Recent Questions - Server Fault

---

• Central Certificate Store Failures and Logging
• CentOS 8 fix for letsencrypt change
• Usage Spikes - Dormant VMs
• Digicert EV SSL allows subdomain no need for wildcard or SANs?
• How is the best practices to build proxy server on ubuntu?
• Strongswan VPN certificate authentication failed
• Nginx proxy_pass same host and port different target
• Lsass.exe high CPU usage on Windows Server 2012 R2 for HTTPS request
• Mariadb legacy support
• Modifying parent snapshot in QCOW2 internal snapshots tree
• Not able to resolve DNS on DNS server but works on clients querying the DNS server (fixed now)
• How can an AWS lambda function call an EC2 instance via private ip address?
• Assigning a Public IPv4 automatically to every KVM VM thats being created?
• Inconsistent 403 Forbidden issues with images on a website
• Postfix smtpd_client_restrictions with check_client_access not working
• Google App Engine HTTPS listening ports 8443 or 3443
• No space left on device even after adding a Persistence Storage on gcloud
• SQL Server with MSA cannot write to UNC share
• How do I find IIS web application dependencies using Powershell and webadministration on Server 2012?
• Cannot provide permission to IIS_IUSRS on C:/Windows/Temp
• Windows cluster has lost or discarded the CLUSDB
• Send as shared mailbox alias
• Unable to clear sendmail mqueue-client
• DatabaseSize, AvailableNewMailboxSpace info is Blanks
• Hardware Acceleration for MD RAID?
• Outlook 2010 "Cannot open this item" on Windows 7 64-bit
• Error while creating VM using virt-manager on Xen
• How to force nginx to resolve DNS (of a dynamic hostname) everytime when doing proxy_pass?
• Is it possible to run a task on the last day of the month using taskmgr?

Central Certificate Store Failures and Logging Posted: 18 Apr 2022 08:54 AM PDT I've got IIS 10 on a Server 2019 instance with a Centralized Certificate Store configured. The CCS looks valid in IIS. Certs are loaded and display no warnings or errors, but requests to any site returns a TCP reset. If I manually install the cert from the CCS into IIS it works too, so it's not a cert problem. I've verified with Wireshark that the Client Hello is including the the correct SNI host name that matches the file name in my CCS. Per this question, I've checked that Require SNI is enabled on all https bindings on the entire server (there are only two and both on the same site) The output of netsh http show sslcert looks like this: How can I debug this further? Is there some cert store log where I can get more details on failed requests (inetpub and httperr don't include them)?

CentOS 8 fix for letsencrypt change Posted: 18 Apr 2022 08:28 AM PDT blacklisting DST Root CA X3 and updating trust doesn't solve the problem where as the same solution works fine in CentOS 7

Usage Spikes - Dormant VMs Posted: 18 Apr 2022 08:28 AM PDT My google cloud platform was dormant for over a year and all VMs were shut off. All of a sudden, the usage spiked without any initiation between April 1st to 15th and stopped all of a sudden. This is costing me a lot!! Anyone else witnessed similar issue? Please advise. Thanks!

Digicert EV SSL allows subdomain no need for wildcard or SANs? Posted: 18 Apr 2022 08:49 AM PDT I have a DigiCert Basic EV Certificate. TLS/SSL and I want to add a subdomain, without adding a SANs or Wildcard. It's possible?? my license is this. https://www.digicert.com/tls-ssl/basic-tls-ssl-certificates

How is the best practices to build proxy server on ubuntu? Posted: 18 Apr 2022 07:56 AM PDT I added to my server IP Failover (32 IP / OVH). I want to build a proxy server on one container on docker on this server. Which tool/lib is the best in this situation? I need a proxy for scraping several pages via puppeteer. At the moment I using ten rows proxy, and I want similar links like ten rows for scraping: curl -k "http://example.com" -L -x "http://67e5d6108f831a320d4e70e88e410a58518a9ade:@proxy.zenrows.com:8001" I thinking about Squid, it is a good option?

Strongswan VPN certificate authentication failed Posted: 18 Apr 2022 07:16 AM PDT I've installed strongswan vpn on my ubuntu server. Set up certificate authentication. I've set up my android-phone and it works fine. But connection didn't established on the windows machine. I copied ca-cert into root ca and client certificate into personal store. But I get an error 13806 (wrong certificate). What am i doing wrong? /etc/ipsec.conf config setup # strictcrlpolicy=yes uniqueids = no charondebug="ike 4" include /var/lib/strongswan/ipsec.conf.inc conn %default dpdaction=clear dpddelay=35s dpdtimeout=300s fragmentation=yes rekey=no ike=aes256-aes128-sha256-sha1-modp3072-modp2048-modp1024 esp=aes256-aes128-sha256-sha1-modp3072-modp2048-modp1024 # left - local (server) side left=%any leftauth=pubkey leftcert=server.crt leftsendcert=always leftsubnet=0.0.0.0/0,::/0 # right - remote (client) side right=%any rightauth=pubkey rightsourceip=192.168.103.0/24,2002:25f7:7489:3::/112 rightdns=8.8.8.8,2001:4860:4860::8888 conn ikev2-pubkey keyexchange=ikev2 auto=add conn ikev2-pubkey-osx also="ikev2-pubkey" leftid=ip_address_server /etc/ipsec.secrets : RSA server.key server-cert subject: "CN=domain_name" issuer: "CN=IPsec CA" validity: not before Apr 18 10:07:00 2022, ok not after Apr 02 10:07:00 2025, ok (expires in 1079 days) serial: a9:e3:a4: altNames: ip_address_server flags: serverAuth authkeyId: 13:f8:f0: subjkeyId: 5a:a8:11: pubkey: RSA 2048 bits, has private key client-cert subject: "CN=client" issuer: "CN=IPsec CA" validity: not before Apr 18 10:07:19 2022, ok not after Apr 02 10:07:19 2025, ok (expires in 1079 days) serial: 4c:e2:46:09:81:87:14:60:96:79:cf:bb:d6:62:13:68 altNames: client flags: clientAuth and that's log 09[IKE] sending cert request for "CN=IPsec CA" 09[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ] 09[NET] sending packet: from server_ip[500] to client_ip[500] (353 bytes) 07[NET] received packet: from client_ip[500] to server_ip[500] (40 bytes) 07[ENC] payload type NOTIFY was not encrypted 07[ENC] could not decrypt payloads 07[IKE] integrity check failed 07[IKE] INFORMATIONAL request with message ID 0 processing failed

Nginx proxy_pass same host and port different target Posted: 18 Apr 2022 06:16 AM PDT I have three instances where I run an SFTP service, each with its respective host name sftp.domain1.com, sftp.domain2.com and sftp.domain3.com, all responding to the same IP (instance number four) I have installed a four instance which will work with Nginx proxy_pass as a kind of balancer to send the requests to the appropriate instance according to the connection host. Any help doing this? sftp.domain1.com => nginx proxy_pass => instance 1 sftp.domain2.com => nginx proxy_pass => instance 2 sftp.domain3.com => nginx proxy_pass => instance 3

Lsass.exe high CPU usage on Windows Server 2012 R2 for HTTPS request Posted: 18 Apr 2022 06:02 AM PDT Recently we faced CPY spikes on our production servers & our web applications runs on Windows Server 2016 as well 2012 server. It looks as follows: IIS with 10 applications running with SSL: MVC website (.Net Framework 4.7.2) & Webservices MS SQL Express 2016. If the traffic increases, the CPU for lsass.exe increases. I have tried the following but no luck still, Changed RSA byte array size to 2048 from 4096 Enable only "PKCS - Key Exchanges" using IISCrypto → Best Practices Updated the latest windows update on the system It is workgroup system not DC [Domain controlled] DNS properly configured Any help appreciated.

Mariadb legacy support Posted: 18 Apr 2022 05:56 AM PDT I have old version of php site, which uses unescaped 'row_number' column number in its sql queries. It seems in the new version of mariadb there has been new function called "row_number()" added and thus the queries fail. To refactor the whole project is out of the question. Also I don't want to dockerize the whole thing with older version of mariadb. Is there a way to use new mariadb but also use older syntax/function set so there is no collision? Thanks.

Modifying parent snapshot in QCOW2 internal snapshots tree Posted: 18 Apr 2022 05:17 AM PDT Faced one problem and cannot find any info on the net Let's say I have several snapshots on my VM running on .qcow2 image. For example, it has next tree: # virsh snapshot-list my_vm --tree clean | +- basic | | | +- project_deps | +- noproxy | +- project_deps-noproxy Where: clean - freshly installed OS with updates basic - clean + qemu_guest_agent + cntlm project_deps - basic + project dependencies noproxy - clean + qemu_guest_agent project_deps-noproxy - noproxy + project dependencies At the moment everything is just fine but one day some packages on clean snapshot will become outdated and I'll have to update it. So there is the problem. As I see, there is no option to kinda rebase snapshots on "updated clean" snapshot. I tried creating it and replacing parent snapshot in children .xml's and as expected - no result. Sadly, I cannot use external snapshots even considering that they have requested functionality I am glad to see any ideas on coping with that.

Not able to resolve DNS on DNS server but works on clients querying the DNS server (fixed now) Posted: 18 Apr 2022 08:46 AM PDT This problem has now been resolved look at edit at the end I think I have set up a DNS server on a local machine to resolve local machine names on network. I have domain range 192.168.1.0/24 and a KVM virtual set up with 192.168.122.0/24 The DNS service is also on the KVM server I followed the steps on this site https://www.fosslinux.com/7631/how-to-install-and-configure-dns-on-ubuntu.htm and amended for my network. When I try to resolve DNS entries from a machine querying the DNS server I get the correct responses but when I try to resolve and name directly on the DNS server it says ** server can't find ubuntu20.home.local: SERVFAIL I can run dig specifying the dns server by ip and then the correct results come back but when I query the server with dig not using the ip address it fails. my set up is below ipconfig /all on windows machine Wireless LAN adapter WiFi: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 3165 Physical Address. . . . . . . . . : 58-FB-84-72-F8-C6 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::159e:cd21:7f39:d5c1%15(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.122(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 17 April 2022 09:39:17 Lease Expires . . . . . . . . . . : 19 April 2022 09:53:53 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 106494852 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-A9-89-23-58-FB-84-72-F8-C6 DNS Servers . . . . . . . . . . . : 192.168.1.232 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled root@KVM:/etc/bind# dig A ubuntu20.home.local ; <<>> DiG 9.16.1-Ubuntu <<>> A ubuntu20.home.local ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 171 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;ubuntu20.home.local. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Mon Apr 18 08:57:55 UTC 2022 ;; MSG SIZE rcvd: 48 root@KVM:/etc/bind# dig A ubuntu20.home.local @192.168.1.234 ; <<>> DiG 9.16.1-Ubuntu <<>> A ubuntu20.home.local @192.168.1.234 ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61859 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: c4322b3badb1a4b901000000625d28173175ca403d5a08c3 (good) ;; QUESTION SECTION: ;ubuntu20.home.local. IN A ;; ANSWER SECTION: UBUNTU20.home.local. 604800 IN A 192.168.122.104 ;; Query time: 0 msec ;; SERVER: 192.168.1.234#53(192.168.1.234) ;; WHEN: Mon Apr 18 08:57:59 UTC 2022 ;; MSG SIZE rcvd: 101 named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 8.8.8.8; 8.8.4.4; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; listen-on-v6 { any; }; }; named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "home.local" { type master; file "/etc/bind/db.home.local"; }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192.168.1"; }; zone "122.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192.168.122"; }; db.home.local ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA KVM.home.local. admin.home.local. ( 2022041711 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; IN A 192.168.1.232 ; ; Name server @ IN NS KVM.home.local. ; KVM IN A 192.168.1.232 UBUNTU20 IN A 192.168.122.104 ;test IN A 192.168.1.254 db.192.168.1 ; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA home.local. admin.home.local. ( 2022041705 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ; nameservers IN NS KVM.home.local. ; PTR recoreds 232 IN PTR KVM.home.local. db.192.168.1 ; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA home.local. admin.home.local. ( 2022041707 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ; nameservers IN NS KVM.home.local. ; PTR records 104 IN PTR UBUNTU20.home.local. root@KVM:/etc/bind# nslookup ubuntu20.home.local Server: 127.0.0.53 Address: 127.0.0.53#53 ** server can't find ubuntu20.home.local: SERVFAIL root@KVM:/etc/bind# nslookup ubuntu20.home.local Server: 127.0.0.53 Address: 127.0.0.53#53 ** server can't find ubuntu20.home.local: SERVFAIL root@KVM:/etc/bind# nslookup KVM.home.local Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: KVM.home.local Address: 127.0.1.1 Name: KVM.home.local Address: 192.168.1.232 After Following Setting up a DNS name server for a mass virtual host with Bind9 I have resolved this by setting the nameserver in /etc/resolve.conf nameserver 192.168.1.232

How can an AWS lambda function call an EC2 instance via private ip address? Posted: 18 Apr 2022 05:50 AM PDT How can I get a lambda to call an ec2 instances via its private ip address? Long story short, making a discord bot for my minecraft server mates to start and stop the AWS instance, and to handle auto shutdown if no one is on the server. Lambda function would handle starting, stopping, getting the current auto-assigned public ip address, and confirming the server is running via Minecraft's query protocol (UDP port 25565) I am trying to do this as cost efficient as possible, and want to see if I can do this without an elastic ip address assigned. As I will have more then one minecraft server that will need to launched. And there is a fee if that server is offline with a elastic ip address, or you are using more then 1 elastic ip. I have tested the same function when the same server was using an elastic ip address, and it worked as expected. Now, I want to know if I can do the same with the private ip address.

Assigning a Public IPv4 automatically to every KVM VM thats being created? Posted: 18 Apr 2022 06:44 AM PDT Im wondering how would i go on about assigning a public ipv4 to each vm thats being created. Setup : Host Server with 3 IPs on CentOS8 using libvirt and kvm to virtualize Bridge br0 using eth0 as interface. After a lot of Trial and Error i managed to do it manually by using a bridge and assigning the IP-Address to the interface of the Guest OS Network File. Though i wish this would be automatic considering that if i reinstall the OS now it would go back to not having the IP-Address and id have to connect to the Guest and edit the ipv4-address in the network files manually everytime. How can i avoid this ? Goal : each IPv4 is hardlocked to a Virtual Machine and will stay no matter if the OS gets reinstalled. Optional Goal : If any IPv4 from the Host OS is unused, it should be assigned to the next VM created. Do i have to code my own software to do this everytime or is there a simpler way ?

Inconsistent 403 Forbidden issues with images on a website Posted: 18 Apr 2022 09:01 AM PDT I am getting inconsistent HTTP 403 Forbidden results when requesting images embedded on a webpage. This is happening more frequently in FireFox, but occasionally also happens in Chrome. This website has been used for many years and this just popped up a few weeks ago. I control both the website and the server and am not sure of how to troubleshoot this issue. When I refresh the page it seems to be a different combination of resources that causes the issue. Response: HTTP/1.1 403 Forbidden Server: Microsoft-IIS/8.5 X-UA-Compatible: IE=Edge X-Frame-Options: sameorigin X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=63072000; includeSubDomains; P3P: Our site does not have a P3P Policy, please see our privacy policy for more information. Date: Fri, 15 Apr 2022 17:34:15 GMT Content-Length: 0 Request: GET /bonds/images/exclamation.png HTTP/1.1 Host: <Redacted> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0 Accept: image/avif,image/webp,*/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: <Redacted> Cookie: <Redacted> Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin If-Modified-Since: Mon, 04 Apr 2022 20:03:08 GMT Cache-Control: max-age=0

Postfix smtpd_client_restrictions with check_client_access not working Posted: 18 Apr 2022 07:27 AM PDT I suddenly receive many spam mails per day and I'm trying to filter the source by IP. In my main.cf file I have this: smtpd_client_restrictions = check_client_access cidr:/etc/postfix/blacklist, permit and in this blacklist file I have IP addresses and networks defined in the following way according to https://linux.die.net/man/5/access. I don't filter by domain name since every spam has a different domain name. 1.2.3.4 REJECT Blacklisted 5.6.7 REJECT Blacklisted I used cdbpreviously and it was working perfectly, except for networks (5.6.7). I switched to cidr which is apparently recommended, but I still get spam although the network is in my blacklist file. I did the sudo postmap /etc/postfix/blacklist && sudo postfix reload after adding the network to the blacklist file, but it didn't filter the spam mail.

Google App Engine HTTPS listening ports 8443 or 3443 Posted: 18 Apr 2022 09:01 AM PDT I am testing an application in the App Engine Flexible Environment, and at some point I will need to process some WebHooks sent on TCP ports 8443 or 3443. As long as I could test, App Engine load balancer (which deals with HTTPS connections) only accepts connections on port 443. Is there a way to listen HTTPS connection on these other ports? I couldn't find App Engine specific firewall configuration at this level (load balancer). EDIT: After some real testing, I found out that the WebHooks are working properly. The errors I was facing were probably related to the way that tests were done.

No space left on device even after adding a Persistence Storage on gcloud Posted: 18 Apr 2022 04:03 AM PDT I am new to Google Cloud. I was downloaded a few text files into the VM instance. I then suddenly started getting messages like bash: cannot create temp file for here-document: No space left on device I ran the df -h and found that my disk was being used 100% /dev/sdb 9.8G 9.3G 0 100% / I searched about it and figured that I might need to add more persistence storage. I followed the instructions here -> https://cloud.google.com/compute/docs/disks/add-persistent-disk Now when I run the df -h I see that the new storage is added (usage is 1%) /dev/sdc 20G 45M 20G 1% /mnt/disks/disk2 When I run lsblk, I get: NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 10G 0 disk └─sda1 8:1 0 10G 0 part / sdc 8:32 0 20G 0 disk /mnt/disks/disk2 However, I am still getting the same error with No space left on device. I have restarted the VM. Kindly help. P.S. VM -> Debian 4.9.65-3+deb9u2 (2018-01-04) x86_64

SQL Server with MSA cannot write to UNC share Posted: 18 Apr 2022 08:00 AM PDT I have SQL Server 2012 running in an Active Directory Domain environment. I set up a Managed Service Account for the SQL services to run under, as per this document. Since my domain functional level is 2008, it's a regular MSA and not a gMSA (group). So far, so good. The problem is that I want to back up the databases to a UNC share. This wouldn't be a problem if the SQL service were running under a regular domain account, but the Managed Service Account cannot write to a shared directory. I explicitly gave permission in the security settings for that share, but SQL still throw an error when trying to make a backup. Specifically, the error message says: System.Data.SqlClient.SqlError: Cannot open backup device '\remoteserver\Backupshare\SQLbkup.bak'. Operating system error 1808(The account used is a computer account. Use your global user account or or local user account to access this server.). (Microsoft.SqlServer.Smo) [Actual backup path changed for redaction purposes] Searches on the error message have only turned up non-relevant results. Some discussions on technet indicate that it should be possible to give the MSA permission to write in a remote directory. Any idea what I'm missing? 26 April 2018 Edit: In my original post I neglected to mention that the specific share I want to write to is a CIFS share on a Netapp device. I didn't mention it because I didn't think it was relevant. However, as I have continued to research this and do more testing, it seems that it may indeed be a Netapp issue. As a test, I made a share on a regular Windows 7 machine, and attempted to write my SQL backup there. It worked as long as I gave the MSA permission on the target directory. When I looked in the security log on the Windows 7 machine, I saw that the incoming connection was using the MSA credentials, regardless of whether I was using a proxy in in the SQL Agent or not. So on the SQL end, it seems that even if the job is getting launched as domain administrator, the actual write operation for the bak file is taking place as the Managed Service Account. If the target is a Windows machine on the domain, it can accept that incoming connection. A Netapp, however, cannot - at least with the version of Data ONTAP we have. So it would seem we're at an impasse. Thanks though to Katherine for your response, which helped me learn a lot. :)

How do I find IIS web application dependencies using Powershell and webadministration on Server 2012? Posted: 18 Apr 2022 08:00 AM PDT Wondering if someone can help with this. I have a number of servers that host IIS 7.5 and IIS 8.5 web application of various types. As these are production web applications and servers i can't install any software on the server so i must find a way to remotely interrogate the server to retrieve the windows feature dependencies per web application. I am aware already the I can use msdeploy to get the dependencies but that means i need to install the msdeploy software on the server which I cant do. Also I am aware that I can use the Get-OSFeature to remotely retrieve the Windows features that are installed on a particular server. This also is not useful as i need to connect to the web application to get the dependencies of the application. So can this be done using powershell and Get-WebConfiguration and if so can someone show me as i have so far only been able to get the installed features using this method also eg. Get-WebConfiguration system.webServer/* 'IIS:\sites' -Recurse Thanks

Cannot provide permission to IIS_IUSRS on C:/Windows/Temp Posted: 18 Apr 2022 06:00 AM PDT I have an ASP.NET Web Forms Application which has some reports created using SAP Crystal Reports Runtime for .NET Framework 4. The C:\Windows\Temp folder contains my Report files of the application. That's why, I need to provide IIS_IUSRS permission on C:\Windows\Temp. Problem is, whenever I'm trying to give IIS_IUSRS permission to Temp, I'm getting this error message: Error Applying Security An error occured while applying security information to C:\Windows\Temp Access is Denied If I click on the option 'Continue', I get the following error: Windows Security Unable to save permission changes on Temp Access is denied I need urgent solution to this because I have an emergency delivery. At any cost, I MUST have to grant IIS_IUSRS access to C:\Windows\Temp. Please help urgently. .NET Framework - 4, IIS - 7, Windows 7 Ultimate - 64 bit.

Windows cluster has lost or discarded the CLUSDB Posted: 18 Apr 2022 06:00 AM PDT Both nodes of a two node windows failover cluster on 2008R2 have lost the CLUSDB file. I think this happened because an inexperienced admin came to a cluster with a reserved disk issue and re-installed the Clustering feature over the top of itself. So there is no config info on the server, no CLUSDB file which means no Registry Hive for the Cluster. On either server. However, the server still knows its part of a cluster. You can't start the cluster service on either side, because the cluster config is missing. From the cluster.log file [CS] Service CreateNodeThread Failed, ERROR_FILE_NOT_FOUND(2)' because of 'Open parameters key failed.' There are no backups of the CLUSDB file, its a test cluster so someone saw fit to omit it from backup. Because I can't start the cluster service, I can't evict the nodes from the cluster, so reconfiguring from scratch isn't going to work. The last resort as I saw it was uninstall the Clustering feature, but you can't do this whilst a server still thinks it belongs in a cluster. So the question. Is this a rebuild from scratch including O/S or are there any ways round this?

Send as shared mailbox alias Posted: 18 Apr 2022 09:01 AM PDT In Exchange 2010 I have a shared mailbox with two emailaddresses (alias). How do I sent an email using one of the aliases? I'm already using smartreply and choosefrom for my own mailbox, but it doesn't seem to work with shared mailboxes.

Unable to clear sendmail mqueue-client Posted: 18 Apr 2022 05:00 AM PDT drwxr-xr-x 2 smmsp smmsp 4.0K May 6 23:31 mqueue drwxrws--- 2 smmsp smmsp 29M May 8 10:40 mqueue-client As you can see mqueue-client is filled with 29 megabytes of unsent mail. This seems to be likely from an internal function sending mail to localhost which is failing. I've tried numerous attempts to clear the queue but none have succeeded. The result is a process using up significant CPU resources: 16287 smmsp 20 0 50212 44m 2416 R 85 4.4 965:35.45 sendmail-msp I've tried killing the process, stopping the sendmail service, deleting the contents of the mqueue-client and even switching to the smmsp user. But none have worked. rm hangs when trying to remove the mail. How can I go about emptying this queue? Once I've done this I'll move everything over to Postfix.

DatabaseSize, AvailableNewMailboxSpace info is Blanks Posted: 18 Apr 2022 05:00 AM PDT I have been archiving mailboxes on our Exchange 2010 server and subsequently deleting large numbers of messages from nearly all mailboxes by setting retention periods on them. I would like to know how much of the database is now just whitespace so that I can gauge how much space will be freed up by defragging it using ESEUTIL. So, I run: Get-MailboxDatabase -Status | ft Name,DatabaseSize,AvailableNewMailboxSpace But the columns that are returned for both DatabaseSize and AvailableNewMailboxSpace are blank. I have tried specifying the database using the "-Identity" parameter, but the result is the same. Am I omitting something necessary?

Hardware Acceleration for MD RAID? Posted: 18 Apr 2022 05:01 AM PDT Is it possible, or feasible, or even sensible to consider hardware acceleration for MD RAID? I am referring more here to RAID6 type levels where there is a computation overhead. My thinking is that it is still disks that will provide the greater bottleneck, but I am surmising. As has been pointed out in the answers, this should simply mean getting a hardware RAID card. The advantage of MD over hardware is to avoid the need for hardware of course - it is software RAID. However, another advantage of MD is avoiding vendor lock-in. My understanding is that you cannot move disk sets between different hardware RAID vendor products and have any hope they will work without starting over. Whereas with MD you can move disks between machines without issue. Having hardware that can boost the performance of MD RAID without having to resort to a wipe, rebuild and restore would be beneficial in some cases.

Outlook 2010 "Cannot open this item" on Windows 7 64-bit Posted: 18 Apr 2022 07:03 AM PDT I have to admit this has stumped me... User's Workstation Outlook 2010 (32-bit) w/ Cached Exchange Mode enabled Windows 7 Pro (64-bit) Email account is on Exchange 2003 Problem The user is unable to open certain emails in Outlook on this computer. Error msg is "Cannot open this item". The same user has a laptop with Outlook 2010 (32-bit) and Windows 7 Pro (32-bit). On his laptop he CAN open these emails without any problems. So to me that says this is a bug with Windows 7 Pro (64-bit). He can also open these emails on his BlackBerry. Things I've tried to fix this problem... Recreate his Outlook profile from scratch Recreate his Windows user profile from scratch Reinstall Office 2010 from scratch Move his Exchange mailbox to a different storage group on the server Installed a Microsoft Hotfix that supposedly fixes the problem (it did not) Strange thing is - most of the emails he cannot open were emails sent to him from a BlackBerry within the organization. Coincidence? Any help is greatly appreciated!

Error while creating VM using virt-manager on Xen Posted: 18 Apr 2022 07:03 AM PDT After a great struggle I got my XEN installed now I am using virt-manager and trying to create a VM. Since my H/W doesnt support full Virtualization using the Para Virtualization installation over network. After I specify all the details like URL , N/w etc., I get the following error: Unable to complete install: 'POST operation failed: xend_post: error from xen daemon: (xend.err "Error creating domain: 'NoneType' object has no attribute 'rfind'") The complete error: Unable to complete install: 'POST operation failed: xend_post: error from xen daemon: (xend.err "Error creating domain: 'NoneType' object has no attribute 'rfind'")' DETAILS-> Unable to complete install '<class 'libvirt.libvirtError'> POST operation failed: xend_post: error from xen daemon: (xend.err "Error creating domain: 'NoneType' object has no attribute 'rfind'") Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/create.py", line 1555, in do_install dom = guest.start_install(False, meter = meter) File "/usr/lib/pymodules/python2.6/virtinst/Guest.py", line 973, in start_install return self._do_install(consolecb, meter, removeOld, wait) File "/usr/lib/pymodules/python2.6/virtinst/Guest.py", line 1038, in _do_install "install") File "/usr/lib/pymodules/python2.6/virtinst/Guest.py", line 1009, in _create_guest dom = self.conn.createLinux(start_xml, 0) File "/usr/lib/python2.6/dist-packages/libvirt.py", line 1277, in createLinux if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self) libvirtError: POST operation failed: xend_post: error from xen daemon: (xend.err "Error creating domain: 'NoneType' object has no attribute 'rfind'") '

How to force nginx to resolve DNS (of a dynamic hostname) everytime when doing proxy_pass? Posted: 18 Apr 2022 04:47 AM PDT I am using nginx/0.7.68, running on CentOS, with the following configuration: server { listen 80; server_name ***; index index.html index.htm index.php default.html default.htm default.php; location / { root /***; proxy_pass http://***:8888; index index.html index.htm; } # where *** is my variables The proxy_pass is to a DNS record whose IP changes frequently. Nginx caches the outdated IP address, resulting in a request to the wrong IP address. How can I stop nginx from caching the IP address, when it is outdated?

Is it possible to run a task on the last day of the month using taskmgr? Posted: 18 Apr 2022 08:52 AM PDT I noticed you can only set the day of the month as a positive number 1..31 in the scheduled task GUI on Windows (Windows server 2003). Is it possible to run a task only on the last day of the month? (This isn't a fixed day number, e.g. in February it could be the 28th or 29th day of the month, and in other months it may be the 30th or 31th.) Related question, if I set a task to run on the 31th of every month, will it actually run in months with less days? Or will it run on the 1st of the next month in such cases?

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States