Recent Questions - Server Fault

---

• How to switch standby to master on postgresql 13?
• How to run aws cli on amazon linux container?
• mounting smb via ssh tunnel - malformed UNC
• Sniff decrypted vpn traffic
• Windows 10 Enterprise, PowerShell & logged on Domain Admin
• Error while making graphs using json files and python
• My network setup do not work. FreeBSD [closed]
• How to dynamically use SSL? [closed]
• A SSL certificate for all domains?
• Remote Desktop (App Store version) can't connect to localhost
• SFTP to server only available while on the VPN
• How to replace "via amazonses.com" with my apps branding "via example.com" for the email identities in AWS SES?
• How to change Libvirt Job type from 'Cancelled' to 'None'?
• What is TCP-over-TCP and how does OpenVPN under TCP mode avoid the issue?
• Boto3: How can I set Security Group Ids to default?
• 365 - Mail-enabled public folder not visible in EAC, Outlook, or Get-PublicFolder. BUT visible to Get-MailPublicFolder
• How to remove stale routes during Windows Cluster RESTART?
• Windows server GPO, how to force SSID connection if in range
• how authenticated multiple subdomains in nginx with one login
• Network problems when I create Beanstalk environments from an AMI
• Error when running docker build on any dockerfile: "unable to prepare context: unable to evaluate symlinks in Dockerfile path"
• Outlook performance issues in Terminal Server/Remote Desktop Services when using cloud hosted Exchange
• Powershell Set/Get-GPPermission missing from Group Policy on Windows 10
• pg_ctl: could not start server
• Server crash (504 gateway timeout) with 100 concurrent users, using nginx and php5-fpm
• Connecting to MS SQL Server using FreeTDS: Error 20002: "Adaptive Server connection failed"
• ClearOS SMTP Server Setup using Gmail SMTP
• When does /tmp get cleared?
• Installing something from source using chef, should I be doing some checks
• Random Connections to MySQL refused (Error 111)

How to switch standby to master on postgresql 13? Posted: 15 Apr 2022 02:36 AM PDT for DB High Availability was build Active-Standby cluster on Postgresql-13. Inserting data correctly transfer to 'standby' server, it is ok. Now, I want check case, how i can make change roles on two servers. for this I the /var/lib/postgresql/13/main/standby.signal was delete, also for apply changes restarted postgrsql.service Something tells me what I'm doing wrong. So, how to make a master out of a replica, how then from the old master (which was temporarily not available) to make the master back, without losing data? Sorry for my English.

How to run aws cli on amazon linux container? Posted: 15 Apr 2022 02:19 AM PDT I want to run amazon linux commands as part of gitlab pipeline. So, trying to use docker image as runner, amazonlinux:latest So, connected to docker container and ran below command. yum -yq install aws-cli It installed aws-cli Then, configured aws cli. aws configure set region $AWS_REGION aws configure set aws_access_key_id $AWS_ACCESS_KEY aws configure set aws_secret_access_key $AWS_SECRET_KEY aws configure set plugins.bolt awscli-plugin-bolt Then ran below command to check identity, but got error as aws-cli-plugin-bolt not there. aws sts get-caller-identity Then ran python pip install for the same and got python 2.7 deprecation error and module not found. pip install awscli-plugin-bolt DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support WARNING: Running pip install with root privileges is generally not a good idea. Try `pip install --user` instead. ERROR: Could not find a version that satisfies the requirement awscli-plugin-bolt (from versions: none) ERROR: No matching distribution found for awscli-plugin-bolt So changed the python to python 3 as default version using below commands and the reference page. amazon-linux-extras enable python3.8 yum install python3.8 update-alternatives --install /usr/bin/python python /usr/bin/python3.8 1 And then installed the bolt pluging using pip3. yum install python3-pip pip3 install awscli-plugin-bolt But still, below command still looks for python 2 and failing. aws sts get-caller-identity So, deleted that container and created a new one and in that as first step, changed the python version 3 as default one. But this time, yum installation of aws-cli itself failing. bash-4.2# yum -yq install aws-cli File "/usr/bin/yum", line 30 except KeyboardInterrupt, e: ^ SyntaxError: invalid syntax Please suggest how to access aws cli commands from the amazonlinux docker image.

mounting smb via ssh tunnel - malformed UNC Posted: 15 Apr 2022 12:36 AM PDT on my Fedora box i want to mount a Windows Server Share via a ssh tunnel. The setup consists of two parts, ssh and mount part. Part 1.) i do a ssh portforwarding of Port 445 from windows server to my Fedora box via a linux gateway sudo ssh -C -L 127.0.0.2:445:msserver:445 gatewayuser@gateway.gwdomaine.com that works fine and i can access the Windows Server share on my Fedora box in Filemanager or with smbclient on address smb://127.0.0.2 ok, but i want to use that share via linux filesystem. Therefore i need to mount it sudo mount -t cifs //127.0.0.2 /mnt/smb -o username=domaineuser.msserverdomaine but now the problems occure. It asks me about the domaine password on the MS Server. Password for domaineuser.msserverdomaine@//127.0.0.2: which seems already not like a valid account. And after providing the pwd i got a mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) Dmesg shows me [41077.581330] CIFS: VFS: Malformed UNC in devname [41109.021447] Malformed UNC in devname So, wheres my mistake? It seems clear that mount got's confused with the ssh portforwardimng. What to do?

Sniff decrypted vpn traffic Posted: 14 Apr 2022 11:49 PM PDT I have a Linux with some NICs. Eth0 is used to do a point to point VPN using openVPN. I have a tun0 client interface 10.8.0.7. I need to write a sniffer (maybe scapy lib) to intercept incoming packet to my machine after they are decrypted. In symmetric way sniffer has to grab packets before being encrypted and send out through tun0. Any idea?

Windows 10 Enterprise, PowerShell & logged on Domain Admin Posted: 14 Apr 2022 11:41 PM PDT Some years ago I ran in to a problem where PowerShell had limited functionality when logged in as a Domain Admin. Specifically PowerShell couldn't modify the LocalMachine hive or add/delete/modify files in Program Files. My understanding was the Microsoft REALLY doesn't want you logging in as a DA. You should remote in to your servers, not log in, and no work done on a workstation should ever require Domain Admin. I think the firm where this was happening was also using Enterprise Windows, rather than the Pro that most firms use. Now I have a customer whose outsourced IT uses only Domain Admins for doing workstation installs. And while all of their production machines use Pro licenses, the VM they set up for me to test on has an Enterprise license of 21H2, because that's the license they had available. So I have two questions... 1: Am I going to have issues with with this VM if I am logged in as a Domain Admin account and trying to run PowerShell locally? And if so, is this (still?) an Enterprise issue? 2: It seems to me that not using a Domain Admin account for doing workstation software installs is best practice. Why have multiple people with DA credentials that are technically not needed? I am not in a position to tell their outsourced IT how to do things, but I would like to know that my advice to others to NOT use a DA is well founded. Assuming I am correct in this, a pointer to a Microsoft white paper that I can then point people to would also be very helpful. And, to clarify, I use PowerShell to automate complex and extensive Autodesk installs, thus the question here under the PowerShell tag.

Error while making graphs using json files and python Posted: 14 Apr 2022 10:49 PM PDT arunkannan@ubuntu:~/cascade-cpp$ make graphs mkdir -p study/graphs/papers rm -f study/graphs/papers/*.png source /home/arunkannan/cascade-python/env/bin/activate && python /home/arunkannan/cascade-python/study/make_graphs.py study/graphs_demystifying.json --data-dir study/data/papers /bin/sh: 1: source: not found make: *** [Makefile:130: graphs-papers] Error 127 Getting the above error when I try to generate graphs using json files and python program Github code: https://github.com/brunorijsman/cascade-cpp enter image description here

My network setup do not work. FreeBSD [closed] Posted: 14 Apr 2022 10:08 PM PDT FreeBSD 13.0, pf, dhcpd, hostapd. The setup that I need to establish is simple. In human terms, in simple words, I can describe the setup is below. My laptop is connected to ISP through Ethernet cable. I want it(my lap) to transmit WiFi signal. So my laptop will be an AP, or a router, you name it. The result that i want is that my guests, and me, can use the internet through my laptop. I had followed some forums and FreeBSD handbook, but my cell-phone still refuses to go online. Though I can ping it from my laptop. My idea was to use dhcpd on a wlan0 network interface. After that, I was taught to not to reinvent a bicycle, but use a NAT. In FreeBSD pf terms it will be something like(taken from the forums): nat on re0 inet from ! (re0) to any -> (re0). So I want everything from !re0, re0 being my cable to ISP, to be translated to re0. Now the cell-phone gets an IP. I can ping the cell-phone. But no internet traffic on a cell-phone. I will update the information about my actual setup per request. Please, if anyone has some working config, or step-by-step guide, as of how to make a simple thing come to life... How to make my laptop to act as a typical WiFi router?

How to dynamically use SSL? [closed] Posted: 14 Apr 2022 09:38 PM PDT I have a number of SSL certificates I want to serve them based on the host dynamically. For example 'example.com' will be served a different SSL.'example2.com' will be served a different SSL. How do I dynamically serve SSL based on host name?

A SSL certificate for all domains? Posted: 14 Apr 2022 08:34 PM PDT Websites such as webflow.com automatically generate SSL certificates for the domains we connect to them. I am creating a competing product with Webflow. I also want my users to have SSL for their domains. How should I do it? Does there exist a catch all certificate that is valid for all domains?

Remote Desktop (App Store version) can't connect to localhost Posted: 15 Apr 2022 12:25 AM PDT OK we have a weird setup I know.. We create an SSH tunnel to our work network, then use RDP to connect to our workstations in the office. Our SSH client is setup to forward local post 1024 to our workstation on port 3389. This works great with Remote Desktop Connection (mstsc.exe), but doesn't work with the Microsoft Store version of Remote Desktop. Does anyone know why?

SFTP to server only available while on the VPN Posted: 15 Apr 2022 12:46 AM PDT I'm trying to connect to a CentOS 5 box (I know it needs to be decommissioned, it's in the works) using SFTP on port 22. The server is not letting me authenticate while connected to the network via Ethernet. I get a banner and can connect, but the server denies my credentials. I tried the same credentials using the same method while connecting to the VPN and the server permits me to connect with SFTP. I suspect that it's a configuration issue on the server, but the logs on this system are empty. I'm relatively new to Linux administration. Where can I begin looking to identify the problem?

How to replace "via amazonses.com" with my apps branding "via example.com" for the email identities in AWS SES? Posted: 15 Apr 2022 12:28 AM PDT So in SES - there are two ways to verify identities as I can see: Email identities Domain identities With domain identiies - it is easier to fix the "signed-by" and "mailed-by" headers in the outgoing mails. If the DKIM/SPF DNS records are set properly - it works well. But with email identities - AWS SES adds something like "via amazonses.com". Now I am looking to fix this with my app's branding instead. So that when my clients only want to verify email identities and not whole domains - they can send emails via my app (and behind the scenes via SES) but when the emails go out - instead of saying "via amazonses.com", it should put my apps brancing like "via example.com" instead for the email identities. How can I achieve this? :) EDIT: Someone verifies an email identity - foobar@gmail.com - I want it to say "via mydomain.com" instead of "via amazonses.com" Someone verifies clientdomain.com - I want it to say "signed-by: clientdomain.com" and the "via...." will be removed Number 2 is simple and I can achieve that with EasyDKIM in SES but I am having trouble figuring out how to achieve number 1

How to change Libvirt Job type from 'Cancelled' to 'None'? Posted: 14 Apr 2022 09:37 PM PDT After I abort a live migrate, the Job type has changed to 'Cancelled', which makes me unable to migrate again. So,If some libvirt api (or QMP) can help me to change the Job type from 'Cancelled' to 'None'. # virsh domjobabort DOMAIN # virsh domjobinfo DOMAIN Job type: Cancelled Operation: Outgoing migration # virsh migrate DOMAIN qemu+tcp://{ip}/system tcp://{ip} --live --p2p --auto-converge --unsafe --copy-storage-all --xml test.xml error: Timed out during operation: cannot acquire state change lock (held by monitor=remoteDispatchDomainMigratePerform3Params) If I destroy DOMAIN and restart it(The Job type becomes 'none'). The migrate run well. I don't want to restart the Doman :) Version Info: libvirt：6.5.0 qemu：5.0.0 system: CentOS8 with kernel 4.18 2020-12-25 I try again using the virsh command, but to my suprise, the problem did not happen again. It seems work fine(after abort, the domain can migrate!). It really confuse me: Doesn't virsh and go-libvirt use the same api? [root@ubuntu ~]# virsh migrate GUS447978da-04e8-4e9e-88cf-547309f9bbc5 qemu+tcp://{ip}/system tcp://{ip} --live --p2p --auto-converge --unsafe --copy-storage-all --xml test.xml --verbose Migration: [ 27 %]error: operation aborted: migration out: canceled by client ### abort the job in other terminal [root@ubuntu ~]# virsh domjobinfo GUS447978da-04e8-4e9e-88cf-547309f9bbc5 Job type: None [root@ubuntu ~]# virsh migrate GUS447978da-04e8-4e9e-88cf-547309f9bbc5 qemu+tcp://{ip}/system tcp://{ip} --live --p2p --auto-converge --unsafe --copy-storage-all --xml test.xml --verbose Migration: [ 4 %]error: operation aborted: migration out: canceled by client ### abort the job in other terminal [root@ubuntu ~]# virsh domjobinfo GUS447978da-04e8-4e9e-88cf-547309f9bbc5 Job type: None [root@ubuntu ~]# virsh migrate GUS447978da-04e8-4e9e-88cf-547309f9bbc5 qemu+tcp://{ip}/system tcp://{ip} --live --p2p --auto-converge --unsafe --copy-storage-all --xml test.xml error: operation aborted: migration out: canceled by client [root@ubuntu ~]# virsh domjobinfo GUS447978da-04e8-4e9e-88cf-547309f9bbc5 Job type: None [root@ubuntu ~]# virsh migrate GUS447978da-04e8-4e9e-88cf-547309f9bbc5 qemu+tcp://{ip}/system tcp://{ip} --live --p2p --auto-converge --unsafe --copy-storage-all --xml test.xml error: operation aborted: migration out: canceled by client ### abort the job in other terminal [root@ubuntu ~]# virsh domjobinfo GUS447978da-04e8-4e9e-88cf-547309f9bbc5 Job type: None

What is TCP-over-TCP and how does OpenVPN under TCP mode avoid the issue? Posted: 14 Apr 2022 11:04 PM PDT This article explains why TCP-over-TCP could be a performance disaster. My understanding about the issue is that the 'outer' TCP connection deals with packet loss and congestion of the network and acts accordingly by increasing timeouts (and thus reducing throughputs). However, the 'inner' TCP connection does not see these network conditions because they are 'fixed' by the outer TCP. And therefore, the 'inner' TCP keeps sending packets at previous speed and thus explodes the internal sending buffer of the 'outer' TCP connection. My questions are: Is my understanding correct? It seems that the TCP-over-TCP meltdown is only internal (i.e., it only affects local buffers) but does it also affect the network as well? Does it cause more congestions in the network and does it degrade other connections on the same network? How does TCP-based VPNs solve this problem? OpenVPN has an article on this but it does not say why it is not a problem in practice (or is it?) Many thanks for any answer!

Boto3: How can I set Security Group Ids to default? Posted: 15 Apr 2022 02:28 AM PDT I am trying to set security group ids while creating an EC2 instance. If I have a specific security group Id list, I can do this: boto3.resource(resource, region_name=self.region) ec2 = self.resource instances = ec2.create_instances( ImageId=image_id, MinCount=minCount, MaxCount=maxCount, InstanceType=instance_type, SubnetId=subnet_id, KeyName=key_pair, SecurityGroupIds=security_groups) If I don't have the security group ids I'd like to use a default security group ids that get associated to launch-wizard-# security group if I don't pass SecurityGroupIds argument in ec2.create_instances. Is there a way to pass something to SecurityGroupIds argument that tells boto3 to use default security group Id? More specifically: instances = ec2.create_instances( ImageId=image_id, MinCount=minCount, MaxCount=maxCount, InstanceType=instance_type, SubnetId=subnet_id, KeyName=key_pair, SecurityGroupIds= <"What do I pass here so that boto3 takes in defaults?">) So that I get the same behavior as below (using the previous code snippet): instances = ec2.create_instances( ImageId=image_id, MinCount=minCount, MaxCount=maxCount, InstanceType=instance_type, SubnetId=subnet_id, KeyName=key_pair)

365 - Mail-enabled public folder not visible in EAC, Outlook, or Get-PublicFolder. BUT visible to Get-MailPublicFolder Posted: 15 Apr 2022 01:00 AM PDT I'm encountering a strange Exchange issue I haven't been able to figure out. Exchange Online (Office 365). Originally was an Exchange 2010 environment, migrated via O365 Hybrid Config, hybrid has since been decommissioned and the organization is cloud-only at this point. Problem - It appears that I have several 'orphaned' public folders. Get-MailPublicFolder lists numerous public folders that don't appear in the output of Get-PublicFolder. Get-PublicFolder -Recurse |Where-Object{$_.MailEnabled -like "*true*"} returns 11 results. Get-MailPublicFolder returns 37 results. The mail-enabled public folders that aren't returned by Get-PublicFolder don't display in Outlook or in the EAC. If an email is sent to them, an NDR is returned stating the recipient cannot be found. I compared the attributes I could see in Get-MailPublicFolder between one that is missing and one that does appear, and saw only one difference that I thought relevant - HiddenFromAddressListsEnabled. Contrary to what I would expect, the value for that was set to TRUE for the PF that WAS visible, and the attribute on the missing PF was set to FALSE. While this seemed the exact opposite of what I'd expect I went ahead and changed the attribute on the missing PF to TRUE to match the functioning PF. That made no difference. I also noticed the 'SimpleDisplayName' attribute was null. I added a value to that, still no difference. (SimpleDisplayName is null on the working PF as well.) What can I do to get my missing MailPublicFolder to be listed by Get-PublicFolder and displayed in my EAC? And if that isn't sufficient, to get the folder to receive emails sent to it? Clearly there is some disconnect somewhere preventing EOL from seeing this public folder, and I expect that the proper fix will resolve all of the various problems stemming from its invisibility. Thanks, Steve

How to remove stale routes during Windows Cluster RESTART? Posted: 15 Apr 2022 01:00 AM PDT BACKGROUND I have a Windows Cluster (2016) with four nodes (3 NICs each). When I try to restart any of the cluster host server, the whole cluster going down and other nodes are randomly failing. When I logged a case with Microsoft, they said it is because of the stale routes in NETFT table which is not cleared during the restart and gave me an workaround to restart all nodes to bring up the cluster. I feel that's going to take long time before I restart my physical servers and bring UP my cluster. I'm having SLA which could breach. Is there any helpful workaround? MICROSOFT's REPLY From cluster.log, the issue looks related with the stale routes on NetFT.sys. Log Analysis (Below errors kept reporting on all 4 cluster nodes, taking one of those occurrences as an example:) HOST1 2018/09/24-18:25:01.067 INFO [FTI][Initiator] This node (1) is initiator 2018/09/24-18:25:01.067 WARN [FTI][Initiator] `Ignoring duplicate connection: usable route already exists` 2018/09/24-18:25:01.067 INFO [CHANNEL 192.1.0.172:~3343~] graceful close, status (of previous failure, may not indicate problem) (0) 2018/09/24-18:25:01.068 WARN cxl::ConnectWorker::operator (): GracefulClose(1226)' because of 'channel to remote endpoint 192.1.0.172:~3343~ is closed' HOST2 2018/09/24-18:25:01.095 INFO [FTI][Initiator] This node (2) is initiator 2018/09/24-18:25:01.095 WARN [FTI][Initiator] `Ignoring duplicate connection: usable route already exists` 2018/09/24-18:25:01.095 INFO [CHANNEL 192.1.0.172:~3343~] graceful close, status (of previous failure, may not indicate problem) (0) 2018/09/24-18:25:01.096 WARN cxl::ConnectWorker::operator (): GracefulClose(1226)' because of 'channel to remote endpoint 192.1.0.172:~3343~ is closed' HOST3 2018/09/24-18:25:01.057 INFO [FTI][Follower] This node (4) is not the initiator 2018/09/24-18:25:01.057 DBG [FTI] Stream already exists to node 1: false 2018/09/24-18:25:01.057 DBG [CHANNEL 192.1.0.170:~62824~] Close(). 2018/09/24-18:25:01.057 INFO [CHANNEL 192.1.0.170:~62824~] graceful close, status (of previous failure, may not indicate problem) (0) 2018/09/24-18:25:01.057 INFO [CORE] Node 4: Clearing cookie [GUID] 2018/09/24-18:25:01.057 DBG [CHANNEL 192.1.0.170:~62824~] Not closing handle because it is invalid. 2018/09/24-18:25:01.058 WARN mscs::ListenerWorker::operator (): GracefulClose(1226)' because of 'channel to remote endpoint 192.1.0.170:~62824~ is closed' HOST4 2018/09/24-18:25:01.087 INFO [FTI][Initiator] This node (3) is initiator 2018/09/24-18:25:01.087 WARN [FTI][Initiator] `Ignoring duplicate connection: usable route already exists` 2018/09/24-18:25:01.087 INFO [CHANNEL 192.1.0.172:~3343~] graceful close, status (of previous failure, may not indicate problem) (0) 2018/09/24-18:25:01.088 WARN cxl::ConnectWorker::operator (): GracefulClose(1226)' because of 'channel to remote endpoint 192.1.0.172:~3343~ is closed' Those stale routes are the culprit for the nodes to join the cluster and that's why the node was not able to join back to the cluster. For NetFT, as the cluster network, any unexpected removed from membership, the NetFT route table is not getting cleared. The connection remained. When the initiator node tried to create new connection, as the routing table still got the old one, the nodes finally failed to join back to the cluster. The NETFT is a kernel level driver and that's why we need to reboot the nodes to refresh the NETFT table. Action Plan Please try to reboot all cluster nodes at the same time to remove the stale routes.

Windows server GPO, how to force SSID connection if in range Posted: 14 Apr 2022 08:06 PM PDT I have many wifi networks, but only one of these are suitable for domain computers of my windows 2016 domain. Can I setup a GPO to force a particular SSID usage if in the range? Many times I found that users choosed the wrong network and then the wrong ssid became the prefered one. I alread set up a GPO but this just add a profile in the SSID list and does nothing about connection priority. Consider that all SSID signal power are the same because they are broadcast by the same antennas.

how authenticated multiple subdomains in nginx with one login Posted: 14 Apr 2022 11:04 PM PDT we've got app consisting of several parts. Each part is running on it's subdomain (nginx site). We would like to hide access of dev env behind some shared auth, where first login on whatever of subdomains gonna grant access also for others. Our first idea was put nginx proxy site containing all domains ahead and set basic auth there and then proxy pass communication. Partially it was working. Problem is that basic auth is binded to domain name, so after loging one subdomain, I must put credentials for each on first access. Simplified example configuration we used, but it did not work desired way. server { listen 443 ssl http2; server_name paapi-xy.example.com; access_log /var/www/access_api_443.log; error_log /var/www/error_api_443.log debug; ssl_certificate /etc/ssl/example/example.com.chained.crt; ssl_certificate_key /etc/ssl/example/example.com.key; ssl_session_timeout 1d; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; root /var/www/html; location / { try_files $uri /index.api.html; } } server { listen 443 ssl http2; server_name pawww-xy.example.com; access_log /var/www/access_www_443.log; error_log /var/www/error_www_443.log debug; ssl_certificate /etc/ssl/example/example.com.chained.crt; ssl_certificate_key /etc/ssl/example/example.com.key; ssl_session_timeout 1d; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; root /var/www/html; location / { try_files $uri /index.www.html; } } server { listen 443 ssl http2; server_name paapi.example.com pawww.example.com; access_log /var/www/access_proxy_443.log; error_log /var/www/error_proxy_443.log debug; ssl_certificate /etc/ssl/example/example.com.chained.crt; ssl_certificate_key /etc/ssl/example/example.com.key; ssl_session_timeout 1d; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; root /var/www/html; set $xheader "someignoredvalue"; location / { satisfy any; auth_basic example_auth; auth_basic_user_file /var/www/.htpasswd; include proxy_params; if ($host = paapi.example.com) { proxy_pass https://paapi-xy.example.com; set $xheader paapi-xy.example.com; } if ($host = pawww.example.com) { proxy_pass https://pawww-xy.example.com; set $xheader pawww-xy.example.com; } proxy_set_header Host $xheader; } } Does anybody has some other idea how to do that, kind of SingleSignOn.

Network problems when I create Beanstalk environments from an AMI Posted: 14 Apr 2022 08:06 PM PDT I'm using AWS elastic beanstalk web interface to create an environment based on an existing AMI that has our application deployed on it. The environment gets created, the app is accessible via the ec2 instance's IP. however the environment's health keeps as "Pending" for 15 minutes then degrades to Severe after that with these errors in the environment's log: 2017-10-22 15:57:50 UTC+0300 INFO Launched environment: Winfooztest->env-6. However, there were issues during launch. See event log for >details. 2017-10-22 15:57:49 UTC+0300 ERROR The EC2 instances failed to >communicate with AWS Elastic Beanstalk, either because of configuration >problems with the VPC or a failed EC2 instance. Check your VPC >configuration and try launching the environment again. 2017-10-22 15:57:49 UTC+0300 ERROR Stack named 'awseb-e-ypy7mg2pta->stack' aborted operation. Current state: 'CREATE_FAILED' Reason: The >following resource(s) failed to create[AWSEBInstanceLaunchWaitCondition]. 2017-10-22 15:56:16 UTC+0300 WARN Environment health has >transitioned from Pending to Severe. Initialization in progress (running >for 16 minutes). None of the instances are sending data. 2017-10-22 15:41:48 UTC+0300 INFO Created CloudWatch alarm named: >awseb-e-ypy7mg2pta-stack-AWSEBCloudwatchAlarmHigh-QVXFWC3HZS5S So what I understood here is that the instance is created, but it's failing to communicate with elastic beanstalk. In contrast to common security sense, and in order to pinpoint the problem, I've tried to keep my VPC setting as public as possible. Here is what I did: VPC type: Created a "VPC with a single public subnet" IPv4 CIDR block: 10.0.0.0/16 Public subnet's IPv4 CIDR: 10.0.0.0/24 Visibility: public Checked the option to have a public IP address for the VPC Security group - Inbound: ALL Traffic|ALL|ALL|0.0.0.0/0 Security group - Outbound: ALL Traffic|ALL|ALL|0.0.0.0/0 Environment is configured to use a load balancer. No luck. I know there is a small networking tweak that I need to do. I've scratched my head (and my search engine) a lot. What am I missing? Can you help?

Error when running docker build on any dockerfile: "unable to prepare context: unable to evaluate symlinks in Dockerfile path" Posted: 15 Apr 2022 02:36 AM PDT I'm running : $ docker build -t somefile . Every time I run that I get this error: unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat The full error is: unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat /home/someusername/code/Dockerfile: no such file or directory I thought this had to do with the docker version I'm using, so upgraded to the latest version using this guide: Install Latest docker version. I still get the same error. I've tried different docker versions. I've tried on different servers. I've even tried different docker files. The last server I tried on I was using this version of docker: Docker version 17.03.1-ce, build c6d412e Not sure where I'm going wrong. Need a sanity check please.

Outlook performance issues in Terminal Server/Remote Desktop Services when using cloud hosted Exchange Posted: 15 Apr 2022 12:05 AM PDT I'm not sure if this specific question has been asked, but I can't seem to find any viable solutions that are supported by Microsoft. We have an office that currently has a few Windows Server 2003 systems configured with Terminal Services. Users in the office are on thin clients and log into their user accounts via RDP. The PDC in this configuration also had Exchange 2003 Standard running. I recently migrated their Exchange data to our Office 365 Exchange Online tenancy and configured each user's Outlook in their TS session. They have Office 2007 if this info matters. The staff have complained of Outlook being very very slow to start and sometimes unresponsive for a period of time compared to their old on-prem Exchange. The information I have found out by Google searching indicates that cloud hosted email with Outlook does not play nice in TS/RDS environments. On the one full desktop computer in their office that I've set Outlook up on so it can be used outside of a RDP session everything is working beautifully. So I think the issue is the TS/RDS environment. Why is that? Is it a Server 2003 TS and Outlook 2007 thing or is it the same for ALL iterations of TS/RDS and Outlook? Microsoft recommends that if Outlook is to be used in TS with Exchange, that "cached mode" be disabled, but this won't work very well for cloud hosted email where it's going to be running everything by the cloud server over a slow internet connection. What options do I have?

Powershell Set/Get-GPPermission missing from Group Policy on Windows 10 Posted: 14 Apr 2022 10:01 PM PDT Recently updated from windows 7 enterprise to windows 10 enterprise and went to run a script that has a call to Get-GPPermision and it errored out as missing that command. Edit: Set-GPPermission is also missing. checking for commands inside the group policy cmdlet shows that yes it is missing: PS C:\WINDOWS\system32> get-command -Module grouppolicy CommandType Name Version Source ----------- ---- ------- ------ Cmdlet Backup-GPO 1.0.0.0 GroupPolicy Cmdlet Copy-GPO 1.0.0.0 GroupPolicy Cmdlet Get-GPInheritance 1.0.0.0 GroupPolicy Cmdlet Get-GPO 1.0.0.0 GroupPolicy Cmdlet Get-GPOReport 1.0.0.0 GroupPolicy Cmdlet Get-GPPrefRegistryValue 1.0.0.0 GroupPolicy Cmdlet Get-GPRegistryValue 1.0.0.0 GroupPolicy Cmdlet Get-GPResultantSetOfPolicy 1.0.0.0 GroupPolicy Cmdlet Get-GPStarterGPO 1.0.0.0 GroupPolicy Cmdlet Import-GPO 1.0.0.0 GroupPolicy Cmdlet New-GPLink 1.0.0.0 GroupPolicy Cmdlet New-GPO 1.0.0.0 GroupPolicy Cmdlet New-GPStarterGPO 1.0.0.0 GroupPolicy Cmdlet Remove-GPLink 1.0.0.0 GroupPolicy Cmdlet Remove-GPO 1.0.0.0 GroupPolicy Cmdlet Remove-GPPrefRegistryValue 1.0.0.0 GroupPolicy Cmdlet Remove-GPRegistryValue 1.0.0.0 GroupPolicy Cmdlet Rename-GPO 1.0.0.0 GroupPolicy Cmdlet Restore-GPO 1.0.0.0 GroupPolicy Cmdlet Set-GPInheritance 1.0.0.0 GroupPolicy Cmdlet Set-GPLink 1.0.0.0 GroupPolicy Cmdlet Set-GPPrefRegistryValue 1.0.0.0 GroupPolicy Cmdlet Set-GPRegistryValue 1.0.0.0 GroupPolicy Here's the version table: PS C:\WINDOWS\system32> $PSVersionTable Name Value ---- ----- PSVersion 5.1.14393.693 PSEdition Desktop PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...} BuildVersion 10.0.14393.693 CLRVersion 4.0.30319.42000 WSManStackVersion 3.0 PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 The latest (posted last month) I can find shows the command stil there: https://technet.microsoft.com/itpro/powershell/windows/group-policy/index Note: it appears that Microsoft has broken backwards compatibility since the calls were named Get-GPPermissions and Set-GPPermissions in group policy with powershell 4, now they droped the 's' and are both named singular Get-GPPermission and Set-GPPermission. Anyone know how I can re-install the module? Edit: module re-install was easy it was just a case of uninstalling RSAT and then re-installing that. Sadly the command is still not showing up so my question should now be how to regain the missing commands.

pg_ctl: could not start server Posted: 15 Apr 2022 02:04 AM PDT I am trying to start the PostgreSQL server installed on a remote Redhat server(RHEL 6.7 x86_64) through putty. The command that I used to start the server is /etc/init.d/postgresql-9.5 start But it is showing the following error: This is the content of /pg_log/startup.log file: Here is the link for the content of postgresql.conf file: https://drive.google.com/file/d/0B9Yw9pzgnSgTTTBKaWxwWXUtNTg/view?usp=sharing I checked the postgresql.conf file but could not find any error. Can anybody help me resolve this issue? Edit: posting the output of "locale" command as asked by @Michael Hampton

Server crash (504 gateway timeout) with 100 concurrent users, using nginx and php5-fpm Posted: 14 Apr 2022 09:02 PM PDT We have a VPS server which is dedicated to a single website. Day to day it seems to work fine (say 20-50 concurrent users) but as soon as we get up to around 90+ concurrent users, the server starts to crash / timeout. It will start to show nginx's 504 Gateway Time-out error. We had some issues earlier in the year where it was taking about 7 seconds to load some data-heavy pages, which we managed to resolve 90% by optimising mysql queries and making use of myqsl cache. However it doesn't seem to be helping with this! When I say data heavy, it is loading approx 5000 records from the DB, through the framework. The server is running Ubuntu 15.10, with 4 CPU's and 4GB memory. Mysql is on its own server with 1GB memory. The mysql server doesn't seem to get past about 30% utilisation, even with 100 users. Mysql is configured to have a 64mb query_cache_size and 6mb query_cache_limit We have APC installed but doesn't seem to make much difference overall This is our nginx.conf user www-data; worker_processes 4; pid /run/nginx.pid; events { worker_connections 1024; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 15; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; client_body_buffer_size 32k; client_header_buffer_size 8k; large_client_header_buffers 8 64k; #client_body_buffer_size 10K; #client_header_buffer_size 1k; client_max_body_size 12m; #large_client_header_buffers 2 1k; fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=microcache:100m inactive=10m max_size=1024m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## #access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; gzip_comp_level 3; gzip_vary on; gzip_proxied any; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } This is the server block server { listen 80 default; server_name www.website.com; root /var/www/website.com/httpdocs; index index.php index.html index.htm; location / { try_files $uri @handler; } error_page 404 /assets/error-404.html; error_page 500 /assets/error-500.html; location @handler { expires off; include fastcgi_params; fastcgi_pass unix:/var/run/php5-fpm.sock; # fastcgi caching #Cache everything by default set $no_cache 0; if ($request_method !~ ^(GET|HEAD)$) { set $no_cache "1"; } #Don't cache the following URLs if ($request_uri ~* "/(admin/|member/)") { set $no_cache 1; } #fastcgi_no_cache $no_cache; #fastcgi_cache_bypass $no_cache; #fastcgi_cache microcache; #fastcgi_cache_key $scheme$host$request_uri$request_method; #fastcgi_cache_valid 200 301 302 10m; #fastcgi_cache_use_stale updating error timeout invalid_header http_500; #fastcgi_pass_header Set-Cookie; #fastcgi_pass_header Cookie; #fastcgi_ignore_headers Cache-Control Expires Set-Cookie; fastcgi_param SCRIPT_FILENAME $document_root/framework/main.php; fastcgi_param SCRIPT_NAME /framework/main.php; fastcgi_param QUERY_STRING url=$uri&$args; fastcgi_buffer_size 32k; fastcgi_buffers 4 32k; fastcgi_busy_buffers_size 64k; } } This is pool.d/www.conf details pm = dynamic pm.max_children = 30 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 4 pm.max_requests = 500 PHP is set to have 128mb memory, however each process is usually around ~70mb I didn't manage to get a top while it was at 100 users, but this is the usual state: total used free shared buffers cached Mem: 3951 3793 157 114 273 2918 -/+ buffers/cache: 602 3348 Swap: 0 0 0 You'll see I did some experimenting with nginx's fastcgi_cache, which made a huge difference to performance (load time of 50 - 100ms) however the website has a lot of user functionality (uploads, modifying etc) which didn't work with it enabled. I would like to re-look at fastcgi_cache but I feel that we must be able to get a better result on this current server without it?! Been battling this one for a while now so any help would be great.

Connecting to MS SQL Server using FreeTDS: Error 20002: "Adaptive Server connection failed" Posted: 14 Apr 2022 09:02 PM PDT I am trying to use FreeTDS to connect from a Linux server (RHEL v7) to a separate server running MS SQL Server 2014. However, when attempting to connect with tsql I get the following errors (error message differs depending on whether I include username and password): $ tsql -S MYSERVER locale is "en_US.UTF-8" locale charset is "UTF-8" using default charset "UTF-8" Error 20002 (severity 9): Adaptive Server connection failed There was a problem connecting to the server $ tsql -S MYSERVER -U myusername -P mypassword locale is "en_US.UTF-8" locale charset is "UTF-8" using default charset "UTF-8" Error 20017 (severity 9): Unexpected EOF from the server Error 20002 (severity 9): Adaptive Server connection failed There was a problem connecting to the server Additionally, running tsql -LH gives no output: $ tsql -LH MYSERVER $ I don't believe the issue is with a firewall or anything else on the SQL Server side, because: I am able to telnet to the server: $ telnet my.server.address 1433 Trying 11.22.33.444... Connected to my.server.address. And, I can successfully connect to the SQL Server via ODBC from a (Windows) laptop, via the ODBC Data Source Administrator utility. Contents of my /etc/freetds.conf: [global] tds version = 7.0 ; tds version = 4.2 ... [MYSERVER] host = my.server.address port = 1433 tds version = 7.0 Contents of TDSDUMP log file after running tsql -S MYSERVER: log.c:167:Starting log file for FreeTDS 0.95.19 on 2015-11-18 10:02:20 with debug flags 0x4fff. iconv.c:328:tds_iconv_open(0x1c53d90, UTF-8) iconv.c:187:local name for ISO-8859-1 is ISO-8859-1 iconv.c:187:local name for UTF-8 is UTF-8 iconv.c:187:local name for UCS-2LE is UCS-2LE iconv.c:187:local name for UCS-2BE is UCS-2BE iconv.c:346:setting up conversions for client charset "UTF-8" iconv.c:348:preparing iconv for "UTF-8" <-> "UCS-2LE" conversion iconv.c:395:preparing iconv for "ISO-8859-1" <-> "UCS-2LE" conversion iconv.c:400:tds_iconv_open: done net.c:202:Connecting to 11.22.33.444 port 1433 (TDS version 7.0) net.c:274:tds_open_socket: connect(2) returned "Operation now in progress" net.c:313:tds_open_socket() succeeded util.c:165:Changed query state from DEAD to IDLE login.c:797:using GSS authentication gssapi.c:218:using kerberos name MSSQLSvc/my.server.address:1433 gssapi.c:230:gss_import_name: GSS_S_COMPLETE: gss_import_name completed successfully. gssapi.c:318:gss_init_sec_context: actual mechanism at 0x(nil) gssapi.c:334:gss_init_sec_context: min_stat 2529639136 "Unknown error -1765328160" gssapi.c:374:gss_init_sec_context: GSS_S_FAILURE: The routine failed for reasons that are not defined at the GSS level. login.c:472:login packet rejected query.c:3769:tds_disconnect() util.c:165:Changed query state from IDLE to DEAD util.c:322:tdserror(0x1c53ca0, 0x1c53d90, 20002, 0) util.c:352:tdserror: client library returned TDS_INT_CANCEL(2) util.c:375:tdserror: returning TDS_INT_CANCEL(2) mem.c:648:tds_free_all_results()

ClearOS SMTP Server Setup using Gmail SMTP Posted: 15 Apr 2022 12:05 AM PDT How to set up ClearOS SMTP server using gmail SMTP? I'm using ClearOS as IMAP mail server. Receiving mails from pop hosting is no problem. But to setup SMTP for client using the same server is a challenge. Anybody knows how to use Google mail account as an SMTP server for ClearOS? Thank you.

When does /tmp get cleared? Posted: 15 Apr 2022 12:59 AM PDT I'm taking to putting various files in /tmp, and I wondered about the rules on deleting them? I'm imagining it's different for different distributions, and I'm particularly interested in Ubuntu and Fedora desktop versions. But a nice general way of finding out would be a great thing. Even better would be a nice general way of controlling it! (Something like 'every day at 3 in the morning, delete any /tmp files older than 60 days, but don't clear the directory on reboot')

Installing something from source using chef, should I be doing some checks Posted: 15 Apr 2022 02:04 AM PDT I'm installing something from source using chef and the script resource. Should I be doing a check for the resultant executable etc. as part of it? e.g. What I currently have is: remote_file "/tmp/foo.tar.gz" do source "foo.tar.gz" mode "0644" end script "install_foo" do interpreter "bash" user "root" cwd "/tmp" code <<-EOH tar -zxf foo.tar.gz cd foo make cp foo /usr/local/bin EOH end

Random Connections to MySQL refused (Error 111) Posted: 14 Apr 2022 10:01 PM PDT A Perl/CGI webapp that has been running fine for almost a year has started to randomly been unable to connect to a remotely hosted MySQL. The Error thrown is : Can't connect to MySQL server on 'xx.x.xxx.xx' (111) Reloading the page often solves the problem The client is using Perl, DBI and SSL to connect to MySQL using the same configuration file each time. MySQL 5.0 Server Running RH EL5 Quad-Core AMD Opteron(tm) Processor 2374 HE, 8 cores Real Memory: 15.73 GB total, 11.81 GB used allows networking in my.cnf max-connections are not being met load is low. The servers firewall is open to the client's subnet. The mysql user has permissions from the client's subnet. I have my host looking into the problem but so far we're all stumped as to way the occasional connection is (increasingly getting refused) Any advice what to check that would cause the random refusal of connections?

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States