Search Results

Search found 2788 results on 112 pages for 'symantec endpoint protect'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 58/112 | < Previous Page | 54 55 56 57 58 59 60 61 62 63 64 65  | Next Page >

  • Unable to Mange DNS via MMC

    - by IT Helpdesk Team Manager
    When trying to access the DNS service on Microsoft Windows Server 2003 (Build 3790) domain controller/schema master via the MMC DNS snap in or locally via the DNS MMC from Administrative tools I'm getting a red "X" through the icon for the DNS Server. The inability to access DNS management via MMC happens on all domain controllers as well. We've looked at items such as the DHCP client not being started, incorrect DNS setup ( the machine points at itself and another DC ), the DNS service not running ( it is and all DNS queries via NSLOOKUP work correctly ), dslint returns the correct information and functions as expected. There is the following entry in the DNS event log: The DNS server could not initialize the remote procedure call (RPC) service. If it is not running, start the RPC service or reboot the computer. The event data is the error code. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. 0000: 0000051b dnscmd fails with RPC server unavailable yet RPC is started: C:\Documents and Settings\Administrator.DOMAIN>dnscmd /Info Info query failed status = 1722 (0x000006ba) Command failed: RPC_S_SERVER_UNAVAILABLE 1722 (000006ba) DCDIAG /TEST:DNS /V /E produces the following errors: Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running) [Error details: 1753 (Type: Win32 - Description: There are no more endpoints available from the endpoint mapper.)] Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running) [Error details: 1722 (Type: Win32 - Description: The RPC server is unavailable.)] The DNS server could not initialize the remote procedure call (RPC) service. If it is not running, start the RPC service or reboot the computer. The event data is the error code. A DNS query for _ldap._tcp.dc._msdcs. returns the correct results. All domain and ADS related activities are working except that I can't manage my DNS via MMC or dnscmd. Any thoughts or solutions would be greatly appreciated. EDIT: Adding Registry export per request: Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc Class Name: <NO CLASS> Last Write Time: 10/18/2012 - 2:29 PM Value 0 Name: DCOM Protocols Type: REG_MULTI_SZ Data: ncacn_ip_tcp Value 1 Name: UuidSequenceNumber Type: REG_DWORD Data: 0xb19bd0f Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols Class Name: <NO CLASS> Last Write Time: 3/9/2007 - 12:11 PM Value 0 Name: ncacn_np Type: REG_SZ Data: rpcrt4.dll Value 1 Name: ncacn_ip_tcp Type: REG_SZ Data: rpcrt4.dll Value 2 Name: ncadg_ip_udp Type: REG_SZ Data: rpcrt4.dll Value 3 Name: ncacn_http Type: REG_SZ Data: rpcrt4.dll Value 4 Name: ncacn_at_dsp Type: REG_SZ Data: rpcrt4.dll Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\NameService Class Name: <NO CLASS> Last Write Time: 2/20/2006 - 4:48 PM Value 0 Name: DefaultSyntax Type: REG_SZ Data: 3 Value 1 Name: Endpoint Type: REG_SZ Data: \pipe\locator Value 2 Name: NetworkAddress Type: REG_SZ Data: \\. Value 3 Name: Protocol Type: REG_SZ Data: ncacn_np Value 4 Name: ServerNetworkAddress Type: REG_SZ Data: \\. Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\NetBios Class Name: <NO CLASS> Last Write Time: 2/20/2006 - 4:48 PM Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy Class Name: <NO CLASS> Last Write Time: 3/9/2007 - 12:11 PM Value 0 Name: Enabled Type: REG_DWORD Data: 0x1 Value 1 Name: ValidPorts Type: REG_SZ Data: pdc:100-5000 Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService Class Name: <NO CLASS> Last Write Time: 2/20/2006 - 4:48 PM Value 0 Name: 9 Type: REG_SZ Data: secur32.dll Value 1 Name: 10 Type: REG_SZ Data: secur32.dll Value 2 Name: 14 Type: REG_SZ Data: schannel.dll Value 3 Name: 16 Type: REG_SZ Data: secur32.dll Value 4 Name: 1 Type: REG_SZ Data: secur32.dll Value 5 Name: 18 Type: REG_SZ Data: secur32.dll Value 6 Name: 68 Type: REG_SZ Data: netlogon.dll

    Read the article

  • htaccess on remote server issues - password prompt not accepting input

    - by pying saucepan
    EDIT: I will contact the university about my problem after labor day weekend, but I thought if someone knew a quick fix that I haven't tried, or if the problem has an obvious fix then I could hope to try my luck here, thanks! TLDR: Sorry its a long post, I thought I should be... thorough. I am having a common issue (found a dead thread through google with no solution to the same problem) with the prompt to enter in a username and password via htaccess rights, but this prompt will keep popping up asking for a username and password when trying to access my home directory on my university's server which has the .htaccess and .htpasswd files. It does not matter if I enter in correct or incorrect credentials, the prompt will keep asking me for input without displaying my home directory. Ever since I have included these ht files I have never once been able to get past the username/password no matter what I have tried, save for removing them from the directory I am trying to access (my top level directory that I own). This kind of served my original goal of making the top level directory inaccessible to casual users, but if I wanted to use this method on other places, I would want it to work as intended. And I also like it when computers do what I wish they would, so any help is appreciated. Some things I have tried: Changing the file/directory access rights: they told me to try these commands if people can't access my files cd ~/public_html find ./ -type d -exec chmod 755 {} \; find ./ -type f -exec chmod 644 {} \; enter in the single character name/pw at least twenty times in a row, no cheddar. so I changed directory with cd ~ in hopes that this would be my home directory, since my home directory contains the "public_html" directory, so logic tells me that the ~ tilde symbol is the top level directory that I have ownership of. Then I did those two commands to change the rights on the files inside, I am still having no luck. How I got to this point: I have been following the instructions given to me through my university's website for setting up my little directory. A link on how they describe how to password protect the home directory is given below: "Protect Web Directories" instructions I have everything in order except for one small detail that I feel probably does not matter. I am on windows and so I am using winSCP to remote control my allocated server space. The small detail is that as the instructions indicate (on step 3) that I should use the command htpasswd -c .htpasswd {username} where {username} is my folder that holds my allocated server space. But this command requires further input through the terminal, and unfortunately winSCP does not offer this kind of functionality. So I looked up some basic instructions on using htaccess and it is formatted correctly such that the .htaccess file appears as follows: AuthType Basic AuthName "Verify" AuthUserFile /correctpath/.htpasswd require valid-user and this file is in the root directory for my server space as well as the .htpasswd file which has only this data inside: username:password I know for sure that these two files must be formatted correctly, at least according to their tutorial, because before my path was incorrectly formatted via including some curly { braces } without knowing the correct way to do this at first. And the password prompt that shows up when accessing my directory responded by loading an error page indicating to contact OSU admin or something not important. But now that I have everything like it 'should' be. I know this because when I enter in my credentials "username and password" the prompt pops up for my username and password again and again whether or not I enter in correct information. The only exception is that if I click cancel it will direct me to a page saying that I need to enter in a username and password. Note that I am very inexperienced at server-related buisness, two days ago I couldn't have told you what a website actually consists of. So, if you use some technical jargon I may or may not need to look it up and get back to you before I actually understand what you mean, but I am a quick learner and it probably wont matter.

    Read the article

  • stunnel crashing

    - by Jay
    I'm trying to use stunnel to secure a legacy application's communications. I can't seem to get it setup and working. Can anyone provide any hints where I'm going wrong? Here's what I'm trying to accomplish: A windows service on a client machine connects to a server on port 7000 using TCP. I'd like to encrypt the communication between client and server. Here's what I've tried: Created a new server that accepts ssl connections on port 7443. Got a certificate for the server and installed it. That seems to work with my test setup. Installed stunnel on my windows machine (version 7.43 from the distribution archive file). Installed libssl32.dll and libeay32.dll in the same directory as stunnel.exe ( from the openssl-0.9.8h-1 binary distribution). Installed it as a service using "stunnel -install" Configured stunnel as follows: debug=7 output=C:\p4\internal\Utility\Proxy\proxy.log service=Proxy taskbar=no [exchange] accept=7000 client=yes connect=proxy.blah.com:7443 I changed my hosts file to trick the old application into connecting through stunnel: server.blah.com 127.0.0.1 # when client looks up server it goes to stunnel proxy.blah.com IP-address-of-server.blah.com # stunnel connects to new server "server.blah.com" now resolves to the machine it's running on (i.e. stunnel). "proxy.blah.com" goes to the real server. stunnel should connect to the server. I start the stunnel service and try to connect. It looks like it's working but the stunnel service just shuts down with no message. 2010.04.19 13:16:21 LOG5[4924:3716]: stunnel 4.33 on x86-pc-mingw32-gnu with OpenSSL 0.9.8h 28 May 2008 2010.04.19 13:16:21 LOG5[4924:3716]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6 2010.04.19 13:16:49 LOG5[4924:3748]: Service exchange accepted connection from 127.0.0.1:4134 2010.04.19 13:16:49 LOG6[4924:3748]: connect_blocking: connecting x.80.60.32:7443 2010.04.19 13:16:49 LOG5[4924:3748]: connect_blocking: connected x.80.60.32:7443 2010.04.19 13:16:49 LOG5[4924:3748]: Service exchange connected remote server from x.253.120.19:4135 2010.04.19 13:20:24 LOG5[3668:3856]: Reading configuration from file stunnel.conf 2010.04.19 13:20:24 LOG7[3668:3856]: Snagged 64 random bytes from C:/.rnd 2010.04.19 13:20:24 LOG7[3668:3856]: Wrote 1024 new random bytes to C:/.rnd 2010.04.19 13:20:24 LOG7[3668:3856]: RAND_status claims sufficient entropy for the PRNG 2010.04.19 13:20:24 LOG7[3668:3856]: PRNG seeded successfully 2010.04.19 13:20:24 LOG7[3668:3856]: SSL context initialized for service exchange 2010.04.19 13:20:24 LOG5[3668:3856]: Configuration successful 2010.04.19 13:20:24 LOG5[3668:3856]: No limit detected for the number of clients 2010.04.19 13:20:24 LOG7[3668:3856]: FD=312 in non-blocking mode 2010.04.19 13:20:24 LOG7[3668:3856]: Option SO_REUSEADDR set on accept socket 2010.04.19 13:20:24 LOG7[3668:3856]: Service exchange bound to 0.0.0.0:7000 2010.04.19 13:20:24 LOG7[3668:3856]: Service exchange opened FD=312 2010.04.19 13:20:24 LOG5[3668:3856]: stunnel 4.33 on x86-pc-mingw32-gnu with OpenSSL 0.9.8h 28 May 2008 2010.04.19 13:20:24 LOG5[3668:3856]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6 2010.04.19 13:21:02 LOG7[3668:4556]: Service exchange accepted FD=372 from 127.0.0.1:4156 2010.04.19 13:21:02 LOG7[3668:4556]: Creating a new thread 2010.04.19 13:21:02 LOG7[3668:4556]: New thread created 2010.04.19 13:21:02 LOG7[3668:3756]: Service exchange started 2010.04.19 13:21:02 LOG7[3668:3756]: FD=372 in non-blocking mode 2010.04.19 13:21:02 LOG5[3668:3756]: Service exchange accepted connection from 127.0.0.1:4156 2010.04.19 13:21:02 LOG7[3668:3756]: FD=396 in non-blocking mode 2010.04.19 13:21:02 LOG6[3668:3756]: connect_blocking: connecting x.80.60.32:7443 2010.04.19 13:21:02 LOG7[3668:3756]: connect_blocking: s_poll_wait x.80.60.32:7443: waiting 10 seconds 2010.04.19 13:21:02 LOG5[3668:3756]: connect_blocking: connected x.80.60.32:7443 2010.04.19 13:21:02 LOG5[3668:3756]: Service exchange connected remote server from x.253.120.19:4157 2010.04.19 13:21:02 LOG7[3668:3756]: Remote FD=396 initialized 2010.04.19 13:21:02 LOG7[3668:3756]: SSL state (connect): before/connect initialization 2010.04.19 13:21:02 LOG7[3668:3756]: SSL state (connect): SSLv3 write client hello A 2010.04.19 13:21:02 LOG7[3668:3756]: SSL state (connect): SSLv3 read server hello A 2010.04.19 13:21:02 LOG7[3668:3756]: SSL state (connect): SSLv3 read server certificate A 2010.04.19 13:21:02 LOG7[3668:3756]: SSL state (connect): SSLv3 read server done A 2010.04.19 13:21:02 LOG7[3668:3756]: SSL state (connect): SSLv3 write client key exchange A 2010.04.19 13:21:02 LOG7[3668:3756]: SSL state (connect): SSLv3 write change cipher spec A 2010.04.19 13:21:02 LOG7[3668:3756]: SSL state (connect): SSLv3 write finished A 2010.04.19 13:21:02 LOG7[3668:3756]: SSL state (connect): SSLv3 flush data 2010.04.19 13:21:02 LOG7[3668:3756]: SSL state (connect): SSLv3 read finished A The client thinks the connection is closed: No connection could be made because the target machine actively refused it 127.0.0.1:7000 at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at Service.ConnUtility.Connect() Any suggestions?

    Read the article

  • New <%: %> Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC 2)

    - by ScottGu
    [In addition to blogging, I am also now using Twitter for quick updates and to share links. Follow me at: twitter.com/scottgu] This is the nineteenth in a series of blog posts I’m doing on the upcoming VS 2010 and .NET 4 release. Today’s post covers a small, but very useful, new syntax feature being introduced with ASP.NET 4 – which is the ability to automatically HTML encode output within code nuggets.  This helps protect your applications and sites against cross-site script injection (XSS) and HTML injection attacks, and enables you to do so using a nice concise syntax. HTML Encoding Cross-site script injection (XSS) and HTML encoding attacks are two of the most common security issues that plague web-sites and applications.  They occur when hackers find a way to inject client-side script or HTML markup into web-pages that are then viewed by other visitors to a site.  This can be used to both vandalize a site, as well as enable hackers to run client-script code that steals cookie data and/or exploits a user’s identity on a site to do bad things. One way to help mitigate against cross-site scripting attacks is to make sure that rendered output is HTML encoded within a page.  This helps ensures that any content that might have been input/modified by an end-user cannot be output back onto a page containing tags like <script> or <img> elements.  ASP.NET applications (especially those using ASP.NET MVC) often rely on using <%= %> code-nugget expressions to render output.  Developers today often use the Server.HtmlEncode() or HttpUtility.Encode() helper methods within these expressions to HTML encode the output before it is rendered.  This can be done using code like below: While this works fine, there are two downsides of it: It is a little verbose Developers often forget to call the HtmlEncode method New <%: %> Code Nugget Syntax With ASP.NET 4 we are introducing a new code expression syntax (<%:  %>) that renders output like <%= %> blocks do – but which also automatically HTML encodes it before doing so.  This eliminates the need to explicitly HTML encode content like we did in the example above.  Instead you can just write the more concise code below to accomplish the same thing: We chose the <%: %> syntax so that it would be easy to quickly replace existing instances of <%= %> code blocks.  It also enables you to easily search your code-base for <%= %> elements to find and verify any cases where you are not using HTML encoding within your application to ensure that you have the correct behavior. Avoiding Double Encoding While HTML encoding content is often a good best practice, there are times when the content you are outputting is meant to be HTML or is already encoded – in which case you don’t want to HTML encode it again.  ASP.NET 4 introduces a new IHtmlString interface (along with a concrete implementation: HtmlString) that you can implement on types to indicate that its value is already properly encoded (or otherwise examined) for displaying as HTML, and that therefore the value should not be HTML-encoded again.  The <%: %> code-nugget syntax checks for the presence of the IHtmlString interface and will not HTML encode the output of the code expression if its value implements this interface.  This allows developers to avoid having to decide on a per-case basis whether to use <%= %> or <%: %> code-nuggets.  Instead you can always use <%: %> code nuggets, and then have any properties or data-types that are already HTML encoded implement the IHtmlString interface. Using ASP.NET MVC HTML Helper Methods with <%: %> For a practical example of where this HTML encoding escape mechanism is useful, consider scenarios where you use HTML helper methods with ASP.NET MVC.  These helper methods typically return HTML.  For example: the Html.TextBox() helper method returns markup like <input type=”text”/>.  With ASP.NET MVC 2 these helper methods now by default return HtmlString types – which indicates that the returned string content is safe for rendering and should not be encoded by <%: %> nuggets.  This allows you to use these methods within both <%= %> code nugget blocks: As well as within <%: %> code nugget blocks: In both cases above the HTML content returned from the helper method will be rendered to the client as HTML – and the <%: %> code nugget will avoid double-encoding it. This enables you to default to always using <%: %> code nuggets instead of <%= %> code blocks within your applications.  If you want to be really hardcore you can even create a build rule that searches your application looking for <%= %> usages and flags any cases it finds as an error to enforce that HTML encoding always takes place. Scaffolding ASP.NET MVC 2 Views When you use VS 2010 (or the free Visual Web Developer 2010 Express) you’ll find that the views that are scaffolded using the “Add View” dialog now by default always use <%: %> blocks when outputting any content.  For example, below I’ve scaffolded a simple “Edit” view for an article object.  Note the three usages of <%: %> code nuggets for the label, textbox, and validation message (all output with HTML helper methods): Summary The new <%: %> syntax provides a concise way to automatically HTML encode content and then render it as output.  It allows you to make your code a little less verbose, and to easily check/verify that you are always HTML encoding content throughout your site.  This can help protect your applications against cross-site script injection (XSS) and HTML injection attacks.  Hope this helps, Scott

    Read the article

  • Windows 8.1 Will Start Encrypting Hard Drives By Default: Everything You Need to Know

    - by Chris Hoffman
    Windows 8.1 will automatically encrypt the storage on modern Windows PCs. This will help protect your files in case someone steals your laptop and tries to get at them, but it has important ramifications for data recovery. Previously, “BitLocker” was available on Professional and Enterprise editions of Windows, while “Device Encryption” was available on Windows RT and Windows Phone. Device encryption is included with all editions of Windows 8.1 — and it’s on by default. When Your Hard Drive Will Be Encrypted Windows 8.1 includes “Pervasive Device Encryption.” This works a bit differently from the standard BitLocker feature that has been included in Professional, Enterprise, and Ultimate editions of Windows for the past few versions. Before Windows 8.1 automatically enables Device Encryption, the following must be true: The Windows device “must support connected standby and meet the Windows Hardware Certification Kit (HCK) requirements for TPM and SecureBoot on ConnectedStandby systems.”  (Source) Older Windows PCs won’t support this feature, while new Windows 8.1 devices you pick up will have this feature enabled by default. When Windows 8.1 installs cleanly and the computer is prepared, device encryption is “initialized” on the system drive and other internal drives. Windows uses a clear key at this point, which is removed later when the recovery key is successfully backed up. The PC’s user must log in with a Microsoft account with administrator privileges or join the PC to a domain. If a Microsoft account is used, a recovery key will be backed up to Microsoft’s servers and encryption will be enabled. If a domain account is used, a recovery key will be backed up to Active Directory Domain Services and encryption will be enabled. If you have an older Windows computer that you’ve upgraded to Windows 8.1, it may not support Device Encryption. If you log in with a local user account, Device Encryption won’t be enabled. If you upgrade your Windows 8 device to Windows 8.1, you’ll need to enable device encryption, as it’s off by default when upgrading. Recovering An Encrypted Hard Drive Device encryption means that a thief can’t just pick up your laptop, insert a Linux live CD or Windows installer disc, and boot the alternate operating system to view your files without knowing your Windows password. It means that no one can just pull the hard drive from your device, connect the hard drive to another computer, and view the files. We’ve previously explained that your Windows password doesn’t actually secure your files. With Windows 8.1, average Windows users will finally be protected with encryption by default. However, there’s a problem — if you forget your password and are unable to log in, you’d also be unable to recover your files. This is likely why encryption is only enabled when a user logs in with a Microsoft account (or connects to a domain). Microsoft holds a recovery key, so you can gain access to your files by going through a recovery process. As long as you’re able to authenticate using your Microsoft account credentials — for example, by receiving an SMS message on the cell phone number connected to your Microsoft account — you’ll be able to recover your encrypted data. With Windows 8.1, it’s more important than ever to configure your Microsoft account’s security settings and recovery methods so you’ll be able to recover your files if you ever get locked out of your Microsoft account. Microsoft does hold the recovery key and would be capable of providing it to law enforcement if it was requested, which is certainly a legitimate concern in the age of PRISM. However, this encryption still provides protection from thieves picking up your hard drive and digging through your personal or business files. If you’re worried about a government or a determined thief who’s capable of gaining access to your Microsoft account, you’ll want to encrypt your hard drive with software that doesn’t upload a copy of your recovery key to the Internet, such as TrueCrypt. How to Disable Device Encryption There should be no real reason to disable device encryption. If nothing else, it’s a useful feature that will hopefully protect sensitive data in the real world where people — and even businesses — don’t enable encryption on their own. As encryption is only enabled on devices with the appropriate hardware and will be enabled by default, Microsoft has hopefully ensured that users won’t see noticeable slow-downs in performance. Encryption adds some overhead, but the overhead can hopefully be handled by dedicated hardware. If you’d like to enable a different encryption solution or just disable encryption entirely, you can control this yourself. To do so, open the PC settings app — swipe in from the right edge of the screen or press Windows Key + C, click the Settings icon, and select Change PC settings. Navigate to PC and devices -> PC info. At the bottom of the PC info pane, you’ll see a Device Encryption section. Select Turn Off if you want to disable device encryption, or select Turn On if you want to enable it — users upgrading from Windows 8 will have to enable it manually in this way. Note that Device Encryption can’t be disabled on Windows RT devices, such as Microsoft’s Surface RT and Surface 2. If you don’t see the Device Encryption section in this window, you’re likely using an older device that doesn’t meet the requirements and thus doesn’t support Device Encryption. For example, our Windows 8.1 virtual machine doesn’t offer Device Encryption configuration options. This is the new normal for Windows PCs, tablets, and devices in general. Where files on typical PCs were once ripe for easy access by thieves, Windows PCs are now encrypted by default and recovery keys are sent to Microsoft’s servers for safe keeping. This last part may be a bit creepy, but it’s easy to imagine average users forgetting their passwords — they’d be very upset if they lost all their files because they had to reset their passwords. It’s also an improvement over Windows PCs being completely unprotected by default.     

    Read the article

  • Enabling Service Availability in WCF Services

    - by cibrax
    It is very important for the enterprise to know which services are operational at any given point. There are many factors that can affect the availability of the services, some of them are external like a database not responding or any dependant service not working. However, in some cases, you only want to know whether a service is up or down, so a simple heart-beat mechanism with “Ping” messages would do the trick. Unfortunately, WCF does not provide a built-in mechanism to support this functionality, and you probably don’t to implement a “Ping” operation in any service that you have out there. For solving this in a generic way, there is a WCF extensibility point that comes to help us, the “Operation Invokers”. In a nutshell, an operation invoker is the class responsible invoking the service method with a set of parameters and generate the output parameters with the return value. What I am going to do here is to implement a custom operation invoker that intercepts any call to the service, and detects whether a “Ping” header was attached to the message. If the “Ping” header is detected, the operation invoker returns a new header to tell the client that the service is alive, and the real operation execution is omitted. In that way, we have a simple heart beat mechanism based on the messages that include a "Ping” header, so the client application can determine at any point whether the service is up or down. My operation invoker wraps the default implementation attached by default to any operation by WCF. internal class PingOperationInvoker : IOperationInvoker { IOperationInvoker innerInvoker; object[] outputs = null; object returnValue = null; public const string PingHeaderName = "Ping"; public const string PingHeaderNamespace = "http://tellago.serviceModel"; public PingOperationInvoker(IOperationInvoker innerInvoker, OperationDescription description) { this.innerInvoker = innerInvoker; outputs = description.SyncMethod.GetParameters() .Where(p => p.IsOut) .Select(p => DefaultForType(p.ParameterType)).ToArray(); var returnValue = DefaultForType(description.SyncMethod.ReturnType); } private static object DefaultForType(Type targetType) { return targetType.IsValueType ? Activator.CreateInstance(targetType) : null; } public object Invoke(object instance, object[] inputs, out object[] outputs) { object returnValue; if (Invoke(out returnValue, out outputs)) { return returnValue; } else { return this.innerInvoker.Invoke(instance, inputs, out outputs); } } private bool Invoke(out object returnValue, out object[] outputs) { object untypedProperty = null; if (OperationContext.Current .IncomingMessageProperties.TryGetValue(HttpRequestMessageProperty.Name, out untypedProperty)) { var httpRequestProperty = untypedProperty as HttpRequestMessageProperty; if (httpRequestProperty != null) { if (httpRequestProperty.Headers[PingHeaderName] != null) { outputs = this.outputs; if (OperationContext.Current .IncomingMessageProperties.TryGetValue(HttpRequestMessageProperty.Name, out untypedProperty)) { var httpResponseProperty = untypedProperty as HttpResponseMessageProperty; httpResponseProperty.Headers.Add(PingHeaderName, "Ok"); } returnValue = this.returnValue; return true; } } } var headers = OperationContext.Current.IncomingMessageHeaders; if (headers.FindHeader(PingHeaderName, PingHeaderNamespace) > -1) { outputs = this.outputs; MessageHeader<string> header = new MessageHeader<string>("Ok"); var untyped = header.GetUntypedHeader(PingHeaderName, PingHeaderNamespace); OperationContext.Current.OutgoingMessageHeaders.Add(untyped); returnValue = this.returnValue; return true; } returnValue = null; outputs = null; return false; } } The implementation above looks for the “Ping” header either in the Http Request or the Soap message. The next step is to implement a behavior for attaching this operation invoker to the services we want to monitor. [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false, Inherited = true)] public class PingBehavior : Attribute, IServiceBehavior, IOperationBehavior { public void AddBindingParameters(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase, Collection<ServiceEndpoint> endpoints, BindingParameterCollection bindingParameters) { } public void ApplyDispatchBehavior(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase) { } public void Validate(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase) { foreach (var endpoint in serviceDescription.Endpoints) { foreach (var operation in endpoint.Contract.Operations) { if (operation.Behaviors.Find<PingBehavior>() == null) operation.Behaviors.Add(this); } } } public void AddBindingParameters(OperationDescription operationDescription, BindingParameterCollection bindingParameters) { } public void ApplyClientBehavior(OperationDescription operationDescription, ClientOperation clientOperation) { } public void ApplyDispatchBehavior(OperationDescription operationDescription, DispatchOperation dispatchOperation) { dispatchOperation.Invoker = new PingOperationInvoker(dispatchOperation.Invoker, operationDescription); } public void Validate(OperationDescription operationDescription) { } } As an operation invoker can only be added in an “operation behavior”, a trick I learned in the past is that you can implement a service behavior as well and use the “Validate” method to inject it in all the operations, so the final configuration is much easier and cleaner. You only need to decorate the service with a simple attribute to enable the “Ping” functionality. [PingBehavior] public class HelloWorldService : IHelloWorld { public string Hello(string name) { return "Hello " + name; } } On the other hand, the client application needs to send a dummy message with a “Ping” header to detect whether the service is available or not. In order to simplify this task, I created a extension method in the WCF client channel to do this work. public static class ClientChannelExtensions { const string PingNamespace = "http://tellago.serviceModel"; const string PingName = "Ping"; public static bool IsAvailable<TChannel>(this IClientChannel channel, Action<TChannel> operation) { try { using (OperationContextScope scope = new OperationContextScope(channel)) { MessageHeader<string> header = new MessageHeader<string>(PingName); var untyped = header.GetUntypedHeader(PingName, PingNamespace); OperationContext.Current.OutgoingMessageHeaders.Add(untyped); try { operation((TChannel)channel); var headers = OperationContext.Current.IncomingMessageHeaders; if (headers.Any(h => h.Name == PingName && h.Namespace == PingNamespace)) { return true; } else { return false; } } catch (CommunicationException) { return false; } } } catch (Exception) { return false; } } } This extension method basically adds a “Ping” header to the request message, executes the operation passed as argument (Action<TChannel> operation), and looks for the corresponding “Ping” header in the response to see the results. The client application can use this extension with a single line of code, var client = new ServiceReference.HelloWorldClient(); var isAvailable = client.InnerChannel.IsAvailable<IHelloWorld>((c) => c.Hello(null)); The “isAvailable” variable will tell the client application whether the service is available or not. You can download the complete implementation from this location.    

    Read the article

  • Creating a Training Lab on Windows Azure

    - by Michael Stephenson
    Originally posted on: http://geekswithblogs.net/michaelstephenson/archive/2013/06/17/153149.aspxThis week we are preparing for a training course that Alan Smith will be running for the support teams at one of my customers around Windows Azure. In order to facilitate the training lab we have a few prerequisites we need to handle. One of the biggest ones is that although the support team all have MSDN accounts the local desktops they work on are not ideal for running most of the labs as we want to give them some additional developer background training around Azure. Some recent Azure announcements really help us in this area: MSDN software can now be used on Azure VM You don't pay for Azure VM's when they are no longer used  Since the support team only have limited experience of Windows Azure and the organisation also have an Enterprise Agreement we decided it would be best value for money to spin up a training lab in a subscription on the EA and then we can turn the machines off when we are done. At the same time we would be able to spin them back up when the users need to do some additional lab work once the training course is completed. In order to achieve this I wanted to create a powershell script which would setup my training lab. The aim was to create 18 VM's which would be based on a prebuilt template with Visual Studio and the Azure development tools. The script I used is described below The Start & Variables The below text will setup the powershell environment and some variables which I will use elsewhere in the script. It will also import the Azure Powershell cmdlets. You can see below that I will need to download my publisher settings file and know some details from my Azure account. At this point I will assume you have a basic understanding of Azure & Powershell so already know how to do this. Set-ExecutionPolicy Unrestrictedcls $startTime = get-dateImport-Module "C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1"# Azure Publisher Settings $azurePublisherSettings = '<Your settings file>.publishsettings'  # Subscription Details $subscriptionName = "<Your subscription name>" $defaultStorageAccount = "<Your default storage account>"  # Affinity Group Details $affinityGroup = '<Your affinity group>' $dataCenter = 'West Europe' # From Get-AzureLocation  # VM Details $baseVMName = 'TRN' $adminUserName = '<Your admin username>' $password = '<Your admin password>' $size = 'Medium' $vmTemplate = '<The name of your VM template image>' $rdpFilePath = '<File path to save RDP files to>' $machineSettingsPath = '<File path to save machine info to>'    Functions In the next section of the script I have some functions which are used to perform certain actions. The first is called CreateVM. This will do the following actions: If the VM already exists it will be deleted Create the cloud service Create the VM from the template I have created Add an endpoint so we can RDP to them all over the same port Download the RDP file so there is a short cut the trainees can easily access the machine via Write settings for the machine to a log file  function CreateVM($machineNo) { # Specify a name for the new VM $machineName = "$baseVMName-$machineNo" Write-Host "Creating VM: $machineName"       # Get the Azure VM Image      $myImage = Get-AzureVMImage $vmTemplate   #If the VM already exists delete and re-create it $existingVm = Get-AzureVM -Name $machineName -ServiceName $serviceName if($existingVm -ne $null) { Write-Host "VM already exists so deleting it" Remove-AzureVM -Name $machineName -ServiceName $serviceName }   "Creating Service" $serviceName = "bupa-azure-train-$machineName" Remove-AzureService -Force -ServiceName $serviceName New-AzureService -Location $dataCenter -ServiceName $serviceName   Write-Host "Creating VM: $machineName" New-AzureQuickVM -Windows -name $machineName -ServiceName $serviceName -ImageName $myImage.ImageName -InstanceSize $size -AdminUsername $adminUserName -Password $password  Write-Host "Updating the RDP endpoint for $machineName" Get-AzureVM -name $machineName -ServiceName $serviceName ` | Add-AzureEndpoint -Name RDP -Protocol TCP -LocalPort 3389 -PublicPort 550 ` | Update-AzureVM    Write-Host "Get the RDP File for machine $machineName" $machineRDPFilePath = "$rdpFilePath\$machineName.rdp" Get-AzureRemoteDesktopFile -name $machineName -ServiceName $serviceName -LocalPath "$machineRDPFilePath"   WriteMachineSettings "$machineName" "$serviceName" }    The delete machine settings function is used to delete the log file before we start re-running the process.  function DeleteMachineSettings() { Write-Host "Deleting the machine settings output file" [System.IO.File]::Delete("$machineSettingsPath"); }    The write machine settings function will get the VM and then record its details to the log file. The importance of the log file is that I can easily provide the information for all of the VM's to our infrastructure team to be able to configure access to all of the VM's    function WriteMachineSettings([string]$vmName, [string]$vmServiceName) { Write-Host "Writing to the machine settings output file"   $vm = Get-AzureVM -name $vmName -ServiceName $vmServiceName $vmEndpoint = Get-AzureEndpoint -VM $vm -Name RDP   $sb = new-object System.Text.StringBuilder $sb.Append("Service Name: "); $sb.Append($vm.ServiceName); $sb.Append(", "); $sb.Append("VM: "); $sb.Append($vm.Name); $sb.Append(", "); $sb.Append("RDP Public Port: "); $sb.Append($vmEndpoint.Port); $sb.Append(", "); $sb.Append("Public DNS: "); $sb.Append($vmEndpoint.Vip); $sb.AppendLine(""); [System.IO.File]::AppendAllText($machineSettingsPath, $sb.ToString());  } # end functions    Rest of Script In the rest of the script it is really just the bit that orchestrates the actions we want to happen. It will load the publisher settings, select the Azure subscription and then loop around the CreateVM function and create 16 VM's  Import-AzurePublishSettingsFile $azurePublisherSettings Set-AzureSubscription -SubscriptionName $subscriptionName -CurrentStorageAccount $defaultStorageAccount Select-AzureSubscription -SubscriptionName $subscriptionName  DeleteMachineSettings    "Starting creating Bupa International Azure Training Lab" $numberOfVMs = 16  for ($index=1; $index -le $numberOfVMs; $index++) { $vmNo = "$index" CreateVM($vmNo); }    "Finished creating Bupa International Azure Training Lab" # Give it a Minute Start-Sleep -s 60  $endTime = get-date "Script run time " + ($endTime - $startTime)    Conclusion As you can see there is nothing too fancy about this script but in our case of creating a small isolated training lab which is not connected to our corporate network then we can easily use this to provision the lab. Im sure if this is of use to anyone you can easily modify it to do other things with the lab environment too. A couple of points to note are that there are some soft limits in Azure about the number of cores and services your subscription can use. You may need to contact the Azure support team to be able to increase this limit. In terms of the real business value of this approach, it was not possible to use the existing desktops to do the training on, and getting some internal virtual machines would have been relatively expensive and time consuming for our ops team to do. With the Azure option we are able to spin these machines up for a temporary period during the training course and then throw them away when we are done. We expect the costing of this test lab to be very small, especially considering we have EA pricing. As a ball park I think my 18 lab VM training environment will cost in the region of $80 per day on our EA. This is a fraction of the cost of the creation of a single VM on premise.

    Read the article

  • How to create a virtual network with Azure Connect

    - by Herve Roggero
    If you are trying to establish a virtual network between machines located in disparate networks, you can either use VPN, Virtual Network or Azure Connect. If you want to establish a connection between machines located in Windows Azure, you should consider using the Virtual Network service. If you want to establish a connection between local machines and Virtual Machines in Windows Azure, you may be able to use your existing VPN device (assuming you have one), as long as the device is supported by Microsoft. If the VPN device you are using isn’t supported, or if you are trying to create a virtual network between machines from disparate networks (such as machines located in another cloud provider), you can use Azure Connect. This blog post explains how Azure Connect can help you create virtual networks between multiple servers in the cloud, various servers in different cloud environments, and on-premise. Note: Azure Connect is currently in Technical Preview. About Azure Connect Let’s do a quick review of Azure Connect. This technology implements an IPSec tunnel from machines to to a relay service located in the Microsoft cloud (Azure). So in essence, Azure Connect doesn’t provide a point-to-point connection between machines; the network communication is tunneled through the relay service. The relay service in turn offers a mechanism to enforce basic communication rules that you define through Groups. We will review this later. You could network two or more VMs in the Azure cloud (although you should consider using a Virtual Network if you go this route), or servers in the Azure cloud and other machines in the Amazon cloud for example, or even two or more on-premise servers located in different locations for which a direct network connection is not an option. You can place any number of machines in your topology. Azure Connect gives you great flexibility on how you want to build your virtual network across various environments. So Azure Connect makes sense when you want to: Connect machines located in different cloud providers Connect on-premise machines running in different locations Connect Azure VMs with on-premise (if you do not have a VPN device, or if your device is not supported) Connect Azure Roles (Worker Roles, Web Roles) with on-premise servers or in other cloud providers The diagram below shows you a high level network topology that involves machines in the Windows Azure cloud, other cloud providers and on-premise. You should note that the only required component in this diagram is the Relay itself. The other machines are optional (although your network is useful only if you have two or more machines involved). Relay agents are currently available in three geographic areas: US, Europe and Asia. You can change which region you want to use in the Windows Azure management portal. High Level Network Topology With Azure Connect Azure Connect Agent Azure Connect establishes a virtual network and creates virtual adapters on your machines; these virtual adapters communicate through the Relay using IPSec. This is achieved by installing an agent (the Azure Connect Agent) on all the machines you want in your network topology. However, you do not need to install the agent on Worker Roles and Web Roles; that’s because the agent is already installed for you. Any other machine, including Virtual Machines in Windows Azure, needs the agent installed.  To install the agent, simply go to your Windows Azure portal (http://windows.azure.com) and click on Networks on the bottom left panel. You will see a list of subscriptions under Connect. If you select a subscription, you will be able to click on the Install Local Endpoint icon on top. Clicking on this icon will begin the download and installation process for the agent. Activating Roles for Azure Connect As previously mentioned, you do not need to install the Azure Connect Agent on Worker Roles and Web Roles because it is already loaded. However, you do need to activate them if you want the roles to participate in your network topology. To do this, you will need to click on the Get Activation Token icon. The activation token must then be copied and placed in the configuration file of your roles. For more information on how to perform this step, visit MSDN at http://msdn.microsoft.com/en-us/library/windowsazure/gg432964.aspx. Firewall Rules Note that specific firewall rules must exist to allow the agent to communicate through the Relay. You will need to allow TCP 443 and ICMPv6. For additional information, please visit MSDN at http://msdn.microsoft.com/en-us/library/windowsazure/gg433061.aspx. CA Certificates You can optionally require agents to sign their activation request with the Relay using a trusted certificate issued by a Certificate Authority (CA). Click on Activation Options to learn more. Groups To create your network topology you must first create a group. A group represents a logical container of endpoints (or machines) that can communicate through the Relay. You can create multiple groups allowing you to manage network communication differently. For example you could create a DEVELOPMENT group and a PRODUCTION group. To add an endpoint you must first install an agent that will create a virtual adapter on the machine on which it is installed (as discussed in the previous section). Once you have created a group and installed the agents, the machines will appear in the Windows Azure management portal and you can start assigning machines to groups. The next figure shows you that I created a group called LocalGroup and assigned two machines (both on-premise) to that group. Groups and Computers in Azure Connect As I mentioned previously you can allow these machines to establish a network connection. To do this, you must enable the Interconnected option in the group. The following diagram shows you the definition of the group. In this topology I chose to include local machines only, but I could also add worker roles and web roles in the Azure Roles section (you must first activate your roles, as discussed previously). You could also add other Groups, allowing you to manage inter-group communication. Defining a Group in Azure Connect Testing the Connection Now that my agents have been installed on my two machines, the group defined and the Interconnected option checked, I can test the connection between my machines. The next screenshot shows you that I sent a PING request to DEVLAP02 from DEVDSK02. The PING request was successful. Note however that the time is in the hundreds of milliseconds on average. That is to be expected because the machines are connecting through the Relay located in the cloud. Going through the Relay introduces an extra hop in the communication chain, so if your systems rely on high performance, you may want to conduct some basic performance tests. Sending a PING Request Through The Relay Conclusion As you can see, creating a network topology between machines using the Azure Connect service is simple. It took me less than five minutes to create the above configuration, including the time it took to install the Azure Connect agents on the two machines. The flexibility of Azure Connect allows you to create a virtual network between disparate environments, as long as your operating systems are supported by the agent. For more information on Azure Connect, visit the MSDN website at http://msdn.microsoft.com/en-us/library/windowsazure/gg432997.aspx. About Herve Roggero Herve Roggero, Windows Azure MVP, is the founder of Blue Syntax Consulting, a company specialized in cloud computing products and services. Herve's experience includes software development, architecture, database administration and senior management with both global corporations and startup companies. Herve holds multiple certifications, including an MCDBA, MCSE, MCSD. He also holds a Master's degree in Business Administration from Indiana University. Herve is the co-author of "PRO SQL Azure" from Apress and runs the Azure Florida Association (on LinkedIn: http://www.linkedin.com/groups?gid=4177626). For more information on Blue Syntax Consulting, visit www.bluesyntax.net. Special Thanks I would like thank those that helped me figure out how Azure Connect works: Marcel Meijer - http://blogs.msmvps.com/marcelmeijer/ Michael Wood - Http://www.mvwood.com Glenn Block - http://www.codebetter.com/glennblock Yves Goeleven - http://cloudshaper.wordpress.com/ Sandrino Di Mattia - http://fabriccontroller.net/ Mike Martin - http://techmike2kx.wordpress.com

    Read the article

  • General Policies and Procedures for Maintaining the Value of Data Assets

    Here is a general list for policies and procedures regarding maintaining the value of data assets. Data Backup Policies and Procedures Backups are very important when dealing with data because there is always the chance of losing data due to faulty hardware or a user activity. So the need for a strategic backup system should be mandatory for all companies. This being said, in the real world some companies that I have worked for do not really have a good data backup plan. Typically when companies tend to take this kind of approach in data backups usually the data is not really recoverable.  Unfortunately when companies do not regularly test their backup plans they get a false sense of security because they think that they are covered. However, I can tell you from personal and professional experience that a backup plan/system is never fully implemented until it is regularly tested prior to the time when it actually needs to be used. Disaster Recovery Plan Expanding on Backup Policies and Procedures, a company needs to also have a disaster recovery plan in order to protect its data in case of a catastrophic disaster.  Disaster recovery plans typically encompass how to restore all of a company’s data and infrastructure back to a restored operational status.  Most Disaster recovery plans also include time estimates on how long each step of the disaster recovery plan should take to be executed.  It is important to note that disaster recovery plans are never fully implemented until they have been tested just like backup plans. Disaster recovery plans should be tested regularly so that the business can be confident in not losing any or minimal data due to a catastrophic disaster. Firewall Policies and Content Filters One way companies can protect their data is by using a firewall to separate their internal network from the outside. Firewalls allow for enabling or disabling network access as data passes through it by applying various defined restrictions. Furthermore firewalls can also be used to prevent access from the internal network to the outside by these same factors. Common Firewall Restrictions Destination/Sender IP Address Destination/Sender Host Names Domain Names Network Ports Companies can also desire to restrict what their network user’s view on the internet through things like content filters. Content filters allow a company to track what webpages a person has accessed and can also restrict user’s access based on established rules set up in the content filter. This device and/or software can block access to domains or specific URLs based on a few factors. Common Content Filter Criteria Known malicious sites Specific Page Content Page Content Theme  Anti-Virus/Mal-ware Polices Fortunately, most companies utilize antivirus programs on all computers and servers for good reason, virus have been known to do the following: Corrupt/Invalidate Data, Destroy Data, and Steal Data. Anti-Virus applications are a great way to prevent any malicious application from being able to gain access to a company’s data.  However, anti-virus programs must be constantly updated because new viruses are always being created, and the anti-virus vendors need to distribute updates to their applications so that they can catch and remove them. Data Validation Policies and Procedures Data validation is very important to ensure that only accurate information is stored. The existence of invalid data can cause major problems when businesses attempt to use data for knowledge based decisions and for performance reporting. Data Scrubbing Policies and Procedures Data scrubbing is valuable to companies in one of two ways. The first can be used to clean data prior to being analyzed for report generation. The second is that it allows companies to remove things like personally Identifiable information from its data prior to transmit it between multiple environments or if the information is sent to an external location. An example of this can be seen with medical records in regards to HIPPA laws that prohibit the storage of specific personal and medical information. Additionally, I have professionally run in to a scenario where the Canadian government does not allow any Canadian’s personal information to be stored on a server not located in Canada. Encryption Practices The use of encryption is very valuable when a company needs to any personal information. This allows users with the appropriated access levels to view or confirm the existence or accuracy of data within a system by either decrypting the information or encrypting a piece of data and comparing it to the stored version.  Additionally, if for some unforeseen reason the data got in to the wrong hands then they would have to first decrypt the data before they could even be able to read it. Encryption just adds and additional layer of protection around data itself. Standard Normalization Practices The use of standard data normalization practices is very important when dealing with data because it can prevent allot of potential issues by eliminating the potential for unnecessary data duplication. Issues caused by data duplication include excess use of data storage, increased chance for invalidated data, and over use of data processing. Network and Database Security/Access Policies Every company has some form of network/data access policy even if they have none. These policies help secure data from being seen by inappropriate users along with preventing the data from being updated or deleted by users. In addition, without a good security policy there is a large potential for data to be corrupted by unassuming users or even stolen. Data Storage Policies Data storage polices are very important depending on how they are implemented especially when a company is trying to utilize them in conjunction with other policies like Data Backups. I have worked at companies where all network user folders are constantly backed up, and if a user wanted to ensure the existence of a piece of data in the form of a file then they had to store that file in their network folder. Conversely, I have also worked in places where when a user logs on or off of the network there entire user profile is backed up. Training Policies One of the biggest ways to prevent data loss and ensure that data will remain a company asset is through training. The practice of properly train employees on how to work with in systems that access data is crucial when trying to ensure a company’s data will remain an asset. Users need to be trained on how to manipulate a company’s data in order to perform their tasks to reduce the chances of invalidating data.

    Read the article

  • WIF, ADFS 2 and WCF&ndash;Part 2: The Service

    - by Your DisplayName here!
    OK – so let’s first start with a simple WCF service and connect that to ADFS 2 for authentication. The service itself simply echoes back the user’s claims – just so we can make sure it actually works and to see how the ADFS 2 issuance rules emit claims for the service: [ServiceContract(Namespace = "urn:leastprivilege:samples")] public interface IService {     [OperationContract]     List<ViewClaim> GetClaims(); } public class Service : IService {     public List<ViewClaim> GetClaims()     {         var id = Thread.CurrentPrincipal.Identity as IClaimsIdentity;         return (from c in id.Claims                 select new ViewClaim                 {                     ClaimType = c.ClaimType,                     Value = c.Value,                     Issuer = c.Issuer,                     OriginalIssuer = c.OriginalIssuer                 }).ToList();     } } The ViewClaim data contract is simply a DTO that holds the claim information. Next is the WCF configuration – let’s have a look step by step. First I mapped all my http based services to the federation binding. This is achieved by using .NET 4.0’s protocol mapping feature (this can be also done the 3.x way – but in that scenario all services will be federated): <protocolMapping>   <add scheme="http" binding="ws2007FederationHttpBinding" /> </protocolMapping> Next, I provide a standard configuration for the federation binding: <bindings>   <ws2007FederationHttpBinding>     <binding>       <security mode="TransportWithMessageCredential">         <message establishSecurityContext="false">           <issuerMetadata address="https://server/adfs/services/trust/mex" />         </message>       </security>     </binding>   </ws2007FederationHttpBinding> </bindings> This binding points to our ADFS 2 installation metadata endpoint. This is all that is needed for svcutil (aka “Add Service Reference”) to generate the required client configuration. I also chose mixed mode security (SSL + basic message credential) for best performance. This binding also disables session – you can control that via the establishSecurityContext setting on the binding. This has its pros and cons. Something for a separate blog post, I guess. Next, the behavior section adds support for metadata and WIF: <behaviors>   <serviceBehaviors>     <behavior>       <serviceMetadata httpsGetEnabled="true" />       <federatedServiceHostConfiguration />     </behavior>   </serviceBehaviors> </behaviors> The next step is to add the WIF specific configuration (in <microsoft.identityModel />). First we need to specify the key material that we will use to decrypt the incoming tokens. This is optional for web applications but for web services you need to protect the proof key – so this is mandatory (at least for symmetric proof keys, which is the default): <serviceCertificate>   <certificateReference storeLocation="LocalMachine"                         storeName="My"                         x509FindType="FindBySubjectDistinguishedName"                         findValue="CN=Service" /> </serviceCertificate> You also have to specify which incoming tokens you trust. This is accomplished by registering the thumbprint of the signing keys you want to accept. You get this information from the signing certificate configured in ADFS 2: <issuerNameRegistry type="...ConfigurationBasedIssuerNameRegistry">   <trustedIssuers>     <add thumbprint="d1 … db"           name="ADFS" />   </trustedIssuers> </issuerNameRegistry> The last step (promised) is to add the allowed audience URIs to the configuration – WCF clients use (by default – and we’ll come back to this) the endpoint address of the service: <audienceUris>   <add value="https://machine/soapadfs/service.svc" /> </audienceUris> OK – that’s it – now we have a basic WCF service that uses ADFS 2 for authentication. The next step will be to set-up ADFS to issue tokens for this service. Afterwards we can explore various options on how to use this service from a client. Stay tuned… (if you want to have a look at the full source code or peek at the upcoming parts – you can download the complete solution here)

    Read the article

  • Secure Your Wireless Router: 8 Things You Can Do Right Now

    - by Chris Hoffman
    A security researcher recently discovered a backdoor in many D-Link routers, allowing anyone to access the router without knowing the username or password. This isn’t the first router security issue and won’t be the last. To protect yourself, you should ensure that your router is configured securely. This is about more than just enabling Wi-Fi encryption and not hosting an open Wi-Fi network. Disable Remote Access Routers offer a web interface, allowing you to configure them through a browser. The router runs a web server and makes this web page available when you’re on the router’s local network. However, most routers offer a “remote access” feature that allows you to access this web interface from anywhere in the world. Even if you set a username and password, if you have a D-Link router affected by this vulnerability, anyone would be able to log in without any credentials. If you have remote access disabled, you’d be safe from people remotely accessing your router and tampering with it. To do this, open your router’s web interface and look for the “Remote Access,” “Remote Administration,” or “Remote Management” feature. Ensure it’s disabled — it should be disabled by default on most routers, but it’s good to check. Update the Firmware Like our operating systems, web browsers, and every other piece of software we use, router software isn’t perfect. The router’s firmware — essentially the software running on the router — may have security flaws. Router manufacturers may release firmware updates that fix such security holes, although they quickly discontinue support for most routers and move on to the next models. Unfortunately, most routers don’t have an auto-update feature like Windows and our web browsers do — you have to check your router manufacturer’s website for a firmware update and install it manually via the router’s web interface. Check to be sure your router has the latest available firmware installed. Change Default Login Credentials Many routers have default login credentials that are fairly obvious, such as the password “admin”. If someone gained access to your router’s web interface through some sort of vulnerability or just by logging onto your Wi-Fi network, it would be easy to log in and tamper with the router’s settings. To avoid this, change the router’s password to a non-default password that an attacker couldn’t easily guess. Some routers even allow you to change the username you use to log into your router. Lock Down Wi-Fi Access If someone gains access to your Wi-Fi network, they could attempt to tamper with your router — or just do other bad things like snoop on your local file shares or use your connection to downloaded copyrighted content and get you in trouble. Running an open Wi-Fi network can be dangerous. To prevent this, ensure your router’s Wi-Fi is secure. This is pretty simple: Set it to use WPA2 encryption and use a reasonably secure passphrase. Don’t use the weaker WEP encryption or set an obvious passphrase like “password”. Disable UPnP A variety of UPnP flaws have been found in consumer routers. Tens of millions of consumer routers respond to UPnP requests from the Internet, allowing attackers on the Internet to remotely configure your router. Flash applets in your browser could use UPnP to open ports, making your computer more vulnerable. UPnP is fairly insecure for a variety of reasons. To avoid UPnP-based problems, disable UPnP on your router via its web interface. If you use software that needs ports forwarded — such as a BitTorrent client, game server, or communications program — you’ll have to forward ports on your router without relying on UPnP. Log Out of the Router’s Web Interface When You’re Done Configuring It Cross site scripting (XSS) flaws have been found in some routers. A router with such an XSS flaw could be controlled by a malicious web page, allowing the web page to configure settings while you’re logged in. If your router is using its default username and password, it would be easy for the malicious web page to gain access. Even if you changed your router’s password, it would be theoretically possible for a website to use your logged-in session to access your router and modify its settings. To prevent this, just log out of your router when you’re done configuring it — if you can’t do that, you may want to clear your browser cookies. This isn’t something to be too paranoid about, but logging out of your router when you’re done using it is a quick and easy thing to do. Change the Router’s Local IP Address If you’re really paranoid, you may be able to change your router’s local IP address. For example, if its default address is 192.168.0.1, you could change it to 192.168.0.150. If the router itself were vulnerable and some sort of malicious script in your web browser attempted to exploit a cross site scripting vulnerability, accessing known-vulnerable routers at their local IP address and tampering with them, the attack would fail. This step isn’t completely necessary, especially since it wouldn’t protect against local attackers — if someone were on your network or software was running on your PC, they’d be able to determine your router’s IP address and connect to it. Install Third-Party Firmwares If you’re really worried about security, you could also install a third-party firmware such as DD-WRT or OpenWRT. You won’t find obscure back doors added by the router’s manufacturer in these alternative firmwares. Consumer routers are shaping up to be a perfect storm of security problems — they’re not automatically updated with new security patches, they’re connected directly to the Internet, manufacturers quickly stop supporting them, and many consumer routers seem to be full of bad code that leads to UPnP exploits and easy-to-exploit backdoors. It’s smart to take some basic precautions. Image Credit: Nuscreen on Flickr     

    Read the article

  • apache fails to connect to tomcat (Worker config?)

    - by techventure
    I have a tomcat 6 with follwoing server.xml: <Connector port="8253" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8445" acceptCount="100" debug="0" connectionTimeout="20000" disableUploadTimeout="true" /> <Connector port="8014" protocol="AJP/1.3" redirectPort="8445" /> and in added worker.properties: # Set properties for worker4 (ajp13) worker.worker4.type=ajp13 worker.worker4.host=localhost worker.worker4.port=8014 and i put in httpd.conf: JkMount /myWebApp/* worker4 It is not working a as trying to navigate to www1.myCompany.com/myWebApp gives "Service Temporarily Unavailable". I checked in tomcat catalina.out and it says: INFO: JK: ajp13 listening on /0.0.0.0:8014 UPDATE: i put mod_jk log level to debug and below is the result: [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_set_time_fmt::jk_util.c (458): Pre-processed log time stamp format is '[%a %b %d %H:%M:%S %Y] ' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] uri_worker_map_open::jk_uri_worker_map.c (770): rule map size is 8 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] uri_worker_map_add::jk_uri_worker_map.c (720): wildchar rule '/myWebApp/*=worker4' source 'JkMount' was added [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (171): uri map dump after map open: index=0 file='(null)' reject_unsafe=0 reload=60 modified=0 checked=0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (176): generation 0: size=0 nosize=0 capacity=0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (176): generation 1: size=8 nosize=0 capacity=8 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (186): NEXT (1) map #3: uri=/myWebApp/* worker=worker4 context=/myWebApp/* source=JkMount type=Wildchar len=6 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_set_time_fmt::jk_util.c (458): Pre-processed log time stamp format is '[%a %b %d %H:%M:%S %Y] ' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] init_jk::mod_jk.c (3123): Setting default connection pool max size to 1 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.list' with value 'worker1,worker2,worker3,worker4' to map. [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.worker4.type' with value 'ajp13' to map. [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.worker4.host' with value 'localhost' to map. [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.worker4.port' with value '8014' to map. [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_resolve_references::jk_map.c (774): Checking for references with prefix worker. with wildcard (recursion 1) [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_shm_calculate_size::jk_shm.c (132): shared memory will contain 4 ajp workers of size 256 and 0 lb workers of size 320 with 0 members of size 320+256 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [error] init_jk::mod_jk.c (3166): Initializing shm:/var/log/httpd/mod_jk.shm.9552 errno=13. Load balancing workers will not function properly. [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'ServerRoot' -> '/etc/httpd' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.list' -> 'worker1,worker2,worker3,worker4' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker1.type' -> 'ajp13' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker1.host' -> 'localhost' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker1.port' -> '8009' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker2.type' -> 'ajp13' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker2.host' -> 'localhost' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker2.port' -> '8010' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker3.type' -> 'ajp13' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker3.host' -> 'localhost' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker3.port' -> '8112' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker4.type' -> 'ajp13' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker4.host' -> 'localhost' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker4.port' -> '8014' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] build_worker_map::jk_worker.c (242): creating worker worker4 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] wc_create_worker::jk_worker.c (146): about to create instance worker4 of ajp13 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] wc_create_worker::jk_worker.c (159): about to validate and init worker4 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_validate::jk_ajp_common.c (2512): worker worker4 contact is 'localhost:8014' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2699): setting endpoint options: [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2702): keepalive: 0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2706): socket timeout: 0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2710): socket connect timeout: 0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2714): buffer size: 0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2718): pool timeout: 0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2722): ping timeout: 10000 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2726): connect timeout: 0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2730): reply timeout: 0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2734): prepost timeout: 0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2738): recovery options: 0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2742): retries: 2 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2746): max packet size: 8192 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_init::jk_ajp_common.c (2750): retry interval: 100 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] ajp_create_endpoint_cache::jk_ajp_common.c (2562): setting connection pool size to 1 with min 1 and acquire timeout 200 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [info] init_jk::mod_jk.c (3183): mod_jk/1.2.28 initialized [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] wc_get_worker_for_name::jk_worker.c (116): found a worker worker4 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] wc_get_name_for_type::jk_worker.c (293): Found worker type 'ajp13' [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] uri_worker_map_ext::jk_uri_worker_map.c (512): Checking extension for worker 3: worker4 of type ajp13 (2) [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (171): uri map dump after extension stripping: index=0 file='(null)' reject_unsafe=0 reload=60 modified=0 checked=0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (176): generation 0: size=0 nosize=0 capacity=0 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (176): generation 1: size=8 nosize=0 capacity=8 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (186): NEXT (1) map #3: uri=/myWebApp/* worker=worker4 context=/myWebApp/* source=JkMount type=Wildchar len=6 [Wed Jun 13 18:44:26 2012] [9552:3086317328] [debug] uri_worker_map_switch::jk_uri_worker_map.c (482): Switching uri worker map from index 0 to index 1 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_set_time_fmt::jk_util.c (458): Pre-processed log time stamp format is '[%a %b %d %H:%M:%S %Y] ' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_open::jk_uri_worker_map.c (770): rule map size is 8 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_add::jk_uri_worker_map.c (720): wildchar rule '/myWebApp/*=worker4' source 'JkMount' was added [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (171): uri map dump after map open: index=0 file='(null)' reject_unsafe=0 reload=60 modified=0 checked=0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (176): generation 0: size=0 nosize=0 capacity=0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (176): generation 1: size=8 nosize=0 capacity=8 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (186): NEXT (1) map #0: uri=/jsp-examples/* worker=worker1 context=/jsp-examples/* source=JkMount type=Wildchar len=15 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (186): NEXT (1) map #3: uri=/myWebApp/* worker=worker4 context=/myWebApp/* source=JkMount type=Wildchar len=6 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_set_time_fmt::jk_util.c (458): Pre-processed log time stamp format is '[%a %b %d %H:%M:%S %Y] ' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] init_jk::mod_jk.c (3123): Setting default connection pool max size to 1 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.list' with value 'worker1,worker2,worker3,worker4' to map. [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.worker4.type' with value 'ajp13' to map. [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.worker4.host' with value 'localhost' to map. [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_read_property::jk_map.c (491): Adding property 'worker.worker4.port' with value '8014' to map. [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_resolve_references::jk_map.c (774): Checking for references with prefix worker. with wildcard (recursion 1) [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_shm_calculate_size::jk_shm.c (132): shared memory will contain 4 ajp workers of size 256 and 0 lb workers of size 320 with 0 members of size 320+256 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [error] init_jk::mod_jk.c (3166): Initializing shm:/var/log/httpd/mod_jk.shm.9553 errno=13. Load balancing workers will not function properly. [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'ServerRoot' -> '/etc/httpd' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.list' -> 'worker1,worker2,worker3,worker4' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker1.type' -> 'ajp13' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker1.host' -> 'localhost' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker1.port' -> '8009' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker2.type' -> 'ajp13' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker2.host' -> 'localhost' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker2.port' -> '8010' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker3.type' -> 'ajp13' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker3.host' -> 'localhost' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker3.port' -> '8112' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker4.type' -> 'ajp13' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker4.host' -> 'localhost' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] jk_map_dump::jk_map.c (589): Dump of map: 'worker.worker4.port' -> '8014' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] build_worker_map::jk_worker.c (242): creating worker worker4 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] wc_create_worker::jk_worker.c (146): about to create instance worker4 of ajp13 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] wc_create_worker::jk_worker.c (159): about to validate and init worker4 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_validate::jk_ajp_common.c (2512): worker worker4 contact is 'localhost:8014' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2699): setting endpoint options: [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2702): keepalive: 0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2706): socket timeout: 0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2710): socket connect timeout: 0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2714): buffer size: 0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2718): pool timeout: 0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2722): ping timeout: 10000 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2726): connect timeout: 0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2730): reply timeout: 0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2734): prepost timeout: 0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2738): recovery options: 0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2742): retries: 2 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2746): max packet size: 8192 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_init::jk_ajp_common.c (2750): retry interval: 100 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] ajp_create_endpoint_cache::jk_ajp_common.c (2562): setting connection pool size to 1 with min 1 and acquire timeout 200 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [info] init_jk::mod_jk.c (3183): mod_jk/1.2.28 initialized [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] wc_get_worker_for_name::jk_worker.c (116): found a worker worker4 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] wc_get_name_for_type::jk_worker.c (293): Found worker type 'ajp13' [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_ext::jk_uri_worker_map.c (512): Checking extension for worker 3: worker4 of type ajp13 (2) [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (171): uri map dump after extension stripping: index=0 file='(null)' reject_unsafe=0 reload=60 modified=0 checked=0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (176): generation 0: size=0 nosize=0 capacity=0 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (176): generation 1: size=8 nosize=0 capacity=8 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_dump::jk_uri_worker_map.c (186): NEXT (1) map #3: uri=/myWebApp/* worker=worker4 context=/myWebApp/* source=JkMount type=Wildchar len=6 [Wed Jun 13 18:44:26 2012] [9553:3086317328] [debug] uri_worker_map_switch::jk_uri_worker_map.c (482): Switching uri worker map from index 0 to index 1 [Wed Jun 13 18:44:26 2012] [9555:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9556:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9557:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9558:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9559:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9560:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9561:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9562:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9563:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9564:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9565:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9567:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9568:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9566:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9569:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:26 2012] [9570:3086317328] [debug] jk_child_init::mod_jk.c (3068): Initialized mod_jk/1.2.28 [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] map_uri_to_worker_ext::jk_uri_worker_map.c (1036): Attempting to map URI '/myWebApp/jsp/login.faces' from 8 maps [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] find_match::jk_uri_worker_map.c (850): Attempting to map context URI '/myWebApp/*=worker4' source 'JkMount' [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] find_match::jk_uri_worker_map.c (863): Found a wildchar match '/myWebApp/*=worker4' [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] jk_handler::mod_jk.c (2459): Into handler jakarta-servlet worker=worker4 r->proxyreq=0 [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] wc_get_worker_for_name::jk_worker.c (116): found a worker worker4 [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] wc_maintain::jk_worker.c (339): Maintaining worker worker1 [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] wc_maintain::jk_worker.c (339): Maintaining worker worker2 [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] wc_maintain::jk_worker.c (339): Maintaining worker worker3 [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] wc_maintain::jk_worker.c (339): Maintaining worker worker4 [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] wc_get_name_for_type::jk_worker.c (293): Found worker type 'ajp13' [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] init_ws_service::mod_jk.c (977): Service protocol=HTTP/1.1 method=GET ssl=false host=(null) addr=167.184.214.6 name=www1.myCompany.com.au port=80 auth=(null) user=(null) laddr=10.215.222.78 raddr=167.184.214.6 uri=/myWebApp/jsp/login.faces [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] ajp_get_endpoint::jk_ajp_common.c (2977): acquired connection pool slot=0 after 0 retries [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] ajp_marshal_into_msgb::jk_ajp_common.c (605): ajp marshaling done [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] ajp_service::jk_ajp_common.c (2283): processing worker4 with 2 retries [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] ajp_send_request::jk_ajp_common.c (1501): (worker4) all endpoints are disconnected. [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] jk_open_socket::jk_connect.c (452): socket TCP_NODELAY set to On [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] jk_open_socket::jk_connect.c (576): trying to connect socket 18 to 127.0.0.1:8014 [Wed Jun 13 18:44:54 2012] [9555:3086317328] [info] jk_open_socket::jk_connect.c (594): connect to 127.0.0.1:8014 failed (errno=13) [Wed Jun 13 18:44:54 2012] [9555:3086317328] [info] ajp_connect_to_endpoint::jk_ajp_common.c (922): Failed opening socket to (127.0.0.1:8014) (errno=13) [Wed Jun 13 18:44:54 2012] [9555:3086317328] [error] ajp_send_request::jk_ajp_common.c (1507): (worker4) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=13) [Wed Jun 13 18:44:54 2012] [9555:3086317328] [info] ajp_service::jk_ajp_common.c (2447): (worker4) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1) [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] ajp_service::jk_ajp_common.c (2304): retry 1, sleeping for 100 ms before retrying [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] ajp_send_request::jk_ajp_common.c (1501): (worker4) all endpoints are disconnected. [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] jk_open_socket::jk_connect.c (452): socket TCP_NODELAY set to On [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] jk_open_socket::jk_connect.c (576): trying to connect socket 18 to 127.0.0.1:8014 [Wed Jun 13 18:44:54 2012] [9555:3086317328] [info] jk_open_socket::jk_connect.c (594): connect to 127.0.0.1:8014 failed (errno=13) [Wed Jun 13 18:44:54 2012] [9555:3086317328] [info] ajp_connect_to_endpoint::jk_ajp_common.c (922): Failed opening socket to (127.0.0.1:8014) (errno=13) [Wed Jun 13 18:44:54 2012] [9555:3086317328] [error] ajp_send_request::jk_ajp_common.c (1507): (worker4) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=13) [Wed Jun 13 18:44:54 2012] [9555:3086317328] [info] ajp_service::jk_ajp_common.c (2447): (worker4) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2) [Wed Jun 13 18:44:54 2012] [9555:3086317328] [error] ajp_service::jk_ajp_common.c (2466): (worker4) connecting to tomcat failed. [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] ajp_reset_endpoint::jk_ajp_common.c (743): (worker4) resetting endpoint with sd = 4294967295 (socket shutdown) [Wed Jun 13 18:44:54 2012] [9555:3086317328] [debug] ajp_done::jk_ajp_common.c (2905): recycling connection pool slot=0 for worker worker4 [Wed Jun 13 18:44:54 2012] [9555:3086317328] [info] jk_handler::mod_jk.c (2615): Service error=-3 for worker=worker4 The error i get in browser is: Service Temporarily Unavailable Apache/2.2.3 (Red Hat) Server at www1.myCompany.com.au Port 80 can someone please help and explain what is going on and how it can be resolved?

    Read the article

  • Failed Backup Job With Backup Exec 12 and AOFO

    - by Mort
    I am backing up a Windows 2003 Small Business Server with SP2. We are running Backup Exec 12 with SP4. Recently the backup job started failing on backing up the system state with the following error: V-79-57344-34110 - AOFO: Initialization failure on: "System?State". Advanced Open File Option used: Microsoft Volume Shadow Copy Service (VSS). Snapshot provider error (0xE000FE7D): Access is denied. To back up or restore System State, administrator privileges are required. Check the Windows Event Viewer for details. Upon review of Symantec's website the error indicates a credential problem. However when I test the credentials they come back with no failures. I have found another forum here referencing a similar error and have tried what has been indicated with no succesful results. I have created new jobs based on new selection lists with no succesful results. I suspect a new update possibly from Microsoft may be causing this but I have no idea which one. I am looking for feedback. Thanks.

    Read the article

  • The boot selection failed because a required device is inaccessible 0xc000000e

    - by bbodenmiller
    A family member of mine recently went on vacation and turned off their computer, something they normally do not do, upon returning home it would not turn on and now returns the error message below. Generally friends and family come to me for help with computers and I have no problem, however this time I am a bit stumped. Any suggestions would be greatly appreciated. As you can see the error message is: Status: 0xc000000e Info: The best selection failed because a required device is inaccessible. Before going to this error message it briefly flashes the Windows loading screen. I have been able to confirm through the Windows RE Command Line and the dir command that the C: drive is accessible and likely is just suffering a bootup issue. I have tried: Launching the repair process discussed in the error message three times however each time it requires a restart and then returns to the same error message. Changing the boot order to be hard drive first Getting into safe mode; F8 just results in the same error message before I can get to the menu to select safe mode I have checked to make sure the BCD (bcdedit, Boot Configuration Data) is still intact as per https://www.symantec.com/business/support/index?page=content&id=TECH160475 I plan to try (but would like additional comments on): sfc /scannow; requires a restart and thus will likely result in the error message again A memory scan Bootrec as per http://support.microsoft.com/kb/927392#method1 Swapping IDE cables/ports Resetting the BIOS I noticed others with similar issues around the web are dual-booting however this machine is not setup in a dual-boot environment. Additionally at one point this error message supposedly showed up before I started working on the computer: The instruction at 0xfbe2584d referenced memory at 0x00000008. The memory could not be read. As previously stated any additional suggestions or words of advice would be greatly apprecaited.

    Read the article

  • Cisco Spam Blocker, Iron Port, Lotus Domino, Integration Help

    - by NickToyota
    Hi serverfault universe, I work for a medium sized (roughly 200 user) company. We are attempting to intagrate our new Cisco Spam Video Blocker (ironport) device into our network so that it acts as an incoming filter then passes it off to our Lotus domino mail server. And also vise versa. The way our network is setup currently has an mx record pointing to our Domino mail SMTP incoming server which is currently setup to be an inbound gateway and filter (using symantec domino mail software). We want to replace the inbound gateway with the ironport. Our company has also invested in a pool of external IP addresses which I believe has been currently assigned to our web, email, servers. What would the proper course of action be to successfully integrate the device be? Mx record change? Replace the domino gateway completely with the ironport? We attempted to set the ironport device to the external IP of what our mx record is pointing to without much success. Any help on proper setup would be greatly appreciated.

    Read the article

  • Lost partition after restarting

    - by nxhoaf
    I have Window 7 Professional Service pack installed in my Laptop Lenovo Thinkpad t420. After formatting the disk, and install Window 7 (detailed as above), I went to Computer -- Manager -- Storage -- Disk Management to split my 300gb C partition into 2 partition: C (which is 162gb) E (which is 140gb) Is work fine for about 2 days. Today, when I turn on my computer, I'm very suprise that the E partition is disappear. I can surely confirm that I didn't do any stupid thing yesterday. And before I shut down my computer, everything was fine. In general, here is what I did during the last today (from the point that I formatted the disk, and installed Window) Format 300gb hard disk Install window 7 Install eclipse, db2, .... ( I'm a developer) Install some other tools (Open office, Skype...) Install PGP (http://www.symantec.com/encryption) <--- I'm forced to used that due to my company policy Use Computer -- Manager -- Storage -- Disk Management to split my 300gb C partition into 2 partition as described above. It worked quite well for two last days. Until day... Can you please help me to recover my lost partition ? Thank you! For more info, here is my partition info: You can also see the image here

    Read the article

  • Where is my free space?

    - by Andrey
    A week ago I got a low disk space warning on my Vista x64 Ultimate box - 60 Mb free on the disk C; I cleaned up some downloaded msdn images and got 20 Gb freed up. Three days ago I got another notification, it looked suspicious but I didnt have time to deal with it and just moved some heavy stuff to another drive to free up about 17 Gb.... Today morning - 53Mb left on drive C, again! Now it looks really suspecious, so I downloaded TreeSize to see what's taking up the space, just to see it reporting only 121 GB out of 200 GB used, in other words I suppose to have about 79 Gb free. Then I went to Folder Options, enabled viewing of system and hidden files, rerun teh tool to see another 5 Gb added (which is expected). Then I open disk C in windows explorer, select all and right click Properties, to see it reporting teh same amount of files - 126 Gb. But when I look at Drive C properties, it reports that 200GB of 200 Gb are taken. I just scanned the drive with two different antiviruses - Symantec and AVG and found no viruses... I'm a little confused at this point, any ideas where is my free space, woudl be highly appreciated! Thank you! Andrey

    Read the article

  • NetApp NDMP backup with BE 2010 R2 works, restore fails

    - by uuwe
    Hi, I'm having some issues with a new Backup Exec 2010 R2 installation. I configured a NetApp FAS2020 as an NDMP device and want to backup files from the NAS to a tape drive connected to my backup server. I set up ndmpd according to this document (http://www.symantec.com/business/support/index?page=content&id=TECH48957) and created a separate backup user (http://filers.blogspot.com/2006/09/setting-veritas-netbackup-with-non.html). Backup works perfectly, but restoring any file gives me an authentication failed error. The NDMP device has a "global" ndmp user configured in the device tab (tried this with the newly created ndmpd backup user and the netapp root) and I can also configure separate resource credentials in the BE restore job. I have tried setting the same accounts for the "global" ndmp device and the restore credentials and have also tried setting different accounts for them. NDMP debug level is at 5 and this is what shows up in /etc/messages. The session is closed immediately after it has been granted. 16:12:07 PST [Java_Thread:info]: ndmpdserver: ndmpd.access allowed for version = 4, sessionId = 51, from src ip = 192.168.11.17, dst ip = FAS2020-1/192.168.11.75, src port = 50857, dst port = 10000 16:12:07 PST [Java_Thread:info]: Ndmpd51: ndmpd session closed successfully for version = 4, sessionId = 51, from src ip = 192.168.11.17, dst ip = FAS2020-1/192.168.11.75, src port = 50857, dst port = 10000 Running wireshark on the backup server doesn't produce much. It shows a SYN - SYN/ACK - NDMP CONNECT_CLOSE Request from the backup server. The Resource Credentials for the restore job behave very oddly. If I enter NDMP credentials and do "Test All" it fails. If I use my regular domain backup account, it is successful. There are no failed or succeeded logons in the NetApp ndmp log and tracing this check shows that it doesn't even connect to the NAS. This makes me think that this is more likely flaky BE behaviour rather than misconfiguration of the NAS. Here is the options ndmp output: FAS2020-1 options ndmp ndmpd.access all ndmpd.authtype challenge ndmpd.connectlog.enabled on ndmpd.enable on ndmpd.ignore_ctime.enabled off ndmpd.offset_map.enable on ndmpd.password_length 16 ndmpd.preferred_interface disable ndmpd.tcpnodelay.enable off

    Read the article

  • restoring a failed SBS 2000 box...

    - by Brad Pears
    Hi there, I read a post where you had mentioned you have had a PERC card blow up on you in an SBS box... I've got a similar situation where one of my RAID drives failed and then the power supply failed before I could replace the drive... I then replaced the power supply and the failed drive and reconfigured the RAID array. I had a recent full backup of the my Win2k SBS's C: drive stored on my SYmantec backup exec server so I installed win2K server on the c: partition and then once I had that up and running, installed the backup exec agent so as to do a restore of the entire c drive including system state. THis all worked just fine, until I had to reboot. I received an "incorrect drive configuration" error and then it hangs. I figure that likely makes sense becasue I think my RAID array is configured slightly different now in that the partitions may be sizeded ever so slightly differently now than they were before I think... Is there a way I can just restore from my backup BUT maybe exclude some of the registry and hidden boot files it wants to restore so that it is booting with the current configuration now active on that machine - not the pre blow up configuration files? I also read a post that indicated you might have to install the exact same service pack etc... etc.. before attemting a restore but that does not make sense to me being as the entire c drive contents are going to be overwritten by the restore anyway? THe basic OS install is just to be able to get the backup exec agent installed . I can;t understand why one would need to install the exact same SP level. CAn you shed some light on what I might be able to do to get this thing up and running? Thanks,Brad

    Read the article

  • Outlook 2007 will not send/receive using RPC over HTTP to an exchange server.. works for other users

    - by bob franklin smith harriet
    I have an incredibly frustrating user issue that I have been unable to resolve for over a week, any ideas for this would be greatly appreciated. The user is having troubles using Outlook 2007 to send or receive emails over using RPC over HTTP (Outlook Anywhere) to an exchange server. Basically what happens, the connection will be establised and the user will be prompted for the username and password, those are submitted and then outlook tries to download emails which fails and the connection to the exchange server will remain unavailable. The machine can ping and everything to the exchange server there is no connection issue there. The setup worked fine for him up untill now and also works for possibly hundreds of other users using the exact same settings, also the same settings will work from the users iphone on the same internet connection, and from my own system using outlook. The exchange server has the webmail https feature and that can be logged into and send and receive emails fine. Steps taken so far: removing the .ost file for the account and allowing office to rebuild it (fixes the issue for a short period of time, then the same symptons occur) deleted exchange profile and recreated (no change in issue) uninstalled all antivirus and firewalls (no change in issue) removed all cached passwords (keymgr.dll) (no change in issue) removed all entries from the hosts file (no change in issue) uninstalled and reinstalled office 2007 (Temporary fix of issue) Installing Symantec Endpoint Client caused a lot of email scan popups to be displayed, after a reboot this stopped and a scan it picked a few trojans that it removed. This fixed the issue temporarily as well, the issue is back again now. I am completely out of ideas now, there seems to be nothing that can be done to fix this issue outside of rebuilding the PC which is a massive pandoras box I don't want to enter with this user. --- Update ---- Malware scans from multiple products have been run on the machine and all updates were installed. The real problem with this user is his distance from us, there is no way to supply a spare laptop or rebuild the machine currently.

    Read the article

  • Deploying workstations - best practices?

    - by V. Romanov
    Hi guys I've been researching on the subject of workstation deployment for a while, and found a ton of info and dozens different methods and tools, but no "best practice" method that doesn't lack at least one feature that i consider required for the solution to be perfect. I'm currently interested in windows workstation deployment, but if the tools can be extended to Linux, then it's an added value. I want the deployment tools I use to be able to do the following: hardware independent - I want my image or installation to have a minimum of hardware and driver dependency, so that i can use a single image/package for all workstations easily updatable - I want to be able to update my image as easily as possible without redeploying/rebuilding/reimaging all configurations PXE bootable deployment - I want the tools to be bootable off the network so that I don't need a boot cd/DOK. scriptable for minimum human input - Ideally, the tool should run automatically after being booted and perform a "default" deployment (including partitioning) unless prompted otherwise. i.e - take a pc, hook it up, power on, PXE boot and forget about it until the OS is deployed. I found no single product or environment that does all this. Closest i came to is the windows deployment services/WIM image format. I also checked out numerous imaging and deployment tools including clonezilla, ghost, g4u, wpkg and others, but most of them lack the hardware Independence and updatability features. We currently have a Symantec Ghost server setup that does imaging over the network, but I'm not satisfied with it as it has all the drawbacks i listed above. Do you have suggestions how to optimize the process of workstation deployment? How do you deploy them in your organization? Thanks! Vadim.

    Read the article

  • Cisco Spam Blocker, Iron Port, Lotus Domino, Integration Help

    - by NickToyota
    Hi serverfault universe, I work for a medium sized (roughly 200 user) company. We are attempting to intagrate our new Cisco Spam Video Blocker (ironport) device into our network so that it acts as an incoming filter then passes it off to our Lotus domino mail server. And also vise versa. The way our network is setup currently has an mx record pointing to our Domino mail SMTP incoming server which is currently setup to be an inbound gateway and filter (using symantec domino mail software). We want to replace the inbound gateway with the ironport. Our company has also invested in a pool of external IP addresses which I believe has been currently assigned to our web, email, servers. What would the proper course of action be to successfully integrate the device be? Mx record change? Replace the domino gateway completely with the ironport? We attempted to set the ironport device to the external IP of what our mx record is pointing to without much success. Any help on proper setup would be greatly appreciated.

    Read the article

  • Can I format a Veritas cluster shared volume from windows?

    - by spaghettidba
    We have a Microsoft Failover Cluster with dynamic disks managed by Veritas Storage Foundation. Today the sysadmins added a new disk for SQL Server but the cluster size on the volume was wrong, so I issued a quick format to change it. The disk volume failed, the SQL Server group failed as well and the cluster became unresponsive. After some minutes I managed to fail over to a passive node. The SAN admins say it's my fault because I shouldn't have formatted the disk from the Windows format applet, but I should have used Veritas Enterprise Administrator instead. Can a format operation bring offline a whole cluster group this way? Relevant error messages: From the eventlog: The cluster resource host subsystem (RHS) stopped unexpectedly. An attempt will be made to restart it. This is usually due to a problem in a resource DLL. Please determine which resource DLL is causing the issue and report the problem to the resource vendor. From the cluster.log ERR [RCM] rcm::RcmResControl::DoResourceControl: ERROR_RESOURCE_CALL_TIMED_OUT(5910)' because of 'Control(STORAGE_GET_DISK_INFO_EX) to resource 'NameOfTheDiskGroup' timed out.' Veritas Documentation: Excerpt from Symantec's documentation: Note: Before manually creating the resource, you must format the cluster-shared volume with NTFS using the VEA GUI and mount it on the node where you are trying to create the resource. Does this mean the disk cannot be formatted from Windows? I don't read it that way. For the record, I formatted many disks using the Windows applet in the past and nothing bad happened.

    Read the article

  • Generating new SID for Windows 7 cloned partition in Linux?

    - by Jack
    So I've read that the proper way to clone a Windows 7 partition is to run a Sysprep after the clone is complete. For MANY reasons, this is not possible the way we are cloning these drives (long story short, the drive should be fully up and running after we clone it, with all the settings already there and requiring no user intervention; and no, not even an answer file would work because the way we customize all the Win7 settings is complex and we do not want the user touching the settings). I understand Microsoft will not support Windows 7 clones if it is not sysprepped and that is fine for us. Acronis recovery tools get around this by ticking an option called "Create new NT signature", which resets the SID and GUID on any restore. Symantec has a tool called Ghostwalker which does the same thing. However, we are looking for a way to do this in Linux because we want to use open source tools to do the imaging (fsarchiver, partclone, etc. basically the same tools Clonezilla uses internally to clone NTFS partitions). The question is, if we clone using these tools in Linux, how would we generate a new SID thereafter (without the use of sysprep)? Is there any way to do it within a Linux environment? The whole image process is automated so if it is a simple command that I can just throw in my shell script, that would be even better. Of course, it would be nice to know if this is even possible. Any ideas? EDIT: Forgot to mention that the target machines we are restoring the image on are EXACTLY the same.

    Read the article

  • Windows Server - share files without access for administrator

    - by Pawel
    We have a MS Windows Server 2008 R8 based server that is administrated by our IT department. We would like to achieve two things simultaneously: A folder on the server, containing several thousand files (new files added frequently) that is accessible to some ActiveDirectory users (e.g. board of directors) but is not accessible by IT department employees IT department employees still maintain rights to administrate the server, including installing new software and services We already checked some solutions: Using NTFS access rights. Unfortunately IT (members of "Administrators" group) can set themselves as new owners of the files and change the permissions so that they gain access to the files. Enabling EFS. Unfortunately even if you do not allow IT to access files, they still can disable EFS completely because they have administrative rights. Moreover as far as I know you have to manually add permissions for all users but the owner for each new file - very inconvenient. Creating a new role for the IT department that has all the privileges apart from taking ownership of files. Unfortunately if you're not a member of the Administrators group, you cannot install new software, no matter what privileges you add to the role. TrueCrypt - nice free encryption software, but with poor sharing capabilities. You can either mount an encryption container on the server (and then IT has access to its contents) or you mount them locally but only one user can mount it for writing. AxCrypt - free encryption software that enables file-by-file encryption on the server. There are some disadvantages though - you have to manually encrypt each new file added. The files have their extensions changes. You can only set one password for all files (so all users have to know this one password). Any other ideas? Our budget is limited so enterprise-class software from Symantec or PGP would probably be not an option.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 54 55 56 57 58 59 60 61 62 63 64 65  | Next Page >