Search Results

Search found 33247 results on 1330 pages for 'anonymous access'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 511/1330 | < Previous Page | 507 508 509 510 511 512 513 514 515 516 517 518  | Next Page >

  • ADFS 2.1 proxy trust establishment error

    - by Tommy Jakobsen
    I'm trying to install an ADFS proxy. In our intranet we have a ADFS 2.1 server running on Windows 2012 which is working fine. Now we're trying to deploy a proxy to this one for internet access, using Windows 2012 R2's Web Application Proxy. I'm getting the following error on the proxy server, event ID 393: Message : An error occurred while attempting to establish a trust relationship with the Federation Server. An error occurred when attempting to establish a trust relationship with the federation service. Error: Forbidden Context : DeploymentTask Status : Error I'm not getting any errors on the ADFS server. I've tried with different credentials. The ADFS service account, a domain administrator who is a member of the local administrators group on the ADFs server, and the local administrator account on the ADFS server. Same error message. Both port 80 and 443 is accessible from the proxy server to the internal ADFS server, and I can access the ADFS metadata endpoint from the proxy server. I'm using the same trusted SSL certificate (wildcard) on both machines. Do you have any ideas that can help me troubleshoot this problem?

    Read the article

  • Windows 2008, IIS7 and virtual directories

    - by Thomas
    I created a virtual directory called test (C:\test) under the Default Web Site and added two simple test files (one html and one aspx). I thought I had to add the IUSR and NetworkService (for application pools) to C:\test and grant the users appropriate rights in order for IIS7 to serve the content. It appears that is not the case at all as I can view any files in the virtual directory (even if I convert it to an application) without changing or adding any security settings on the C:\test folder. I just installed IIS7 with ASP.NET on Windows 2008 without changing any settings besides adding the virtual directory. Am I missing something? Even my book on IIS7 states that the user accounts should be added an appropriate rights should be added. I added the following to answer the comments: I am referencing the file using a public IP http://xxx.xxx.xxx.xxx/test/one.html and the IP nor localhost is in my trusted sites. I am not signed in on the server at all as I am accessing the content from my home machine and the content is on my production server. The following users/groups have access to c:\test on the server (Creator Owner, System, Administrators, Users) and the app pool is running under the default NetworkService account. I basically installed win2008, added the IIS role with asp.net. I then opened IIS7, added a virtual directory and copied two files to the directory to test. It works which is great but I want to understand why it works. How is it that IIS7 can access files in the C:\test folder without any permissions set.

    Read the article

  • Task scheduler "hidden" only hides task, not process

    - by Brandi
    I am trying to make an application that acts like a desktop application for all the computers in our network. I have already got a windows forms app that works like I want it to, and I'm using the task scheduler to start it on login. We would really like it if the process as well as the task is hidden from the task manager in order to avoid accidental deletion. Selecting "Hidden" in the task scheduler hides the task (good!) but the process is still visible (not good enough). I tried using the option to run as "SYSTEM" or "LOCAL SERVICE" so that the user would get "access denied" when trying to delete or just wouldn't even view it by default. However, running as a service makes the process invisible on Vista and 7, and the point of my app is to display information interactively. (User can click, sort, etc). Is there any other alternatives to either run the process as someone/something besides the logged in user and still have the logged on user be able to see and interact with it? (Therefore it would list as someone else's app?) From what I've read on the internet, the only ways to actually hide something from the task manager seem hacky and/or difficult and rather involved. I don't really want to write a bunch of C or whatever only to maybe not have it work on Vista/7 anyway. Besides which, for a legitimate app with a legitimate use, I shouldn't have to go to those extremes... I see "Access Denied" all the time for system processes... why is it so hard for me to do the same? So does anyone have any simple solutions? Is it easier than I think to just list something in the task manager as another user? Thanks in advance for any replies.

    Read the article

  • WebSphere MQ running under local account / group cannot read group memberships for Active Directory user. Workaround or alternative resolution?

    - by noahz
    I am developing an application that is using WebSphere MQ v6.0. WebSphere MQ is currently not working due to the following issue: WebSphere MQ service runs under local user "MUSR_MQADMIN" in the local group "mqm" I attempt to use the service using my own account, BIZ\noahz MUSR_MQADMIN needs to check if BIZ\noahz is in local group "mqm" MUSR_MQADMIN does not have permission to read the Active Directory group membership of BIZ\noahz The following error appears in the MQ log file: ----- amqzfubn.c : 3582 ------------------------------------------------------- 1/31/2011 18:51:32 - Process(704.1105) User(MUSR_MQADMIN) Program(amqzlaa0.exe) AMQ8079: Access was denied when attempting to retrieve group membership information for user 'noahz@biz'. EXPLANATION: WebSphere MQ, running with the authority of user 'musr_mqadmin@noahz-biz', was unable to retrieve group membership information for the specified user. ACTION: Ensure Active Directory access permissions allow user 'musr_mqadmin@noahz-biz' to read group memberships for user 'noahz@biz'. To retrieve group membership information for a domain user, MQ must run with the authority of a domain user. ----- amqzfubn.c : 3582 ------------------------------------------------------- I found more information is here on IBM's web site: http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/index.jsp?topic=/com.ibm.mq.amqtac.doc/wq10830_.htm I don't have Active Directory admin rights for my Windows machine, so my question is: Is there anything else I can do to resolve (or work-around) this issue and get WebSphere MQ working for me again? For example, can I disable this security check in WebSphere MQ?

    Read the article

  • Exchange 2010 add mailbox server to DAG error

    - by Michael
    Hello, i'm having some problems when adding a second mailbox server to my DAG in Exchange 2010. The test setup goes like this: 1x windows server 2008 (DC/DNS) 2x windows server 2008 (Exchange 2010) I have made sure all services are up and running and that the "Exchange Trusted Subsystem" account is set as a local admin. When i create a DAG i can add the first mailbox server (A) without any problems, but when i go to add the second (B) it gives me an error saying "Unable to contact the Cluster service on 1 other members (member) of the Database availability group. It does the same if i add (B) first and then try to add (A). Here is a part of the log file: [2010-04-05T15:00:27] GetRemoteCluster() for the mailbox server failed with exception = An Active Manager operation failed. Error: An error occurred while attempting a cluster operation. Error: Cluster API '"OpenCluster(EXCHANGE20102.area51.com) failed with 0x6d9. Error: There are no more endpoints available from the endpoint mapper"' failed.. This is OK. [2010-04-05T15:00:27] Ignoring previous error, as it is acceptable if the cluster does not exist yet. [2010-04-05T15:00:27] DumpClusterTopology: Opening remote cluster AREA51DAG01. [2010-04-05T15:00:27] DumpClusterTopology: Failed opening with Microsoft.Exchange.Cluster.Replay.AmClusterApiException: An Active Manager operation failed. Error: An error occurred while attempting a cluster operation. Error: Cluster API '"OpenCluster(AREA51DAG01.area51.com) failed with 0x5. Error: Access is denied"' failed. --- System.ComponentModel.Win32Exception: Access is denied --- End of inner exception stack trace --- Any help would be really appreciated, thanks.

    Read the article

  • untrusted (self-sign) certificate on android browser

    - by Basiclife
    Hi all, Apologies for the brevity of this question but due to an unfortunate series of events, I've managed to brick my PC so am posting from my phone... We've just set up Windows Small Business Server 2008 at work which has an external web portal accessible via HTTPS. We haven't yet bought?installed any certificates. The portal provides access to email, sharepoint, remote desktop, etc.... (I'm aware some of these are never going to work on the phone) From firefox / other desktop browsers, this displays an "untrusted cert' warning which I can choose to ignore. When browsing from my mobile I get a popup notification which says. "A secure connection could not be established" when I OK this (my only option) I see the standard android-generated "unable to load page - has it moved?" Page. Does anyone know of a way to either accept the certificate temporarily or allow untrusted certificates generally? I'm aware that the latter option is non-ideal in the mid to long term but at the moment, I need to access the portal and am willing to either toggle settings as/when required or forego using the mobile for banking, etc... to mitigate my risk. Thanks in advance for any help you can provide and apologies again for brevity In case it helps I'm on the G1 running android 1.6 using the default browser

    Read the article

  • routing table permissions under Windows 7 and openvpn

    - by pilcrow
    My ovpn client, 32-bit OpenVPN 2.1.1 on 64-bit Windows 7 Pro, cannot accept routes pushed to it by my remote endpoint ovpn server. This happens even if I invoke OpenVPN as a member of Administrators, and whether or not I've specified script-security 2 (as suggested by [this question][2]). Mon Mar 29 12:57:19 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.254.3/255.255.255.0 on interface {8BE2E9CF-F4C9-4A5E-98FD-E12DF1B6C3A4} [DHCP-serv: 192.168.254.3, lease-time: 86400] Mon Mar 29 12:57:19 2010 NOTE: FlushIpNetTable failed on interface [14] {GUID} (status=5) : Access is denied. Mon Mar 29 12:57:24 2010 TEST ROUTES: 8/8 succeeded len=8 ret=1 a=0 u/d=up Mon Mar 29 12:57:24 2010 C:\WINDOWS\system32\route.exe ADD 172.20.1.0 MASK 255.255.255.0 192.168.254.1 Mon Mar 29 12:57:24 2010 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=14] Mon Mar 29 12:57:24 2010 Route addition via IPAPI failed [adaptive] Mon Mar 29 12:57:24 2010 Route addition fallback to route.exe Mon Mar 29 12:57:24 2010 ERROR: Windows route add command failed [adaptive]: returned error code 1 ... and so on for each specific route the server pushes out. It doesn't seem right to me that the administrative user, the one configured at Windows 7 install time, should need further privileges. What am I missing?

    Read the article

  • Cisco PIX to Juniper Netscreen Policy-based VPN fails Phase 2 Proposal

    - by elint
    I've followed the instructions to configure a VPN between a netscreen device and a Cisco PIX as directed by Cisco's [netscreen to PIX VPN]http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801c4445.shtml article. The only differences are that I'm running PIX 6.3(5) and Juniper Netscreen 6.1.0r2.0 (Firewall+VPN). I followed both configurations exactly, and when I try to connect, the Juniper returns with: 2010-02-21 12:54:28 information IKE: Removed Phase 2 SAs after receiving a notification message. 2010-02-21 12:54:28 information IKE pix_public_IP: Received a notification message for DOI 1 14 NO-PROPOSAL-CHOSEN. 2010-02-21 12:54:28 information IKE pix_public_IP Phase 2: Initiated negotiations. On the Netscreen, I've created a Phase 2 Proposal called ToCorpOffice using DH Group#2, 3DES-CBC, and SHA-1, and when configuring the AutoKey IKE, I chose ToCorpOffice and removed all other transforms. I believe I've configured the same on the PIX with: sysopt connection permit-ipsec crypto ipsec transform-set mytrans esp-3des esp-sha-hmac crypto map mymap 10 ipsec-isakmp crypto map mymap 10 match address nonat crypto map mymap 10 set pfs group2 crypto map mymap 10 set peer netscreen_public_ip crypto map mymap 10 set transform-set mytrans crypto map mymap interface outside Saved that and rebooted, so here's the cryptomap info: PIX-FW1# show crypto map Crypto Map: "mymap" interfaces: { outside } Crypto Map "mymap" 10 ipsec-isakmp Peer = netscreen_public_ip access-list nonat; 1 elements access-list nonat line 1 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 (hitcnt=0) Current peer: netscreen_public_ip Security association lifetime: 4608000 kilobytes/28800 seconds PFS (Y/N): Y DH group: group2 Transform sets={ mytrans, } PIX-FW1# Any idea why I'm getting a NO-PROPOSAL-CHOSEN error?

    Read the article

  • Installing ikiwiki on nginx - fastcgi/fcgi wrapper

    - by meder
    My ultimate goal is to setup ikiwiki, my current goal is to get a fcgi wrapper working for nginx, so I can move on to the next step... The ikiwiki page points out this page as an example for a fcgi wrapper: http://technotes.1000lines.net/?p=23 So far I've installed the ikiwiki and libfcgi-perl modules through aptitude: aptitude install libfcgi-perl aptitude install ikiwiki It installed those packages as well as some minimal dependency packages. So the next step following the guide at technotes, I grabbed http://technotes.1000lines.net/fastcgi-wrapper.pl but I'm not sure where to actually place this file... do I run it as a service? The script makes a socket file in /var/run/nginx but that directory does not exist.. do I manually create it? So in addition to the .pl file for the cgi wrapper, I need to also define a separate cgi file for parameters. If my conf looks like this... server { listen 80; server_name notes.domain.org; access_log /www/notes/public_html/notes.domain.org/log/access.log; error_log /www/notes/public_html/notes.domain.org/log/error.log; location / { root /www/notes/public_html/notes.domain.org/public/; index index.html; } } And I don't have a cgi-bin directory, where exactly should I create it within my structure, and regarding that I'd obviously have to update the below before I include it in my conf, but I'm just not exactly sure how this would work out. # /cgi-bin configuration location ~ ^/cgi-bin/.*\.cgi$ { gzip off; fastcgi_pass unix:/var/run/nginx/perl_cgi-dispatch.sock; [1]* fastcgi_param SCRIPT_FILENAME /www/blah.com$fastcgi_script_name; [2]* include fastcgi_params; [3]* } Also since the user is www-data and /var/run is root owned, what's the proper way of giving it access? Any tips appreciated.

    Read the article

  • Having trouble redirecting frevvo using mod_proxy

    - by user38859
    This question is similar to this: http://serverfault.com/questions/102868/how-to-access-webservers-running-on-ports-blocked-on-companys-network Basically, I'm using confluence and a plugin called frevvo. Confluence sits on port 8080 while frevvo sits on port 8082. I want to redirect both of them to port 80 via Apache HTTP web server so that it doesn't get blocked by company proxies. I've been using the document on Atlassian that shows me how to run confluence behind Apache (I can't post a second URL due to being a newbie here) I've successfully redirected Confluence from port 8080 to port 80 so I can now access Confluence using www.example.com/confluence. Now I tried doing the same thing to frevvo with the following configurations: Apache httpd: ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /confluence http://localhost:8080/confluence ProxyPassReverse /confluence http://localhost:8080/confluence <Location /confluence> Order allow,deny Allow from all </Location> ProxyPass /frevvo http://localhost:8082/ ProxyPassReverse /frevvo http://localhost:8082/ <Location /forms> Order allow,deny Allow from all </Location> And in server.xml for the frevvo Tomcat instance, I added the following within <Host> tag: <Context path=" " docBase="" debug="0" reloadable="false"> <!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties --> <Manager pathname="" /> </Context> The plugin, frevvo, when accessed through the browser using http://localhost:8082 usually redirect to http://localhost:8082/frevvo/web With the above configuration, when accessing www.example.com.au/frevvo redirects to www.example.com/frevvo/web/static/login - which doesn't work. I hope the above details is clear and appreciate anyone who could give us some insight.

    Read the article

  • .htaccess Permission denied. Unable to check htaccess file

    - by Josh
    I have a strange problem when adding a sub-domain to our virtual server. I have done similar sub-domains before and they have worked fine. When I try to access the sub-domain I get an 403 Forbidden error. I checked the error logs and have the following error: pcfg_openfile: unable to check htaccess file, ensure it is readable I've searched Google and could only find solutions regarding file and folder permissions, that I have checked and the solution isn't solved. I also saw problems with Frontpage Extensions, but that's not installed on the server. Edit Forgot to say that there isn't a .htaccess file in the directory of the sub-domain Edit #2 Still not been able to find a solution on this. Only things I have been able to find out is: It doesn't seem to be a problem with any .htaccess files (I've tried creating blank ones, with correct user privileges). It doesn't seem to be a problem with any folder permissions as they are all set correct. There isn't a problem with the way the sub-domain has been set up, as I've tried pointing the DocumentRoot to another folder and it worked fine. I've also done sub-domains fine before with no problem. Edit #3 Find out more information. I don't think it can be a file permission problem now, because if I access it by going to the server ip and then the directory where the site is hosted it all works fine (minus the stylesheets & images, which is just down to how they are linked)

    Read the article

  • Windows 8 and SMB2 Issues

    - by Rhys Paterson
    We're playing with the consumer preview of Windows 8 and having issues accessing some network shares in our environment. Basically, when I attempt to access a share directly (\[SERVER].[DOMAIN].[NETWORK]\Share$) I get 'An extended error has occured'. The shares reside on an EMC Celerra system. Sorry, I don't really have much more information about it (this is just a little side project). Accessing shares that reside on Windows machines are fine. The Firewall is completley disabled and I am running under full domain administrative credentials. A quick wireshark shows the following group of packets between myself and the server: SMB2 164 NegotiateProtocol Request SMB2 274 NegotiateProtocol Response SMB2 981 SessionSetup Request SMB2 281 SessionSetup Response SMB2 200 TreeConnect Request Tree: \\[SERVER].[DOMAIN].[NETWORK]\[SHARE]$ SMB2 138 TreeConnect Response SMB2 202 Ioctl Request NETWORK_FILE_SYSTEM Function:0x0080 SMB2 131 Ioctl Response, Error: STATUS_INVALID_DEVICE_REQUEST SMB2 126 SessionLogoff Request SMB2 126 SessionLogoff Respons This repeats five times and then (I assume) Windows throws me the above error. A quick Google shows me: 0xC0000010 STATUS_INVALID_DEVICE_REQUEST The specified request is not a valid operation for the target device. Which shows me that NETWORK_FILE_SYSTEM Function:0x0080 request is invalid.. Does anyone know what would cause this? Thanks in advance. Rhys. Edit: FYI - as a workaround, you can disable SMB 2.2 as noted in the EMC thread: sc config lanmanworkstation depend= bowser/mrxsmb10/nsi sc config mrxsmb20 start= disabled This will allow the machine to access the shares. The below answer still stands though :)

    Read the article

  • Getting SMB file shares working over a PPTP VPN

    - by Ben Scott
    I'm having issues getting SMB file shares working over a PPTP VPN. The server setup consists of a security device (DrayTek V3300) which passes the PPTP authentication to a SBS2003 server running RRAS. The server is the DC and provides DNS and WINS, the single NIC's name server is set to the NIC's IP (192.168...), and DHCP on the DrayTek sets the server IP as the DNS. If I create a new VPN connection in Win7, leaving everything as default apart from the server, username, password and domain, I can: ping everything by IP address resolve IPs with nslookup using their fully-qualified name, as in nslookup fileserver.mydomain.local ping machines by fully-qualified name, as in ping fileserver.mydomain.local However if I try to access a file share: within Explorer, I get "Windows cannot access ..." with "Error code: 0x80004005 Unspecified Error", using net use z: \\fileserver.mydomain.local\share, I get "System error 53 has occurred. The network path was not found." If I add the machine name to my HOSTS file I can use the file share, which is my last-ditch workaround, but I have a number of VPN users and would rather a solution that doesn't involve me trying to hand-edit system files on computers half a country away. If I set the WINS server explicitly in the connection's IPv4 settings I don't have to use the FQN to ping the machine, but that doesn't change anything else. EDIT: The PC I'm having the issue on is running Win 7 Home Premium. After more testing I actually have two other PCs that work, one W7HP, one XP Home, and another Vista PC that doesn't work (not tested as much as the others), all four on the same internet connection (behind the same router). All of them were tested with a straight-forward, all defaults, new VPN configuration.

    Read the article

  • Launching firefox on remote server causes local firefox to start instead

    - by terdon
    Right, this is strange. I am connecting from my laptop (LMDE) to a remote host (SUSE linux enterprise) using ssh -X. I want to launch a firefox instance running on the remote server so I can have access to webpages on a private network. User@RemoteMachine $ which -a firefox /usr/bin/firefox User@RemoteMachine $ /usr/bin/firefox --version Mozilla Firefox 2.0.0.2, Copyright (c) 1998 - 2007 mozilla.org User@LocalMachine $ which -a firefox /usr/bin/firefox User@LocalMachine $ /usr/bin/firefox --version Mozilla Firefox 14.0.1 Now, if firefox is not running on the local machine, everything goes as expected and executing firefox on the remote machine causes a firefox (v 2.0) window running on the remote machine to show up. However, if firefox is running on the local machine a second window of firefox 14.0.1 running on the local machine appears. I have checked top in both machines. In the 2nd case, a firefox process briefely appears on the remote machine and then disappears when the local version of firefox is launched. My questions are the following: What gives? How/why can firefox connect to its existing instance on the local machine? The remote machine appears to have access to the local machine. It, in fact, appears to have the right to execute programs on my local machine. Am I missing something or is this just weird? Is this not a security risk?

    Read the article

  • Lync CMS replication is failing for all Domain Computers

    - by Ravi Kanneganti
    I have Lync Server 2010 and Active Directory installed on 2 different Windows Server 2008 R2 machines. I have added a Windows 7 PC to AD. And I have added this computer to Trusted Application Servers Pool and published the topology. I want to build an UCMA application to extend Lync Server functionality. I have installed UCMA 3.0 SDK in the same computer where Lync Server is residing. But, CMS Replication isn't happening and "Get-CsManagementStoreReplicationStatus" always gives Uptodate as "False" for my Windows 7 PC. I have even tried "Invoke-CSManagementStoreReplication" but nothing changed. Also, this is the error message that I can see in the log file: TL_WARN(TF_COMPONENT) [2]0500.07B8::04/05/2012-14:55:07.296.00000f85 (XDS_Replica_Replicator,FileDistributeTask.Execute:filedistributetask.cs(165))(000000000043B3FA)**Could not distribute the file. Exception: [System.IO.IOException: The process cannot access the file because it is being used by another process.** at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.File.Move(String sourceFileName, String destFileName) at Microsoft.Rtc.Xds.Replication.Replicator.Common.FileDistributeTask.Execute()]. TL_NOISE(TF_DIAG) [2]0500.07B8::04/05/2012-14:55:07.296.00000f86 (XDS_Replica_Replicator,ReplicaTaskContainer<T>.OnError:replicataskcontainer.cs(166))(00000000005C39D4)Enter. TL_INFO(TF_COMPONENT) [2]0500.07B8::04/05/2012-14:55:07.296.00000f87 (XDS_Replica_Replicator,ReplicaTaskContainer<T>.OnError:replicataskcontainer.cs(171))(00000000005C39D4)Task error callback is about to be called. TL_VERBOSE(TF_DIAG) [2]0500.07B8::04/05/2012-14:55:07.296.00000f88 (XDS_Replica_Replicator,PerReplicaTaskManager<T>.HandleTaskError:perreplicataskmanager.cs(230))(000000000385E79C)Enter. TL_INFO(TF_COMPONENT) [2]0500.07B8::04/05/2012-14:55:07.296.00000f89 (XDS_Replica_Replicator,PerReplicaTaskManager<T>.HandleTaskError:perreplicataskmanager.cs(234))(000000000385E79C)Task encountered an error: [ReplicaTaskContainer<FileDistributeTask>{FileDistributeTask{E:\RtcReplicaRoot\xds-replica\from-master\data.zip, E:\RtcReplicaRoot\xds-replica\working\replication\from-master\data.zip, **Access failed**. (E:\RtcReplicaRoot\xds-replica\from-master\data.zip)}, FileDistributeTask{E:\RtcReplicaRoot\xds-replica\from-master\data.zip, E:\RtcReplicaRoot\xds-replica\working\replication\from-master\data.zip, }}]

    Read the article

  • How can I get HTTPD to serve the html/php files and not list/index them when they are in folder for virtual host. Using Centos 6.0

    - by LaserBeak
    My virtual hosts are configured as below, initally I could not even get to the /public_html/ directory when typing example.com and apache would just serve me up the default welcome page, I would also get the error: Directory index forbidden by Options directive: /var/www/html/example.com/public_html/ in the log . After editing the welcome.conf page (- Index) so it does not show again when I now type example.com the/public_html/ contents (Index.php) are indexed in the browser. Where as I want it to actually execute and diplay the index.php page. vhost.conf , located in etc/httpd/vhost.d/ NameVirtualHost *:80 <VirtualHost *:80> ServerAdmin [email protected] ServerName localhost ServerAlias localhost.example.com DocumentRoot /var/www/html/example.com/public_html/ ErrorLog /var/www/html/example.com/logs/error.log CustomLog /var/www/html/example.com/logs/access.log combined </VirtualHost> <VirtualHost *:80> ServerAdmin [email protected] ServerName example.org ServerAlias www.example.org DocumentRoot /var/www/html/example.org/public_html/ ErrorLog /var/www/html/example.org/logs/error.log CustomLog /var/www/html/example.org/logs/access.log combined </VirtualHost> httpd.conf, settings on default, added onto end: Include /etc/httpd/vhosts.d/*.conf Root directories: DocumentRoot "/var/www/html"

    Read the article

  • OpenVpn Iptables Error

    - by Mook
    I mean real newbie - linux here.. Please help me configuring my openvpn through iptables. My main goal here is to open port for regular browsing (80, 443), email (110, 25), etc just like isp does but i want to block p2p traffic. So I will need to open only few port. Here are my iptables config # Flush all current rules from iptables # iptables -F iptables -t nat -F iptables -t mangle -F # # Allow SSH connections on tcp port 22 (or whatever port you want to use) # iptables -A INPUT -p tcp --dport 22 -j ACCEPT # # Set default policies for INPUT, FORWARD and OUTPUT chains # iptables -P INPUT DROP #using DROP for INPUT is not always recommended. Change to ACCEPT if you prefer. iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT # # Set access for localhost # iptables -A INPUT -i lo -j ACCEPT # # Accept packets belonging to established and related connections # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # #Accept connections on 1194 for vpn access from clients #Take note that the rule says "UDP", and ensure that your OpenVPN server.conf says UDP too # iptables -A INPUT -p udp --dport 1194 -j ACCEPT # #Apply forwarding for OpenVPN Tunneling # iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT #10.8.0.0 ? Check your OpenVPN server.conf to be sure iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source 100.200.255.256 #Use your OpenVPN server's real external IP here # #Enable forwarding # echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 26 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 110 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -L -v But when I connect to my vpn, i can't browsing and also got RTO on pinging yahoo, etc

    Read the article

  • How to Apache SSL proxy to openerp 7 running in VM?

    - by Johnbritto
    I have installed openerp v7 in an ubuntu 12.04 Virtual machine from launchpad.i.e server, web, addons. I configured SSL reverse proxy on virtual machine and my configuration for virtual host *:443 are ServerName openerp.mydomain.net ServerAdmin openerp@localhost SSLEngine on SSLCertificateFile /etc/ssl/openerp/server.crt SSLCertificateKeyFile /etc/ssl/openerp/server.key ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyVia On ProxyPass / http://172.16.150.14:8069/ ProxyPassReverse / http://172.16.150.14:8069/ RequestHeader set "X-Forwarded-Proto" "https" # Fix IE problem (httpapache proxy dav error 408/409) SetEnv proxy-nokeepalive 1 </VirtualHost> on host, I have configured apache reverse proxy for my subdomain in vhost_ssl.conf as SSLEngine On SSLProxyEngine On ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / https://172.16.150.14/ ProxyPassReverse / https://172.16.150.14/ SetEnv proxy-nokeepalive 1 <Location /> Order allow,deny Allow from all </Location> I have set 172.16.150.14 on netrpc and xmlrcs interfaces in openerp-server.conf. Now, when I access https:// openerp.mydomain.net from Girefox and chrome browser..I get http:// openerp.mydomain.net%2C%20openerp.mydomain.net/?db=testingdb which makes 404. But when i access URL from IE 9, the URL https:// openerp.mydomain.net works ok .. secondly if i change the parameter list_db= false, then the links works as expected.. Kindly let me know what is creating bottleneck with URL redirect to http://openerp.mydomain.net, openerp.myydomain.net/?db=testdb on Firefox and chrome. i am struck here doing troubleshooting with the URL to work.

    Read the article

  • Use Windows/Mac MySQL GUI over SSH Tunnel

    - by Marcin
    I am working on a client's website and he has hosting through 1and1. They don't allow connecting directly to their mySQL server from anywhere. I can't for instance load up a mySQL GUI on windows and just connect and work on the databases, it says host not found. His hosting account on the other hand is given access to the mySQL server even though it is in a different location. Let's say these are the servers I'm working with: His main hosting: Address: thehost.com Username: joe His mySQL server: Address: mysqlserver.com Port: 3306 Database: thedata User: dbouser The main hosting account he has comes with SSH. So if I SSH into thehost.com on port 22 and then use the mysql command to connect to mysqlserver.com, it works. I have tried to set up SSH tunneling but the problem is that it's not the mySQL server that has SSH allowed, it's the main hosting. How do I set up SSH Tunneling on both a Mac and a Windows machine so that I can run any GUI I want and I will be able to connect to the mysqlserver.com server. All based on the information above that SSH access is to thehost.com only, and thehost.com itself can connect to mysqlserver.com.

    Read the article

  • Using %v in Apache LogFormat definition matches ServerName instead of specific vhost requested

    - by Graeme Donaldson
    We have an application which uses a DNS wildcard, i.e. *.app.example.com. We're using Apache 2.2 on Ubuntu Hardy. The relevant parts of the Apache config are as follows. In /etc/apache2/httpd.conf: LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vlog In /etc/apache2/sites-enabled/app.example.com: ServerName app.example.com ServerAlias *.app.example.com ... CustomLog "|/usr/sbin/vlogger -s access.log /var/log/apache2/vlogger" vlog Clients access this application using their own URL, e.g. company1.app.example.com, company2.app.example.com, etc. Previously, the %v in the LogFormat directive would match the hostname of the client request, and we'd get several subdirectories under /var/log/apache2/vlogger corresponding to the various client URLs in use. Now, %v appears to be matching the ServerName value, so we only get one log under /var/log/apache2/vlogger/app.example.com. This breaks our logfile analysis because the log file has no indication of which client the log relates to. I can fix this easily by changing the LogFormat to this: LogFormat "%{Host}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vlog This will use the HTTP Host: header to tell vlogger which subdirectory to create the logs in and everything will be fine. The only concern I have is that this has worked in the past and I can't find any indication that this has changed recently. Is anyone else using a similar config, i.e. wildcard + vlogger and using %v? Is it working fine?

    Read the article

  • Squid configuration for proxy server

    - by Ian Rob
    I have a server with 10 ip's that I want to give access to some friends via authentication but I'm stuck on squid's config file. Let's say I have these ip's available on my server: 212.77.23.10 212.77.1.10 68.44.82.112 And I want to allocate each one of them to a different user like so: 212.77.23.10 goes to user manilodisan using password 123456 212.77.1.10 goes to user manilodisan1 using password 123456 68.44.82.112 goes to user manilodisan2 using password 123456 I managed to add the passwords and authentication works ok but how do I do to restrict one user to one of the available ip's? I have a basic setup from different bits I found over the internet but nothing seems to work. Here's my squid.conf (all comments are removed to make it lighter): acl ip1 myip 212.77.23.10 acl ip2 myip 212.77.1.10 tcp_outgoing_address 212.77.23.10 ip1 tcp_outgoing_address 212.77.1.10 ip2 http_port 8888 visible_hostname weezie auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid-passwd acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all icp_access allow all hierarchy_stoplist cgi-bin ? access_log /var/log/squid/access.log squid acl QUERY urlpath_regex cgi-bin \? cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache broken_vary_encoding allow apache extension_methods REPORT MERGE MKACTIVITY CHECKOUT hosts_file /etc/hosts forwarded_for off coredump_dir /var/spool/squid

    Read the article

  • Simple P2V help from Linux to Windows

    - by Ke.
    I have two OS's installed on different drives in my PC. One linux (Centos 5.4) and one windows 7. Its getting tiresome to constantly have to stop and restart the PC when I want to use either OS. I would very much like to use Windows 7 as my host OS and access my linux OS from within Windows. However, im having trouble deciphering exactly how to do this (many of the articles seem confusing and a bit overkill) From what i have seen its possible to use VMWare converter to convert the physical linux image to a virtual image so that I can use it in windows. As im having problems understanding how this is done, I would really appreciate a step by step guide (for a newbie), or any simple tutorials that you can point me at. Some questions beforehand: 1) My linux image is around 80gb, do i need to take this into consideration? The linux drive is around 180gb in total. All my other drives are NTFS non writeable in linux (as I use them in windows and ntfs is dodgy in linux), so probably not possible to move the image over to my ntfs drives 2) Can I just zip the linux files up somehow and transfer it to windows to create the p2v? 3) Is it possible to do the P2V conversion while I am logged into windows. I can see the actual linux drive loaded in disk manager, but windows doesnt read linux file systems so im confused as to how to access the linux drive if this is possible. 4) Or will i need to do the whole p2v conversion inside linux? Cheers, any help is much appreciated Ke (a confused p2v newbie)

    Read the article

  • Metro apps crash on startup, driver or permissions issue?

    - by Vee
    After installing Win8 x64 RC, Metro apps worked correctly, but desktop OpenGL apps were slow and unresponsive. I installed the latest Win8 nVidia drivers, and the OpenGL apps started working correctly. At the same time, because of annoying permission messages, I changed the C:\ drive and all its files ownerships to my user, and gave it full permission. I restarted my pc after installing the drivers, and now Metro apps only show the splash screen, then crash. I tried installing other versions of the nVidia drivers, with the same result. My GPU is a GeForce GTX275. Is this a known problem with nVidia drivers? Or maybe changing the ownership of C:\ is the real problem? Thank you. More information (after looking in the event viewer) I've managed to find the problem and the error in the Event Viewer. I still cannot solve it. Here's the information I found by opening the Mail app and letting it crash: Log Name: Microsoft-Windows-TWinUI/Operational Source: Microsoft-Windows-Immersive-Shell Date: 07/06/2012 15.54.17 Event ID: 5961 Task Category: (5961) Level: Error Keywords: User: VEE-PC\Vittorio Computer: vee-pc Description: Activation of the app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail for the Windows.Launch contract failed with error: The app didn't start.. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Immersive-Shell" Guid="{315A8872-923E-4EA2-9889-33CD4754BF64}" /> <EventID>5961</EventID> <Version>0</Version> <Level>2</Level> <Task>5961</Task> <Opcode>0</Opcode> <Keywords>0x4000000000000000</Keywords> <TimeCreated SystemTime="2012-06-07T13:54:17.472416600Z" /> <EventRecordID>6524</EventRecordID> <Correlation /> <Execution ProcessID="3008" ThreadID="6756" /> <Channel>Microsoft-Windows-TWinUI/Operational</Channel> <Computer>vee-pc</Computer> <Security UserID="S-1-5-21-2753614643-3522538917-4071044258-1001" /> </System> <EventData> <Data Name="AppId">microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail</Data> <Data Name="ContractId">Windows.Launch</Data> <Data Name="ErrorCode">-2144927141</Data> </EventData> </Event> Found other stuff, this is another error that appears when opening a Metro app: Log Name: Application Source: ESENT Date: 07/06/2012 16.01.00 Event ID: 490 Task Category: General Level: Error Keywords: Classic User: N/A Computer: vee-pc Description: svchost (1376) SRUJet: An attempt to open the file "C:\Windows\system32\SRU\SRU.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8). Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="ESENT" /> <EventID Qualifiers="0">490</EventID> <Level>2</Level> <Task>1</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2012-06-07T14:01:00.000000000Z" /> <EventRecordID>11854</EventRecordID> <Channel>Application</Channel> <Computer>vee-pc</Computer> <Security /> </System> <EventData> <Data>svchost</Data> <Data>1376</Data> <Data>SRUJet: </Data> <Data>C:\Windows\system32\SRU\SRU.log</Data> <Data>-1032 (0xfffffbf8)</Data> <Data>5 (0x00000005)</Data> <Data>Access is denied. </Data> </EventData> </Event> After changing permissions again (adding Everyone and Creator Owner to System32), the "access denied to sru.log" error disappears, but this one appears in its place: Log Name: Application Source: Microsoft-Windows-Immersive-Shell Date: 07/06/2012 16.16.34 Event ID: 2486 Task Category: (2414) Level: Error Keywords: (64),Process Lifetime Manager User: VEE-PC\Vittorio Computer: vee-pc Description: App microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail did not launch within its allotted time. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Immersive-Shell" Guid="{315A8872-923E-4EA2-9889-33CD4754BF64}" /> <EventID>2486</EventID> <Version>0</Version> <Level>2</Level> <Task>2414</Task> <Opcode>0</Opcode> <Keywords>0x2000000000000042</Keywords> <TimeCreated SystemTime="2012-06-07T14:16:34.616499600Z" /> <EventRecordID>11916</EventRecordID> <Correlation /> <Execution ProcessID="3008" ThreadID="6996" /> <Channel>Application</Channel> <Computer>vee-pc</Computer> <Security UserID="S-1-5-21-2753614643-3522538917-4071044258-1001" /> </System> <EventData> <Data Name="ApplicationId">microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail</Data> </EventData> </Event> Now I'm stuck. It tells me "Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional information." but I can't find the Microsoft-Windows-TWinUI/Operational log. I'm starting a bounty. I found the TWinUI/Operational log. It only tells me: Log Name: Microsoft-Windows-TWinUI/Operational Source: Microsoft-Windows-Immersive-Shell Date: 07/06/2012 16.28.57 Event ID: 5961 Task Category: (5961) Level: Error Keywords: User: VEE-PC\Vittorio Computer: vee-pc Description: Activation of the app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail for the Windows.BackgroundTasks contract failed with error: The app didn't start.. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Immersive-Shell" Guid="{315A8872-923E-4EA2-9889-33CD4754BF64}" /> <EventID>5961</EventID> <Version>0</Version> <Level>2</Level> <Task>5961</Task> <Opcode>0</Opcode> <Keywords>0x4000000000000000</Keywords> <TimeCreated SystemTime="2012-06-07T14:28:57.238140800Z" /> <EventRecordID>6536</EventRecordID> <Correlation /> <Execution ProcessID="3008" ThreadID="2624" /> <Channel>Microsoft-Windows-TWinUI/Operational</Channel> <Computer>vee-pc</Computer> <Security UserID="S-1-5-21-2753614643-3522538917-4071044258-1001" /> </System> <EventData> <Data Name="AppId">microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail</Data> <Data Name="ContractId">Windows.BackgroundTasks</Data> <Data Name="ErrorCode">-2144927141</Data> </EventData> </Event> I need to go deeper. I found a forum thread that told me to look for "DCOM" errors. I found this one related to the app crash "The server Microsoft.WindowsLive.Mail.wwa did not register with DCOM within the required timeout." Log Name: System Source: Microsoft-Windows-DistributedCOM Date: 07/06/2012 16.46.45 Event ID: 10010 Task Category: None Level: Error Keywords: Classic User: VEE-PC\Vittorio Computer: vee-pc Description: The server Microsoft.WindowsLive.Mail.wwa did not register with DCOM within the required timeout. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> <EventID Qualifiers="0">10010</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2012-06-07T14:46:45.586943800Z" /> <EventRecordID>2763</EventRecordID> <Correlation /> <Execution ProcessID="804" ThreadID="2364" /> <Channel>System</Channel> <Computer>vee-pc</Computer> <Security UserID="S-1-5-21-2753614643-3522538917-4071044258-1001" /> </System> <EventData> <Data Name="param1">Microsoft.WindowsLive.Mail.wwa</Data> </EventData> </Event>

    Read the article

  • Static IP for dynamic IP

    - by scape279
    I have a dynamic IP address. I would like to have a static IP, but Virgin Media don't allow static IPs for residential broadband services, even if you ask them really nicely and offer to pay for it without switching to a business tariff. I am already registered with a dynamic DNS service which is updated by my router eg me.example.com will always resolve to my dynamic IP. This is fine for some circumstances, but not if you can only enter an IP address into configuration files/hardware etc like firewalls, subversion services etc etc. Is there a way I can have a static IP address 'forwarding' to my dynamic IP? Would a possible solution involve tunnelling? Setting up a private proxy? Please note the following: I am able to buy an IP address from my web host. I have access to a webserver and I am able to create custom DNS zones. I'm happy to have a webserver running at home if necessary also. I do not wish to change broadband providers. I have zero control over the services that require the IP address entering so I cannot tackle the problem that way round (services I need to access are at work). PS I've tried googling this issue, but it is very difficult to search for as most results are related to dynamic dns (which I already have set up and isnt quite what I'm after)

    Read the article

  • Understanding Collabnet&rsquo;s LDAP binding

    - by Robert May
    We want to use both subversion usernames and passwords as well as Active Directory for our authentication on our Collabnet subversion server. This has proven to be more of a challenge than we thought, mostly because Collabnet’s documentation is pretty poor. To supplement that documentation, I add my own. The first thing to understand is that the attribute that you specify in the LDAP Login Attribute ONLY applies to lookups done for the user.  It does NOT apply to the LDAP Bind DN field.  Second, know that the debug logs (error is the one you want) don’t give you debug information for the bind DN, just the login attempts.  Third, by default, Active Directory does not allow anonymous binds, so you MUST put in a user that has the authority to query the Active Directory ldap. Because of these items, the values to set in those fields can be somewhat confusing.  You’ll want to have ADSI Edit handy (I also used ldp, which is installed by default on server 2008), since ADSI Edit can help you find stuff in your active directory.  Be careful, you can also break stuff. Here’s what should go into those fields. LDAP Security Level:  Should be set to None LDAP Server Host:  Should be set to the full name of a domain controller in your domain.  For example, dc.mydomain.com LDAP Server Port:  Should be set to 3268.  The default port of 389 will only query that specific server, not the global catalog.  By setting it to 3268, the global catalog will be queried, which is probably what you want. LDAP Base DN:  Should be set to the location where you want the search for users to begin.  By default, the search scope is set to sub, so all child organizational units below this setting will be searched.  In my case, I had created an OU specifically for users for group policies.  My value ended up being:  OU=MyOu,DC=domain,DC=org.   However, if you’re pointing it to the default Users folder, you may end up with something like CN=Users,DC=domain,DC=org (or com or whatever).  Again, use ADSI edit and use the Distinguished Name that it shows. LDAP Bind DN:  This needs to be the Distinguished Name of the user that you’re going to use for binding (i.e. the user you’ll be impersonating) for doing queries.  In my case, it ended up being CN=svn svn,OU=MyOu,DC=domain,DC=org.  Why the double svn, you might ask?  That’s because the first and last name fields are set to svn and by default, the distinguished name is the first and last name fields!  That’s important.  Its NOT the username or account name!  Again, use ADSI edit, browse to the username you want to use, right click and select properties, and then search the attributes for the Distinguished Name.  Once you’ve found that, select it and click View and you can copy and paste that into this field. LDAP Bind Password:  This is the password for the account in the Bind DN LDAP login Attribute: sAMAccountName.  If you leave this blank, uid is used, which may not even be set.  This tells it to use the Account Name field that’s defined under the account tab for users in Active Directory Users and Computers.  Note that this attribute DOES NOT APPLY to the LDAP Bind DN.  You must use the full distinguished name of the bind DN.  This attribute allows users to type their username and password for authentication, rather than typing their distinguished name, which they probably don’t know. LDAP Search Scope:  Probably should stay at sub, but could be different depending on your situation. LDAP Filter:  I left mine blank, but you could provide one to limit what you want to see.  LDP would be helpful for determining what this is. LDAP Server Certificate Verification:  I left it checked, but didn’t try it without it being checked. Hopefully, this will save some others pain when trying to get Collabnet setup. Technorati Tags: Subversion,collabnet

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 507 508 509 510 511 512 513 514 515 516 517 518  | Next Page >