Saturday, July 16, 2022

Recent Questions - Server Fault

Recent Questions - Server Fault

Get Asterisk IVR inputs to Linphone user

Posted: 15 Jul 2022 07:40 PM PDT

Let's say someone creates an Interactive Voice Response (IVR) system using Asterisk, that prompts the caller to input his customer number using his dial pad, e.g. 1234.

How does one get this information to the internal user who picks up the phone? The user might use a standard VoIP/SIP client like Linphone.

DMARC reports - fail then pass, and "softfail"

Posted: 15 Jul 2022 07:24 PM PDT

Here are two records from reports, with the actual domain name of my client replaced with "example.com". In the first one, SPF is marked "fail" above under "policy_evaluated" and then "pass" below under auth_results. I find this confusing. This is email sent by a service the client pays for, so we do want these emails delivered if they are indeed legitimately coming from that service. Do I need to do more to have SPF set up for that service?

The second shows all failures (and the IP traces back to China, I believe, where we do not operate) so this should not be delivered. Why does Google mark this as "softfail" and not just "fail"?

  <record>        <row>           <source_ip>204.28.11.160</source_ip>          <count>1</count>          <policy_evaluated>              <disposition>none</disposition>           <dkim>pass</dkim>             <spf>fail</spf>         </policy_evaluated>         </row>        <identifiers>           <header_from>example.com</header_from>          </identifiers>        <auth_results>          <dkim>              <domain>example.com</domain>              <selector>sl1</selector>              <result>pass</result>           </dkim>           <spf>           <domain>bounces.salsalabs.org</domain>            <result>pass</result>           </spf>          </auth_results>     </record>       <record>      <row>        <source_ip>60.23.112.175</source_ip>        <count>1</count>        <policy_evaluated>          <disposition>none</disposition>          <dkim>fail</dkim>          <spf>fail</spf>        </policy_evaluated>      </row>      <identifiers>        <header_from>example.com</header_from>      </identifiers>      <auth_results>        <spf>          <domain>example.com</domain>          <result>softfail</result>        </spf>      </auth_results>    </record>

How to backup GCP vm to local harddisk and reverse , easily?

Posted: 15 Jul 2022 07:15 PM PDT

How to backup Google Compute Engine VMs to my local pc harddisk and reverse ? Is there any good tools or need CLI command ? Please be more specific .

Thanks.

Linux Command to See Outbound Network Requests

Posted: 15 Jul 2022 06:25 PM PDT

Is there a linux command that summarizes outbound network requests?

I'm specifically interested in seeing what the git push command sends to github (headers, body, etc) without having to download something like wireshark.

How do I change which of my projects a call to the Google Programmable Search Engine/Element Paid API uses?

Posted: 15 Jul 2022 04:23 PM PDT

I am making calls to the Google Programmable Search Engine/Element Paid API googleapis.com/customsearch/v1. I want to change which project it refers to. What controls that? Does each project have a Search Engine key? Does each Search Engine key have a project? Should I create a new Search Engine?

Wifi 6E access point in Linux

Posted: 15 Jul 2022 02:56 PM PDT

Context: I'm looking to set up a 6 GHz (Wifi 6E) Access Point in Linux. I have two Intel AX210s (WiFi cards) on two computers.

nmcli only supports 2.4GHz + 5GHz

hostapd seems to support WiFi 6 but doesn't distinguish it from WiFi 6E, meaning the 6 GHz channels can't actually be used.

Linux has had support for WiFi 6E cards since the 5.11 kernel. Am I missing something here? How can I set up a 6 GHz AP on Linux?

Virsh command hangs when script runs in the background

Posted: 15 Jul 2022 02:44 PM PDT

I have a bash script which runs as a cronjob. This script runs several commands and one of them is the following virsh command:

/usr/bin/virsh list --all

When I run this script in the terminal (as root) or as a cronjob (as root also) the virsh command works as expected and lists all the virtual machines.

During my testing and debugging of this script, I noticed that if I send the script to the background or if I send it to the background and then disown it, the script hangs indefinitely at the virsh command. Below I provide some more details.

To illustrate the issue, let's assume a simple script "test.bash":

[root@kvm-host]# cat test.bash  #!/bin/bash    /usr/bin/virsh list --all

When I run the script test.bash in the foreground it works as expected:

[root@kvm-host]# bash -x test.bash  + /usr/bin/virsh list --all   Id   Name                    State  ----------------------------------------   27   slave1                  running   29   ubuntu_discourse        running   30   osticket                running   31   lubuntu_desktop         running   -    slave2                  shut off

When I run the script test.bash in the background it hangs indefinitely at the virsh command:

[root@kvm-host]# bash test.bash 2>stderr &  [1] 1119722  [root@kvm-host]# ps aux | grep virsh | grep -v grep  root     1119723  0.0  0.0 442660 16012 pts/4    Tl   17:07   0:00 /usr/bin/virsh list --all    [1]+  Stopped                 bash test.bash 2> stderr

If I send the script to the background and disown it, the script also hangs at the virsh command:

[root@kvm-host]# bash -x test.bash 2>stderr & disown  [1] 1119502  [root@kvm-host]# ps aux | grep virsh | grep -v grep  root     1119503  0.0  0.0 442656 15956 pts/4    Tl   17:05   0:00 /usr/bin/virsh list --all

I have tried running the virsh command with -c qemu:///system and the behaviour is the same when I send the script test.bash to the background. As you can see above, I have also tried running the script without "bash -x". I have also tried running the script redirecting both stderr and stdout to /dev/null. Finally, I have also tried running the script without redirecting stderr or stdout to any file. The issue is the same in all these cases.

Is it possible to run the virsh command in the background as described? Any comments would be highly appreciated. Thank you!

Here are some details about my system:

[root@kvm-host]# cat /etc/redhat-release  Rocky Linux release 8.6 (Green Obsidian)    [root@kvm-host]# virsh -V  Virsh command line tool of libvirt 8.0.0  See web site at https://libvirt.org/    Compiled with support for:   Hypervisors: QEMU/KVM ESX Test   Networking: Remote Network Bridging Interface netcf Nwfilter   Storage: Dir Disk Filesystem SCSI Multipath iSCSI LVM RBD Gluster   Miscellaneous: Daemon Nodedev SELinux Secrets Debug DTrace Readline

Stop yum-cron getting stuck holding yum lock

Posted: 15 Jul 2022 02:24 PM PDT

I'm running a bunch of CentOS 7 servers with yum-cron and yum is constantly getting locked.

Now and then I'll go to install something or manually run yum update and I'm almost always greeted with something like this:

# yum update  Loaded plugins: fastestmirror, langpacks  Existing lock /var/run/yum.pid: another copy is running as pid 14877.  Another app is currently holding the yum lock; waiting for it to exit...  The other application is: yum-cron      Memory : 443 M RSS (857 MB VSZ)      Started: Wed Jun 29 14:43:00 2022 - 16 day(s) 7:17:29 ago      State  : Sleeping, pid: 14877

I know how to free it up when it gets locked like this - but how can I stop this from happening once and for all?

Replicating Loki Logs to a Central Instance

Posted: 15 Jul 2022 02:12 PM PDT

I have an embedded device, running (among other things) an InfluxDB and a Loki instance. This device is on the move: usually it is on its own without internet connectivity, but occasionally it has access to its home network. Inside this home network both metrics (InfluxDB) and logs (Loki) shall be transferred/replicated/mirrored onto a central instance.

For InfluxDB this is possible both in real time by edge data replication an retroactively in batches using a flux query.

How can I achieve this with Loki/Promtail/LogQL?

  1. (soft) real time streaming of all Loki content to a remote instance
  2. retroactively mirroring existing logged content to a remote instance

Service php8.0-fpm refuses to start

Posted: 15 Jul 2022 04:04 PM PDT

I was about to do some changes to the php.ini and when I checked the service I found out that is was in a failed state. Stopping and starting the service didn't do the trick. The most helpful log entry was this one from the php8.0-fpm.log file:

ERROR: fork() failed: Resource temporarily unavailable (11)

At first I thought I hited some PID limit but:

❯ ps -eLf | wc -l  130    ❯ sysctl kernel.pid_max  kernel.pid_max = 32768

So that is not the case.

I checked the php.ini of fpm but I couldn't find anything wrong.

Here is some output that might help(I searched for all them extensively but couldn't find any solution)

❯systemctl status -l php8.0-fpm  php8.0-fpm.service - The PHP 8.0 FastCGI Process Manager     Loaded: loaded (/lib/systemd/system/php8.0-fpm.service; enabled; vendor preset: enabled)     Active: failed (Result: protocol) since Thu 2022-07-14 23:07:24 CEST; 20min ago       Docs: man:php-fpm8.0(8)    Process: 6960 ExecStart=/usr/sbin/php-fpm8.0 --nodaemonize --fpm-config /etc/php/8.0/fpm/php-fpm.conf (code=exited, status=0/SUCCESS)    Process: 7126 ExecStopPost=/usr/lib/php/php-fpm-socket-helper remove /run/php/php-fpm.sock /etc/php/8.0/fpm/pool.d/www.conf 80 (code=exited, status=0/SUCCESS)   Main PID: 6960 (code=exited, status=0/SUCCESS)  
❯ journalctl -b -u php8.0-fpm  -- Logs begin at Fri 2022-07-15 00:45:44 CEST, end at Fri 2022-07-15 21:56:46 CEST. --  Jul 15 xxxxxx systemd[1]: Starting The PHP 8.0 FastCGI Process Manager...  Jul 15 xxxxxx systemd[1]: php8.0-fpm.service: Failed with result 'protocol'.  Jul 15 xxxxxx systemd[1]: Failed to start The PHP 8.0 FastCGI Process Manager.  
❯cat php8.0-fpm.log  NOTICE: fpm is running, pid 1794  ERROR: fork() failed: Resource temporarily unavailable (11)  NOTICE: exiting, bye-bye!  
❯ php -v  PHP 8.0.20 (cli) (built: Jun 14 2022 10:25:42) ( NTS )  Copyright (c) The PHP Group  Zend Engine v4.0.20, Copyright (c) Zend Technologies      with Zend OPcache v8.0.20, Copyright (c), by Zend Technologies

I am running Debian 10 and apache and no other php version is installed.

1 rewrite or internal redirection cycle while internally redirecting to "/en/index.html"

Posted: 15 Jul 2022 01:23 PM PDT

I want to host the Angular i18n website using the Nginx proxy.

As per the official Nginx configuration suggestion https://angular.io/guide/i18n-common-deploy#nginx-example, my app.conf file in the /etc/nginx/site-available directory is like

map $http_accept_language $accept_language {          ~*^de de;          ~*^fr fr;          ~*^en en;  }    server {      listen 80;      server_name i18n.example.io;      root /var/www/html/app/dist/app;        # Fallback to default language if no preference defined by browser      if ($accept_language ~ "^$") {          set $accept_language "en";      }        # Redirect "/" to Angular application in the preferred language of the browser      rewrite ^/$ /$accept_language permanent;        # Everything under the Angular application is always redirected to Angular in the      # correct language      location ~ ^/(fr|de|en) {          try_files $uri /$1/index.html?$args;      }  }

But when I try to access my website http://i18n.example.com, it gives the following error in the error.log file

2022/07/15 20:19:15 [error] 16886#16886: *1 rewrite or internal redirection cycle while internally redirecting to "/en/index.html", client: xx.xxx.235.xx, server: i18n.example.io, request: "GET /en HTTP/1.1", host: "i18n.example.io"

How to load balance between two VMs

Posted: 15 Jul 2022 01:16 PM PDT

I have two virtual machines running a flask application in each of them. These VMs are hosted on a hyper-v platform. I'd like to create a load balancer that'll act as the primary endpoint and the requests hitting it will be distributed among the VMs. I'm assuming that the load balancer would be hosted on another VM? Is there an open-source implementation for this? I couldn't get any handy tutorials for achieving this setup. Any help would be great

Stress Test Interpretation

Posted: 15 Jul 2022 05:35 PM PDT

I ran a basic stress test and am having trouble interpreting the results.

Setup

  • Super simple node.js API (returns a string for a GET request) deployed on heroku's free tier

  • Increased RPS until I started to see a lag in average response time (unfortunately the tool I was using didn't allow a p90, etc, just average)

  • Datadog integration for monitoring

While I did hit a threshold (2.5k rps) I started to see a slowdown, I didn't see anything in DataDog to indicate stress - RAM, CPU.

If it's not CPU or RAM, what is likely causing the bottleneck here? How can I tell whether vertical or horizontal scaling would be likely to help?

How to access the SVI of a switch through a IPSEC tunnel?

Posted: 15 Jul 2022 01:08 PM PDT

I'm adding a new router, firewall and switch to our brand new site, and I'm scratching my head with the configuration of the SVI.

In the other sites, there is 4 VLANs on the switches:

  • 1x VoIP (DECT) -> VLAN 8
  • 1x User_Wifi -> VLAN 126
  • 1x User_LAN -> VLAN 60
  • 1x Guest_Wifi -> VLAN 20

Those switches have 3 trunks going to the firewall:

  • 1x User_LAN (Gi1/0/1) -> letting pass VLAN 60
  • 1x VoIP (Gi1/0/2) -> letting pass VLAN 8
  • 1x Wifi for users (Gi1/0/24) -> letting pass VLAN 126 & 20

I manage those switches by giving the IP address of the VLAN 60, which is, afaik, not the best practice. On each port of those switches, the native VLAN is the VLAN 60.

What I want to achieve is to create a new VLAN (VLAN 2 for example) dedicated to the management of the router, the firewall and the switch. This VLAN will have the 192.168.69.0/24 subnet attached, and can be accessed through our site-to-site VPN.

What I've done is to create a new VLAN interface who has the IP 192.168.69.3, and I made every interface of the switch a member of this VLAN (switchport access 2).

But now the problem is that every interface has access to the VLAN 2, which is not what I want. I only want our IT team to access it, and the rest of the users to acces the VLAN 60. And I need to keep the native VLAN of the 1st trunk to be the VLAN 60.

Thinking about it at a physical level, might it be a good idea to dedicate a physical interface for the management VLAN? And just plug it into one of the firewall interfaces like this?

docker/podman container with public IPv6

Posted: 15 Jul 2022 07:41 PM PDT

I have got a server with IPv4 address and IPv6 /64 subnet (let's say 2001:db8::/64), both public. Server itself has the following IPv6 address: 2001:db8::1/64. The gateway is fe80::1 (which causes problems with docker/podman, because it's not in the same subnet).

My goal is to create docker/podman container (WWW server, for example) with its own public IPv6 (let's say 2001:db8::2/64). From my understanding, such a setup needs macvlan network. So the setup would look as follows:

picture1

I managed to partially fulfill this setup using bridge network and the following command:
sudo podman network create --subnet 2001:db8::/64 --ipv6 mynet
Container within this network was accessiable from Internet via correct IP (2001:db8::2), but its public IP (for http, ping etc.) was wrong - it was 2001:db8::1, which is totally understandable when using bridge network.

Things get complicated when I tried using macvlan, first problem was the gateway which needs to be set to fe80::1. docker refused to create such network with error "no matching subnet for gateway fe80::1". podman successfully create network using the following command:
sudo podman network create -d macvlan --subnet 2001:db8::/64 --gateway fe80::1 --ipv6 -o parent=eth0 mynet
Unfortunately, a container inside this network has no connectivity in any direction, even though it has correct IP and gateway specified.

Server is working on Ubuntu, with enabled IP routing in kernel.

Any ideas how this setup could be made would be much appreciated. Thanks.

Getting libssl abd libcrypto conflict warning while compiling php on RHEL 7.8

Posted: 15 Jul 2022 06:04 PM PDT

I m getting following warning messages while compiling php on RHEL7.8 I am able to successfully compile and install php but I am not sure what will be the side effect of these warnings. Is there any way to resolve these warning?

/usr/bin/ld: warning: libssl.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libssl.so.1.1  /usr/bin/ld: warning: libssl.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libssl.so.1.1  /usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1  /usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1  /usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1  /usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1  /usr/bin/ld: warning: libssl.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libssl.so.1.1  /usr/bin/ld: warning: libssl.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libssl.so.1.1  /usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1  /usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1  /usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1  /usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1  /usr/bin/ld: warning: libssl.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libssl.so.1.1  /usr/bin/ld: warning: libssl.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libssl.so.1.1  /usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1  /usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1  /usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1  /usr/bin/ld: warning: libcrypto.so.10, needed by //usr/lib64/libssh2.so.1, may conflict with libcrypto.so.1.1      #OpenSSL Installation    ./config --prefix=/usr/local/ssl shared  make  make test  make install      #Apache Installation    ./configure \  --prefix=/usr/local/apache2 \  --with-ssl=/usr/local/ssl \  --with-included-apr \  --with-mpm=prefork \  --enable-ssl \  --enable-modules=all \  --enable-mods-shared=most \  make  make install    #PHP Installation    './configure' \  '--prefix=/usr/local/php7' \  '--with-apxs2=/usr/local/apache2/bin/apxs' \  '--with-config-file-path=/usr/local/php7/conf' \  '--with-curl' \  '--with-kerberos' \  '--with-openssl=/usr/local/ssl' \  '--with-openssl-dir=/usr/local/ssl' \  '--with-zlib' \  '--with-zlib-dir=/lib64/' \  '--enable-bcmath' \  '--enable-ftp' \  '--enable-gd-native-ttf' \  '--enable-mbstring' \  '--enable-opcache' \  '--enable-pcntl' \  '--enable-pdo' \  '--enable-shared' \  '--enable-shmop' \  '--enable-soap' \  '--enable-sockets' \  '--enable-sysvshm' \  '--enable-xml' \  '--enable-zip' \  '--without-libzip' \

ldd /usr/local/ssl/bin/openssl

linux-vdso.so.1 =>  (0x00007fff46493000)  libssl.so.1.1 => /usr/local/ssl/lib/libssl.so.1.1 (0x00007fc710c31000)  libcrypto.so.1.1 => /usr/local/ssl/lib/libcrypto.so.1.1 (0x00007fc710746000)  libdl.so.2 => /lib64/libdl.so.2 (0x00007fc710542000)  libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fc710326000)  libc.so.6 => /lib64/libc.so.6 (0x00007fc70ff58000)  /lib64/ld-linux-x86-64.so.2 (0x00007fc710ec3000)

ldd /usr/local/apache2/bin/httpd

linux-vdso.so.1 =>  (0x00007ffcea29e000)  libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fcb03f33000)  libaprutil-1.so.0 => /usr/local/apache2/lib/libaprutil-1.so.0 (0x00007fcb03d09000)  libexpat.so.1 => /lib64/libexpat.so.1 (0x00007fcb03adf000)  libapr-1.so.0 => /usr/local/apache2/lib/libapr-1.so.0 (0x00007fcb038a4000)  libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fcb0369f000)  librt.so.1 => /lib64/librt.so.1 (0x00007fcb03497000)  libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fcb03260000)  libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fcb03044000)  libdl.so.2 => /lib64/libdl.so.2 (0x00007fcb02e40000)  libc.so.6 => /lib64/libc.so.6 (0x00007fcb02a72000)  /lib64/ld-linux-x86-64.so.2 (0x00007fcb04195000)  libfreebl3.so => /lib64/libfreebl3.so (0x00007fcb0286f000)

ldd /usr/local/apache2/modules/mod_ssl.so

linux-vdso.so.1 =>  (0x00007ffc2019d000)  libssl.so.1.1 => /usr/local/ssl/lib/libssl.so.1.1 (0x00007fb63e115000)  libcrypto.so.1.1 => /usr/local/ssl/lib/libcrypto.so.1.1 (0x00007fb63dc2a000)  libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fb63da25000)  librt.so.1 => /lib64/librt.so.1 (0x00007fb63d81d000)  libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fb63d5e6000)  libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fb63d3ca000)  libdl.so.2 => /lib64/libdl.so.2 (0x00007fb63d1c6000)  libc.so.6 => /lib64/libc.so.6 (0x00007fb63cdf8000)  /lib64/ld-linux-x86-64.so.2 (0x00007fb63e5e4000)  libfreebl3.so => /lib64/libfreebl3.so (0x00007fb63cbf5000)    # ldd /usr/local/php7/bin/php    /lib64/ld-linux-x86-64.so.2 (0x00007ffadb8d3000)          libbz2.so.1 => /lib64/libbz2.so.1 (0x00007ffad4ed8000)          libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007ffad7d23000)          libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007ffad45dc000)          libcrypto.so.1.1 => /usr/local/ssl/lib/libcrypto.so.1.1 (0x00007ffad91a8000)          libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007ffadb69c000)          libc.so.6 => /lib64/libc.so.6 (0x00007ffad742c000)          libcurl.so.4 => /lib64/libcurl.so.4 (0x00007ffad7ab9000)          libdl.so.2 => /lib64/libdl.so.2 (0x00007ffada34d000)          libfreebl3.so => /lib64/libfreebl3.so (0x00007ffad7229000)          libfreetype.so.6 => /lib64/libfreetype.so.6 (0x00007ffad77fa000)          libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007ffad8443000)          libidn.so.11 => /lib64/libidn.so.11 (0x00007ffad67a0000)          libifasf.so => /home/informix/lib/libifasf.so (0x00007ffadac28000)          libifcli.so => /home/informix/lib/cli/libifcli.so (0x00007ffadb2e3000)          libifdmr.so => /home/informix/lib/cli/libifdmr.so (0x00007ffadb0db000)          libifgen.so => /home/informix/lib/esql/libifgen.so (0x00007ffada9c6000)          libifgls.so => /home/informix/lib/esql/libifgls.so (0x00007ffada551000)          libifglx.so => /home/informix/lib/esql/libifglx.so (0x00007ffada14b000)          libifos.so => /home/informix/lib/esql/libifos.so (0x00007ffada7a4000)          libifsql.so => /home/informix/lib/esql/libifsql.so (0x00007ffadae87000)          libjpeg.so.62 => /lib64/libjpeg.so.62 (0x00007ffad9693000)          libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007ffad7f27000)          libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007ffad69d3000)          libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007ffad815a000)          libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007ffad6bd7000)          liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x00007ffad533d000)          libldap-2.4.so.2 => /lib64/libldap-2.4.so.2 (0x00007ffad50e8000)          liblzma.so.5 => /lib64/liblzma.so.5 (0x00007ffad6de7000)          libm.so.6 => /lib64/libm.so.6 (0x00007ffad8c14000)          libnsl.so.1 => /lib64/libnsl.so.1 (0x00007ffad89fa000)          libnspr4.so => /lib64/libnspr4.so (0x00007ffad554c000)          libnss3.so => /lib64/libnss3.so (0x00007ffad5dc3000)          libnssutil3.so => /lib64/libnssutil3.so (0x00007ffad5b93000)          libpcre.so.1 => /lib64/libpcre.so.1 (0x00007ffad415d000)          libplc4.so => /lib64/libplc4.so (0x00007ffad578a000)          libplds4.so => /lib64/libplds4.so (0x00007ffad598f000)      libpng15.so.15 => /lib64/libpng15.so.15 (0x00007ffad98e8000)          libpthread.so.0 => /lib64/libpthread.so.0 (0x00007ffad700d000)          libresolv.so.2 => /lib64/libresolv.so.2 (0x00007ffad9d1b000)          librt.so.1 => /lib64/librt.so.1 (0x00007ffad9b13000)          libsasl2.so.3 => /lib64/libsasl2.so.3 (0x00007ffad43bf000)          libselinux.so.1 => /lib64/libselinux.so.1 (0x00007ffad4cb1000)          libsmime3.so => /lib64/libsmime3.so (0x00007ffad60f2000)          libssh2.so.1 => /lib64/libssh2.so.1 (0x00007ffad6573000)          libssl3.so => /lib64/libssl3.so (0x00007ffad631a000)          libssl.so.10 => /lib64/libssl.so.10 (0x00007ffad4a3f000)          libssl.so.1.1 => /usr/local/ssl/lib/libssl.so.1.1 (0x00007ffad8f16000)          libxml2.so.2 => /lib64/libxml2.so.2 (0x00007ffad8690000)          libz.so.1 => /lib64/libz.so.1 (0x00007ffad9f35000)          linux-vdso.so.1 =>  (0x00007fffe9bb3000)

Win-Acme / Let's encrypt DNS txt validation?

Posted: 15 Jul 2022 02:38 PM PDT

How do I do the DNS txt record validation? There are simply no tutorial or any info whatsoever about it. I need to bypass regular validation mechanism cause it uses Amazon which is banned here. How do I generate a TXT record to add to GoDaddy? I use Win-Acme, I'm on IIS. There is this link talking about a token but of course and as usual, there is no reference or link to any tool, nor there is info on how to generate a token.

Windows Server 2019 Virtual NAT - VMs have no internet access

Posted: 15 Jul 2022 05:00 PM PDT

We have a Win Server 2019 (Version 1809, OS Build 17763.1282) with Hyper-V. We want to run a number of Ubuntu VMs using the internal NAT, so we don't need separate external IPs for each VM. The steps we're using are the ones we've seen many examples of across the internet:-

New-VMSwitch –SwitchName "NATSwitch" –SwitchType Internal  Get-NetAdapter (to lookup the index of the new "vEthernet (NATSwitch)" - which is 24)  New-NetIPAddress –IPAddress 14.0.0.1 -PrefixLength 24 -InterfaceIndex 24  New-NetNat –Name NATNetwork –InternalIPInterfaceAddressPrefix 14.0.0.0/24

We set the properties for the VM network connection to use the NATSwitch, and then configure the VM to have static addresses - 14.0.0.1 for the gateway, and 14.0.0.2 for the VM itself. ie: /etc/netplan/00-installer-config.yaml looks like this:-

network:    version: 2    ethernets:      eth0:        addresses:          - 14.0.0.2/24        gateway4: 14.0.0.1        nameservers:            addresses: [14.0.0.1]

So on the VM, ip route says:

default via 14.0.0.1 dev eth0 proto static  14.0.0.0/24 dev eth0 proto kernel scope link src 14.0.0.2

and ip a includes:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000      link/ether 00:15:5d:1a:84:01 brd ff:ff:ff:ff:ff:ff      inet 14.0.0.2/24 brd 14.0.0.255 scope global eth0         valid_lft forever preferred_lft forever      inet6 fe80::215:5dff:fe1a:8401/64 scope link         valid_lft forever preferred_lft forever

After booting the VM from Hyper-V, I can successfully SSH into 14.0.0.2, with Putty, but the VM does not have access to the internet, and it cannot ping 14.0.0.1. So it looks like the NAT is not doing anything to bridge the 14.0.0.x network to the main NIC on the server (which has internet access of course). From the 2019 Server, I can ping both 14.0.0.1 (itself=the gateway), and 14.0.0.2 (the VM).

We can get things to work with an external address, on our network, by creating an "external switch" in Hyper-V, connecting to that, and using DHCP to get an IP address from our domain controller for the VM's MAC address - but we'd prefer not to have to assign external IP adddresses for all the VMs.

Does anyone have any ideas what we're missing?

Unable to log in to FreeIPA web ui - "Login failed due to an unknown reason."

Posted: 15 Jul 2022 03:00 PM PDT

After Fedora server update, my Freeipa broke and I am not sure how to deal with it. Does anyone have some ideas what might be the issue?

I am unable to log in to web UI nor execute any IPA command.

$ journalctl 

gssproxy[910]: gssproxy[951]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure.  Minor code may provide more information, No credentials cache found  gssproxy[951]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure.  Minor code may provide more information, No credentials cache found  gssproxy[910]: gssproxy[951]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure.  Minor code may provide more information, Preauthentication failed  gssproxy[951]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure.  Minor code may provide more information, Preauthentication failed

$ cat /var/log/httpd/error_log

[suexec:notice] [pid 5529:tid 139897184471296] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)  [so:warn] [pid 5529:tid 139897184471296] AH01574: module proxy_module is already loaded, skipping  [so:warn] [pid 5529:tid 139897184471296] AH01574: module proxy_http_module is already loaded, skipping  [lbmethod_heartbeat:notice] [pid 5529:tid 139897184471296] AH02282: No slotmem from mod_heartmonitor  [mpm_event:notice] [pid 5529:tid 139897184471296] AH00489: Apache/2.4.39 (Fedora) OpenSSL/1.1.1c mod_wsgi/4.6.4 Python/3.7 3.9 mod_perl/2.0.10 Perl/v5.28.2 configured -- resuming normal operations  [core:notice] [pid 5529:tid 139897184471296] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'  [wsgi:error] [pid 5833:tid 139897184471296] ipa: INFO: *** PROCESS START ***  [wsgi:error] [pid 5837:tid 139897184471296] ipa: INFO: *** PROCESS START ***  [wsgi:error] [pid 5832:tid 139897184471296] ipa: INFO: *** PROCESS START ***  [wsgi:error] [pid 5839:tid 139897184471296] ipa: INFO: *** PROCESS START ***  [wsgi:error] [pid 5833:tid 139896787969792] [remote 10.0.1.8:36236] ipa: INFO: [jsonserver_i18n_messages] UNKNOWN: CCESS  [:warn] [pid 5842:tid 139896429713152] [client 10.0.1.8:36236] KRB5CCNAME file (/run/ipa/ccaches/admin@HOME.MYDOMAIN.COM) lookup .home.mydomain.com/ipa/ui/  [:warn] [pid 5841:tid 139896561800960] [client 10.0.1.8:36238] KRB5CCNAME file (/run/ipa/ccaches/admin@HOME.MYDOMAIN.COM) lookup .home.mydomain.com/ipa/ui/  [auth_gssapi:error] [pid 5840:tid 139896236779264] [client 10.0.1.10:47164] GSS ERROR gss_acquire_cred[_from]() failed to get lure.  Minor code may provide more information ( SPNEGO cannot find mechanisms to negotiate)]  [wsgi:error] [pid 5833:tid 139896787969792] [remote 10.0.1.8:36236] ipa: INFO: 401 Unauthorized: No session cookie found

$ ipa-pkinit-manage status

PKINIT is enabled  The ipa-pkinit-manage command was successful

$ kinit myuser

Password for myuser@HOME.MYDOMAIN.COM:   $ klist  Ticket cache: KEYRING:persistent:1907400001:krb_ccache_QYeLVmz  Default principal: myuser@HOME.MYDOMAIN.COM    Valid starting     Expires            Service principal  08/09/19 00:11:36  09/09/19 00:11:33  krbtgt/HOME.MYDOMAIN.COM@HOME.MYDOMAIN.COM

$ ipa -v ping

ipa: DEBUG: trying https://$ ipaserver.home.mydomain.com/ipa/json  ipa: DEBUG: Created connection context.rpcclient_139944946411792  ipa: DEBUG: [try 1]: Forwarding 'schema' to json server 'https://$ ipaserver.home.mydomain.com/ipa/json'  ipa: DEBUG: New HTTP connection ($ ipaserver.home.mydomain.com)  ipa: DEBUG: HTTP connection destroyed ($ ipaserver.home.mydomain.com)  Traceback (most recent call last):    File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/__init__.py", line 126, in get_package      plugins = api._remote_plugins  AttributeError: 'API' object has no attribute '_remote_plugins'    During handling of the above exception, another exception occurred:    Traceback (most recent call last):    File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 649, in get_auth_info      response = self._sec_context.step()    File "</usr/local/lib/python3.7/site-packages/decorator.py:decorator-gen-15>", line 2, in step    File "/usr/lib64/python3.7/site-packages/gssapi/_utils.py", line 167, in check_last_err      return func(self, *args, **kwargs)    File "</usr/local/lib/python3.7/site-packages/decorator.py:decorator-gen-5>", line 2, in step    File "/usr/lib64/python3.7/site-packages/gssapi/_utils.py", line 127, in catch_and_return_token      return func(self, *args, **kwargs)    File "/usr/lib64/python3.7/site-packages/gssapi/sec_contexts.py", line 521, in step      return self._initiator_step(token=token)    File "/usr/lib64/python3.7/site-packages/gssapi/sec_contexts.py", line 542, in _initiator_step      token)    File "gssapi/raw/sec_contexts.pyx", line 244, in gssapi.raw.sec_contexts.init_sec_context  gssapi.raw.misc.GSSError: Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (2529639053): No Kerberos credentials available (default cache: KEYRING:persistent:0)    During handling of the above exception, another exception occurred:    Traceback (most recent call last):    File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 699, in single_request      self.get_auth_info()    File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 651, in get_auth_info      self._handle_exception(e, service=service)    File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 608, in _handle_exception      raise errors.CCacheError()  ipalib.errors.CCacheError: did not receive Kerberos credentials  ipa: DEBUG: Destroyed connection context.rpcclient_139944946411792  ipa: ERROR: did not receive Kerberos credentials

$ kinit -k -t /var/lib/ipa/gssproxy/http.keytab HTTP/$ 

ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM  kinit: Preauthentication failed while getting initial credentials

$ ipa -vv pwpolicy-show global_policy

ipa: DEBUG: failed to find session_cookie in persistent storage for principal 'admin@HOME.IBLVFX.COM'  ipa: DEBUG: trying https://$ ipaserver.home.mydomain.com/ipa/json  ipa: DEBUG: Created connection context.rpcclient_140652464016656  ipa: DEBUG: [try 1]: Forwarding 'schema' to json server 'https://$ ipaserver.home.mydomain.com/ipa/json'  ipa: DEBUG: New HTTP connection ($ ipaserver.home.mydomain.com)  ipa: DEBUG: HTTP connection destroyed ($ ipaserver.home.mydomain.com)  Traceback (most recent call last):    File "/usr/lib/python3.7/site-packages/ipaclient/remote_plugins/__init__.py", line 126, in get_package      plugins = api._remote_plugins  AttributeError: 'API' object has no attribute '_remote_plugins'    During handling of the above exception, another exception occurred:    Traceback (most recent call last):    File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 726, in single_request      if not self._auth_complete(response):    File "/usr/lib/python3.7/site-packages/ipalib/rpc.py", line 679, in _auth_complete      message=u"No valid Negotiate header in server response")  ipalib.errors.KerberosError: No valid Negotiate header in server response  ipa: DEBUG: Destroyed connection context.rpcclient_140652464016656  ipa: ERROR: No valid Negotiate header in server response

$ cat /var/log/krb5kdc.log

38:08 ipa (info): AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.1.10: NEEDED_PREAUTH: admin@HOME.MYDOMAIN.COM for krbtgt/HOME.MYDOMAIN.COM@HOME.MYDOMAIN.COM, Additional pre-authentication required  38:08 ipa (info): closing down fd 11  38:11 ipa (info): AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.1.10: ISSUE: authtime 1568572691, etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)}, admin@HOME.MYDOMAIN.COM for krbtgt/HOME.MYDOMAIN.COM@HOME.MYDOMAIN.COM  38:11 ipa (info): closing down fd 11  38:21 ipa (info): TGS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.1.10: ISSUE: authtime 1568572691, etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)}, admin@HOME.MYDOMAIN.COM for HTTP/ipa.home.mydomain.com@HOME.MYDOMAIN.COM  38:21 ipa (info): closing down fd 11  38:21 ipa (info): AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.1.10: NEEDED_PREAUTH: HTTP/ipa.home.mydomain.com@HOME.MYDOMAIN.COM for krbtgt/HOME.MYDOMAIN.COM@HOME.MYDOMAIN.COM, Additional pre-authentication required  38:21 ipa (info): closing down fd 11  38:21 ipa (info): preauth (spake) verify failure: Preauthentication failed  38:21 ipa (info): AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.1.10: PREAUTH_FAILED: HTTP/ipa.home.mydomain.com@HOME.MYDOMAIN.COM for krbtgt/HOME.MYDOMAIN.COM@HOME.MYDOMAIN.COM, Preauthentication failed  38:21 ipa (info): closing down fd 11  38:21 ipa (info): AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.1.10: NEEDED_PREAUTH: HTTP/ipa.home.mydomain.com@HOME.MYDOMAIN.COM for krbtgt/HOME.MYDOMAIN.COM@HOME.MYDOMAIN.COM, Additional pre-authentication required  38:21 ipa (info): closing down fd 11  38:21 ipa (info): preauth (spake) verify failure: Preauthentication failed  38:21 ipa (info): AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.1.10: PREAUTH_FAILED: HTTP/ipa.home.mydomain.com@HOME.MYDOMAIN.COM for krbtgt/HOME.MYDOMAIN.COM@HOME.MYDOMAIN.COM, Preauthentication failed  38:21 ipa (info): closing down fd 11

$ kvno ldap/ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM

ldap/ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM: kvno = 2

$ klist -kte

Keytab name: FILE:/etc/krb5.keytab  KVNO Timestamp           Principal  ---- ------------------- ------------------------------------------------------     2 2019-02-18 18:46:43 host/ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM (aes256-cts-hmac-sha1-96)      2 2019-02-18 18:46:43 host/ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM (aes128-cts-hmac-sha1-96)      2 2019-02-18 18:46:43 host/ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM (DEPRECATED:des3-cbc-sha1)      2 2019-02-18 18:46:43 host/ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM (DEPRECATED:arcfour-hmac)      2 2019-02-18 18:46:43 host/ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM (camellia128-cts-cmac)      2 2019-02-18 18:46:43 host/ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM (camellia256-cts-cmac)      4 2019-02-19 00:33:12 host/ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM (aes256-cts-hmac-sha1-96)      4 2019-02-19 00:33:12 host/ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM (aes128-cts-hmac-sha1-96)      1 2019-02-19 00:34:01 nfs/ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM (aes256-cts-hmac-sha1-96)      1 2019-02-19 00:34:01 nfs/ipaserver.home.mydomain.com@HOME.MYDOMAIN.COM (aes128-cts-hmac-sha1-96)

Apache mod_cache cache misses

Posted: 15 Jul 2022 07:07 PM PDT

Somehow I can't get Apache's mod-cache to work as I want. I want it to cache a proxy call to my tomcat server which is a jsp file. The jsp file displays the current time so I can notice if I get a cached response or not.. This is my config:

        CacheQuickHandler off          CacheLock on          CacheLockPath /tmp/mod_cache-lock          CacheLockMaxAge 5          CacheIgnoreHeaders Set-Cookie           <Location /Kanzan/>            CacheEnable disk            CacheHeader on            CacheDefaultExpire 800            CacheMaxExpire 64000            CacheIgnoreNoLastMod On            #ExpiresActive on            #ExpiresDefault A60         </Location>             ProxyPreserveHost On         ProxyPass /Kanzan/ http://127.0.0.1:8080/Kanzan/         ProxyPassReverse /Kanzan/ http://127.0.0.1:8080/Kanzan/

All this is inside my virtual host. I do log this in 5 different files,

cached-requests.log  cache.log  invalidated-requests.log  revalidated-requests.log  uncached-requests.log

But only cache.log and the 2 last ones ever get content. In the last file I allways get 

127.0.0.1 [21/sep/2018xxxxx +0200] "GET /Kanzan/testCache.jsp HTTP/1.1" 200 472

and in cache.log I repeatedly get

cache miss: attempting entity save

I get data saved to /var/cache/apache2/mod_cache_disk, but the the cache is never used as the time keeps updating on reload..

UPDATE:

Now I realize that the cache works... BUT ... it does not work the way I want it to. When I press refresh on my browser I want the cached value on the server to be returned if it hasn't expired.. instead, whenever I press refresh, the chache is updated! How do I make it work so that the cached value is not updating whenever a new user require this page??

Where are the logs for commands executed as root in AWS Linux 2 AMI?

Posted: 15 Jul 2022 01:07 PM PDT

Can't find them, there's no .bash_history. Also checked at /var/log/audit and /var/log/secure* Maybe they don't even exist or are disabled.

Thanks!

Reverse DNS does not match SMTP Banner - G Suite

Posted: 15 Jul 2022 01:07 PM PDT

I ran our domain through MXToolbox, and this error comes up several times: "Reverse DNS does not match SMTP Banner".

We use G Suite for our email and Cloudflare for DNS. Can I fix these warnings from MXtoolbox? Since I obviously don't run the SMTP server (Google does), I'm thinking these aren't fixable.

Thanks!

IIS - Wildcard HTTPS Binding with Centralized Certificate Store

Posted: 15 Jul 2022 05:00 PM PDT

Using IIS 10 and a Centralized Certificate Store, is it possible to have a wildcard https binding, so that any request coming in over HTTPS will automatically attempt to grab the relevant certificate from the centralized store?

SQL server 2016 express - Error 1067: The process terminated unexpectedly

Posted: 15 Jul 2022 04:02 PM PDT

I have installed SQL server 2016 on windows 10. The install process completed successfully except for the final step, which was a restart. Prior to this I had tried a couple of times and the process did not seem to get as far.

I manually restarted the computer and opened SSMS. In the object explorer windows I clicked "Connect object explorer"->"Server name" drop down->"Browse for more"->local servers. But no instances showed.

I opened services and saw this

enter image description here

I tried starting each one but got the message

Windows could not start SQL server (SQLSERVEREXPRESS) service on local computer. Error 1067: The process terminated unexpectedly

What have i tried???

  • reviewed and tried the action suggested here but it points to an 8 year old post referencing .net 1,2 and 3
  • and here which has some stuff that I tried, detailed below
  • looked for something in the event viewer but MSSQLSERVER doesnt show in the event viewer snippet of where I would expect to find MSSQL
  • looked for an error log file here C:\Program Files\Microsoft SQL Server\MSSQL13.SQLEXPRESS but couldn't find one
  • followed advice from this youtube video (but I could not find the regedit entry he was referring to)
  • I noticed sql server browser wasn't running so I started that and then tried to run SQL server, this had the exact same error and imminently stopped sql server browser running.

Extra info

My system is a home computer and a fresh install of windows 10

Please help i'm out of ideas (I'd also be interested in how to get rid of those extra instances of SQL server I can see running in services)

Edit

This log file snippet was pulled from:

C:\Program Files\Microsoft SQL Server\130

however there is also a

  • C:\Program Files\Microsoft SQL Server\140
  • C:\Program Files\Microsoft SQL Server\110
  • C:\Program Files\Microsoft SQL Server\100
  • C:\Program Files\Microsoft SQL Server\90
  • C:\Program Files\Microsoft SQL Server\80

but 130 is the only one that contains \setup bootstrap\log (So I assume this is correct). Its a big file. I believe the below line may be of interest

(01) 2017-09-26 21:59:34 Slp: Error: Action "SqlEngineConfigAction_install_confignonrc_Cpu64" failed during execution.

Trouble Shooting errdisabled Cause

Posted: 15 Jul 2022 03:00 PM PDT

I have a Cisco Catalyst 3850. I added a network module with 4 gbic for fiber connection. The module is not showing any lights on either side of the connection. After the searching the depths of the internet I found out that when adding a network module like I did I have to enable the media-type of sfp for those interfaces. This is what I have tried.

enable    conf t    int tengigabitethernet 1/1/1    media-type sfp

it's not wanting to take this command. is this the right way to enable media-type sfp?

Show inventory command:

flcoffice_48m_01#show inv  NAME: "c3xxx Stack", DESCR: "c3xxx Stack"  PID: WS-C3850-48T      , VID: V04  , SN: FCW1905C178    NAME: "Switch 1", DESCR: "WS-C3850-48T"  PID: WS-C3850-48T      , VID: V04  , SN: FCW1905C178    NAME: "Switch 1 - Power Supply A", DESCR: "Switch 1 - Power Supply A"  PID: PWR-C1-350WAC     , VID: V01  , SN: LIT19221FY     NAME: "Switch 1 FRU Uplink Module 0", DESCR: "4x10G Uplink Module"  PID: C3850-NM-4-10G    , VID: V01  , SN: FOC19238XKL    NAME: "TenGigabitEthernet1/1/1", DESCR: "1000BaseSX SFP"  PID: GLC-SX-MMD         , VID: V01  , SN: FNS19270TD6        NAME: "TenGigabitEthernet1/1/2", DESCR: "1000BaseSX SFP"  PID: GLC-SX-MMD         , VID: V01  , SN: FNS19270TQ0        NAME: "TenGigabitEthernet1/1/3", DESCR: "1000BaseSX SFP"  PID: GLC-SX-MMD         , VID: V01  , SN: FNS1920059J

here is the errdisable recovery command:

flcoffice_48m_01#show errdisable recovery   ErrDisable Reason            Timer Status  -----------------            --------------  arp-inspection               Disabled  bpduguard                    Disabled  channel-misconfig (STP)      Disabled  dhcp-rate-limit              Disabled  dtp-flap                     Disabled  gbic-invalid                 Disabled  inline-power                 Disabled  l2ptguard                    Disabled  link-flap                    Disabled  mac-limit                    Disabled  loopback                     Disabled  pagp-flap                    Disabled  port-mode-failure            Disabled  pppoe-ia-rate-limit          Disabled  psecure-violation            Disabled  security-violation           Disabled  sfp-config-mismatch          Disabled  storm-control                Disabled  udld                         Disabled  vmps                         Disabled  psp                          Disabled  Recovery command: "clear     Disabled

IIS AppPools stop working when server joined to domain

Posted: 15 Jul 2022 07:07 PM PDT

I have a Windows 2012 R2 server that was configured with IIS, websites, and other supporting software while not connected to a domain. After the server was joined to a domain IIS AppPools crash when the a website is requested.

The problem I'm seeing is that any time I test a webpage I'm getting a 503 Service Unavailable error. For example, if I go to "http://localhost/dc/" I receive this error message:

Service Unavailable

I have found that the ApplicationPools are crashing when a webpage is requested. For example, the Default Web Site uses the application pool DefaultAppPool. If I make sure this is started and then request a webpage the DefaultAppPool is stopped.

Looking in the event viewer I can see this message: "The worker process failed to initialize correctly and therefore could not be started. The data is the error."

The data in the error is "80070005". Using MS's err.exe tool I looked this up and got this information back:

C:\Users\dhughes.figleaf\Desktop\Err>err.exe 80070005  # for hex 0x80070005 / decimal -2147024891 :    COR_E_UNAUTHORIZEDACCESS                                      corerror.h  # MessageText:  # Access is denied.    DIERR_OTHERAPPHASPRIO                                         dinput.h    DIERR_READONLY                                                dinput.h    DIERR_HANDLEEXISTS                                            dinput.h    DSERR_ACCESSDENIED                                            dsound.h    ecAccessDenied                                                ec.h    ecPropSecurityViolation                                       ec.h    MAPI_E_NO_ACCESS                                              mapicode.h    STIERR_READONLY                                               stierr.h    STIERR_NOTINITIALIZED                                         stierr.h    E_ACCESSDENIED                                                winerror.h  # General access denied error  # 11 matches found for "80070005"

All I can tell from this is that this appears to be an access denied error. But I'm not sure what's being denied. I've made sure that the permissions on the inetpub directory are correct, but that didn't make a difference. I also added in the IIS Failed Request Tracing module and that didn't log anything at all.

I used process explorer to watch the w3svc process and saw that when I tried to access a webpage that the process would attempt to access configuration information under the windows directory but was denied access.

I've tried fiddling with permissions on the IIS config directory but I'm unable to make changes there and, frankly, it just feels wrong to have to do that.

Does anyone know where this error might be coming from or how I could further research it?

I've also tried:

  • Removing the server from the domain does resolve the IIS AppPool crashing problem, but the server needs to be connected to the domain.
  • I've tried uninstalling and reinstalling IIS. The problem persists.

Of possible relevance: This is a VM that was cloned from another VM.

Any help or suggestions would be greatly appreciated.

teaming with nmcli: bringing connection down and up again fails

Posted: 15 Jul 2022 06:04 PM PDT

On a centos 7 virtual box, I create a team like this:

nmcli connection add type team con-name team0  ifname veteam0  nmcli connection modify team0 team.config roundrobin.conf  [root@rhce1 ~]# cat roundrobin.conf  {          "device":               "team0",          "runner":               {"name": "roundrobin"},          "ports":                {"enp0s9": {}, "enp0s10": {}}  }  # add slave interfaces  nmcli connection add type team-slave con-name team0-port0 ifname enp0s9 master team0  nmcli connection add type team-slave con-name team0-port1 ifname enp0s10 master team0

I now have the following connections:

[root@rhce1 ~]# nmcli con s  NAME                UUID                                  TYPE            DEVICE  team0               77869010-af1a-48a5-b10b-c05b3035837f  team            veteam0  team0-port1         99f54013-b20b-41d2-9661-d654b89870bd  802-3-ethernet  enp0s10  team0-port0         3f5e5924-f7f3-409a-b4cb-661904ddbf60  802-3-ethernet  enp0s9  Wired connection 1  acc2747d-9576-4ac5-a06a-d45d3a9a4ff4  802-3-ethernet  enp0s3  enp0s3              b4db7dd8-8735-4590-b12f-621d1003841a  802-3-ethernet  --  hostonly            8993c4c0-fa90-455d-ae83-d1a644c36886  802-3-ethernet  enp0s8

This brings all interfaces up correctly:

[root@rhce1 ~]# nmcli dev status  DEVICE   TYPE      STATE      CONNECTION  enp0s10  ethernet  connected  team0-port1  enp0s3   ethernet  connected  Wired connection 1  enp0s8   ethernet  connected  hostonly  enp0s9   ethernet  connected  team0-port0  veteam0  team      connected  team0  lo       loopback  unmanaged  --

and I get an IP from dhcp for my virtual team interface:

[root@rhce1 ~]# ip addr show veteam0  6: veteam0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP      link/ether 08:00:27:c7:15:f1 brd ff:ff:ff:ff:ff:ff      inet 10.23.23.104/24 brd 10.23.23.255 scope global dynamic veteam0         valid_lft 1073sec preferred_lft 1073sec      inet6 fe80::a00:27ff:fec7:15f1/64 scope link tentative dadfailed         valid_lft forever preferred_lft forever

(I am aware that in a typical teaming use case, dhcp is probably not being used, but the main problem also exists with static IPs.)

Now I would like to be able to take the connection down, and later up again, without reboot:

[root@rhce1 ~]# nmcli con down team0  [root@rhce1 ~]# nmcli dev status  DEVICE   TYPE      STATE         CONNECTION  enp0s3   ethernet  connected     Wired connection 1  enp0s8   ethernet  connected     hostonly  enp0s10  ethernet  disconnected  --  enp0s9   ethernet  disconnected  --  lo       loopback  unmanaged     --  [root@rhce1 ~]# nmcli con up team0  Error: Device 'veteam0' is waiting for slaves before proceeding with activation.  [root@rhce1 ~]# nmcli dev status  DEVICE   TYPE      STATE                                  CONNECTION  enp0s3   ethernet  connected                              Wired connection 1  enp0s8   ethernet  connected                              hostonly  veteam0  team      connecting (getting IP configuration)  team0  enp0s10  ethernet  disconnected                           --  enp0s9   ethernet  unavailable                            --  lo       loopback  unmanaged                              -

Now can get the team interface working half way, by connecting enp0s10 first:

[root@rhce1 ~]# nmcli dev connect enp0s10  Device 'enp0s10' successfully activated with '99f54013-b20b-41d2-9661-d654b89870bd'.  [root@rhce1 ~]# nmcli con up team0  Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7)

But my team now just consists of one device:

[root@rhce1 ~]# nmcli dev st  DEVICE   TYPE      STATE        CONNECTION  enp0s10  ethernet  connected    team0-port1  enp0s3   ethernet  connected    Wired connection 1  enp0s8   ethernet  connected    hostonly  veteam0  team      connected    team0  enp0s9   ethernet  unavailable  --  lo       loopback  unmanaged    --

My problem is, I currently do not see how to bring enp0s9 up without a reboot, since the device is in state "unavailable". Is my understanding correct, that I should be able to bring enp0s9 up without a reboot, just like enp0s10? To me it looks like there is something fishy with my device enp0s9, but I do not quite see what. I already tried assigning new MAC addresses, but no help. Also, using traditional ifcfg configuration, I can bring my team0 interface up and down without a problem.

Or could it be that my virtual switch (I am using the VirtualBox hostonly network) does not support (? - or needs to be configured to support) teaming?

EDIT: I tried building a team with just one slave. That worked, and I got the same behavior using enp0s9 and enp0s10 - I had to connect the device first bevor I could up the connection. Does this imply my virtual switch is disconnecting one device (which by chance is enp0s9 - but because its deterministic its always enp0s9)?

I don't really need to "Solve" this - I would be happy to give the bounty to someone who helps me understand what is going on.

LSI MegaRAID Expected Chip Temperature?

Posted: 15 Jul 2022 07:48 PM PDT

We recently built a replicating SAN array from 2x Dell R720XD's, we are using LSI 9270-8i MegaRAID cards with CacheCade 2.0, BBU and Write Back cache enabled.

Our cards are showing HUGE chip temperatures (97*C+ with NO disk activity!).

Our R720's are in auto temp management mode so the max exhaust temp is 50*C.

The MegaRAID cards are passively cooled and depend on good airflow to cool them - however is 97*C normal? - I have seen reference to 60*C max ambients but nothing for chip temp.

In-place upgrade from Windows Server 2012 Foundation to Windows Server 2012 Standard

Posted: 15 Jul 2022 04:51 PM PDT

I was attempting to upgrade from Windows server 2012 Foundation to Windows 2012 Standard without having to wipe and reinstall.

Is there an in-place upgrade path for these editions, and if there is, is there any documentation on it? The only one I could find pointed to an upgrade from Essentials to Standard, but didn't explicitly mention that that was the only possible upgrade.

I have exhausted my patience with Microsoft support who don't seem to have an answer for me!

This question is similar in requirement and error to (In-place upgrade from Windows Server Standard to Enterprise or Datacenter) but varies significantly by the Version and Edition.

What further info do you need to assist me in finding a solution?

Curl - download file range

Posted: 15 Jul 2022 04:02 PM PDT

I'm trying to download a range of files using curl.

curl -R -O -z /dir/file1.png http://somesite.com/file[1-100].png

The problem I'm having is how to make the "file1.png" change to the approperate range # that is currently being downloaded. I have tried :

curl -R -O -z /dir/file#1.png http://somesite.com/file[1-100].png

However, that breaks the "-z" option (only download if remote file is newer than a local copy) with the error :

Warning: Illegal date format for -z/--timecond (and not a file name).   Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.

How do I fix this?
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)