorial template and looks as follows: [root@dca-ngx01-al ~]# cat /etc/keepalived/keepalived.conf global_defs { # Keepalived process identifier router_id nginx } # Script to check whether Nginx is running or not vrrp_script check_nginx { script "/sbin/pidof nginx" interval 2 weight 50 } # Virtual interface - The priority specifies the order in which the assigned interface to take over in a failover vrrp_instance VI_01 { state MASTER interface ens192 virtual_router_id 151 priority 110 # The virtual ip address shared between the two NGINX Web Server which will float virtual_ipaddress { 172.31.5.233 } track_script { check_nginx } authentication { auth_type AH auth_pass secret } } Both boxes have a simple one zone firewall, and I have added a rich rule to allow VRRP communication between the two hosts: [root@dca-ngx01-al ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: dhcpv6-client http https ssh ports: 10050/tcp protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule protocol value="vrrp" accept I have also set net.ipv4.ip_forward = 1 in /etc/sysctl.conf. When firewalld is stopped on both boxes, keepalived behaves correctly, but when enabled to appear that both sides lose touch with each other, and just send out repeated gratuitous ARP packets: ● keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2022-03-25 12:48:25 GMT; 2h 35min ago Process: 7140 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 12966 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 12967 (keepalived) Tasks: 2 (limit: 11406) Memory: 1.8M CGroup: /system.slice/keepalived.service ├─12967 /usr/sbin/keepalived -D └─12968 /usr/sbin/keepalived -D Mar 25 15:08:15 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233 Mar 25 15:08:15 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233 Mar 25 15:08:15 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233 Mar 25 15:08:15 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233 Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: (VI_01) Sending/queueing gratuitous ARPs on ens192 for 1> Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233 Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233 Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233 Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233 Mar 25 15:08:18 dca-ngx01-al.REDACTED.local Keepalived_vrrp[12968]: Sending gratuitous ARP on ens192 for 172.31.5.233 I can however see from using TCPDump that regular VRRP packets from the other host are at least hitting the network interface when firewalld is active: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes 15:25:21.532300 IP dca-ngx02-al.REDACTED.local > vrrp.mcast.net: AH(spi=0xac1f05e5,seq=0x3160): VRRPv2, Advertisement, vrid 151, prio 150, authtype ah, intvl 1s, length 20 15:25:22.532419 IP dca-ngx02-al.REDACTED.local > vrrp.mcast.net: AH(spi=0xac1f05e5,seq=0x3161): VRRPv2, Advertisement, vrid 151, prio 150, authtype ah, intvl 1s, length 20 15:25:23.532476 IP dca-ngx02-al.REDACTED.local > vrrp.mcast.net: AH(spi=0xac1f05e5,seq=0x3162): VRRPv2, Advertisement, vrid 151, prio 150, authtype ah, intvl 1s, length 20 15:25:24.532544 IP dca-ngx02-al.REDACTED.local > vrrp.mcast.net: AH(spi=0xac1f05e5,seq=0x3163): VRRPv2, Advertisement, vrid 151, prio 150, authtype ah, intvl 1s, length 20 Does anybody have any ideas as to how I can further troubleshoot this issue? Thanks in advance.

How to convert or display data of excel on github readme [closed] Posted: 28 Mar 2022 03:02 AM PDT We have an excel file which contains some tabular information. Is there anyway to link this data to display in the github readme.md file? If not, is there anyway to convert this excel to readme.md tabular data? Tried searching in google and serverfault/stackoverflow but didn't find any existing post. Please suggest. And, someone updated this question as off-topic. But this is for showing excel data in my project purpose only.

Postgresql 13 - Speed up pg_dump to 5 minutes instead of 70 minutes Posted: 28 Mar 2022 12:09 AM PDT We use pg_dump nightly to make a snapshot of our database. We did for a long time with a simple command pg_dump -Fc database_name This takes about an hour and produces a file of 30+GByte. How can we speed up things?

Logrotate- restart service only if it was running Posted: 28 Mar 2022 01:03 AM PDT I have HA cluster with samba running on the active node, now i get these error's in my root mail: Can't find pid for destination 'smbd' error: error running non-shared postrotate script for /var/log/samba/log.smbd of '/var/log/samba/log.smbd ' Can't find pid for destination 'nmbd' error: error running non-shared postrotate script for /var/log/samba/log.nmbd of '/var/log/samba/log.nmbd ' run-parts: /etc/cron.daily/logrotate exited with return code 1 Can i make Logrotate only restart the service if it was running ? As requested the logrotate config of smane /var/log/samba/log.smbd { weekly missingok rotate 7 postrotate [ ! -x /usr/bin/smbcontrol ] || /usr/bin/smbcontrol smbd reload-config endscript compress delaycompress notifempty } /var/log/samba/log.nmbd { weekly missingok rotate 7 postrotate [ ! -x /usr/bin/smbcontrol ] || /usr/bin/smbcontrol nmbd reload-config endscript compress delaycompress notifempty } /var/log/samba/log.samba { weekly missingok rotate 7 postrotate if [ -d /run/systemd/system ] && command systemctl >/dev/null 2>&1 && systemctl is-active --quiet samba-ad-dc; then systemctl kill --kill-who all --signal=SIGHUP samba-ad-dc elif [ -f /var/run/samba/samba.pid ]; then # This only sends to main pid, See #803924 kill -HUP `cat /var/run/samba/samba.pid` fi endscript compress delaycompress notifempty }

Add sender to my exchange out of office mails which are sent via postfix with an empty sender Posted: 28 Mar 2022 12:01 AM PDT Out of office mails works internally but externaly the logs says : - it goes out of Exchange 2010 to go to Postfix (without any sender), - Postfix sends it out to the sender without any sender - the destinator bounces it back with the error " status=bounced (host gmail-smtp-in.l.google.com[173.194.76.26] said: 550 Requested action not taken: mailbox unavailable (in reply to MAIL FROM command))" The RFCs say that out of office mails and other MDNs should be sent with an empty sender. Since Exchange 2010 (or 2007?), that is what it is done. The problem is that at least Gmail and Hotmail refuse those mails: status=bounced (host gmail-smtp-in.l.google.com[173.194.76.26] said: 550 Requested action not taken: mailbox unavailable (in reply to MAIL FROM command)) Internet says that we can't add a sender to those out of office mails in Exchange 2010. There are transport rules but they can't add "From" attribute in header, and email rewriting but... Its like asking me to write a big book in chinese while I just want to have a "cool" chinese character on my arm. My luck is that my exchange sends mail via a postfix server (Internet -> Postfix -> Exchange) and that we can add sender to mails with postfix. What I understand is that I can replace things like "*@mydomain.com" to a single static mail address, always the same, that I can choose like "mailer@myStylishDomainName.com" but what I would like to do is add the real sender mail address to the "from". And I would like to do this only if it is a "automatic reply" kind of mail. How could I add a "from" value to my out of office mails so that gmail and other external mail servers accept my MDNs please? Update 1 : in addition ton DKIM/DMARC, I saw those roads : fill in external postmaster You can configure and manage the external postmaster address. The external postmaster address is used as the sender for system-generated messages and notifications sent to message senders that exist outside the Microsoft Exchange Server 2010 organization. An external sender is any sender that has an e-mail address that contains a domain not defined in the list of accepted domains for the Exchange 2010 organization. https://docs.microsoft.com/en-us/previous-versions/office/exchange-server-2010/bb430765(v=exchg.141) change OOF mails format from TNEF to something else: it is possible to avoid TNEF for "normal" mail but I don't know how to force OOF mails to be sent in usual MIME type Update 2 : if I remove the Postfix MTA in between my Exchange and the Internet, Out of office mails are sent and received/accepted by Gmail because they do have a Return-Path and a From. So it must be Postfix that is messeing with this.

netdata: view other servers from one dashboard Posted: 28 Mar 2022 02:04 AM PDT I've just installed netdata for testing as a replacement (or augment) for nagios. I have it installed on one machine and it's great. However, I'm trying to install netdata on a second machine ("cougar"), with the intent of using the first machine ("rolls-royce") as my sole dashboard/viewing host. I believe I have followed the directions correctly from https://docs.netdata.cloud/streaming/ for setting up a "headless collector", where "cougar" is my "slave" instance and "rolls-royce" is my "master" instance. Update: I also figured out that I need to have my own "registry" cougar netdata.conf [global] memory mode = none [web] mode = none [registry] # enabled = no registry to announce = http://rolls-royce:19999 cougar stream.conf [stream] enabled = yes destination = rolls-royce:19999 api key = 9447dae1-0830-4edd-9e70-1cd125844b65 timeout seconds = 60 default port = 19999 rolls-royce netdata.conf [registry] enabled = yes registry to announce = http://rolls-royce:19999 rolls-royce stream.conf [stream] enabled = no [9447dae1-0830-4edd-9e70-1cd125844b65] enabled = yes allow from = * default history = 3600 default memory mode = save health enabled by default = auto multiple connections = allow And I think I see data being collected in the logs, and cache files being created. However, I cannot figure out how to view my "cougar" data from my "rolls-royce" dashboard. The documentation refers to a "my-netdata" menu. I don't have a "my-netdata" menu. I have a menu entitled "rolls-royce", with only a single entry for "rolls-royce http://rolls-royce:19999/" but no entry for "cougar". Can anybody help me figure out what I am missing?

"Couldn't resolve host name: Could not resolve host:" in Zabbix Posted: 28 Mar 2022 03:06 AM PDT Getting "Couldn't resolve host name: Could not resolve host: example.zabbixagent.com; Name or service not known" in Zabbix server although DNS and hostname of Zabbix Active Agent is correct. Is this a bug or a misconfiguration in Zabbix? Please help.

exim rewrite Subject line if Reply-To domain does not match From domain Posted: 27 Mar 2022 11:01 PM PDT I would like to rewrite the subject line of all emails that contain a Reply-To: line with an email address in a different domain than the From: line. The reason for this is that I frequently get fraud emails that look like this: From: My Name <my.name@mycompany.com> To: billing@mycompany.com Reply-To: thief@gmail.com Subject: Please urgently pay attached invoice ... Outlook displays the "From: " information, which can easily be forged, but does not display the Reply-To: line per default. So the email does not look suspicious. If one replies the email is sent to thief@gmail.com, and the thief will of course make sure that the From: My Name header is again showed in the response. Some of these emails are so cleverly designed that people fall for it. To prevent this, I would like to rewrite the Subject line to something like "[Potential fraud] Please urgently pay this invoice" if there is a Reply-To recipient which is in a different domain than the From sender. How do I configure Exim to do this? Please advise.

Robocopy - Exclude specific file from purge within subdirectory Posted: 28 Mar 2022 12:01 AM PDT I want to exclude a specific file from being deleted while still performing a purge. The specific file is located within a subdirectory that does not exist in source. Source: folder1\ file1.txt Destination: folder1\ file1.txt folder2\ dontdelete.txt delete.txt If I use: Robocopy C:\Source C:\Destination /e /purge /xf dontdelete.txt Then Robocopy will delete folder2\ which contains that file, so in essence still deleting the dontdelete.txt file. Source : C:\Source\ Dest : C:\Destination\ Files : *.* Exc Files : dontdelete.txt Options : *.* /V /L /S /E /DCOPY:DA /COPY:DAT /PURGE /R:1000000 /W:30 ---------------------------------------------------------------------------- 0 C:\Source\ 1 C:\Source\folder1\ *EXTRA Dir -1 C:\Destination\folder1\folder2\ *EXTRA File 0 delete.txt *EXTRA File 0 dontdelete.txt same 0 file1.txt If I use: Robocopy C:\Source C:\Destination /e /purge /xd folder2 /xf dontdelete.txt Then Robocopy will not look inside folder2 at all for files that should be purged. Source : C:\Source\ Dest : C:\Destination\ Files : *.* Exc Files : dontdelete.txt Exc Dirs : folder2 Options : *.* /V /L /S /E /DCOPY:DA /COPY:DAT /PURGE /R:1000000 /W:30 ---------------------------------------------------------------------------- 0 C:\Source\ 1 C:\Source\folder1\ *named dir -1 C:\Destination\folder1\folder2\ same 0 file1.txt I have also tried using the entire path including the file with no difference in output.

Joining a server to AD via AWS cloudformation Posted: 28 Mar 2022 03:06 AM PDT I want to use cloudformation to automatically join new instances to AD. When I googled this it looks like many people just use scripts in there cloudformation templates and pass in credentials- I don't want to do that. This article shows how this is seamless if you have the AWS Directory setup. I already have an AD Domain setup with my own DCs, can I just use the AD Connector or something so I can seamlessly join new instances to that like I can with the AWS Directory Service?

Exchange 2016 keeps giving away it's default Self-signed certificate instead of CA one Posted: 28 Mar 2022 02:04 AM PDT I've got Exchange 2016 server being prepared for it's prime time. But Outlook client, connected to mailbox on that server, pops out window saying that certificate issued by not trusted organization, more specifically - it's default self-signed certificate, which was created during Exchange installation. The problem is that I've created and installed proper SSL certificate with domain CA, assigned it to services and to IIS, but server keeps giving it's SS certificate for some reason. Output of Get-ExchangeCertificate | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,Services FriendlyName : CA Certificate for HTTPS Subject : CN=web.contoso.com, OU=IT, O=The Contoso, L=Almaty, S=Almaty, C=KZ CertificateDomains : {web.contoso.com, mail.contoso.com, AutoDiscover.contoso.com, bsb-srv-mb-exch.contoso.com, BSB-SRV-MB-EXCH, contoso.com} Thumbprint : 8-4 Services : IMAP, POP, IIS, SMTP FriendlyName : Microsoft Exchange Subject : CN=BSB-SRV-MB-EXCH CertificateDomains : {BSB-SRV-MB-EXCH, BSB-SRV-MB-EXCH.contoso.com} Thumbprint : 6-7 Services : IMAP, POP, SMTP FriendlyName : Microsoft Exchange Server Auth Certificate Subject : CN=Microsoft Exchange Server Auth Certificate CertificateDomains : {} Thumbprint : 8-6 Services : SMTP FriendlyName : WMSVC Subject : CN=WMSvc-BSB-SRV-MB-EXCH CertificateDomains : {WMSvc-BSB-SRV-MB-EXCH} Thumbprint : F-0 Services : None It also does very same thing when I use my browser to connect https to server - keeps warning me about SS certificate instead of CA one. How can I make it use proper certificate?

Disabling cloud-init if metadata server cannot be reached Posted: 27 Mar 2022 11:01 PM PDT I'm trying to get cloud-init to not take any action if the metadata server cannot be reached. If cloud-init ignores the error and continues executing (which seems to be the default configuration), then it resets the host SSH key, administrative user password, etc., which is a problem if the virtual machine was being used already beforehand (if password login was configured, then users can no longer access the VM). I'm seeing this problem in two situations: The metadata server goes down Software is installed that blocks connections to the metadata server during boot (most recently, seeing this with ubuntu-desktop)

SSH works locally but not remotely Posted: 28 Mar 2022 01:03 AM PDT Recently ran into a hardware issue on my CentOS machine. After a PSU, ram, mobo and CPU replacement I think I have the hardware issue resolved. However, I believe I have a network configuration issue causing SSH remote connection failures. I tried regular ssh using my original account and key and I receive a connection timeout after server is expecting: debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP. From the server itself with a new account: $ ssh -v -o PubkeyAuthentication=no chris@localhost Last login: ... [chris@dev ~]$ From a remote connection on the LAN to try remote SSH: chris::Internets|10 ~ $ ssh -v -o PubkeyAuthentication=no chris@pug OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /Users/chris/.ssh/config debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 102: Applying options for * debug1: Connecting to pug [192.168.1.175] port 22. debug1: Connection established. debug1: identity file /Users/chris/.ssh/id_rsa type 1 debug1: identity file /Users/chris/.ssh/id_rsa-cert type -1 debug1: identity file /Users/chris/.ssh/id_dsa type -1 debug1: identity file /Users/chris/.ssh/id_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP Read from socket failed: Operation timed out I have verified I can: ping remote boxes on lan and internet from server cannot wget web pages from server ping server from lan can access ssh port from lan or remote connection (still receive ssh errors) I did see a post regarding DNS resolution issues causing an issue, I have UseDNS No which should avoid DNS entirely and not cause issues. Any ideas here as I am scratching my head for what else to look for? Edit: /var/log/secure has the following contents: Nov 29 11:19:45 dev sshd[5978]: fatal: Read from socket failed: Connection reset by peer Also, I checked and SSH is listening on 22 as it should be. [root@dev ~]# lsof -i TCP:22 | grep LISTEN sshd 5424 root 3u IPv4 39030 0t0 TCP *:ssh (LISTEN) sshd 5424 root 3u IPv6 39032 0t0 TCP *:ssh (LISTEN) To avoid complications, I flushed iptables: [root@dev ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States