Tobia's questions

I had to manage the access control of an event, it works with few pda devices connected to the existing Wi-Fi infrastructure.

At test time before the event the connection seemed to be good, all pda had a good signal and could work all together with good response time.

As you imagined during the event things went a bit different.

We have experienced failures in a networks layers, disruptions of Wi-Fi signal (devices were disconnected for few seconds), tcp connection timeouts, a lower signal, some other layer 7 related issues like dns response failures.

Devices and AP number and positions didn't have been changed.

So I was wondering if a massive presence of other wifi devices not connected to the same Wifi could be the cause of this degradation. I mean, is it possible that wifi research made by all smartphones of people could have degraded the APs?

Is there any solution? For example using an hidden SSID?

I have a cache directive in my nginx balancer without any particular settings.
I see that when I push CTRL-F5 in my browser, all resources are requested with Cache-Control:no-cache headers but nginx still reply with cached content.

Is is by design that nginx honour just backend server cache header and not the client one?

This is the relevatn part of cache config of nginx:

  proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mycache:100m max_size=500m inactive=60m use_temp_path=off;
  proxy_cache_key $host$request_uri;

  proxy_cache mycache;
  add_header X-Cache-Status $upstream_cache_status;

The X-Cache-Status values is HIT even if Cache-Control from the client is no-cache

This is the full configuration:

# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    types_hash_max_size 2048;
    server_tokens off;
    client_max_body_size 100M;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    log_format cache_st '$remote_addr - $upstream_cache_status [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
    access_log /var/log/nginx/access.log cache_st;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    #
    ## Cache
    #
    
    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mycache:100m max_size=500m inactive=60m use_temp_path=off;


    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
#
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}

# configuration file /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf:
load_module modules/ngx_http_auth_pam_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-cache-purge.conf:
load_module modules/ngx_http_cache_purge_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf:
load_module modules/ngx_http_dav_ext_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-echo.conf:
load_module modules/ngx_http_echo_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-fancyindex.conf:
load_module modules/ngx_http_fancyindex_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
load_module modules/ngx_http_geoip_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip2.conf:
load_module modules/ngx_http_geoip2_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-headers-more-filter.conf:
load_module modules/ngx_http_headers_more_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-perl.conf:
load_module modules/ngx_http_perl_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf:
load_module modules/ngx_http_subs_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-uploadprogress.conf:
load_module modules/ngx_http_uploadprogress_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf:
load_module modules/ngx_http_upstream_fair_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-nchan.conf:
load_module modules/ngx_nchan_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;

# configuration file /etc/nginx/modules-enabled/70-mod-stream-geoip.conf:
load_module modules/ngx_stream_geoip_module.so;

# configuration file /etc/nginx/modules-enabled/70-mod-stream-geoip2.conf:
load_module modules/ngx_stream_geoip2_module.so;

# configuration file /etc/nginx/mime.types:

types {
    text/html                             html htm shtml;
    text/css                              css;
    text/xml                              xml;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    application/javascript                js;
    application/atom+xml                  atom;
    application/rss+xml                   rss;

    text/mathml                           mml;
    text/plain                            txt;
    text/vnd.sun.j2me.app-descriptor      jad;
    text/vnd.wap.wml                      wml;
    text/x-component                      htc;

    image/png                             png;
    image/tiff                            tif tiff;
    image/vnd.wap.wbmp                    wbmp;
    image/x-icon                          ico;
    image/x-jng                           jng;
    image/x-ms-bmp                        bmp;
    image/svg+xml                         svg svgz;
    image/webp                            webp;

    application/font-woff                 woff;
    application/java-archive              jar war ear;
    application/json                      json;
    application/mac-binhex40              hqx;
    application/msword                    doc;
    application/pdf                       pdf;
    application/postscript                ps eps ai;
    application/rtf                       rtf;
    application/vnd.apple.mpegurl         m3u8;
    application/vnd.ms-excel              xls;
    application/vnd.ms-fontobject         eot;
    application/vnd.ms-powerpoint         ppt;
    application/vnd.wap.wmlc              wmlc;
    application/vnd.google-earth.kml+xml  kml;
    application/vnd.google-earth.kmz      kmz;
    application/x-7z-compressed           7z;
    application/x-cocoa                   cco;
    application/x-java-archive-diff       jardiff;
    application/x-java-jnlp-file          jnlp;
    application/x-makeself                run;
    application/x-perl                    pl pm;
    application/x-pilot                   prc pdb;
    application/x-rar-compressed          rar;
    application/x-redhat-package-manager  rpm;
    application/x-sea                     sea;
    application/x-shockwave-flash         swf;
    application/x-stuffit                 sit;
    application/x-tcl                     tcl tk;
    application/x-x509-ca-cert            der pem crt;
    application/x-xpinstall               xpi;
    application/xhtml+xml                 xhtml;
    application/xspf+xml                  xspf;
    application/zip                       zip;

    application/octet-stream              bin exe dll;
    application/octet-stream              deb;
    application/octet-stream              dmg;
    application/octet-stream              iso img;
    application/octet-stream              msi msp msm;

    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

    audio/midi                            mid midi kar;
    audio/mpeg                            mp3;
    audio/ogg                             ogg;
    audio/x-m4a                           m4a;
    audio/x-realaudio                     ra;

    video/3gpp                            3gpp 3gp;
    video/mp2t                            ts;
    video/mp4                             mp4;
    video/mpeg                            mpeg mpg;
    video/quicktime                       mov;
    video/webm                            webm;
    video/x-flv                           flv;
    video/x-m4v                           m4v;
    video/x-mng                           mng;
    video/x-ms-asf                        asx asf;
    video/x-ms-wmv                        wmv;
    video/x-msvideo                       avi;
}

# configuration file /etc/nginx/sites-enabled/010-mysiteb:
# HTTP

server {
        server_name mysite2 mysiteb mysite3 mysiteb;
    listen 80;  
    include commons/http-location.inc;
}

# BALANCED HAPROXY2 - TCP 81

server {
        server_name mysiteb;
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/mysiteb/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mysiteb/privkey.pem;
    include commons/ha-location-2.inc;
}

# BALANCED HAPROXY WEB - TCP 82

server {
        server_name mysite3 mysiteb;
    listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/mysite3/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite3/privkey.pem;
        include commons/ha-location-web.inc;
}

server {
        server_name mysite2;
        listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/mysite2/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite2/privkey.pem;
        include commons/ha-location-web.inc;
}

# configuration file /etc/nginx/commons/http-location.inc:
        location /.well-known {
                alias /var/www/html/.well-known;
        }
        location / {
                return 301 https://$host$request_uri;
        }

# configuration file /etc/nginx/commons/ha-location-2.inc:
        location / {
                proxy_pass http://127.0.0.1:81;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-SSL on;
        proxy_set_header X-Forwarded-Proto https;
                error_page 502 /502error.html;
        }
        location /ws {
                proxy_pass http://127.0.0.1:81;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-SSL on;
        proxy_set_header X-Forwarded-Proto https;
                proxy_read_timeout 120;
        }
        location = /502error.html {
                root   /usr/share/nginx/html;
                internal;
        }

# configuration file /etc/nginx/commons/ha-location-web.inc:
        location / {
                proxy_pass http://127.0.0.1:82;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-SSL on;
        proxy_set_header X-Forwarded-Proto https;
                error_page 502 /502error.html;
        proxy_cache mycache;
        add_header X-Cache-Status $upstream_cache_status;
        }
        location = /502error.html {
                root   /usr/share/nginx/html;
                internal;
        }

# configuration file /etc/nginx/commons/srvap1-location.inc:
        location / {
                proxy_pass http://srvap1/;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-SSL on;
        proxy_set_header X-Forwarded-Proto https;
                error_page 502 /502error.html;
        }
        location /ws {
                proxy_pass http://srvap1;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-SSL on;
        proxy_set_header X-Forwarded-Proto https;
                proxy_read_timeout 120;
        }
        location = /502error.html {
                root   /usr/share/nginx/html;
                internal;
        }

# configuration file /etc/nginx/commons/srvap2-location.inc:
        location / {
                proxy_pass http://srvap2/;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-SSL on;
        proxy_set_header X-Forwarded-Proto https;
                error_page 502 /502error.html;
        }
        location /ws {
                proxy_pass http://srvap2;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Host $http_host;
                proxy_set_header X-Forwarded-SSL on;
        proxy_set_header X-Forwarded-Proto https;
                proxy_read_timeout 120;
        }
        location = /502error.html {
                root   /usr/share/nginx/html;
                internal;
        }

# configuration file /etc/nginx/sites-enabled/030-mysitea:
# HTTP

server {
        server_name mysite1 mysite4 mysite5;
    listen 80;  
    include commons/http-location.inc;
}

# BALANCED HAPROXY - TCP 81

server {
        server_name mysite4;
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/mysite4/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mysite4/privkey.pem;
    include commons/ha-location-2.inc;
}

server {
        server_name mysite5 mysitea;
    listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/mysite5/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite5/privkey.pem;
        include commons/ha-location-web.inc;
}

server {
        server_name mysite1;
        listen 443 ssl;
        ssl_certificate /etc/letsencrypt/live/mysite1/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite1/privkey.pem;
        include commons/ha-location-web.inc;
}

# AP1 - TCP 10001

server {
        server_name mysite4;
        listen 10001 ssl;
        ssl_certificate /etc/letsencrypt/live/mysite4/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite4/privkey.pem;
    include commons/srvap1-location.inc;
}

server {
        server_name mysite5 mysitea;
        listen 10001 ssl;
        ssl_certificate /etc/letsencrypt/live/mysite5/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite5/privkey.pem;
        include commons/srvap1-location.inc;
}

server {
        server_name mysite1;
        listen 10001 ssl;
        ssl_certificate /etc/letsencrypt/live/mysite1/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite1/privkey.pem;
        include commons/srvap1-location.inc;
}

# AP2 - TCP 10002

server {
        server_name mysite4;
        listen 10002 ssl;
        ssl_certificate /etc/letsencrypt/live/mysite4/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite4/privkey.pem;
        include commons/srvap2-location.inc;
}

server {
        server_name mysite5 mysitea;
        listen 10002 ssl;
        ssl_certificate /etc/letsencrypt/live/mysite5/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite5/privkey.pem;
        include commons/srvap2-location.inc;
}

server {
        server_name mysite1;
        listen 10002 ssl;
        ssl_certificate /etc/letsencrypt/live/mysite1/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/mysite1/privkey.pem;
        include commons/srvap2-location.inc;
}


# configuration file /etc/nginx/sites-enabled/default:
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

}
server {

    listen 127.0.0.1:1935;

    root /var/www/html;

    location / {
        stub_status;
    }

}

I'm working on a new nas to store veeam backups of some VMs.

I will use some magnetic disks and my doubt is about optional ssd cache disks.

I was wondering if it is important the cache layer, generally I know few cache disks is not a bad idea, but in this case I would like to know if it is recommended or not very useful.

As far as I know the cache is used to absorb few small operations or repeated operations in same sectors. In a vm backup scenario I expect a massive write ops and cache layer will be shortly filled and became almost unuseful.

Am I right or am I wrong?

I'm configuring a MS 365 Hybrid deployment, MX will be keeped to Exchange on premise server.

I have a On premise antispam (LibraEsva) that I don't want to remove.

This is the actual configuration:

Following MS guide lines, the connection between Exchange On Premise and Cloud has to be direct without any filter.

As you can see the there is a SMTP 25 from public internet to MX interface filtered by Antispam. Moreover, there is another SMTP 25 connection between Exchange On Premise and Cloude for internal routing between local and cloud mailboxed.

I made 2 NAT

• From Any with port SMTP-25 forwarded to Antispam
• From MS365 ips with port SMTP-25 forwarded to Exchange

This works, public email are filtered, and email between Exchange server are not filtered...

BUT

The NAT made from MS365 hostname are getting all public emails from MS 365 NOT ONLY the internal ones, if any user of 365 sends an email to me, it is not filtered anymore.

How can I solve this brain teaser? I think there should be a solution.

I want to create a remote repository for the backup of my local infrastructure. I'm using Veeam v10.

I think I need a remote machine with a Veeam component installed, then I was wondering if I can build a EC2 Windows machine with Veeam with S3 as storage.

The goal is to transfer from my site to EC2 only the incremental backup (I cannot transfer a full with my bandwith!) and let the machine compute and merge backup in a reverse incremental backup. Is this a good configuration? Is it possibile to use EC2 with a S3 storage for veeam repository?

I have to set a persistent custom SQL MODE persistent to my server. I added this line in /etc/mysql/mysql.conf.d/mysqld.cnf

[mysqld]
...
sql-mode = STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

When I try to run mysql I get this error:

2020-06-03T09:49:24.567568Z 0 [ERROR] [MY-000077] [Server] /usr/sbin/mysqld: Error while setting value 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' to 'sql_mode'. mysqld Ver 8.0.20-0ubuntu0.20.04.1 for Linux on x86_64 ((Ubuntu))

I tried to change sql-mode to sql_mode and remove the double quotes, but it doesn't change.

I have two WAN from different providers, I would like to know how can I manage an IP failover to switch services in case of failur of the primary WAN. The only solution that I know is to use dns records and switch them in case of failure.

• Is there any service to switch them automatically?
• If I set a low TTL for my dns records can I be sure a fast switch from clients all over the world? Do DNS cache servers consider my TTL settings?

I had to change a drive in my IBM DS3512 SAN, I bought it by model (Seagate model) and not by IBM FRU code. I tried to put the drive but it fails with error "incompatible drive". I saw that the model is really the same of other drives but firmware version and manufacturer name is different.

Probably I have to give the drive back and look for the FRU part, but firstly I want to know if is there any way to override this problem, maybe flashing the IBM firmware in the drive.

This SAN is not in production enviroment but only for testing

My primary WIN 2012 VM domain controller cannot update anymore, every update fails with this error:

Windows failed to install the following update with error 0x800f0900

I tried many things:

• reset SoftwareDistribution directory
• sfc /scannow ends without errors
• dism /online /cleanup-image /restorehealth stucks at 40% (I wait 18hours, then I stoped it)
• dism /online /cleanup-image /source.... /restorehealth get from a DVD source stucks at 40% like the previous
• clean and secure boot before previous commands

What can I try to do?

**** EDIT WindowsUpdate.log content:

2017-01-17  22:33:14:450     920    ff4 Handler Generating request for CBS update 641FE631-29F1-46B4-BBED-7D2B8D56741B in sandbox C:\Windows\SoftwareDistribution\Download\61d75607e4a6a41d2d6d304bed92af67
2017-01-17  22:33:14:529     920    ff4 Handler Selected payload type is ptExpress
2017-01-17  22:33:14:607     920    ff4 Handler UH: DpxRestoreJob returned 0x80070002
2017-01-17  22:33:14:607     920    ff4 Handler Detected download state is dsHavePackage
2017-01-17  22:33:30:935     920    364 Handler FATAL: CBS called Error with 0x800f0900, 
2017-01-17  22:33:30:951     920    ff4 Handler FATAL: UH: 0x800f0900: Async stage operation failed in CUHCbsHandler::StageCbsPackage
2017-01-17  22:33:31:107     920    ff4 Handler FATAL: Request generation for CBS update complete with hr=0x800f0900 and pfResetSandbox=0 
2017-01-17  22:33:31:107     920    ff4 Handler FATAL: Error source is 106.
2017-01-17  22:33:31:107     920    ff4 DnldMgr FATAL: DM:CAgentDownloadManager::GenerateAllDownloadRequests: GenerateDownloadRequest failed with 0x800f0900.
2017-01-17  22:33:32:404     920    ff4 DnldMgr WARNING: Download request generation failed with 0x800f0900.
2017-01-17  22:33:32:435     920    ff4 DnldMgr Error 0x800f0900 occurred while downloading update; notifying dependent calls.
2017-01-17  22:33:32:466     920    174 AU  >>##  RESUMED  ## AU: Download update [UpdateId = {4485F552-0451-4646-B224-BEC7507523F3}]
2017-01-17  22:33:32:466     920    174 AU    # WARNING: Download failed, error = 0x800F0900
2017-01-17  22:33:32:779     920    174 AU  #########
2017-01-17  22:33:32:779     920    174 AU  ##  END  ##  AU: Download updates
2017-01-17  22:33:32:779     920    174 AU  #############

CBS log:

2017-01-27 17:11:26, Info                  CBS    Exec: Package: Package_20_for_KB2934016~31bf3856ad364e35~amd64~~6.2.1.1 is already in the correct state, current: Installed, targeted: Installed
2017-01-27 17:11:26, Info                  CBS    Exec: Skipping Package: Package_20_for_KB2934016~31bf3856ad364e35~amd64~~6.2.1.1, Update: 2934016-60_neutral_LDR because it is already in the correct state.
2017-01-27 17:11:26, Info                  CBS    Exec: Skipping Package: Package_20_for_KB2934016~31bf3856ad364e35~amd64~~6.2.1.1, Update: 2934016-61_neutral_LDR because it is already in the correct state.
2017-01-27 17:11:26, Info                  CBS    Exec: Skipping Package: Package_20_for_KB2934016~31bf3856ad364e35~amd64~~6.2.1.1, Update: 2934016-62_neutral_GDR because it is already in the correct state.
2017-01-27 17:11:26, Info                  CBS    Failed to peek next token (status=0xc0000161) [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Info                  CBS    Failed to get next Token [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Info                  CBS    Wrong XML DECL [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Info                  CBS    Invalid xml format [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Info                  CBS    Manifest parsing error at line: 1, context: 
 [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Info                  CBS    Failed to parse the manifest from the buffer. [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Error                 CBS    Failed to parse package manifest: \\?\C:\Windows\Servicing\Packages\Package_357_for_KB2836988~31bf3856ad364e35~amd64~~6.2.1.0.mum [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Info                  CBS    Mark store corruption flag because of parsing failure on package: Package_357_for_KB2836988~31bf3856ad364e35~amd64~~6.2.1.0. [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Info                  CBS    Failed to initialize package: Package_357_for_KB2836988~31bf3856ad364e35~amd64~~6.2.1.0, from path: \\?\C:\Windows\Servicing\Packages\Package_357_for_KB2836988~31bf3856ad364e35~amd64~~6.2.1.0.mum, existing package: 1 [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Info                  CBS    Mark store corruption flag because of package: Package_357_for_KB2836988~31bf3856ad364e35~amd64~~6.2.1.0. [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Info                  CBS    Failed to resolve package [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Info                  CBS    Failed to get next package to re-evaluate [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Info                  CBS    Failed to process component watch list. [HRESULT = 0x800f0900 - CBS_E_XML_PARSER_FAILURE]
2017-01-27 17:11:26, Info                  CBS    Perf: InstallUninstallChain complete.
2017-01-27 17:11:26, Info                  CSI    00000b91@2017/1/27:16:11:26.555 CSI Transaction @0x6db95b2ce0 destroyed
2017-01-27 17:11:26, Info                  CBS    Exec: Store corruption found during execution, but auto repair is already attempted today, skip it.

Today I got many spammy emails into my mailbox, I looked in exim4 logs and I found some suspected activities.

I would like to understand the serverity of this attack, if I got spammy mail I can delete them and add some rules, however I want to be sure that I'm not a spammer.

I read many of these logs:

  2016-03-09 07:53:12 1adXzZ-0007sb-Pz <= info@mydomain.com H=([127.0.0.1]) [129.137.152.170] P=esmtpa A=plain: S=1298 id=E10ADF97.F4977D1149D4C689@mydomain.com
  2016-03-09 07:53:12 1adXzZ-0007sb-Pz no immediate delivery: more than 10 messages received in one connection
  2016-03-09 08:16:57 1adXzZ-0007sb-Pz => kamikaze_****@hotmail.co.uk R=dnslookup T=remote_smtp H=mx3.hotmail.com [207.46.8.167] X=TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256 CV=no DN="CN=*.hotmail.com" C="250  <E10ADF97.F4977D1149D4C689@mydomain.com> Queued mail for delivery"
  2016-03-09 08:16:57 1adXzZ-0007sb-Pz Completed

Please consider that:

• kamikaze_****@hotmail.co.uk (I add some asterisks for privacy) is not a known recipient and this is not a mailbox in my server.
• Realy should be permitted only to authenticated users, and here I did not find any authentication info.
• In the log there is a 250 and "Completed", so seems that no error was thrown. The sign of the log is "=>" that means outgoing message...

So, I'm a spammer? Is my server sending mails without authentication?

This is my configuration:

accept_8bitmime
acl_smtp_data = acl_check_data
acl_smtp_data_prdr = accept
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
admin_groups =
no_allow_domain_literals
no_allow_mx_to_ip
no_allow_utf8_domains
auth_advertise_hosts = *
auto_thaw = 0s
av_scanner = sophie:/var/run/sophie
bounce_return_body
bounce_return_message
bounce_return_size_limit = 100K
callout_domain_negative_expire = 3h
callout_domain_positive_expire = 1w
callout_negative_expire = 2h
callout_positive_expire = 1d
callout_random_local_part = $primary_hostname-$tod_epoch-testing
check_log_inodes = 0
check_log_space = 0
check_rfc2047_length
check_spool_inodes = 0
check_spool_space = 0
daemon_smtp_ports = smtp
daemon_startup_retries = 9
daemon_startup_sleep = 30s
delay_warning = 1d
delay_warning_condition = ${if or {{ !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} }{ match{$h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
no_deliver_drop_privilege
deliver_queue_load_max =
delivery_date_remove
no_disable_ipv6
dkim_verify_signers = $dkim_signers
dns_check_names_pattern = (?i)^(?>(?(1)\.|())[^\W](?>[a-z0-9/_-]*[^\W])?)+(\.?)$
dns_csa_search_limit = 5
dns_csa_use_reverse
dns_dnssec_ok = -1
dns_retrans = 0s
dns_retry = 0
dns_use_edns0 = -1
no_drop_cr
dsn_from = Mail Delivery System <Mailer-Daemon@$qualify_domain>
envelope_to_remove
exim_group = Debian-exim
exim_path = /usr/sbin/exim4
exim_user = Debian-exim
extract_addresses_remove_arguments
finduser_retries = 0
freeze_tell = postmaster
gecos_name = $1
gecos_pattern = ^([^,:]*)
no_gnutls_allow_auto_pkcs11
no_gnutls_compat_mode
header_line_maxsize = 0
header_maxsize = 1048576
headers_charset = UTF-8
helo_allow_chars = _
helo_lookup_domains = @ : @[]
host_lookup = *
host_lookup_order = bydns:byaddr
ignore_bounce_errors_after = 2d
no_ignore_fromline_local
keep_malformed = 4d
no_ldap_start_tls
ldap_version = -1
no_local_from_check
local_interfaces = <; ::0 ; 0.0.0.0
local_scan_timeout = 5m
local_sender_retain
log_file_path = /var/log/exim4/%slog
log_selector = +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn
no_log_timezone
lookup_open_max = 25
max_username_length = 0
no_message_body_newlines
message_body_visible = 500
message_logs
message_size_limit = 50M
no_move_frozen_messages
no_mua_wrapper
mysql_servers = localhost/system/exim/mypassw
never_users =
no_perl_at_start
pid_file_path = /var/run/exim4/exim.pid
pipelining_advertise_hosts = *
prdr_enable
no_preserve_message_logs
primary_hostname = srv1.mydomain.com
no_print_topbitchars
process_log_path = /var/spool/exim4/exim-process.info
prod_requires_admin
qualify_domain = mydomain.com
qualify_recipient = mydomain.com
queue_list_requires_admin
no_queue_only
queue_only_load =
queue_only_load_latch
queue_only_override
no_queue_run_in_order
queue_run_max = 5
receive_timeout = 0s
received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n\t}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} ${if def:tls_cipher {($tls_cipher)\n\t}}(Exim $version_number)\n\t${if def:sender_address {(envelope-from <$sender_address>)\n\t}}id $message_exim_id${if def:received_for {\n\tfor $received_for}}
received_headers_max = 30
recipients_max = 0
no_recipients_max_reject
remote_max_parallel = 2
retry_data_expire = 1w
retry_interval_max = 1d
return_path_remove
rfc1413_hosts = @[]
rfc1413_query_timeout = 0s
slow_lookup_log = 0
smtp_accept_keepalive
smtp_accept_max = 20
smtp_accept_max_nonmail = 10
smtp_accept_max_nonmail_hosts = *
smtp_accept_max_per_connection = 1000
smtp_accept_queue = 0
smtp_accept_queue_per_connection = 10
smtp_accept_reserve = 0
smtp_banner = $smtp_active_hostname ESMTP Exim $version_number Ubuntu $tod_full
smtp_check_spool_space
smtp_connect_backlog = 20
smtp_enforce_sync
smtp_etrn_serialize
smtp_load_reserve =
smtp_max_synprot_errors = 3
smtp_max_unknown_commands = 3
no_smtp_return_error_details
spamd_address = 127.0.0.1 783
no_split_spool_directory
spool_directory = /var/spool/exim4
sqlite_lock_timeout = 5
no_strict_acl_vars
no_strip_excess_angle_brackets
no_strip_trailing_dot
syslog_duplication
syslog_processname = exim
syslog_timestamp
tcp_nodelay
timeout_frozen_after = 1w
tls_advertise_hosts = *
tls_certificate = /etc/exim4/exim.crt
tls_dh_max_bits = 2236
tls_eccurve = prime256v1
tls_on_connect_ports = 465
tls_privatekey = /etc/exim4/exim.key
no_tls_remember_esmtp
tls_verify_certificates = ${if exists{/etc/ssl/certs/ca-certificates.crt}{/etc/ssl/certs/ca-certificates.crt}{/dev/null}}
trusted_groups =
trusted_users = uucp
untrusted_set_sender = *
uucp_from_pattern = ^From\s+(\S+)\s+(?:[a-zA-Z]{3},?\s+)?(?:[a-zA-Z]{3}\s+\d?\d|\d?\d\s+[a-zA-Z]{3}\s+\d\d(?:\d\d)?)\s+\d\d?:\d\d?
uucp_from_sender = $1
write_rejectlog

And this is the PLAIN authenticator:

plain:
driver                          = plaintext
public_name                     = PLAIN
server_advertise_condition      = yes
server_condition                = ${if eq{$3}{${lookup mysql{ SELECT password FROM users WHERE CONCAT(username,'@',domain)='${quote_mysql:$2}' AND smtp>0 }}}{yes}{no}}
server_set_id                   = $2

This is the today exim reject log:

2016-01-07 13:48:44 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 15:32:09 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 15:41:35 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 15:49:01 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 15:56:50 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 16:04:58 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 16:12:28 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 16:20:19 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 16:28:08 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 16:35:50 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 16:43:28 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 16:51:18 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 16:58:51 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 17:06:25 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 17:13:58 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=info@mydomain.com)
2016-01-07 17:21:29 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 17:28:52 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 17:36:18 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 17:43:43 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 17:51:46 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 17:59:08 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 18:06:44 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 18:14:10 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 18:21:39 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 18:29:02 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 18:36:36 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 18:44:00 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 18:51:21 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 18:58:40 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=test@mydomain.com)
2016-01-07 19:05:59 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)
2016-01-07 19:13:18 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)
2016-01-07 19:20:42 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)
2016-01-07 19:28:03 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)
2016-01-07 19:35:48 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)
2016-01-07 19:43:11 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)
2016-01-07 19:50:35 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)
2016-01-07 19:57:59 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)
2016-01-07 20:05:25 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)
2016-01-07 20:12:51 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)
2016-01-07 20:20:17 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)
2016-01-07 20:27:41 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)
2016-01-07 20:35:06 login authenticator failed for (USER) [212.224.87.119]: 535 Incorrect authentication data (set_id=vito@mydomain.com)

I don't want to wait and do nothing more, is it possibile to create a blacklist for exim populated with ip addresses of more then 10 login attemps in 1h?

Mind that I want to creare a blacklist for smtp login attemps and not for email senders.

This is a question about MX procotol priority. If I have two server as MX with different priority:

• MX 10 serverA
• MX 20 serverB

Is this guarantee by the protocol that the MX 10 is the prefered? Can the submitter choose the secondary for any other reason but primary availability?

In other words: if my serverA MX is well working and with (theoretical) infinite connection capacity, can I be sure that nobody will try a connection to serverB?

I have an error from a Veeam Hyper-V backup of a Virtual Machine in a Hyper-V host:

Unable to create snapshot (Microsoft CSV Shadow Copy Provider) (mode: Veeam application-aware processing). Details: Writer 'Microsoft Hyper-V VSS Writer' is failed at 'VSS_WS_FAILED_AT_POST_SNAPSHOT'. The writer experienced a transient error. If the backup process is retried, the error may not reoccur. --tr:Failed to verify writers state. --tr:Failed to create VSS snapshot. --tr:Failed to perform pre-backup tasks.

I cannot understand if this is a host error, a guest error or Veeam error. I tried to reboot the VM but I got the same error. I did not try to reboot the host, but I tried to change the host (this VM is inside a failover cluster of two hosts) and with this change the backup works again.

During the backup failure I ran this command in the host:

 vssadmin list writers

The output was:

>    Writer name: 'Microsoft Hyper-V VSS Writer'
>        Writer Id: {66841cd4-6ded-4f4b-8f17-fd23f8ddc3de}
>        Writer Instance Id: {f50fe40b-27d6-4a98-8713-e5a1dce54c97}
>        State: [1] Frozen

After the VM migrates to another host, the writer state changes back to "Stable".

What can freeze the VSS writers?

There is a 10103 event in the Host:

Failed to revert to VSS snapshot on the virtual hard disk '\\?\Volume{29e16157-002f-4cb4-af58-c95acbd54be9}\' of the virtual machine 'srvshare1'.

When I create a new folder in a shared folder under Windows Server 2012 sometimes i can not see new folder by windows 7 clients. Also with some refresh I still can not see new folders. After some minutes they appear. Is possibile to change the refresh time or what can be?

thank you

I have two computer, the first one is the server (so WinXP) with a shared folder granted for user "test" and this is out of domain, it is just in WORKGROUP. The second computer is a client computer (WS2012) in domain and i would like to access directly to the shared folder of the server without prompting username/password.

I tried to add a "test" user (with the same password) in localuser of the client and also in the domain, but the access fails.

I need this on.the.fly access because i need some file from share just with a file path (ex. \server\path\file.txt) without prompting.

thank you.

I need a command (like "dir") that lists all directories with their size. I need just a 1 level deepness but with the total size of a directory.

For example

>dirsize c:/mainfolder
    subfolder1  15640
    subfolder2 682310
    subfolder3 283550

I installed Debian with kernel 2.6.32-5-686 on a Hyper-V virtual machine. I had to add a legacy network card. I follow this tutorial http://www.yusufozturk.info/linux-server/debian-2-6-36-kernel-upgrade-for-hyper-v-client-drivers.html to add Hyper-V driver but when I reboot with the new kernel i got this error:

BLKVSC_DRV: blkvsc_probe() ERROR!! register_blkdev() failed! ret -16

And at the very first boot log (that i can not copy because i did not find it in dmesg or boot log) i see a mount /dev error.

Thank you.

I'm trying to link a debian server authentication to active directory. I followed this tutorial: http://wiki.debian.org/Authenticating_Linux_With_Active_Directory but I'm stuck on the

getent passwd

Because this doesn't list all AD users but only locals. This is my nsswitch.conf:

passwd:         files winbind
group:          files winbind
shadow:         files winbind

And I'm sure it is well connected to AD becuse this:

wbinfo -u

Lists all AD users. What have I missed?

Do you know if exists something like "alias" for domain users? On my domain I have a short username (ex. n.surname) and i would like users could login with extended name (es. name.surname) to the same profile. Is it possibile?

Thanks

I would like to find all unused accounts of the active directory, so I need to see the last access to the domain. I looked into the user properties but I did not find anything. Where can I find this information?