Code Answer: 01/29/11

Saturday, January 29, 2011

2 domains with one SSL cert in IIS7

I have one SSL certificate that is valid for multiple domains. It's not a wildcard cert and it is not for sub-domains. I have the site1 setup properly on IIS7 with the SSL cert bound properly. This binding for site1 maps * IPs with no host header to port 443.

I need to setup site2, a totally different domain, on a new site node, but pointing to the same certificate. When I do this, since I cannot enter the host header, when I browse to site2 and it responds with site1 on SSL. This makes sense because neither binding has a host header specified.

This machine only has 1 IP address, do I need another IP to bind site2 to the same certificate? Should the binding specify the IP address rather than "(All Unassigned)"? Will my solution involve specifying the host header for these sites somehow?

From serverfault MaseBase

You have 2 options.
1. Use another IP as you've mentioned.
2. You will need to manually edit the IIS 7 config from the command line. I've outlined the steps here: link
Doing this will override the default settings of IIS 7 to allow the same cert to be used on different sites with the same IP. It's a common step everyone had to take in the IIS 6-7 days.

MaseBase : Great! Thanks. Would I Need to specify a host header for BOTH sites? Or wildcard for one, and specified for the other? I'm concerned with modifying Site1 because it's live, Site2 is not live yet.

Tatas : Specify it for both sites. So you're going to be running this command twice. Once with one site's host header info and IIS Site name(whatever you named it), and once withe the other sites host header and site name. Then in the GUI you can choose the same cert for both sites. We've done this for approximately 20 sites out of 150 total. The box uses 1 IP and 1 wildcard cert.

Tatas : The following article explains much better than I can. http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html

From Tatas

Exchange 2010 and Active Directory

Hello!

I went through a painful Exchange 2007 to Exchange 2010 migration and faced a new problem - the utility I used for Active Directory management does not support Exchange 2010. Please advice a piece of software that could help (I run network for less than 1000 users).

Features I need to be included:

Establish, remove mailboxes, remove Exchange-specific properties from AD objects, provision mailboxes. (web interface would be a plus)

Thank you.

From serverfault hellbent

What tool are you using?

If you are using a third-party tool, contact the vendor. They may have an update, however it may require a paid upgrade since you did upgrade your infrastructure application.

What about the included Exchange System Manager? That's what it's designed for? If that is what you're using, you'll need to install the 2010 version.

Finally, don't neglect Powershell and PowerGUI. Scripting is powerful.

hellbent : I used manageengine. They stopped on 2007.

From gWaldo
Microsoft removed the Exchange integrations for Active Directory Users & Computers as of Exchange 2007. If you had the Exchange 2003 plugins, they kind of worked for reviewing settings but shouldn't have been used for changing things. Exchange System Manager and the Exchange Powershell are the methods Microsoft recommends for managing Exchange.

From sysadmin1138
Adaxes - their new version supports Exchange 2010, automates mailbox creation. But this is paid software, though it has free evaluation period. Consider Exchange System Manager & PowerShell first.

hellbent : Thank you. I needed one console to deal with everything.

From
Establish, remove mailboxes, remove Exchange-specific properties from AD objects, provision mailboxes. (web interface would be a plus)

Theses are all tasks that can be accomplished via the native tools that come with exchange 2010 and or basic windows tools. For instance to create a new user in AD and create a mailbox you would use the new-mailbox cmdlet, as nother example to remove the properties ( I suspect you are refering to the old "remove exchange attributes" option in 2003) use disable-mailbox -Identity Windows.Username from within the management shell.

I would suspect that the reason the tools you were using do not have updates is because they are simply no longer needed as the functionality is easy enough to accomplish with the native tools.

From Jim B

No forward accessible form outside

Hi, I've setup a UNIX ubuntu VM with VMWare its running IRC, HTTP, FTP & MySQL, ports are forwarded in the modemrouter (its my home network its running on) but still no result.

Any Idea hwo to fix it? Note i've been testing with: mibbit.com, http://downformeorjusteveryone.com

Thanks in advance

From serverfault ShadowAS1

Have you ensured that your VM 's NIC is set for bridge networking mode versus the default mode of NAT? You will also need to set up a working static IP for your network and ensure the port forwards are pointing the corresponding application ports to the VM IP.

ShadowAS1 : Yes I have it to bridged always. In the router the setting is always use the same IP and the ports are linked to the VM's IP in the router

: You might consider verifying that the applications are responsive from within the local network.

From

Unable to add a second Windows Server 2008 to a NLB cluster

I am trying to setup a 2-node cluster with NLB on Windows Server 2008 R2 standard.

One the first node (node A) I successfully create a cluster containing it. However, when from node A I attempt to add node B to the cluster it fails with the following error message: "The specified host is already part of this cluster."

I've tried to run the cluster in unicast or multicast mode, but it still does not work.

Any clues as to what might be going wrong?

From serverfault Guillaume

Never mind, this was a user error :-(

Both machines I was using had been installed from an image which already contained identical burnt-in host names.

So I was attempting to add two hosts with the same name (but different IP address) to the cluster. This caused the error message.

Although this was a stupid mistake from my part, the NLB Manager rather cryptic error messages did not really help.

joeqwerty : Hmm... sounds like sysprep was not used, is that correct? If so, you may have problems with the NIC's as well. Each NIC is identified with a unique GUID and I've seen NIC problems with imaged systems where sysprep was not used.

From Guillaume

Mac server processor blowing up to 100%

My mac server's processors are showing 100% on all the four processors. I am running server 10.5.8 and this server is the master LDAP controller

Looking at the activity monitor, I find that the process 'slapd' is hogging all processing time

What could be the issue here

From serverfault Gatura

Is SSH/port 22 exposed to the internet, or on a system connected to the LDAP service? With 10.4 this was a good way for a DOS because answering all the invalid login attempts coming up would slow the system to a crawl. I never knew why this would slow down things so much, but it did and I couldn't to anything about it.

I never tried this with 10.5 or 10.6, so this might not apply here.

gWaldo : The thread http://serverfault.com/questions/174951/securing-ssh-server-against-bruteforcing/174962#174962 can help prevent this kind of issue, should it actually be the cause

From SvenW
Every time I've seen slapd consume any serious amount of CPU (though on Linux), it's been due some missing indexes. Have you configured indexes for your LDAP databases?

SvenW : Normally, all the indexes necessary to work as an Open Directory server should exist by default.

Janne Pikkarainen : Normally. Gatura didn't tell us if there are any custom LDAP schemas in use etc. My best bet is still that this issue is due some missing indexes.

From Janne Pikkarainen
May have a corrupt ldap db. Try the following. Of course make sure you have a good backup..etc.

Syslog Error: org.openldap.slapd throttling respawn...

launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist

cd /var/db/openldap/openldap-data/

db_recover -c

reboot.

From Jason
I've had this happen, too. In my case, it was a AFP (Mac file sharing) based home directory server and an Open Directory Replica. I ended up reinstalling the OS and re-binding it to the OD Master. Nothing else seemed to work. Not disk repair tools (fsck, diskutil, Disk Warrior), or re-binding to the OD Master, or software updates, or checking the logs, or calling Apple more than a half-dozen times.

If this is your Open Directory Master, export all your users, user groups, computers, and computer groups via Workgroup Manager. Then demote all OD Replicas to Stand Alone and reboot them. Then re-import the Workgroup Manager data and re-bind the Replicas. (Note that all users' passwords will be lost. You can use the shareware program Passanger to read the users export and re-write it with known passwords. Then distribute the passwords to your users.) This process will cause the Open Directory data to rebuild, which should remove the corruption in an OD Master. Yes, I've had to do this a few times before. My users were... unhappy about the experience. They were glad that they could login again, though.

If your server is at a school, don't forget that Apple provides free phone support.

Good luck.

From Data Scavenger

VPN providers and connection from a known location

I am interested using a VPN service. I want to visually monitor online advertisements in different location, Germany, France Nederlands and the UK.

I would like a VPN provider which both connects from these locations to the website of interest. It should also allow me to choose the location of the server I connect from.

A big plus would be the ability to compare the website from different connection side by side

Do any providers allow this?

From serverfault Ric

I think your understanding of what a VPN is, is a bit lacking. It sounds like you are more interested in setting up proxies in various countries in order to view a specific website from their point of view. I don't think you'll find any particular company that would provide this functionality specifically... but there are thousands of proxy companies that would allow this type of functionality.

Ric : Please restrict your answers to something useful and polite.

TheCompWiz : I wasn't trying to be rude. Just making an observation. How a VPN operates and situations where you would use it differ greatly from how a proxy operates. The example you describe seems to be more suited towards a proxy than a VPN.

From TheCompWiz

Two NIC's 2 Internet Connections, 1 Windows Server 2008 RC2, Routing help required

Hello,

I have a Windows 2008 server and 4 other client machines on my home network. I have two internet connections. The main connection is setup with a home router and DHCP on that for all the clients on the network. The secondary connection is just a cable modem which is plugged directly into the server.

Local Area Connection: This NIC has an external IP and is connected to the Cable Modem.

Local Area Connection 2: This NIC has an internal IP (192.168.0.102) and allows access to all the internal computers. It also has internet access via the local router.

So here lies the problem, I want to use the Cable connection on the server for the internet traffic (so that the traffic for server/clients are seperated) but I also need to maintain local access. I am wondering how to make it so that all the internet traffic goes via that NIC because at the moment it goes through the local NIC.

As a secondary problem I would also like to forward the connection of one application used by the clients via the server and the cable/server internet because of poor routing for it on the main connection. This perhaps is something for another question though.

Thanks for any help you can offer me.

Regards

From serverfault PJZ

If you want the server to use only one specific NIC for routing Internet-bound traffic, then you'll need to set the default gateway on that NIC and not set it on the other one (i.e. leave the field empty in the TCP/IP settings).

But you can't use both at the same time to balance Internet traffic, and you also can't do that on a per-application basis.

PJZ : Ah yeah great that solved that problem thanks.

PJZ : Now I just need to solve the routing problem for the application. It's a piece of VoIP software that I'm using on 2 of the Client PC's. The connection is very bad via the main connection so I wanted to make a proxy via the server to connect the software through my 2nd internet connection. It's the only application I want to do this with. At the moment I was just thinking of making an tunnel with putty and having a SOCKS proxy on the server but that seems exhaustive.

Massimo : There's nothing native to the Windows operating system that could do what you want, sorry,

From Massimo
Depending on the server applications being used, you might be able to specify that the server application use only one or specific network connection(s) (usually by its assigned IP). Most server applications that have this functionality will utilize "all" by default.

Massimo : But if the NIC doesn't have a default gateway, it won't route traffic outside the local subnet; and you can't have two default gateways active at the same time.

From

Remotely stopping services

I have been using sc.exe to remotely stop a bunch of custom windows service(s) as part of our product deployment script. This was working perfectly until we migrated from windows 2003 to windows 2008 r2. Now no matter what you do query, stop, start etc it takes about 20 to 25 seconds to respond. There are 10 servers (8 virtual and 2 physical). It takes approx 20 ish seconds on physical and virtual servers.

The problem mainly is that my production deployments have gone from about 12 sec per environment to over a minute.

Just wondering if there are specific ports that may need to be opened on win 2008 firewall to allow the process to speed up or is there any specific permission required.

Note: It does work. It is just very slow.

Regards,

David

From serverfault dmckenna

have you tried something like:
```
(gwmi -query "select * from win32_service where name='serviceiwanttostop'" -computer remoteserver).stop
```
from a powershell prompt to see if that's any faster?

dmckenna : Can you explain why sc.exe is so slow?

dmckenna : powershell script works much faster

From Jim B

Joining a Windows 7 computer to Active Directory

Possible Duplicate:
How to add computer to domains with Active Directory

Alright, I'm just learning how to work with AD, so I have two VMWare virtual machines set up. The server, running Windows Server 2008 - r2 (elron), and the client, Windows 7 64bit (theoden). I know the virtual machines can talk to each other, because each can ping each other (by IP). I created an AD install, called "dorm.chiggins.com", so the full computer name for the server is "elron.dorm.chiggins.com", and whenever I login to the server, the username is DORM\Administrator.

So, my question is, what exactly do I need to do on the server and client to add the client to the AD domain?

From serverfault Chiggins

There is nothing you need to do on the server.

Make sure the client can ping the server name with its fully qualified domain name (FQDN), which would be elron.dorm.chiggins.com. If not, make sure the client uses the IP address of elron as it's DNS server.

Then, on the client, click the Start button, then right-click Computer and select Properties. Then, below "Computer name, domain, and workgroup settings" click "Change settings". Then, simply follow the prompts to join the domain.

Note that you must have Windows 7 Professional or Ultimate in order to join a domain.

Chiggins : If I was to try pinging "elron.dorm.chiggins.com", I would get an unknown host. So, should I add that along with its ip to the hosts file on the client side?

Patrick : No, you shouldn't need to do anything with the hosts file. The client needs to have elron's IP as it's DNS server.

Chiggins : Got a link on how I could do that? I've never done it before.

Chiggins : Whenever I try to join the domain, it asks for a username and password which I supply, then it throws an error saying that the network path cannot be found.

Patrick : http://blog.mclaughlinsoftware.com/2009/11/26/windows-7-static-ip/

Chiggins : Sweet, I was able to get it all set up, thanks much Patrick. :D

From Patrick
on Theoden, right-click on Computer and go to Properties. Under "Computer name, domain, and workgroup settings, click Change Settings. On the System Properties Page click on "Change". Under "Member of" select Domain and click the name of the domain that you want to join (in your case "DORM"). In the pop up window, enter your domain credentials. Once the confirmation box comes up, you will be all set after a reboot.

Sam Cogan : The server machine is the domain controller and so does not need it's domain changing.

From gWaldo

Is it better so use numeric or name for user logins?

Is it better to have user logins based on a unique number or the users name.

Numeric: sc12345

Based on name: simon.cropp, scropp or simoncropp

Some context.

Windows environment
MS Active Directory

From serverfault Simon

I would say that this is 100% dependent on your environment and what you think would be best received by your users and what would be most easily managed by your IT staff.

Where I work, we have about 30k users and our naming scheme is last name, first initial, and a number.

Robert Smith would be smithr1. If there is another R. Smith, then he/she would be smithr2, etc.

The most important thing is that you want your users to be able to remember it. There's nothing that frustrates helpdesk staff more than users that don't even know their user name.

Simon : how do you handle renames? for example when a woman is married?

MarkM : @Simon - We don't. We change the display name, but the user name stays the same for their entire employment.

Simon : interesting. surprised a woman who gets divorced would be happy with that. But thanks for the info.

Izzy : In the case of marriage or name change, there is nothing stopping you from editing the user account, and changing their user name and userPrincipalName. The account still has the same sID, and thus is not affected in any way (even the profile on their machine remains correct)

MarkM : @Izzy - There is nothing Microsoft related that will balk at this, but there are some third-party pieces of software in play that are not SID aware. I didn't say that you couldn't rename a married user, just that we do not.

Izzy : @MarkM = Just mentioned it for the benefit of Simon!

From MarkM

retrieve user connected in application running as service

how can i know if a user is connected (and is logname) in a application running as service

From serverfault Eric

Check in task manager. You should it listed under the username the service is runnging as

From ggonsalv

Windows Server: some services don't start! Problem!

Hello,

I have a Windows Server 2008 which is not booting in the right way anymore. Over 20 services aren't loaded when Windows is booting. I've installed some server tools like MS Sql Server, MySql etc. I assume that at least one service causes an error message when Windows is booting. Because this is a vServer I have no direct access to the machine. The only tool I have is Parallels Power Panel. Unfortunately I am not able to start the RDP service.

What can I do to solve the problem?

Thank you very much! Mark

From serverfault Mark

First thing I would do is go to the services section and verify they're set to start automatically, Second thing I would do is check the event viewer and see what it has to say. Your logs should give you some idea of what's going on.

Mark : Hey Richard, okay the services are set to start automatically. Can I get event messages from the file system? I am not able to get a remote connection.

jscott : @Mark: If you're not able to RDP the machine, you may still be able to use a local `eventvwr` to connect to the remote computer's event logs.

tony roth : 10 bucks says rpc is in a failed condition thus eventvwr won't work remotely either! so wth parallels you can't get local console? That will be real painful if rpc is not working...

Mark : I tried to connect via eventvwr, but it says there is no rpc server. Could it be possible that one service causes a message box at startup?

Richard June : Can you start the rpc service? or as tony asked, is Parallels able to give you a local console?

From Richard June
How about starting off with a chkdsk to address any possible disk/volume stations first? You should be able to mount the volume on a functioning VM, if needed to accomplish the chkdsk.

MarkM : If he's on a virtualization platform, there is little chance that the VM has physical disk access, so chkdsk won't do a whole lot.

: Actually, the chkdsk in the VM will check out the VM disk structure which acts exactly like a physical volume and can also suffer damage (hint: file/volume damage).

Richard June : We're still trying to figure out if he can get a "local console"

MarkM : @user - It will check for file-level corruption, but unless there was some sort of power outage, file-level corruption without physical disk damage is rather rare. The full benefit of chkdsk is from the /r switch which will look for bad sectors and recover data if possible.

: Or unclean reboots/restarts/resets... Why do you seem to not like to check your system for file/structure errors when it is actually more common than given credit for?

From

Windows Server 2008 - Windows Server Backup - Email Alerts

I would like to create a script that emails me when a scheduled daily backup runs. I'd prefer the email to indicate success or failure. I understand that this is not an easy thing to do with Windows Server 2008.

Is it possible? If so, how?

Thanks

From serverfault hamlin11

Easiest way would be to setup an alert from the eventlog for backup events.

Otherwise roll your own PowerShell script to control the backup and alerting (WSB comes with a number of cmdlets for PowerShell)

hamlin11 : Could you please elaborate a little on setting up an alert from the eventlog? Thanks!

commandbreak : check out http://www.petri.co.il/assigning-custom-tasks-to-events.htm

aleroot : @commandbreak : can you make me an example of how to check successful backup with cmdlets of powrshell ? thanks

From commandbreak

I lost /dev/md2 on my server

Hi,

My 2 hard drives fried at the same moment apparently. My host company rebooted my server in rescue mode and I am trying to recover my data.

They told me to mount /dev/sda2 to recover the data I need but, looking at a similar server that I have in pool, the data I'm looking for should be instead in /dev/md2.

I can find /dev/md0 but not /dev/md2 (nor /dev/md1).

I've looked on several places on the web and I could only find messages explaining how to create new partition. I just need to recover some data, not all of it and I'll be glad if anyone could help me to mount the /dev/md2 folder (or any other trick that would allow me to recover the data that was stored there).

Thanks in advance,

Sten

From serverfault sten

Nevermind my question. The RAID installation was broken long time ago.

sims : Then delete your question please...

From sten
An MD device is made up of one more underlying partitions. So you could mount that underlying partition directly and see what you can find.

From sims

svn command show SVN repository containt in sun slolaris OS ?

svn command show SVN repository content in sun slolaris OS ?

From serverfault Osama Ahmad

The svn list command will show you the contents of a directory in a subversion repository. For example:
```
svn list svn://svn.example.org/path/in/repos
```
Run svn help list at the command line to show details of all the options.

Osama Ahmad : but please i don't understand the part or contents of this command :- whats we mean by "svn.example.org" .... please if you can give me more details and if you can give me example

Phil Ross : @Mohammad `svn list` takes a repository URL as a parameter (see http://svnbook.red-bean.com/en/1.5/svn.basic.in-action.html#svn.advanced.reposurls for more information about repository URLs). I just included a example URL in my answer. You'll need to use the URL you usually use to access the repository.

Osama Ahmad : please i want to ask you when i execute this command the following warning appear :- "Warning: the RSA host key for 'example.com.jo' differs from the key for the IP address x.x.x.x '

Phil Ross : @Mohammad This error is being produced by SSH. See http://serverfault.com/questions/2988/error-connecting-to-server-through-ssh

Osama Ahmad : now after execute this command i found a large number of repository ...and it is complex to find all repository(some svn repository exist in folder within folder within folder and so on) ...if you can help me by give me a method to design a something to write this repository list in excel sheet for example

From Phil Ross

Can I send some text to the STDIN of an active process running in a screen session?

I have a long-running server process inside a screen session on my Linux server. It's a bit unstable (and sadly not my software so I can't fix that!), so I want to script a nightly restart of the process to help stability. The only way to make it do a graceful shutdown is to go to the screen process, switch to the window it's running in, and enter the string "stop" on its control console.

Are there any smart redirection contortions I can do to make a cronjob send that stop command at a fixed time every day?

From serverfault Richard Gaywood

Try this to start:
```
# screen
# cd /path/to/wd
# mkfifo cmd
# my_cmd <cmd
C-A d
```
And this to kill:
```
# cd /path/to/wd
# echo "stop" > cmd
# rm cmd
```
Cristian Ciupitu : This is good, but it might have the disadvantage of not being able to send other commands while the program is running. If the program stops when it hits EOF on stdin then on the first `echo "xxx" > cmd` the program will stop (because the pipe will be closed). Though some programs are smart enough to reopen (`rewind(3)`) their stdin when they encounter EOF.

From krissi
Write to /proc/*pid of the program*/fd/0.

Example

Terminal 1:
```
[ciupicri@hermes ~]$ cat
xxx
```
Terminal 2:
```
[ciupicri@hermes ~]$ pidof cat
7417
[ciupicri@hermes ~]$ echo xxx > /proc/7417/fd/0
```
James Lawrie : +1 I did not know that. I need to look more into the magic of proc

Cristian Ciupitu : @James Lawrie: then have a look at [proc(5)](http://manpages.courier-mta.org/htmlman5/proc.5.html) and [proc.txt](http://kernel.org/doc/Documentation/filesystems/proc.txt).

troyengel : +2 no matter how much you think you know, there's always more to learn :) slick.

From Cristian Ciupitu

Visual Studio 2008, Response is slow

While working in visual studio 2008(Microsoft Visual Studio 2008 Version 9.0.21022.8 RTM, Enterprise Edition) in terminal server remotely using as domain\ user, response of the software is very slow during coding.

For example a) Intellisense takes too much time to suggest values (hangs for 5 secs everytime) and on selecting suggestions takes time to write them in code.

b) Shifting curser position in the editor during coding takes too much time to respond (screen hangs 5 secs). Cursor will disappear for 4-5 seconds and visual studio will hang for that time.

c) Writing any code takes time to reflect same in editor. For e.g. Type the code through keyboard, it takes 5 secs to show them on editor screen.

Compiling (building solution) application is not a problem and all the other softwares are working fine. Also this problem is only with one user and none of the other team members are facing this problem.

From serverfault Kabir Rao

Well, time for upgrades, isn_t it?
- Your version of VS is ridiculously outdated. There is even a service pack out for a LONG time now. That said, MOVE TO VS.NET 2010. Point.
- Upgrade server to 2008 R2.
Result:

A lot faster - I work like that all the time (my main dev machine is a vm on a larger virtualization platform in my data center) and I have people doing financial trading from VM's on the same computer - using remote desktop. This is multiple screens full of charts updating all the time.

The reason mostly is a lot of stuff is done better in 2008 R2 RDP - including using WPF in VS 2010 for the UI and having specialized WPF remoting code in 2008.

Older versions simply do not work well with Visual Studio.

On top: make sure the terminal server is not overloaded. Visual Studio is at times CPU intensive. And memory intensive. It cna not efficiently be remoted on a 32bit architecture with insufficient CPU.

Kabir Rao : Hi TomTom, Thanks for answer. What really bothers me is, why only 1 user have this issue when at least 10 developers are able to work without any problem. Thanks

TomTom : Good question. I personally never used a terminal server for development - because I want control over my machine (or grand that to developers), so it is a virtual machine per developer. ifit is only one person - I would look at his add ins running, check his bandwidth.

From TomTom

Hosting Plan — Need advice

Hi,

I am planning to host a site which will have a huge traffic (Around 10000 users and all will be posting text, images, and will be rating other members).

So please advise me on the server configuration would require, or Which hosting plan is suitable.

Thanks

From serverfault Pal

Hire someone who knows what they are doing. If you can't afford someone then you can't afford that much traffic.

From JamesRyan

How do I clone the Windows 2008 Administrator account?

On our Windows 2003 standalone servers we would normally create a new Administrator account (by making the account a member of the Administrators group) and disable the built-in one.

However when doing this on Windows 2008 we find that this new administrator account requires "Run As Administrator" or will perform UAC prompting to access certain folders that the built-in Administrator account doesn't do.

Is there a way around this (without tampering with the UAC settings in the local security policy)?

From serverfault Kev

No. In 2008 even the administrator account does not run a process with admin priviledges normally, but will start an UAC promt once the process needs admin priviledges. This was done to increase security.

Kev : Seems to UAC request an awful lot less than an account that's a member of the Administrators group. In fact I don't think I've been prompted so far on the Windows 2008 R2 boxes I've working on just now.

TomTom : I just got one - ipconfig /flushdns requires elevated priviledges, not a normal command prompt ;)

Kev : @TomTom - Not that way on 2008-R2, I'm logged on as "Administrator" on a clean box. When you start cmd.exe it automatically runs with elevated privileges (it even says "Administrator: C:\Windows\system32\CMD.exe" in the window title). The "Run as administrator" advanced property on the shortcut is unchecked.

mrdenny : This is because the local admin account has a couple of extra UAC rights granted to it which makes everything that happens in the local admin account run under the admin context. Edit the local security policy and look at the security settings and find the UAC settings at the bottom.

From TomTom
Why creating a new account?

You should renamed the builtin administrator account using a GPO instead. You can find details in KB 816109

Kev : Why rename using a GPO instead of using the rename in the computer manager MMC?

Benoit : @Kev: Because GPOs allow you to apply a common settings to several servers at once. And it is transparent. Each new server will automatically 'catch' the settings.

From Benoit

tcpdump filter according to http header content

hello, using tcpdump i would like to filter the responses that comes back from a squid cache server to only the responses that came back from the cache. that means that i need to filter according to the X-CACHE header value, if it's value is HIT, i should show it, otherwise the response is not from the cache. any idea what should my tcpdump filter be ?

From serverfault

It appears tcpdump can only match packet content for certain bytes, not arbitrarily search a packet for a string. Look at this advanced filter list for some guidance.

A workaround: If you add -s0 -A -w - (show entire packets, ASCII, write to standard output) to your tcpdump params, you can then use grep with some context to show only the packets that show where X-Cache: HIT.

: wont help me, since i wrote my own program using pcap lib, that listen on my interfaces, and uses the same filters as tcpdump does, once i'll have the correct filter in tcpdump, i'll use it in my own program. i cant do grep inside my program or parse the packet content my self, since it badly hurts my performance, i was wondering if the tcpdump.

From crb
Have you considered using ngrep instead of tcpdump?

: no can do. the problem is that i am not using tcpdump, i am using my own executable that uses the pcap to monitor the traffic. in my own executable i can use the same filter as i use in tcpdump. ngrep or any other grep's wont help me.

From Janne Pikkarainen

Windows 7 iSCSI initiator disconnect issues

I have Windows 7 workstation installed on 2 LUNS connected via 2-port Intel Pro/1000 PT, one LUN per port, first LUN is a system drive. LUNS are on the different targets.

There are absolutely no problems with a system LUN, but according to the system event log, the second LUN keeps disconnecting and reconnecting: "Connection to the target was lost. The initiator will attempt to retry the connection.", it happens every 1-2 minutes. There is no any system freezes etc., just a messages in the logs. But of course I would like to have this fixed. Is it possible?

Some additional info:

all power management features for the adapters are disabled.

MSC for the target is set to "Failover only".

The target is Solaris Express (ex. OpenSolaris) COMSTAR, but I guess it's not important - other machines don't have any issues as well as the first LUN on this Windows 7 machine.

p.s. I've tried to copy some large files to the second LUN to see any freezes, but for some reason disconnects are disappeared until the copy process is completed. Looks like Windows iSCSI initiator "plays" with a LUN only when it's idle. But for what?

From serverfault disserman

Looks like I've already answered this one on ru_root, but for the record:
- disable tcp offloading. and generally go over ProSet's options, might be something worthwhile in there
- check the initiator for a persistent connection option, I remember something of the sort in there
- If MPIO is used, it is possible that you're losing a path and not the connection
- If everything else fails, I'd get a tcpdump and analyse it for iSCSI related traffic issues.
BTW, if you're using a team, it will not work with MPIO apparently: http://technet.microsoft.com/en-us/library/ee338480(WS.10).aspx

disserman : tcpdump helped :D http://opensolaris.org/jive/message.jspa?messageID=422020#422020

From dyasny

Start postgresql in boot on Ubuntu 10.4

I installed Postgresql 8.4 from Ubuntu Software Center. I would like to make it start automatically on boot. Any tips? :)

From serverfault palto

update-rc.d postgresql-8.4 defaults

Make sure you read update-rc.d(8).

palto : When I tried using this and it said postgresql is already supposed to start at boot. When viewing log files I noticed that there was error and that's why it doesn't start on boot. Still good to know this command if I need to setup other services to start at boot.

From joschi

403 with Apache and Symfony on Ubuntu 10.04

I'm trying to run symfony on my apache installation (I'm using xampp for the whole package) and it keeps giving me a 403 error every time I try to access my website.

I've got vhosts set up with the following:

<VirtualHost *:80>
  ServerName localhost
  DocumentRoot "/opt/lampp/htdocs"
  DirectoryIndex index.php
  <Directory "/opt/lampp/htdocs">
    AllowOverride All
    Allow from All
  </Directory>
</VirtualHost>

<VirtualHost *:80>
    ServerName servername.localhost
    DocumentRoot /home/me/web/server/web
    DirectoryIndex index.php
    Alias /sf "/lib/vendor/symfony/data/bin/web/sf"

    <Directory "/home/me/web/server/web">
      AllowOverride All
      Allow from All
    </Directory>
</VirtualHost>

<Directory "/lib/vendor/symfony/data/bin/web/sf">
    Allow from All
</Directory>

I've also added "127.0.0.1 servername.localhost" in my hosts file.

When I try to access "servername.localhost" it just gives me a 403 error. I've chmod'd 777 the symfony directory and my website directory in my home directory and used './symfony project:permissions' to let symfony check that permissions are set up correctly but still not result.

If I move my website directory into "/opt/lampp/htdocs" then it will serve it from there but still has problems access the symfony stuff such as the debug toolbar.

Any help would be appreciated.

From serverfault Dominic Santos

403 is usually Directory Browsing Forbidden (checking Apache's error log should confirm this). Is there a default document (index.php) in your /home/me/web/server/web directory? You've aliased symphony into /sf, so you'd have to hit http://servername.localhost/sf to access it, not the top level http://servername.localhost/

Dominic Santos : I have got an 'index.php' file in the '/home/me/web/server/web' folder; I also tried accessing 'servername.localhost/sf' but it gave me 404 error.

Steve : The alias is just to symfony's web folder, it just contains some images and css for the symfony branded error pages- nothing integral; it's usually removed from everything bar development environments.

Steve : Symfony has frontend web controllers, all urls should go through it (usually index.php) for dev there's also frontend_dev.php which provides more detailed errors.

From Marc B
Symfony requires some rewrite rules, I don't see why the .htaccess wouldn't be present unless you've removed it- is mod_rewrite enabled?

From Steve

Saturday, January 29, 2011

Example

Blog Archive