Search Results

Search found 15209 results on 609 pages for 'configuration'.

Page 476/609 | < Previous Page | 472 473 474 475 476 477 478 479 480 481 482 483 | Next Page >

Network Misconfiguration when adding first host to new vSphere cluster

- by dunxd

I am building a new vSphere cluster from scratch. I have installed ESXi on the first host, and built a vCenter server on a VM residing on that host (storage is on the local hard drive, although we have iSCSI targets which I can reach from the host). The cluster is configured for HA. When I try and add the host to the cluster, I get an error at the point where HA is configured - Cannot complete the . I have stripped the network configuration of the host down to the most basic - a single NIC attached to a single vSwitch - this is running the VMKernel Port on VLAN 8 - that is our Management VLAN. The vCenter server will have a network address on this VLAN, so I also set the initial Virtual Machine Port Group to this VLAN, and connected the vCenter server NIC to this port group. I understand I can't connect the vCenter server to the VMkernel port group, but shouldn't I be able to connect the vCenter server to a Port Group in the same VLAN? If not, do I need to create a VLAN specifically for VMKernel Port Group? I plan to set up another port group for vMotion with a dedicated and isolated VLAN (i.e. VLAN isn't routed) so this wouldn't allow vCenter to communicate. Does anyone have any suggestions, or other ideas for what might be causing the problem. I've read through the documentation, but it isn't giving me any pointers, and the error message isn't helping me beyond telling me something is wrong with my network config.

Read the article
Java web app deployment and ControlTier adoption

- by Ran

I've been searching for a configuration and deployment manager tool for my java-linux based web service and have been looking mainly at ControlTier (http://controltier.org). We operate at a medium scale (100's of hosts, multi-DC, dozens of services). There seem to be be plenty of lower level system admin tools such as chef, puppet, cfengine, bcfg2 and more and my understanding and the reason I'm calling them "low level" is that they are great for system level administration tasks such as setting up a mount, file permissions, users etc but aren't designed, for example for java deployments, which usually come with a build process and special java semantics. In many cases any tool can be used to do anything but if it was not designed for the task it can get uncomfortable. OTOH control-tier seem to have been designed just for that - java application deployments, at least that's what all the tutorials on their site demonstrate but here's the problem - The wiki at http://controltier.org/wiki/ is pretty good and stuffed with examples and the company behind the open source CT product is very responsive (pushy...) however, I'm yet to have seen any material from 3rd party users on the net. No success stories, no detailed blog posts, no best practices, no cheat sheets, not even hate letters, nothing. This plays badly for DTO solutions, CT's sponsor for two reasons, one is that it makes me suspicious what's the reason for the poor adoption? and second, what do I do if I get stuck and there's no help page on CT's wiki page and the mailing list is too slow to answer. I'm stuck with a "free" product that a consultancy company is pushing. So my question here - I'd be interested in hearing if anyone has had real world experience with CT for java based web app deployments and if he'd thumb up the product? Any other comments that may enlighten me are welcome of course...

Read the article
Need for explanation: NetBIOS over TCP/IP on VMware network adapter disturbs access to network share

- by gyrolf

(Moved here from StackOverflow) Some time ago nearly all workstations in our team (Windows XP SP2) exhibited intermittend but frequent delays when accessing shares on the network. Typically the first access to a share which hadn't been accessed for some time resulted in a nearly frozen workstation for up to 30 seconds. Then everything started working fine again. Using TCPView from Sysinternals I saw that during this delays there was a connection to the netbios-ssn port on the file server which was in state SYN_SENT. First try: Disable NetBIOS over TCP/IP for the intranet network adapter. Problem solved, but I didn't like to manipulate our centrally managed network configuration for the intranet. Second try: Disable NetBIOS over TCP/IP only for the VMWare network adapter (VMNet1 used for host only communications). Problem solved again! My questions: Why does NetBIOS over TCP/IP on one network adapter disturb NetBIOS over TCP/IP on another network adapter? Is this problem specific to VMWare network adapters? Has anybody else seen this phenomen? Additional information: VMWare Workstation version 6.0.3 At the time I started seriously analysing the problem it was no more possible to find out what had been changed to our systems at the time the problems started.

Read the article
linux hardware raid 10 / lvm / virtual machine partition alignment and filesystem optimization

- by Jason Ward

I've been reading everything I can find about partition alignment and filesystem optimization (ext4 and xfs) but still don't know enough to be confident in setting up my current configuration. My remaining confusion comes from the LVM layer and if I should use raid parameters on the filesystem in guest os'es. My main questions are: When I use 'pvcreate --dataalignment' do I use the stripe-width as calculated for a filesystem on RAID (128kB for ext4 in my situation), the Stripe size of the RAID set (256kB), something else altogether, or do I not need this? When I create ext2/3/4 or xfs filesystems in guests on the Logical Volumes, should I add the settings for the underlying RAID (e.g. mkfs.ext4 -b 4096 -E stride=64,stripe-width=128)? Does anyone see any glaring errors in my set up below? I'm running some benchmarks now but haven't done enough to start comparing results. I have four drives in RAID 10 on a 3ware 9750-4i controller (more details on the settings below) giving me a 6.0TB device at /dev/sda. Here is my partition table: Model: LSI 9750-4i DISK (scsi) Disk /dev/sda: 5722024MiB Sector size (logical/physical): 512B/512B Partition Table: gpt Number Start End Size File system Name Flags 1 1.00MiB 257MiB 256MiB ext4 BOOTPART boot 2 257MiB 4353MiB 4096MiB linux-swap(v1) 3 4353MiB 266497MiB 262144MiB ext4 4 266497MiB 4460801MiB 4194304MiB Partition 1 is to be the /boot partition for my xen host. Partition 2 is swap. Partition 3 is to be the root (/) for my xen host. Partition 4 is to be (the only) physical volume to be used by LVM (for those who are counting, I left about 1.2TB unallocated for now) For my Xen guests, I usually create a Logical Volume of the needed size and present it to the guests for them to partition as needed. I know there are other ways of handling that but this method works best for my situation. Here's the hardware of interest on my CentOS 6.3 Xen Host: 4x Seagate Barracuda 3TB ST3000DM001 Drives (sector size: 512 logical/4096 physical) 3ware 9750-4i w/BBU (sector size reported: 512 logical/512 physical) All four drives make up a RAID 10 array. Stripe: 256kB Write Cache enabled Read Cache: intelligent StoreSave: Balance Thanks!

Read the article
LDAP: Extend database using referral

- by ecapstone

My company uses an off-site LDAP server to handle authentication. I'm currently working on a local VPN for my branch that needs to use the off-site LDAP to check user's usernames and passwords, but I don't want every employee to have access to the VPN - I need to be able to control whether users can authenticate with the off-site LDAP based on whether they're allowed to use the VPN. My current solution involves having our own local LDAP server, which has a referral to the off-site server (I got most of my information from here: http://www.zytrax.com/books/ldap/ch7/referrals.html). This means that when local users try to check their credentials with the local server, it redirects them to the off-site server, which checks the credentials. This works for authentication, but not for authorization. It would be easiest to add a vpn_users group or is_vpn_user attribute on the off-site server, but, well, that's above my pay grade. Is there any way I can use the local server to control whether users have access to the VPN without needing to change the off-site server? If I could somehow use it to have a local vpn_users group without the users in it having to be located on the local server, that would probably work, but I have no idea how to set that up or if LDAP even supports such a configuration. For reference, I'm using the openvpn-auth-ldap (https://code.google.com/p/openvpn-auth-ldap/) plugin.

Read the article
Expanding to dual video cards

- by Anthony Greco

I know a lot of factors can go into play here, so I will list my current hardware and setup: MOBO: GIGABYTE GA-890FXA-UD5 [http://www.newegg.com/Product/Product.aspx?Item=N82E16813128441] Processor: AMD Phenom II X6 1090T Black Edition Thuban 3.2GHz [http://www.newegg.com/Product/Product.aspx?Item=N82E16819103849] Ram: G.SKILL Ripjaws Series 16GB (4 x 4GB) [https://secure.newegg.com/NewMyAccount/OrderHistory.aspx?RandomID=4933910872745320111128011418] Current video card: EVGA 01G-P3-1366-TR GeForce GTX 460 SE [http://www.newegg.com/Product/Product.aspx?Item=N82E16814130591] OS: Windows 7 Ultimate x64 Currently I can run 2 monitors just fine in my setup. However, I want to upgrade this to 4 monitors. My question is, what is the best way to do this? I remember in the past reading I need the same type of video card, however would any GeForce GTX work, or do i need that very specific model (EVGA 01G-P3-1366-TR GeForce GTX 460 SE)? Are there any issues I should be aware of before I order 2 new monitors and a video card? Are there video cards better setup for this? I know NVidia offers SLI, however I do not know if my mobo is compliant. My mobo also offers CrossFireX configuration, though from what it says only Radeon are compliant. Any suggestions / feedbacks on my best route with my current setup is appreciated. Even if you suggest buying 2 new identical video cards, as long as you can mention which and why that is better I really appreciate it. Note: I really do not do any gaming. I sometimes do some 3D work in Unity and very rarely in Maya. Besides that I mostly do all my computer work in Visual Studios and Photoshop. I however need the 2 extra monitors because I monitor sometimes 5 remote desktops at once and switching on only 2 is becoming a very big pain. Also seeing 3 side by side while I work on the 4th will be very helpful. Again, I appreciate any feedback, as I have googled a bunch and just want to make sure what I buy will work.

Read the article
Using Confluence with virtual hosts and mod_proxy

- by Marcus

Hi @all, on a test server I have installed the latest version of Confluence. I configured a apache with ajp. But I have a problem, when I login in Confluence, I get the following error message: Not Found The requested URL / / homepage.action was not found on this server. The problem seems to be known, I found following Link: http://confluence.atlassian.com/display/DOC/Using+Apache+with+virtual+hosts+and+mod_proxy But unfortunately the forwards have not helped, I still get the error messages. Does anyone have any idea how I could solve the problem? The following Apache configuration I have set up: LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so <IfModule proxy_http_module> ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> Order allow,deny Allow from all </Location> ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ </IfModule>

Read the article
Proxy Settings per Machine not working on windows server 2008 R2 SP1

- by Anirudh Goel

i have a very interesting problem and would appreciate any help for it. In my scenario i have scripts which bring up a VM inside a domain. Now i want to enable internet access for all the VM's and they go through a proxy. I interact with the VM's using remote sessions and use the credentials of a user which belogs to the domain administrator group. Now problem is that, i create VM's on the fly and destroy them as well,and the scripts i run during their lifetime require internet access on them.So i cannot statically set the proxy settings thus i used the option of Active Directory Group Policy Management. I initially used the "User Configuration" option and set the proxy, which worked like a charm when ever i log inside the machine. However it doesn't work if i use to remote login to the machine with an account which has not yet logged in to the machine. So i used this link to configure it to work on Per Machine, the group policy has worked fine and it reflects in the browser too. But i am not able to resolve any dns name like http://www.google.com or any internet based site. Any idea what i can do?

Read the article
Forcing a particular SSL protocol for an nginx proxying server

- by vitch

I am developing an application against a remote https web service. While developing I need to proxy requests from my local development server (running nginx on ubuntu) to the remote https web server. Here is the relevant nginx config: server { server_name project.dev; listen 443; ssl on; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; location / { proxy_pass https://remote.server.com; proxy_set_header Host remote.server.com; proxy_redirect off; } } The problem is that the remote HTTPS server can only accept connections over SSLv3 as can be seen from the following openssl calls. Not working: $ openssl s_client -connect remote.server.com:443 CONNECTED(00000003) 139849073899168:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 226 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- Working: $ openssl s_client -connect remote.server.com:443 -ssl3 CONNECTED(00000003) <snip> --- SSL handshake has read 1562 bytes and written 359 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 1024 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : RC4-SHA <snip> With the current setup my nginx proxy gives a 502 Bad Gateway when I connect to it in a browser. Enabling debug in the error log I can see the message: [info] 1451#0: *16 peer closed connection in SSL handshake while SSL handshaking to upstream. I tried adding ssl_protocols SSLv3; to the nginx configuration but that didn't help. Does anyone know how I can set this up to work correctly?

Read the article
Cacti is ignoring hash marks in interface aliases

- by Matt Simmons

I'm attempting to set up Cacti to monitor a router's interfaces, and I'm having trouble getting the graph templates to show the information that I'd like. Our interface configuration looks like this: interface GigabitEthernet3/6 description WalljackNumber # Server info no ip address no shutdown switchport switchport access vlan 116 switchport mode access ip dhcp snooping trust spanning-tree portfast The "Server Info" string is really just the machine name, and a short relevant description, such as "PolarSprings vmnic2". The important part appears to be that it follows the hashmark. When I run snmpwalk, I get the proper output: IF-MIB::ifAlias.230 = STRING: WalljackNumber # Server info But in Cacti, when I go into the graph templates and set the title to this: |host_description| - Traffic - |query_ifName| (|query_ifAlias|) All that shows up in the graph is: switchname - Traffic - Gi3/6 (WalljackNumber #) Which strikes me as a little weird. What I suppose MAY be happening is that somewhere in the cacti stream, it's interpreting # as being a comment and stripping everything after, but I'm not sure. I was hoping someone could tell me that this was a known documented behavior, or that I could change it in a setting that I wasn't aware of. The alternative answer is to change the delimiter from # to something else, but I've got over a thousand lit switchports on an old college infrastructure, and I'm not sure what else might be relying on them.

Read the article
VirtualBox: Can't get Bridged Networking to work (Win7 host)

- by MikeTheTall

I'm trying to set up a virtual LAMP server, including sharing files between the guest OS (Ubuntu Server) and the host OS (Windows 7) using samba. I think my problem is that I can't get Bridged (or Host-Only) networking to work in VirtualBox. I can boot the Linux VM just fine with NAT, but then can't access any services on it directly (except after port-forwarding port 80)(my understanding is that port-forwarding works because I'm not running a web server on the host OS, and therefore it can forward traffic to the unused port 80). I don't think that port-forwarding samba traffic (from the host to the guest) will work since I think that the host OS is using those ports. When I turn off NAT and turn bridged networking on I get an error. The VM fails to boot, with a dialog popping up (title: VirtualBox - Error) that says "Failed to open a session for the virtual machine UbuntuServer. Configuration error: Failed to get MAC address (VERR_CFGM_VALUE_NOT_FOUND). I'm hoping that once this is resolved then samba will work ok :) Any advice on this would be great (how to fix it would be wonderful, next steps for troubleshooting would be great, too :) )

Read the article
How can I debug solutions in Visual Studio 2010 from a network share?

- by alastairs

I've recently got a new Mac laptop and am running VS2010 in a Parallels virtual machine. It's mostly working out well for me, but I'm having some problems with debugging specific project types, related to the fact that the projects are being accessed via a network share. Test projects don't run because the test runner can't load the tests' DLL. Web projects fail to run in the Visual Studio mini web server, throwing the following exception: 'An error occurred loading a configuration file: Failed to start monitoring changes to path\to\web.config'. I've spent the evening trawling the web with little luck on this. After reading these two posts, I tried out the usual CasPol changes, but then found this post from one of the early VS2010 betas indicating that CasPol is no longer needed/supported in .NET 4.0 and VS2010. The network share is accessible via both a mapped drive and the UNC path. The virtual machine runs its applications under the administrator account, which appears to have all the necessary permissions on the network share to create, read, write and delete files and folders. I say "appears to have" as I can't view the Security Properties of the appropriate folder via Explorer: the Security tab just isn't present. Has anyone managed to successfully load and debug web and test projects from a network share in VS2010?

Read the article
Diagnosing a BSOD involving USB

- by David Ebbo

[Running Win7 Ultimate 64 bit] My new HP Pavilion Elite HPE-450t has been plagued by BSDO crashes since I got it about 5 weeks ago. The crashes are somewhat rare, sometimes not occurring for 3 or 4 days. I have spent a lot of time trying to isolate the device that could be at fault, but I have seen crashes with only the keyboard and mouse plugged in (as USB devices), and I tried two sets of keyboard/mouse, so I'm running out of ideas. :( The WhoCrashed tool gave this info about my latest BSOD: crash dump file: C:\Windows\Minidump\121310-11887-01.dmp This was probably caused by the following module: usbport.sys (USBPORT+0x2DE4E) Bugcheck code: 0xFE (0x5, 0xFFFFFA8008F571A0, 0x80863B34, 0xFFFFFA80092F2510) Error: BUGCODE_USB_DRIVER file path: C:\Windows\system32\drivers\usbport.sys product: Microsoft® Windows® Operating System company: Microsoft Corporation description: USB 1.1 & 2.0 Port Driver Bug check description: This indicates that an error has occurred in a Universal Serial Bus (USB) driver. The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time. I looked at http://msdn.microsoft.com/en-us/library/ff560407(VS.85).aspx, and for Parameter1 = 0x5, it says "A hardware failure has occurred due to a bad physical address found in a hardware data structure. This is not due to a driver bug". Should I conclude that it's a hardware issue in the machine itself, rather than a bad USB driver or USB device? Here is the MiniDump, in case someone can get more info out of it: http://ewt52q.blu.livefilestore.com/y1peS4Ce8nSK1SXghzMDoxDWXlaEu-EKCJsv25y8y5DXXIUzZ9U0_tYgFJXd939fykwa0zRmx98IW0PYG18GioqKAuARYjtspSA/121310-11887-01.dmp?download&psid=2

Read the article
Xmodmap fails to remap modifier keys

- by ZyX

When I try to move keys, so that I have CapsLock on escape, Control on CapsLock and Escape on left control, I get the following error: % xmodmap ~/.Xmodmap X Error of failed request: BadValue (integer parameter out of range for operation) Major opcode of failed request: 118 (X_SetModifierMapping) Value in failed request: 0x17 Serial number of failed request: 15 Current serial number in output stream: 15 That is the code that fails: remove Lock = Caps_Lock ! ESC keycode 9 = Caps_Lock add Lock = Caps_Lock remove Control = Control_L ! CapsLock keycode 66 = Control_L add control = Control_L ! Control_R keycode 37 = Escape ! 2*Meta_L keycode 148 = Meta_L add mod1 = Meta_L If I comment out all lines that start with either add or remove it runs without any errors, but does not do what I want. Program versions (Gentoo x86 (stable)): xorg-server-1.7.6 xmodmap-1.0.4 xf86-input-evdev-2.3.2 Xorg.conf: # nvidia-xconfig: X configuration file generated by nvidia-xconfig # nvidia-xconfig: version 1.0 (buildmeister@builder63) Fri Aug 14 17:54:58 PDT 2009 Section "ServerLayout" Identifier "Layout0" Screen 0 "Screen0" InputDevice "Evdev Keyboard" "CoreKeyboard" InputDevice "Evdev Mouse" "CorePointer" EndSection Section "Module" Disable "dri" Disable "dri2" Disable "record" EndSection Section "InputDevice" Identifier "Evdev Keyboard" Driver "evdev" Option "Device" "/dev/input/event2" Option "CoreKeyboard" Option "AutoRepeat" "500 25" Option "XkbRules" "xorg" Option "xkb_rules" "xorg" Option "XkbModel" "yahoo" Option "xkb_model" "yahoo" Option "XkbLayout" "dvp2" # ,ru2 Option "xkb_layout" "dvp2" # ,ru2 # Option "XkbVariant" "" # ,winkeys Option "XkbOption" "grp_led:scroll,grp:rctrl_toggle,compose:rwin,grp:lwin_switch" # grp:lwin_switch EndSection Section "InputDevice" Identifier "Evdev Mouse" Driver "evdev" Option "CorePointer" Option "Device" "/dev/input/event3" Option "Name" "Genius Ergo Mouse" Option "HWHEELRelativeAxisButtons" "7 6" Option "WHEELRelativeAxizButtons" "4 5" Option "SendCoreEvents" "true" Option "Buttons" "11" EndSection Section "Files" FontPath "/usr/share/fonts/misc" FontPath "/usr/share/fonts/Type1" FontPath "/usr/share/fonts/100dpi" FontPath "/usr/share/fonts/75dpi" FontPath "/usr/share/fonts/terminus" # FontPath "/usr/share/fonts/intlfonts" FontPath "/usr/share/fonts/ttf-bitstream-vera" # FontPath "/usr/share/fonts/ttf" FontPath "/usr/share/fonts/corefonts" FontPath "/usr/share/fonts/paratype" EndSection Section "Monitor" Identifier "Monitor0" VendorName "Unknown" ModelName "Unknown" HorizSync 28.0 - 33.0 VertRefresh 43.0 - 72.0 Option "DPMS" EndSection Section "Device" Identifier "Device0" Driver "nvidia" VendorName "NVIDIA Corporation" EndSection Section "Screen" Identifier "Screen0" Device "Device0" Monitor "Monitor0" DefaultDepth 24 SubSection "Display" Depth 24 EndSubSection EndSection Section "Extensions" Option "Composite" "Disable" EndSection Section "ServerFlags" # Option "XkbDisable" "false" # Option "AutoAddDevices" "false" Option "DontVTSwitch" "false" Option "DontZap" "false" # Option "DontZoom" "true" EndSection Everything worked before update.

Read the article
Apache + PHP via FastCGI

- by Wilco

I'm running into some problems while attempting to run PHP via FastCGI in Apache. I have the FastCGI module loaded, but get the following error when attempting to load a page: The requested URL /fastcgi/php54.fcgi/index.php was not found on this server. Somewhere, it seems that the script to be executed is appended to the executable without any spaces. Is this where the problem likely is? Below I've included snippets from my Apache configuration (hopefully this is enough): LoadModule fastcgi_module libexec/apache2/mod_fastcgi.so FastCgiIpcDir /var/run/fastcgi AddHandler fastcgi-script .fcgi FastCgiConfig -autoUpdate -singleThreshold 100 -killInterval 300 AddType application/x-httpd-php .php ScriptAlias /fastcgi/ /Library/WebServer/FCGI-Executables/ <Directory "/Library/WebServer/FCGI-Executables"> Options +ExecCGI SetHandler fastcgi-script Order allow,deny Allow from all <VirtualHost *:80> ServerName www.somedomain.com ServerAdmin [email protected] DocumentRoot "/Web/www.somedomain.com" DirectoryIndex index.html index.php default.html CustomLog /var/log/apache2/access_log combinedvhost ErrorLog /var/log/apache2/error_log Action application/x-httpd-php /fastcgi/php54.fcgi <IfModule mod_ssl.c> SSLEngine Off SSLCipherSuite "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM" SSLProtocol -ALL +SSLv3 +TLSv1 SSLProxyEngine On SSLProxyProtocol -ALL +SSLv3 +TLSv1 </IfModule> <Directory "/Web/www.somedomain.com"> Options All -Indexes +ExecCGI +Includes +MultiViews AllowOverride All <IfModule mod_dav.c> DAV Off </IfModule> <IfDefine !WEBSERVICE_ON> Deny from all ErrorDocument 403 /customerror/websitesoff403.html </IfDefine> </Directory> </VirtualHost> ... and this is the executable: #!/bin/sh PHP_FCGI_CHILDREN=1 PHP_FCGI_MAX_REQUESTS=5000 export PHP_FCGI_CHILDREN export PHP_FCGI_MAX_REQUESTS exec /opt/local/bin/php-cgi54

Read the article
With no password expire notification at logon in Windows 7, how are you configuring password expire

- by J. L.

To my understanding, Windows 7 users do not receive password expiration notification during the logon process - it occurs strictly from the system tray. We currently have tray balloon notifications disabled to lessen user distraction, and I expect the password change process is a smoother one during the logon process rather than in an existing session. As a result, users will get prompted to change their passwords at expiration. The users also connect to Terminal Services boxes, but receive the advanced notification for password expiration there. So, Windows 7 is not notifying, but TS/RDS and XP boxes are. Any guidance on configuring this? Personally, I would turn off all expiration notices, but I understand most users would prefer to see the notification. Thoughts? Any GPO or other settings I might be overlooking? The interactive logon setting below is already enabled for our Win7 workstation GPO. My thought is balloon notifications will get turned back on for Windows 7, but I wanted to see if anyone was aware of alternatives. Thanks. Computer Configuration\Windows Settings\Security Settings\Local Policies - Security Options Interactive logon: Prompt user to change password before expiration

Read the article
Debian, Apache2, CGI: paths issue

- by Bubnoff

I have a perl form email script on the servers cgi-bin directory ( /usr/lib/cgi-bin ). /etc/apache2/sites-enabled/000-default ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch AddHandler cgi-script cgi pl Order allow,deny Allow from all </Directory> The issue is with paths. html calls script here: <form name="Request" method="post" action="http://server-test.local/cgi-bin/formprocessorpro.pl" onsubmit="return checkWholeForm49874(this)"> The directory with the templates and configs is passed here: <input type="hidden" name="base_path" value="../contact" /> The path to this form is: http://server-test.local/formstest/contact.htm No matter what variation I try for the base_path I get an error from the formprocessor script that it can't find the directory: An error occurred when opening the Form Configuration File (../contact/form.cfg): No such file or directory. I need to move this script from an old server, configured by a previous sysadmin, to a new server. Since cgi-bin is automatically linked to /usr/lib/cgi-bin and linked such that the script resides: http://server-test.local/cgi-bin/formprocessorpro.pl I would imagine that, given that the templates are in the webroot in a directory called contact, the correct path would be: ../contact Any ideas? It's been awhile since I've messed with CGI. Bubnoff

Read the article
Database mirroring login failure attempts on mirror server

- by Chandan

I have configured database mirroring between two servers at a distance 40 miles away from each other. Server specifications: SQL Server 2008,Standard Edition 64-bit This is same for principal,mirror and witness. The configuration is high-safety with automatic failover Initially we tested our .net application(web application) on both the principal and mirror and made sure that the login is not orpahned. Things run fine generally.But sometimes on the mirror server,I see login failed attempts: Login failed for user 'd0main\user'. Reason: Failed to open the explicitly specified database. [CLIENT: xx.xx.x.x] Message Error: 18456, Severity: 14, State: 38. This error appears 3-4 times a day but not more than that. My question to the experts is:If the principal is alive so why the application tries to connect to mirror.The default time-out for a .net webpage is 30 seconds,so is it possible that the application tries to connect principal and after 30 seconds even if principal is alive,it assumes that it is dead and thus tries to open a connection to mirror where it fails. Please help me with this problem.

Read the article
How can I write automated tests for iptables?

- by Phil Frost

I am configuring a Linux router with iptables. I want to write acceptance tests for the configuration that assert things like: traffic from some guy on the internet is not forwarded, and TCP to port 80 on the webserver in the DMZ from hosts on the corporate LAN is forwarded. An ancient FAQ alludes to a iptables -C option which allows one to ask something like, "given a packet from X, to Y, on port Z, would it be accepted or dropped?" Although the FAQ suggests it works like this, for iptables (but maybe not ipchains as it uses in the examples) the -C option seems to not simulate a test packet running through all the rules, but rather checks for the existence for an exactly matching rule. This has little value as a test. I want to assert that the rules have the desired effect, not just that they exist. I've considered creating yet more test VMs and a virtual network, then probing with tools like nmap for effects. However, I'm avoiding this solution due to the complexity of creating all those additional virtual machines, which is really quite a heavy way to generate some test traffic. It would also be nice to have an automated testing methodology which can also work on a real server in production. How else might I solve this problem? Is there some mechanism I might use to generate or simulate arbitrary traffic, then know if it was (or would be) dropped or accepted by iptables?

Read the article
SSHing thru an HTTP proxy

- by Siler

Typical scenario: I'm trying to SSH thru a corporate HTTP proxy to a remote machine using corkscrew, and I get: ssh_exchange_identification: Connection closed by remote host Obviously, there's a lot of reasons this might be happening - the proxy might not allow this, the remote box might not be running sshd, etc. So, I tried to tunnel manually via telnet: $ telnet proxy.evilcorporation.com 82 Trying XX.XX.XX.XX... Connected to proxy.evilcorporation.com. Escape character is '^]'. CONNECT myremotehost.com:22 HTTP/1.1 HTTP/1.1 200 Connection established So, unless I'm mistaken... it looks like the connection is working. So, why then, doesn't it work via corkscrew? ssh -vvv [email protected] -p 22 -o "ProxyCommand corkscrew proxy.evilcorporation.com 82 myremotehost.com 22" OpenSSH_6.6, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Executing proxy command: exec corkscrew proxy.evilcorporation.com 82 myremotehost.com 22 debug1: permanently_set_uid: 0/0 debug1: permanently_drop_suid: 0 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1 ssh_exchange_identification: Connection closed by remote host

Read the article
Multiple IP's using one NIC connectivity problem - Windows

- by Vincent

I have a frame relay network that is directly connected to a GPRS network. I also have a ADSL high speed network and recently I have been trying to achieve the following network configuration using windows 7 (Also tried XP) with no success to date. On one server I have two NIC's NIC1 I would like the following two static IP address's 10.0.1.110 and 10.0.1.200 the cisco router has a default gateway of 10.0.1.1 the ADSL is DHCP. NIC1 and the cisco router do not have access to the internet. NIC2 is setup for DHCP with a primary DNS and secondary DNS configured to enable internet connectivity. With NIC1 all incoming TCP connections are from IP address's starting with 10.192.x.x I cannot establish a TCP connection to both 10.0.1.110 and 10.0.1.200. Its either one or the other. I have a static route implemented in windows of: route -p 10.192.0.0 mask 255.255.0.0 10.0.1.1 metric 1 I have tried leaving out the gateway in the NIC1 and many other combinations with no success. Can anyone please help? What am I doing wrong?

Read the article
How do I remove a USB drive's write protection?

- by nate

I have a SanDisk Cruser Blade USB stick that suddenly seems to be write protected. I tried running DiskPart but after I write the command "attributes disk clear readonly" it displays this: Microsoft DiskPart version 5.1.3565 ADD - Add a mirror to a simple volume. ACTIVE - Marks the current basic partition as an active boot partition. ASSIGN - Assign a drive letter or mount point to the selected volume. BREAK - Break a mirror set. CLEAN - Clear the configuration information, or all information, off the disk. CONVERT - Converts between different disk formats. CREATE - Create a volume or partition. DELETE - Delete an object. DETAIL - Provide details about an object. EXIT - Exit DiskPart EXTEND - Extend a volume. HELP - Prints a list of commands. IMPORT - Imports a disk group. LIST - Prints out a list of objects. INACTIVE - Marks the current basic partition as an inactive partition. ONLINE - Online a disk that is currently marked as offline. REM - Does nothing. Used to comment scripts. REMOVE - Remove a drive letter or mount point assignment. REPAIR - Repair a RAID-5 volume. RESCAN - Rescan the computer looking for disks and volumes. RETAIN - Place a retainer partition under a simple volume. SELECT - Move the focus to an object. It's like when you type help at the DiskPart prompt, so how do I get past this? This problem started when I plugged the stick into a laptop which had viruses, if that's any help.

Read the article
How to find the real IP to which IPVS is routing a virtual IP

- by Wayne Conrad

I'm trying to find a problem server hiding behind a virtual IP (using LVS/ipvs). I've got a test program that sends requests to the virtual IP until it gets the bad response, but how can I tell to which real IP a request to the virtual IP got routed? On the box doing the virtual IP magic, here's the virtual IP configuration (for the service I care about): IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn ... TCP 10.1.0.254:5025 nq -> 10.1.0.5:5025 Route 1 0 1 -> 10.1.0.6:5025 Route 1 0 5 -> 10.1.0.7:5025 Route 1 0 2 -> 10.1.0.9:5025 Local 1 0 3 -> 10.1.0.11:5025 Route 1 0 3 ... My client program is sending TCP requests to 10.1.0.254:5025, usually getting a good response but sometimes a bad response. With this few servers, I could send my request to each server in turn until I discover the culprit, but I wonder if that technique will scale as we add servers. What means exist for me to find out where requests got routed? Kernel: Linux 2.6.32 OS: Debian testing (whatever that's called these days). ipvsadm is version 1.25, compiled with ipvs v1.2.1

Read the article
How do I specify the emergency location in CDP?

- by chrish

In the LLDP-MED and Cisco Discovery Protocol whitepaper, it compares LLDP-MED and CDP. The part I am interested in is emergency location configuration. In LLDP-MED, I can specify the Emergency Line Indentification Number (ELIN) and that number will be used by some IP Phones (e.g. Aastra) when placing emergency calls. The whitepaper states: Location Identification Discovery This capability is important because it normally provides location information from the switch to the phone. (If the phone is configured with location information or can determine its location, then it may send this information to the switch. However, the real value is getting this information from the switch to the phone for phones that cannot determine their own location.) Location identification discovery allows the phone to be aware of its location-information that can be used for location-based applications on the phone. More importantly, this capability can be used to provide location information when making emergency calls. Both Cisco Discovery Protocol and LLDP-MED support the transportation of location information. However, LLDP-MED has more supported data formats than Cisco Discovery Protocol. I have found the documentation on how to set the location and associate the location to the interfaces for LLDP-MED. How is this done for CDP? Is ELIN supported for CDP?

Read the article
How to subnet hosted VMs

- by bwizzy

I have a network of VMs each having a LAN IP address and a public IP address. They each have a 1:1 NAT map for public access via the public IP for HTTP, SSH etc. I'm trying to figure out a way to restrict the LAN IPs from talking to each other, but there are some cases where a group of LAN IPs will need to communicate. I'm using pfSense as a firewall / router on a 192.168.0.0/24 configuration. It seems like I could assign each VM it's own subnet and add a static route to the firewall for that VM to get back to the firewall for internet access / other fw rules. Is that right? I assigned 1 VM with: address 192.168.1.2 netmask 255.255.255.254 gateway 192.168.1.1 Then added a static route on the FW's LAN interface using 192.168.1.0/30 as the destination network and 192.168.1.1 as the gateway. Nothing appears to be working, anyone have any ideas? Please be aware I'm not that familiar with subnets. Thanks!

Read the article

< Previous Page | 472 473 474 475 476 477 478 479 480 481 482 483 | Next Page >