NitroxDM's questions

I have a simple one page internal app that I just moved to IIS7.5. After enabling basic authentication and disabled anonymous authentication only local users can authenticate.

What I have done far:

• Enabled basic authentication and disabled anonymous authentication.
• Created group in Active Directory with accounts.
• Added AD group to the local User group.
• Added Network Service account to the directory.
• Created a local test user. - Works.
• Removed the local test user from all groups. - Still works.
• I'm using DOMAIN\USER for the username.

There has to be something simple I'm missing.

I created a new repository A.

Ran svnsync init with repository B as the source.

Loaded a dump file from B (rev 0 to 1690 of 1801) to A.

Then tried to run svnsync. My thinking was that svnsync could pick up where the dump file left off.

This is the error:

svnsync: Destination HEAD (1690) is not the last merged revision (0); have you committed to the destination without using svnsync?

Is there a way to make svnsync think it has already synced up to the current rev?

I'm migrating to a new server.

Before I could use: include/XXXX.php in /var/site/test.php.

Now I have use: /var/site/include/XXXX.php

I'm using:

Ubuntu 10.4 Apache2 PHP5

I set up multiple isolated vlans in dd-wrt. Now I need to forward a port to vlan2.

I isolated the vlans using:

iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I FORWARD -i br0 -o vlan3 -j DROP
iptables -I FORWARD -i br0 -o vlan4 -j DROP

Now I need to block a clients on each vlan from accessing the router.

This doesn't work:

iptables -I INPUT -i br0 -o vlan2 --dport telnet -j REJECT --reject-with tcp-reset

I'm new it iptables... am I missing something?

I set up multiple isolated vlans in dd-wrt. Now I need to forward a port to an IP on vlan2.

The goal here is to allow someone to use a computer on vlan2 without having access to the rest of my network.

I isolated the vlans using:

iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I FORWARD -i br0 -o vlan3 -j DROP
iptables -I FORWARD -i br0 -o vlan4 -j DROP

Any ideas?

iptables:

 Chain INPUT (policy ACCEPT)     
 target     prot opt source               destination     
 ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED     
 DROP       udp  --  anywhere             anywhere            udp dpt:route     
 DROP       udp  --  anywhere             anywhere            udp dpt:route     
 ACCEPT     udp  --  anywhere             anywhere            udp dpt:route     
 logaccept  tcp  --  anywhere             DD-WRT              tcp dpt:www        
 DROP       icmp --  anywhere             anywhere     
 DROP       igmp --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere            state NEW     
 logaccept  0    --  anywhere             anywhere            state NEW     
 ACCEPT     0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere     
 DROP       0    --  anywhere             anywhere     

 Chain FORWARD (policy ACCEPT)     
 target     prot opt source               destination     
 DROP       0    --  anywhere             anywhere     
 DROP       0    --  anywhere             anywhere     
 DROP       0    --  anywhere             anywhere     
 ACCEPT     gre  --  192.168.1.0/24       anywhere     
 ACCEPT     tcp  --  192.168.1.0/24       anywhere            tcp dpt:1723     
 ACCEPT     0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere     
 logdrop    0    --  anywhere             anywhere            state INVALID     
 TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN tcpmss match 1461:65535 TCPMSS set 1460     
 lan2wan    0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED     
 ACCEPT     tcp  --  anywhere             192.168.1.98        tcp dpt:www     
 ACCEPT     tcp  --  anywhere             192.168.1.111       tcp dpt:www         
 TRIGGER    0    --  anywhere             anywhere            TRIGGER type:in match:0 relate:0     
 trigger_out  0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere            state NEW     
 DROP       0    --  anywhere             anywhere     

 Chain OUTPUT (policy ACCEPT)     
 target     prot opt source               destination     

 Chain advgrp_1 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_10 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_2 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_3 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_4 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_5 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_6 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_7 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_8 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_9 (0 references)     
 target     prot opt source               destination     

 Chain grp_1 (1 references)     
 target     prot opt source               destination     

 Chain grp_10 (0 references)     
 target     prot opt source               destination     

 Chain grp_2 (0 references)     
 target     prot opt source               destination     

 Chain grp_3 (0 references)     
 target     prot opt source               destination     

 Chain grp_4 (0 references)     
 target     prot opt source               destination     

 Chain grp_5 (0 references)     
 target     prot opt source               destination     

 Chain grp_6 (0 references)     
 target     prot opt source               destination     

 Chain grp_7 (0 references)     
 target     prot opt source               destination     

 Chain grp_8 (0 references)     
 target     prot opt source               destination     

 Chain grp_9 (0 references)     
 target     prot opt source               destination     

 Chain lan2wan (1 references)     
 target     prot opt source               destination     
 grp_1      0    --  anywhere             anywhere     

 Chain logaccept (3 references)     
 target     prot opt source               destination     
 ACCEPT     0    --  anywhere             anywhere     

 Chain logdrop (1 references)     
 target     prot opt source               destination     
 DROP       0    --  anywhere             anywhere     

 Chain logreject (0 references)     
 target     prot opt source               destination     
 REJECT     tcp  --  anywhere             anywhere            tcp reject-with tcp-reset     

 Chain trigger_out (1 references)     
 target     prot opt source               destination     
 root@DD-WRT:~#     

How do I clone a DNN site?

The idea is to have a dev and a prod site on the same server.

I have already cloned the database and changed the connection strings.

What else needs to be done?

The server authentication is set to:

SQL Server and Windows Authentication mode

I can connect using Window authentication but not SQL authentication.

Login failed for user 'sa'. (Microsoft SQL Server, Error: 18456)

Error Number: 18456
Severity: 14
State: 1

I have reset the sa password and started and stopped the serveries to no avail.

I also created a new login. No dice.

UPDATE:

There as a process on another computer that was stuck in a loop. Once I killed the process I was able to login. I don't know why or how. But that is one only thing that I know of that changed.

Setup:

I have two separate networks I need to connect to at the same time.

VPN 1 PPTP

IP     : 192.168.2.0/24
DNS    : 192.168.2.32; 192.168.2.34 (Windows 2003)
Domain : old.com
Forwarder : 192.168.2.1 (Gateway running DNS) DD-WRT

VPN 2 OpenVPN using Routing -- I'm going to switch to bridging

IP     : 192.168.10.0/24
DNS    : 192.168.10.10 (Windows 2008)
Domain : xyz.dc
Forwarder : 192.168.10.1 (Gateway running DNS) ClearOS

When I'm connected I would like to resolve host names on both networks without fully qualifying them.

UPDATE:

I'm not the only one connecting to this set up so setting up a local DNS would be unmanageable. I have total control over both networks, so making changes isn't an issue. I just don't know what changes to make. :S

I'm attempting to use ClearOS as my Domain Controller for a Windows network with no success.

When attempting to join the domain I get this fun error:

An error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain su.dc.

The error was: "No records found for given DNS query." (error code 0x0000251D DNS_INFO_NO_RECORDS)

The query was for the SRV record for _ldap._tcp.dc._msdcs.su.dc

But when I do an nslookup on _ldap._tcp.dc._msdcs.su.dc I get the address of the ClearOS box.

I'm using WinXP Pro to test with.

The domain is su.dc.

ClearOS is running: DNS and DHCP

Any ideas?

I have a Windows 2003 web edition server that I can't seem to get the SMTP relay working.

BT4 shows port 25 open. When I try use telnet to test it on my desktop I get:

  Connecting To XXX.XXX.XXX.XXX...Could not open connection to the host, on port 25: Connect failed.

From the server I get:

Microsoft Telnet> o 127.0.0.1 25
Connecting To 127.0.0.1...

Connection to host lost.

There isn't anything useful in the logs.

Any ideas?

Does pausing a VM on ESXi release resources?

If I have a vm that is running slow will pausing other VMs help?

I set up an Active Directory (AD) Domain Controller on a Windows 2003 server. I let the wizard do all the work.

I can login with the domain users I made. However, when I go to add a computer to the domain I get the incredibly helpful error:

The parameter is incorrect

Any ideas?

From the NetSetup.log:

09/24 21:48:30 NetpDoDomainJoin
09/24 21:48:30 NetpMachineValidToJoin: 'NITROXDM'
09/24 21:48:30 NetpGetLsaPrimaryDomain: status: 0x0
09/24 21:48:30 NetpMachineValidToJoin: status: 0x0
09/24 21:48:30 NetpJoinDomain
09/24 21:48:30     Machine: NITROXDM
09/24 21:48:30     Domain: tdomain
09/24 21:48:30     MachineAccountOU: (NULL)
09/24 21:48:30     Account: tdomain\Administrator
09/24 21:48:30     Options: 0x25
09/24 21:48:30     OS Version: 5.1
09/24 21:48:30     Build number: 2600
09/24 21:48:30     ServicePack: Service Pack 3
09/24 21:48:30 NetpValidateName: checking to see if 'tdomain' is valid as type 3 name
09/24 21:48:30 NetpCheckDomainNameIsValid [ Exists ] for 'tdomain' returned 0x0
09/24 21:48:30 NetpValidateName: name 'tdomain' is valid for type 3
09/24 21:48:30 NetpDsGetDcName: trying to find DC in domain 'tdomain', flags: 0x1020
09/24 21:48:45 NetpDsGetDcName: failed to find a DC having account 'NITROXDM$': 0x525
09/24 21:48:45 NetpDsGetDcName: found DC '\\SRV1' in the specified domain
09/24 21:48:45 NetUseAdd to \\SRV1\IPC$ returned 1219
09/24 21:48:45 Trying add to  \\SRV1\IPC$ using NULL Session
09/24 21:48:45 NullSession NetUseAdd to \\SRV1\IPC$ returned 1219
09/24 21:48:45 NetpJoinDomain: status of connecting to dc '\\SRV1': 0x4c3
09/24 21:48:45 NetpDoDomainJoin: status: 0x4c3

I have a trigger that keeps getting disabled. It will run from months at time without issue then just be disabled. Why?

It would be cool to know: Is there a way I can log when it get's disabled? What is disabling it? Is there a way to set up an email alert that it has been disabled?

I have VisualSVN running on a Windows 2003 64 bit server. I'm storing my repository on a NAS and using UNC path.

The problem comes in when using svnlook in a hook bat file.

I get:

'svnlook' is not recognized as an internal or external command,

I have a similar set up on a Window 2003 32 bit server that runs with out issue. The two variables are the 64 bit OS and the UNC path.

Any ideas how to get my hook script to work?

I have a situation where I need to set up a domain whitelist and block access to all other sites. The trick now is that the network owner needs to bypass the whitelist on occasion.

Is there a way to to this with ClearOS? If not ClearOS how about another gateways server?

I have a old slow server I use for hosting preview sites and other non resource intensive tasks. The other day the OS HDD started making a most unpleasing squealing noise. So I cloned the HDD as swapped them out. Then since I had the box on the bench I added more RAM and a new SATA controller.

Then when it booted I was greeted by a new dialog box that said there had been too many hardware changes and I needed to prove that I had a valid license. No big deal, just annoying.

How often can I make hardware changes to a Windows 2003 server with out tripping the re-validation?

By re-validation I mean the Windows licensing.

I'm helping a customer with an exposed MSSQL 2005 server. They will not budge on a firewall or VPN solution... and there logs are full of signs of attacks.

What can be done to protect a exposed SQL 2005 Server without additional hardware?

By exposed I mean if you point SSMS at the public IP with the right credentials you are connected.

I have a Win 2008 Server running IIS7. There are a few old ASP sites that still need to live on this box. I enabled ASP and the sites where running fine until yesterday.

Now when the ASP site goes to connect to a database I get a 500 error. In the log I have 8002801d.

Everything I have found so far has referenced registry keys I don't have.

The other odd thing... some info I have found about getting IIS to send the error to the browser shows an ASP icon in the IIS manager. I don't have that icon. I don't know that I ever did.

UPDATE

Hitting any ASP page would cause the error not just the ones connected to a database.

With the ASP icon missing and needing to get this fixed I decided to remove the ASP role. It removed everything under application development. I wasn't expecting that! I then installed everything under application development and rebooted the server.

Problem solved.

It would still be nice to know what was wrong and how to fix it with out doing what I did.

LOGS

#Software: Microsoft Internet Information Services 7.0
#Version: 1.0
#Date: 2010-06-28 19:03:10
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2010-06-28 19:03:10 ::1 GET /max/ |7|8002801d|- 80 - ::1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30618) 500 0 0 304
2010-06-28 19:03:16 ::1 GET /BMI - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30618) 301 0 0 9
2010-06-28 19:03:16 ::1 GET /BMI/ - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30618) 200 0 0 408
2010-06-28 19:03:16 ::1 GET /BMI/Style.css - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30618) 304 0 0 1
2010-06-28 19:03:16 ::1 GET /BMI/logo.bmp - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30618) 304 0 0 1
2010-06-28 19:18:32 ::1 GET /max/logon.asp |7|8002801d|- 80 -  ::1  Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.04506.30;+.NET+CLR+3.0.04506.648;+InfoPath.2) 500 0 0 184
2010-06-28 19:23:32 ::1 GET /max/logon.asp |7|8002801d|- 80 -  ::1  Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+(R1+1.6);+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.04506.30;+.NET+CLR+3.0.04506.648;+InfoPath.2) 500 0 0 166
2010-06-28 19:24:05 ::1 GET /max/logon.asp |7|8002801d|- 80 -  ::1  Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.04506.30;+.NET+CLR+3.0.04506.648;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729;+InfoPath.2) 500 0 0 296

I have a Mirrored Dynamic disk on my Windows 2003 Server. How do you monitor the health of the volume?

Is there a way to have the server send an email when there is an issue with the volume? Is there a way to have the server run S.M.A.R.T. tests?

EDIT: Nothing says WTF like logging into a client server, running DISKPART LIST VOLUME and seeing this.

Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
----------  ---  -----------  -----  ----------  -------  ---------  --------
Volume 0     X   xDrive       NTFS   Mirror       233 GB  Failed Rd
Volume 1     C                NTFS   Simple        57 GB  Healthy    System
Volume 2     D                       DVD-ROM         0 B  Healthy
Volume 3     F                RAW    Partition    466 GB  Healthy
Volume 4     E   New Volume   NTFS   Partition    932 GB  Healthy

I have some severs I manage VIA Remote Desktop. They do not listen on port 3389. I can connect with out issue doing IP:PORT.

I now manage so many I'm trying to use the Remote Desktop snap-in for the management console. But it will not let you enter a colon in the host name.

Is there another way to specify the port?

Here is link to the snap-in.

EDIT:

I'm using XP... yeah I know I'm behind.