OrangeGrover's questions

I have an AD FS claims provider set up and a Shibboleth SP successfully authenticating against it. When I log into the site that's protected by Shibboleth, the index shows all of the headers. I am receiving UPN as expected, but I am not able to get other attributes like surname or sAMAccountName to send.

I currently have 3 claims rules:

Rule 1:

Rule 2:

Rule 3:

From the logs on the Shibboleth SP machine, it doesn't appear that the sn is being sent as an OID attribute.

If I edit the attribute-map.xml and remove the references to the eppn, then I get the following in the shibd log:

2015-06-23 11:29:08 INFO Shibboleth.AttributeExtractor.XML [1]: skipping unmapped SAML 2.0 Attribute with Name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6

There is no mention similar to the above output about the surname or sn in the shibd log, which makes me believe that the "Transform SN' rule is not written correctly.

UPDATED INFO:

I was able to get surname to work by changing rule 1 from manually typing in sn to selecting the dropdown option surname. What do I need to do to get other AD fields with no dropdown to select to work?

I'm adding fields such streetAddress. For Rule 1, I've manually typed in streetaddress for the LDAP attribute and the outgoing claim type.

Then I added an additional rule:

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress"]
 => issue(Type = "urn:oid:2.5.4.232", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

I don't know if http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress is correct or not, but the value isn't mapping.
How do I get LDAP attributes that cannot be selected from the dropdown to work?

Edit 2:

I forgot to add the result of selecting View Rule Language (as requested by Matthieu below):

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", "streetaddress"), query = ";userPrincipalName,sn,givenName,sAMAccountName,streetaddress;{0}", param = c.Value);

Is seems that it's only getting streetaddress, whereas all of the other values have a schema to them. Since there is no schema, it won't match the Transform rule for streetaddress because the if statement is looking for http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress. What am I supposed to do for values that are not selected from the dropdown selection?

I figured it out:

I changed the transform rule to the following:

 c:[Type == "streetaddress"]
     => issue(Type = "urn:oid:2.5.4.232", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

Instead of looking for Type == A schema, I just put street address. Then in Shibboleth SP, I changed the Attribute-map.xml to add this:

<Attribute name="urn:oid:2.5.4.232" id="streetaddress"/>

OID above was arbitrary.

I have an AD FS claims provider set up and a Shibboleth SP successfully authenticating against it.

I am attempting to have the Active Directory attributes sent to the SP.

I followed this article to attempt to send the claims: https://technet.microsoft.com/en-us/library/gg317734(v=ws.10).aspx

The relevant section is Step 2: Configure AD FS 2.0 as the Identity Provider and Shibboleth as the Relying Party --> Configure AD FS 2.0 --> Edit Claim Rules for Relying Party Trust --> To configure eduPerson claims for sending to a relying party trust:

In Step 16, it states that I should paste or type the following (and has it in 2 code blocks):

c:[Type == "http://schemas.xmlsoap.org/claims/Group", Value == "Domain Users"]

and

=> issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.9", Value = "[email protected]", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");

I believe that it was meant to be a single statement (please correct me if I'm wrong) so my entry is as follows:

I am testing with the givenName, so I added the following:

On the Shibboleth SP machine, I edited the attribute-map.xml by adding the following and then I restarted the Shibboleth service:

<Attribute name="urn:mace:dir:attribute-def:GivenName" id="GivenName"/>

When I browsed to the website and re-authenticated with AD FS, I am not seeing the givenName showing. I have an index file that outputs all of the headers and their values.

Edit: Solution to my issue

I got the UPN to send as the epPN. The above rules (the rules in the article) worked, but I had to edit the attribute-policy.xml on the Shibboleth SP to disable the scoping rules, since I didn't have that part set up properly.

I commented out the following lines in the attribute-policy.xml

afp:AttributeRule attributeID="eppn">
    <afp:PermitValueRuleReference ref="ScopingRules"/>
</afp:AttributeRule>

I have a Shibboleth SP installed on Server 2012 R2. I tried to submit the metadata to be imported into the IDP and was told that without having the signing or encryption key, they won't be able to send the SP any assertions.

From what I've found on this, Shibboleth SP has the key to use included in the default installation. I believe that is the sp-cert.pem and the sp-key.pem included in the C:\opt\shibboleth-sp\etc\shibboleth folder.

I'm not sure how to reference it in the Shibboleth2.xml file either. Here is my shibboleth2.xml as of right now:

<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"    
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
logger="syslog.logger" clockSkew="180">

<!-- The OutOfProcess section contains properties affecting the shibd daemon. -->
<OutOfProcess logger="shibd.logger">

</OutOfProcess>

<!-- The InProcess section conrains settings affecting web server modules/filters. -->
<InProcess logger="native.logger">
    <ISAPI normalizeRequest="true">

        <Site id="1" name="sp-example.com"/>
    </ISAPI>
</InProcess>


<!-- This set of components stores sessions and other persistent data in daemon memory. -->
<StorageService type="Memory" id="mem" cleanupInterval="900"/>
<SessionCache type="StorageService" StorageService="mem" cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/>
<ReplayCache StorageService="mem"/>
<ArtifactMap artifactTTL="180"/>



<!-- To customize behavior, map hostnames and path components to applicationId and other settings. -->
<RequestMapper type="Native">
    <RequestMap applicationId="default">
        <Host name="sp-example.com" authType="shibboleth" requireSession="true"/>

    </RequestMap>
</RequestMapper>


<ApplicationDefaults id="default" policyId="default"
    entityID="urn:mace:university.edu:shibboleth:test:sp:university:administrative:cscn:sp-example.com"
    homeURL="https://sp-example.com"
    REMOTE_USER="eppn persistent-id targeted-id"
    signing="false" encryption="false"
    >


    <Sessions lifetime="28800" timeout="3600" checkAddress="false"
        handlerURL="/Shibboleth.sso" handlerSSL="true"
        exportLocation="http://sp-example.com/Shibboleth.sso/GetAssertion" exportACL="165.91.23.32"
        idpHistory="false" idpHistoryDays="7" cookieProps="https" >


        <SessionInitiator type="Chaining" Location="/Login" isDefault="true" id="Intranet"
                relayState="cookie" entityID="urn:mace:university.edu:shibboleth:test:idp:university:administrative:cscn:idp-test.university.edu">
            <SessionInitiator type="SAML2" defaultACSIndex="1" acsByIndex="false" template="bindingTemplate.html"/>
            <SessionInitiator type="Shib1" defaultACSIndex="5"/>
        </SessionInitiator>

        <md:AssertionConsumerService Location="/SAML2/POST" index="1"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
        <md:AssertionConsumerService Location="/SAML2/POST-SimpleSign" index="2"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"/>
        <md:AssertionConsumerService Location="/SAML2/Artifact" index="3"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
        <md:AssertionConsumerService Location="/SAML2/ECP" index="4"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"/>
        <md:AssertionConsumerService Location="/SAML/POST" index="5"
            Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
        <md:AssertionConsumerService Location="/SAML/Artifact" index="6"
            Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>

        <!-- LogoutInitiators enable SP-initiated local or global/single logout of sessions. -->
        <LogoutInitiator type="Chaining" Location="/Logout" relayState="cookie">
            <LogoutInitiator type="SAML2" template="bindingTemplate.html"/>
            <LogoutInitiator type="Local"/>
        </LogoutInitiator>

        <!-- md:SingleLogoutService locations handle single logout (SLO) protocol messages. -->
        <md:SingleLogoutService Location="/SLO/SOAP"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
        <md:SingleLogoutService Location="/SLO/Redirect" conf:template="bindingTemplate.html"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
        <md:SingleLogoutService Location="/SLO/POST" conf:template="bindingTemplate.html"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
        <md:SingleLogoutService Location="/SLO/Artifact" conf:template="bindingTemplate.html"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>

        <!-- md:ManageNameIDService locations handle NameID management (NIM) protocol messages. -->
        <md:ManageNameIDService Location="/NIM/SOAP"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
        <md:ManageNameIDService Location="/NIM/Redirect" conf:template="bindingTemplate.html"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
        <md:ManageNameIDService Location="/NIM/POST" conf:template="bindingTemplate.html"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
        <md:ManageNameIDService Location="/NIM/Artifact" conf:template="bindingTemplate.html"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>


        <md:ArtifactResolutionService Location="/Artifact/SOAP" index="1"
            Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>

        <!-- Extension service that generates "approximate" metadata based on SP configuration. -->
        <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>

        <!-- Status reporting service. -->
        <Handler type="Status" Location="/Status" acl="127.0.0.1"/>

        <!-- Session diagnostic service. -->
        <Handler type="Session" Location="/Session" showAttributeValues="false"/>

    </Sessions>


    <Errors session="sessionError.html"
        metadata="metadataError.html"
        access="accessError.html"
        ssl="sslError.html"
        localLogout="localLogout.html"
        globalLogout="globalLogout.html"
        supportContact="root@localhost"
        logoLocation="/shibboleth-sp/logo.jpg"
        styleSheet="/shibboleth-sp/main.css"/>


    <!-- Chains together all your metadata sources. -->
    <MetadataProvider type="Chaining">
        <!-- Example of remotely supplied batch of signed metadata. -->
        <MetadataProvider type="XML" uri="https://idp-test.university.edu/universityfed-test-metadata-signed.xml"
             backingFilePath="C:\opt\shibboleth-sp\etc\shibboleth\universityfed-test-metadata-signed.xml" reloadInterval="7200">
        </MetadataProvider>
    </MetadataProvider>

    <!-- Chain the two built-in trust engines together. -->
    <TrustEngine type="Chaining">
        <TrustEngine type="ExplicitKey"/>
        <TrustEngine type="PKIX"/>
    </TrustEngine>

    <!-- Map to extract attributes from SAML assertions. -->
    <AttributeExtractor type="XML" path="attribute-map.xml"/>

    <!-- Use a SAML query if no attributes are supplied during SSO. -->
    <AttributeResolver type="Query"/>

    <!-- Default filtering policy for recognized attributes, lets other data pass. -->
    <AttributeFilter type="XML" path="attribute-policy.xml"/>


</ApplicationDefaults>

<!-- Each policy defines a set of rules to use to secure messages. -->
<SecurityPolicies>
    <!-- The predefined policy enforces replay/freshness and permits signing and client TLS. -->
    <Policy id="default" validate="false">
        <Rule type="MessageFlow" checkReplay="true" expires="60"/>
        <Rule type="ClientCertAuth" errorFatal="true"/>
        <Rule type="XMLSigning" errorFatal="true"/>
        <Rule type="SimpleSigning" errorFatal="true"/>
    </Policy>
</SecurityPolicies>

According to an email I recieved, I need to include <md:KeyDescriptor use="encryption"> and <md:KeyDescriptor use="signing">

From what I found online, it should be something similar to:

<md:SPSSODescriptor>
<md:KeyDescriptor>
    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:X509Data>
            <ds:X509Certificate>
                hash found in sp-cert.pem file
            </ds:X509Certificate>
        </ds:X509Data>
    </ds:KeyInfo>
</md:KeyDescriptor>

I don't know where I should be putting this in the Shibboleth.xml file.

Can anybody help to get me on the right track? I have been through a decent amount of documentation and guides from different institutions, but haven't found any direction.

I have many Tomcat servers working using an older 32-bit version of the isapi_redirect.dll where I set the Default Application Pool to Enable 32-Bit Applications. On a client's server, they need to install another ISAPI under the same application pool that doesn't work with 32-bit.

I am attempting to update the isapi_redirect.dll to be 64-bit. I downloaded the tomcat-connectors-1.2.40-windows-x86_64-iis.zip from here. I disabled the 32-bit support for the Default Application Pool and browsed to localhost. Instead of getting an error, all I see is the IIS 7 Default Welcome page. If I remove the isapi_redirect.dll from it's folder, I do not get an error. I would think this means that IIS isn't even trying to find the .dll.

Do I need to enable or change something else to allow 64-bit isapi filters for Tomcat?

I follow a setup similar to this, except I have an isapi_redirect.properties file instead of a registry entry and the folders are different. This works with my 32-bit isapi filter. I did try the registry way with the 64 isapi filter and also had no luck.

I am attempting to use Shibboleth SP (64-bit on Windows Server 2008 R2) to authenticate with ADFS 2.0 (64-bit Windows Server 2008 R2). When I browse to the Shibboleth protected site, I get a 500 error with the following in the Shibboleth native_warn log:

2014-12-08 14:44:28 ERROR Shibboleth.Listener [2648] isapi_shib: remoted message returned an error: Unable to locate metadata for identity provider (https://adfs.int.example.com/adfs/ls/)
2014-12-08 14:44:28 ERROR Shibboleth.ISAPI [2648] isapi_shib: Unable to locate metadata for identity provider (https://adfs.int.example.com/adfs/ls/)
2014-12-08 14:44:30 ERROR Shibboleth.Listener [2648] isapi_shib: remoted message returned an error: Unable to locate metadata for identity provider (https://adfs.int.example.com/adfs/ls/)
2014-12-08 14:44:30 ERROR Shibboleth.ISAPI [2648] isapi_shib: Unable to locate metadata for identity provider (https://adfs.int.example/adfs/ls/)

In the native log, it shows that the Metadata has been loaded:

2014-12-08 14:44:23 INFO OpenSAML.MetadataProvider.XML : loaded XML resource (https://adfs.int.example.com/FederationMetadata/2007-06/FederationMetadata.xml)

Here is my entire Shibboleth2.xml file:

<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"    
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
clockSkew="180">

<!--
The InProcess section contains settings affecting web server modules.
Required for IIS, but can be removed when using other web servers.
-->
<InProcess logger="native.logger">
    <ISAPI normalizeRequest="true" safeHeaderNames="true">
        <!--
        Maps IIS Instance ID values to the host scheme/name/port. The name is
        required so that the proper <Host> in the request map above is found without
        having to cover every possible DNS/IP combination the user might enter.
        -->
        <Site id="1" name="iris-shib.int.example.com" scheme="https" port="443"/>
        <!--
        When the port and scheme are omitted, the HTTP request's port and scheme are used.
        If these are wrong because of virtualization, they can be explicitly set here to
        ensure proper redirect generation.
        -->
        <!--
        <Site id="42" name="virtual.example.org" scheme="https" port="443"/>
        -->
    </ISAPI>
</InProcess>

<!--
By default, in-memory StorageService, ReplayCache, ArtifactMap, and SessionCache
are used. See example-shibboleth2.xml for samples of explicitly configuring them.
-->

<!--
To customize behavior for specific resources on IIS, and to link vhosts or
resources to ApplicationOverride settings below, use the XML syntax below.
See https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRequestMapHowTo for help.

Apache users should rely on web server options/commands in most cases, and can remove the
RequestMapper element. See https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
-->
<RequestMapper type="Native">
    <RequestMap>
        <!--
        The example requires a session for documents in /secure on the containing host with http and
        https on the default ports. Note that the name and port in the <Host> elements MUST match
        Apache's ServerName and Port directives or the IIS Site name in the <ISAPI> element above.
        -->

        <Host name="iris-shib.int.example.com" authType="shibboleth" requireSession="true"/>

    </RequestMap>
</RequestMapper>

<!--
The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined.
Resource requests are mapped by the RequestMapper to an applicationId that
points into to this section (or to the defaults here).
-->
<ApplicationDefaults entityID="https://iris-shib.int.example.com/shibboleth"
                     REMOTE_USER="eppn persistent-id targeted-id">

    <!--
    Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
    You MUST supply an effectively unique handlerURL value for each of your applications.
    The value defaults to /Shibboleth.sso, and should be a relative path, with the SP computing
    a relative value based on the virtual host. Using handlerSSL="true", the default, will force
    the protocol to be https. You should also set cookieProps to "https" for SSL-only sites.
    Note that while we default checkAddress to "false", this has a negative impact on the
    security of your site. Stealing sessions via cookie theft is much easier with this disabled.
    -->
    <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
              checkAddress="false" handlerSSL="true" cookieProps="https">

        <!--
        Configures SSO for a default IdP. To allow for >1 IdP, remove
        entityID property and adjust discoveryURL to point to discovery service.
        (Set discoveryProtocol to "WAYF" for legacy Shibboleth WAYF support.)
        You can also override entityID on /Login query string, or in RequestMap/htaccess.
        -->
        <SSO entityID="https://adfs.int.example.com/adfs/ls/"
             discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF">
          SAML2 SAML1
        </SSO>

        <!-- SAML and local-only logout. -->
        <Logout>SAML2 Local</Logout>

        <!-- Extension service that generates "approximate" metadata based on SP configuration. -->
        <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>

        <!-- Status reporting service. -->
        <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>

        <!-- Session diagnostic service. -->
        <Handler type="Session" Location="/Session" showAttributeValues="false"/>

        <!-- JSON feed of discovery information. -->
        <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
    </Sessions>

    <!--
    Allows overriding of error template information/filenames. You can
    also add attributes with values that can be plugged into the templates.
    -->
    <Errors supportContact="root@localhost"
        helpLocation="/about.html"
        styleSheet="/shibboleth-sp/main.css"/>

    <!-- Example of remotely supplied batch of signed metadata. -->
    <!--
    <MetadataProvider type="XML" uri="http://federation.org/federation-metadata.xml"
          backingFilePath="federation-metadata.xml" reloadInterval="7200">
        <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
        <MetadataFilter type="Signature" certificate="fedsigner.pem"/>
    </MetadataProvider>
    -->

    <!-- Example of locally maintained metadata. -->

    <!--<MetadataProvider type="XML" file="FederationMetadata.xml"/>-->

    <MetadataProvider 
        type="XML"
        uri="https://adfs.int.example.com/FederationMetadata/2007-06/FederationMetadata.xml"
        backingFilePath="federation-metadata.xml"
        reloadInterval="7200"
    />

    <!-- Map to extract attributes from SAML assertions. -->
    <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>

    <!-- Use a SAML query if no attributes are supplied during SSO. -->
    <AttributeResolver type="Query" subjectMatch="true"/>

    <!-- Default filtering policy for recognized attributes, lets other data pass. -->
    <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>

    <!-- Simple file-based resolver for using a single keypair. -->
    <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>

    <!--
    The default settings can be overridden by creating ApplicationOverride elements (see
    the https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplicationOverride topic).
    Resource requests are mapped by web server commands, or the RequestMapper, to an
    applicationId setting.

    Example of a second application (for a second vhost) that has a different entityID.
    Resources on the vhost would map to an applicationId of "admin":
    -->
    <!--
    <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/>
    -->
</ApplicationDefaults>

<!-- Policies that determine how to process and authenticate runtime messages. -->
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>

<!-- Low-level configuration about protocols and bindings available for use. -->
<ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>

I've tried loading a local metadata file and I have the same results. I've also commented out both types of metadata lines, and I get the following error in the native_warn log so it seems that the metadata was actually being loaded:

2014-12-08 14:57:31 ERROR Shibboleth.Listener [2648] isapi_shib: remoted message returned an error: No MetadataProvider available.
2014-12-08 14:57:31 ERROR Shibboleth.ISAPI [2648] isapi_shib: No MetadataProvider available.

At this point, I am not sure if there is an issue with the metadata that's provided by ADFS 2.0. I can't paste it all here (due to a character limit). Is there a certain section that I should be checking?

I am attempting to install AD FS 2.0 on a 64-bit Server 2008 R2.
I've downloaded it from the MS Download Center, which states that Server 2008 R2 is one of the supported operating systems.

When I run the executable that's downloaded, I get and error message stating:

This AD FS 2.0 installtion requires the Windows Server 2008 SP2 operating system.

I found an MS page about the requirements of installing on Server 2008 and 2008 R2. Here are some requirements that I've installed or are already installed:

• Windows Identity Foundation (WIF): Installed from the MS Download Center
• IIS 7: 7.5 is installed since it's a Server 2008 R2 machine.
• Windows Hotfix (KB981002): I followed the link that states I can download the hot fixes from here, but I get the message that the update is not applicable to my computer.
• .NET Framework 3.5 Service Pack 1: I have .Net 3.5.1 and 4.5.1 installed.

Is there something else that I need to install before the AD FS executable will work?

Any leads are appreciated.

I have 2 LAMP servers with the same version of Apache, both running Wordpress. SSL is working on both servers (although the test server uses a cert for a different domain).

On both I have the following .htaccess file (/var/www/html/.htaccess):

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>


# END WordPress

The test server redirects to HTTPS correctly, but the production server does not attempt to redirect at all. I can manually browse the production site via HTTPS.

The permissions on the .htaccess file is 755 and owned by apache:apache on both server.

In order to make sure that the redirect on the test site was because of the .htaccess file, I changed it by removing the following:

RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

The redirect on on the test site stopped until I added it back.

Is there something that may have been done on the test site that needs to be done on production?

I have Apache + Tomcat (using mod_jk) working correctly on a CentOS 6.3 machine. I am trying to set up SSL with Apache. When I browse to the site I get the following output:

Forbidden
You don't have permission to access / on this server.

Here are the relevant conf files:

/DIR/apache-tomcat-7.0.37/jk/mod_jk.conf: This is linked symbolically to the /etc/httpd/conf.d directory

LoadModule              jk_module       /DIR/apache-tomcat-7.0.37/jk/mod_jk-1.2.31-httpd-2.2.x.so
JkWorkersFile           /DIR/apache-tomcat-7.0.37/jk/workers.properties
JkMountFile             /DIR/apache-tomcat-7.0.37/jk/uriworkermap.properties
JkShmFile               /var/log/httpd/mod_jk.shm
JkLogFile               /var/log/httpd/mod_jk.log
JkLogStampFormat        "[%a %b %d %H:%M:%S %Y] "
JkMount /* worker1
JkLogLevel              info
# SSL Additions below:
JkExtractSSL            On    
JkHTTPSIndicator        HTTPS
JkSessionIndicator      SSL_SESSION_ID
JkCIPHERIndicator       SSL_CIPHER
JkCERTSIndicator        SSL_CLIENT_CERT

/etc/httpd/conf/httpd.conf: I only added 1 line at the very end of the file when trying to configure SSL.
I included the entire file just in case.

ServerTokens OS
ServerRoot "/etc/httpd"

PidFile run/httpd.pid


Timeout 60

KeepAlive Off

MaxKeepAliveRequests 100
KeepAliveTimeout 15


<IfModule prefork.c>
StartServers       8
MinSpareServers    5
MaxSpareServers   20
ServerLimit      256
MaxClients       256
MaxRequestsPerChild  4000
</IfModule>


<IfModule worker.c>
StartServers         4
MaxClients         300
MinSpareThreads     25
MaxSpareThreads     75
ThreadsPerChild     25
MaxRequestsPerChild  0
</IfModule>

Listen 80


LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so

Include conf.d/*.conf

User apache
Group apache


ServerAdmin root@localhost


UseCanonicalName Off
DocumentRoot "/var/www/html"

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>


<Directory "/var/www/html">


    Options Indexes FollowSymLinks


    AllowOverride None

    Order allow,deny
    Allow from all

</Directory>


<IfModule mod_userdir.c>

    UserDir disabled

</IfModule>

DirectoryIndex index.html index.html.var


AccessFileName .htaccess


<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>


TypesConfig /etc/mime.types


DefaultType text/plain

<IfModule mod_mime_magic.c>
    MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off

ErrorLog logs/error_log


LogLevel warn

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined

ServerSignature On


Alias /icons/ "/var/www/icons/"

<Directory "/var/www/icons">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>


<IfModule mod_dav_fs.c>
    # Location of the WebDAV lock database.
    DAVLockDB /var/lib/dav/lockdb
</IfModule>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"


<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>



IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t


AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw

LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW

ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8



AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz


#   MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
AddHandler type-map var

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

Alias /error/ "/var/www/error/"

<IfModule mod_negotiation.c>
<IfModule mod_include.c>
    <Directory "/var/www/error">
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority en es de fr
        ForceLanguagePriority Prefer Fallback
    </Directory>

</IfModule>
</IfModule>

BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully


##################################################Added when trying to configure SSL:
SSLOptions +StdEnvVars +ExportCertData

/etc/httpd/conf.d/ssl.conf:

LoadModule ssl_module modules/mod_ssl.so

Listen 443

SSLPassPhraseDialog  builtin

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

SSLMutex default



SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin

SSLCryptoDevice builtin


<VirtualHost _default_:443>


ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn


SSLEngine on


SSLProtocol all -SSLv2


SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key


<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>


SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0


CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



########################### Added here for SSL
Alias / "/DIR/apache-tomcat-7.0.37/webapps/ROOT/"
<Directory "/DIR/apache-tomcat-7.0.37/webapps/ROOT/">
Options Indexes FollowSymLinks
AllowOverride All
    Order deny,allow
    Allow from all

</Directory>


#JkMount /alesia/servlet/* ajp13
#JkMount /alesia/*.jsp ajp13

JkMount /*.jsp worker1

<Location "/DIR/apache-tomcat-7.0.37/webapps/ROOT/WEB-INF/">
AllowOverride None
Deny from all
</Location>

</VirtualHost>

I added the end of the file when trying to configure SSL. I modified the line in the guide I was following to be:

JkMount /*.jsp worker1

since my mod_jk.conf references worker1, but I'm not sure if this line is required.

When I browse to < server IP >/WEB-INF/ I get a list of the files in the ROOT/WEB-INF so it looks like it's pointing to the correct folder, I just don't have permission to view or execute the files?

I know that the self-signed cert is working since before any re-configuration it was serving the default docroot successfully.

Any leads are appreciated.

I have Tomcat7 installed on a Server 2008 R2 server as a service. When I start the service, there were no failures, but I got a 404 when I navigate to Localhost:8080.

I opened up cmd and tried running Tomcat7.exe, but I receive the following errors:

[warn] the system cannot find the Registry key for service 'tomcat7'
[error] Load configuration failed
[error] The system cannot find the file specified.
[error] Commons Daemon procrun failed with exit value: 2 (Failed to load configuration)
{error] the system cannot find the file specified

I install Tomcat for clients by unzipping a folder that includes apache-tomcat, the JDK and the JRE and then adding the paths to the environment variables. I have verified that this zip will successfully install and run Tomcat on many servers with the same OS.

I tried troubleshooting by copying the MSVCR71.DLL file to the Tomcat\bin folder and the JDK\bin folder, but I still get the same error. Is there another place I should be copying that file? (Note: I copied this MSVCR71.DLL from a windows folder- it was not included in Tomcat.)

This server is a newly created server, which I'm told never had another instance of Tomcat on it.

Any help/ leads in the right direction are appreciated.

I have a service that is used for converting MS Word documents to PDF's. This service has worked well on some systems yet been unresponsive on others.

The service starts an executable (which has been verified to be running through Task Manager).
Then when I try to use the software to convert documents it fails.

One thing that I noticed is that when I try to stop the service there is no error, but the executable is still running (whereas on systems are working, the executable will also stop).

Then when I try to restart the service I get a failure message saying ------

"Error 1053: The service did not respond to the start or control request in a timely fashion".

When I kill the executable in Task Manager then start the service, the executable is started and it appears to run correctly again.

I have this service running as the local administrator for the machine. I have also tried installing this in a different folder besides for Program Files, but I will still get the same problem.

Has anyone had any issues like this before?

I have a Shibboleth SP instance on Server 2008 R2 and everything is authenticating fine with the IdP.

I was testing protecting a single page and that is working fine by doing the following in the shibboleth2.xml file:

<Host name="MyUrl.com">
     <Path name="page.jsp" authType="shibboleth" requireSession="true"/>
</Host>

When I go to https://MyUrl.com/page.jsp I get redirected to enter credentials, and then end up back on the page.jsp

Now I found out that I should be protecting the Document Root, but not the entire site.
Basically I need to be authenticated by Shibboleth, and once I am, then I'll get redirected back to the Document Root where a session is set with separate software, I get redirected to a different page and the Document Root will never be used again.

Any help is appreciated

I am trying to set up Shibboleth SP on a Server 2008 R2/ IIS 7.5 machine.

IIS throws the following error when browsing to localhost:

HTTP Error 500.0 - Internal Server Error
Calling LoadLibraryEx on ISAPI filter "C:\opt\shibboleth-sp\lib64\shibboleth\isapi_shib.dll" failed

I'm assuming that this is because IIS does not have permissions to get to that dll file, but I'm not sure how to fix it. I went to the C:\opt folder and added permissions for the IIS_USRS group for the shibboleth-sp folder, but still it didn't work. Is there another user that I have to give permission to because it's using IIS 6 Compatibility Mode?

Is there anything else that I should be checking besides for based on this error besides for the folder permissions?

I am in a bit of strange situation when it comes to debugging this issue. I am working with a client who has a 3rd party administrate their servers, and that 3rd party does not allow for any changes in order to test but instead requires formal documentation for any change as well as justification as to why we are making the changes or else the change request gets rejected... Therefore I have to try to come up with conclusive answers without being able to change and test anything.

Therefore, any information/ speculation you guys have on this issue is useful.

I am using Java Tomcat to try to connect to a 64-bit MSSQL 2005 server and there's been no luck. Does this log file indicate that there truly is no driver found, or is could it mean that the driver is found, but the the connection is not being accepted? Are they any other ways to interpret this error message? I've been told that these connection configuration settings have worked for other server setups but for some reason I keep getting the below error.

I'm not sure if it makes a difference, but the Tomcat server is 32-bit. Is there a different driver to be able to connect to 64-bit as opposed to 32-bit MSSQL 2005?

 Login session = 5E3673D5B92737D27B9710CE28E37D66
    No suitable driver found for jdbc:sqlserver://serverName:1433;DatabaseName=DbName;user=DbUser;password=Password
    java.lang.Exception: No suitable driver found for jdbc:sqlserver://serverName:1433;DatabaseName=DbName;user=DbUser;password=Password
        at com.medical.ConnectionPool.getConnection(Unknown Source)
        at org.apache.jsp.Login_jsp._jspService(Login_jsp.java:135)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.medical.Utilities_Charset_Filter.doFilter(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697)
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
        at java.lang.Thread.run(Thread.java:619)

I have set up a Tomcat server using Server 2008 and IIS 7.
How can I tell if the JAVA_OPTS environment variable is actually being used?

I've heard before that the I have to edit the service.bat file in order to make the JAVA_OPTS environment variable be used, but how can I tell if it's successful?

I haven't been able to find out if there is a way to view this in the logs or something else more quantitative. The only way I could think of to try to test it is to edit the variable and try to tell if there is a difference in performance. I set the JAVA_OPTS to be the following:

-server -Xmx1k -Xms1k-Xmn1k -Xss128k -XX:+UseParallelGC -XX:ParallelGCThreads=20 -XX:PermSize=1k -XX:MaxPermSize=1k  

Also, I found documentation saying to change the following line in service.bat from:

"%EXECUTABLE%" //US//%SERVICE_NAME% ++JvmOptions "-Djava.io.tmpdir=%CATALINA_BASE%\temp;-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager;-Djava.util.logging.config.file=%CATALINA_BASE%\conf\logging.properties" --JvmMs 128 --JvmMx 256

to:

"%EXECUTABLE%" //US//%SERVICE_NAME% ++JvmOptions "-Djava.io.tmpdir=%CATALINA_BASE%\temp;-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager;-Djava.util.logging.config.file=%CATALINA_BASE%\conf\logging.properties" %JAVA_OPTS%

I got no errors when I ran the command

service install ServiceName

So far everything seems to be running as fast as it always is before I reinstalled the service with the changed memory settings, making me think that the JAVA_OPTS isn't affecting anything.

Sorry if this is a broad sort of question, but I haven't found a good lead to go off of yet as to what is actually happening in the back end. Can somebody shed some light on this?

I am setting up a 64-bit IIS 7.5 / Tomcat 7.0.26 server and I have received the following errors when I navigate to http://localhost -

Error Summary

HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.

Detailed Error Information

Module  IIS Web Core
Notification    BeginRequest
Handler Not yet determined
Error Code  0x80070021
Config Error    This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Config File \\?\C:\Folder\apache-tomcat-7.0.29\jk\web.config
Requested URL   http://localhost:80/jakarta/isapi_redirect.dll
Physical Path   C:\Folder\apache-tomcat-7.0.29\jk\isapi_redirect.dll
Logon Method    Not yet determined
Logon User  Not yet determined

Config Source (Line 4 is highlighted in red)

3:     <system.webServer>
4:         <handlers accessPolicy="Read, Execute, Script" />
5:     </system.webServer>

I'm guessing that the problem is that the web.config file (which is mentioned in the Config source error) is written incorrectly. Can anybody confirm this? I Haven't been able to find an sample web.config files to go off of.

I copied the entire jk folder (which includes the isapi_redirect.dll, isapi_redirect.properties, uriworkermap.properties, web.config and workers.properties) from another server that is working, however the configuration of that server is different, as it was originally set up to run Tomcat in a different way.

I'm trying to finish up my Nagios install by having it email me. It was emailing me using /bin/mail so it always got sent to my spam folders. I installed sSMTP to try to send a request to my work's email server to be able to send out a message from an authenticated user.

Here is my /etc/ssmtp/ssmtp.conf file:

mailhub=10.200.120.148:25
UseTLS=NO
AuthUser= [email protected]
AuthPass=PASSWORD

So far I've been using the following command, and it will still arrive to my email inbox as root@localhost which causes it to go to my spam folder (with the exception of one email provider I have).

cat message |ssmtp [email protected]

I've looked at a few examples online, and they all seem to have pretty much the same as me. Does anybody see the any mistakes that I'm making?

Just to clarify, [email protected] is a user on the mail server that my work uses.

I am trying to install a Squid anonymous proxy on my home computer for a quick presentation tomorrow.
When I try to connect to it using Google Chrome, I get the following error code:

Error 130 (net:ERR_PROXY_CONNECTION_FAILED)

I am able to see the Squid website from my computer however it gives an error message:

The following error was encountered while trying to retrieve the URL: /

    Invalid URL

Some aspect of the requested URL is incorrect.

Some possible problems are:

    Missing or incorrect access protocol (should be "http://" or similar)

    Missing hostname

    Illegal double-escape in the URL-Path

    Illegal character in hostname; underscores are not allowed.

Your cache administrator is root.

My conf file looks like:

#
# Recommended minimum configuration:
#
acl manager proto cache_object
#acl localhost src 127.0.0.1/32 ::1
#acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
#acl localnet src fc00::/7       # RFC 4193 local private network range
#acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
#http_access allow manager localhost
#http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
#http_access allow localhost

# And finally deny all other access to this proxy
http_access allow all

# Squid normally listens to port 3128
http_port 3128

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

I'm just wondering if anybody hads ever hit this problem.

I'm usng DRBL Clonezilla on Centos 6. When I go to image the lab it boots the os from the server via PXE boot and everything seems to be working fine, but then it will freeze at 0% complete when attempting to deploy the image.

I've tested this on a single machine with the number of clients to wait for being 1 and also with the time to wait being 2 minutes, and it will sit there for hours at 0%

I've never hit a problem before where the server is able to communicate with the machine and boot the OS, but still have a problem deploying the image?