When I run netstat there are some entries such as TCP [::]:8010 computername LISTENING
What does that mean? It is impossible to search for...
I'm trying to get a VPN set up with internal access only sites.
I have set up a VPN on a windows server (single VPS server), and I can connect from a remote computer and I get an IP assigned correctly (from 192.168.1.1 - 255)
Next I configured IIS (running on the same machine) IP Address and Domain Restrictions to only allow only IP address range 192.168.1.0 with subnet mask 255.255.255.0
When I connect to the VPN with "Use Default Gateway on Remote Network" (so that requests must go through the vpn), I get a 403 from the internal sites.
What did I miss?
This isn't a question on my specific problem, as I've got that more or less solved, but about IIS/Python and user accounts in general.
I have python scripts that I'm running with IIS 7.5 (Mercurial using the hgweb.wsgi script). One of the plugins (largefiles) is getting permission trouble reading and writing files.
The script was trying to write files to a temporary directory, by checking the APPDATA and LOCALAPPDATA environment variables, which were returning C:\Windows\System32\config\systemprofile\AppData\Local, and failing due to permissions.
I tried printing the USERNAME environment variable, but no matter what user I set in the IIS application pool's Identity, it always returned MACHINENAME$
So how can I run python scripts in IIS so that the environment variables point to the correct user's home location? Or is this just a developer error (Hg didn't have the permissions problem, only the largefiles extension)?
In addition, when I originally had the repos in C:/Data, the files written by largefiles to that directory have a lock icon and the permissions were SYSTEM: full control and Administrators: full control, with the owner set to Administrators (the group, not the administrator user). After writing the file, it could no longer be read. Even if I gave Everyone full control of the C:/Data directory, new files would still be locked unless I manually edited the permissions. Again, Hg didn't have this problem, only the files written by largefiles.
I'm a programmer at my organization, but somehow got drafted into looking into some server stuff so forgive me of my ignorance:
They want to give our sales people secure access to our internal sites using their iPads. This must be secure (obviously) but also revocable from the company's side (if someone quits they can no longer access our network).
I see from http://support.apple.com/kb/HT1288 that the iPad supports "RSA SecurID", "CRYPTOCard", and "Kerberos" authentication methods. Will one of these do what we need? Are there any major differences between them?
I've got iis redirecting http traffic to a tomcat server using isapi_redirect. I need to get it working with ssl, how can I do this?
If I enable ssl with iis and try to go to https://domain/page.html (a static page) everything works correctly, but when I go to https://domain/app (set up for isapi_redirect), I get a 401.5 status code (Authorization failed by ISAPI/CGI application.)
My workers.properties.minimal file:
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8011
tomcat server.xml contains:
<Connector port="8011" redirectPort="8443" enableLookups="false" protocol="AJP/1.3" URIEncoding="UTF-8"/>
Background: I have limited server admin / networking knowledge, my background is non-network programming.
What are some options for securing and hiding internal sites?
I have a Windows VPS running public sites, but it also has some internal stuff running on a variety of servers (Jira / Jenkins running in Tomcat, Visual SVN in Apache) and on various ports.
Ideally, I'd like an internal.mydomain.com set up in IIS, with internal.mydomain/jira and internal.mydomain/svn, and have the entire subdomain secured from external access.
I'm pretty sure I can set up IIS to proxy requests to Tomcat and Apache (so I can set up the subdomain stuff), but how can I secure the subdomain itself?
Can I have a VPN set up and have IIS block traffic unless it comes from the VPN? I've only seen VPNs set up to traffic through the VPN server to other computers on the network - can I set up a VPN with only one server?
I know I can do IP based filtering, but that's not an ideal solution since I and others often access the internal sites from places with very dynamic ips.
Background: I recently got a Windows cloud VPS server. I don't have much experience with server admin (I'm a programmer), and what little I do have is with linux servers.
Ever since getting the server I've been having issues with RDP. I can connect about two or three times, after which point I can't connect until one of the tech guys "fixes" it (see below). When I connect, I can stay connected for hours with no problem.
When the problem connecting starts, the first time I try to log in, the remote desktop window pops up, starts connecting, and then exits with "Your Remote Desktop session has ended". After that, for about 10-20 minutes if I try to connect again, the connections times out with
Remote Desktop can't connect to the computer for one of these reasons: 1) Remote access on the server is not enabled 2) The remote computer is turned off 3) The remote computer is not available on the network
then goes back to connecting once and immediately disconnecting.
All of the updates are installed. The firewall has been correctly configured to let RDP traffic through. The remote setting is "Allow connections from computers running any version of Remote Desktop". I tried creating a second user, and when I can't connect, I can't connect to that user either. I've tried both soft and hard reboots, neither of which help. I've tried connecting from two different computers (both running Windows 7) from two different networks (work and home), and the behavior is the same.
Everything else on the server continues to run fine (IIS-served http pages, Tomcat-served java pages, svn, ping).
The "fix" that the tech guys supply is simply logging into the console on their end, after which point I can connnect 2 or 3 times again.
The event viewer on the server has "authentication failure" (or something similar) events generated when I attempt to log in and can't. I can't get to the actual event at the moment as I'm currently in the can't connect stage, and waiting for the techs to log in. But when I searched for the event earlier this morning I couldn't find anything useful.
Can anyone help?