awilinsk's questions

I have a Windows Server 2012 R2 IIS web server, running on VMWare esxi 5.5, hosting multiple websites with different IP addresses. This server recently has been refusing connections randomly across all websites. When the server stops accepting connections, there are tons of SYN_RECEIVED entries in netstat. Sometimes from the same IP address across all the hosted IP addresses other times from different IP addresses but a lot more of them. These entries sit for a while and then will disappear (assuming a timeout period is reached).

I've read this is probably a SYN flood attack, but that Windows is supposed to have a built in way of handling these attacks. I looked at this article, https://blogs.technet.microsoft.com/nettracer/2010/06/01/syn-attack-protection-on-windows-vista-windows-2008-windows-7-windows-2008-r2-windows-88-1-windows-2012-and-windows-2012-r2/, and did a netsh trace, but there's nothing in the logs that indicate SYN attack protection has been initiated. This makes me wonder whether SYN attack protection is working. The web server does have the built in Windows firewall disabled. Could that cause the SYN attack protection to be disabled?

I also read that increasing the server resources could help. I doubled the CPU and RAM for the virtual machine, but this problem still crops up every week. Usually for a day and then goes back to normal. When the server stops responding to connections, netstat will be filled with a bunch of SYN_RECEIVED entries and it will take several minutes to complete. At this time the CPU usage is really low, around 5-10%, and the RAM usage is half of what is available. After the suspected attack, netstat will return all the results in a few seconds.

How can I stop this connection refused thing from happening? Any tips or tricks? Does the disabled windows firewall have something to do with the mitigating the attacks.

I have a web app that sends emails to users using IIS 7 on Windows Server 2008. I would like these emails to be put in a Pickup directory instead of sending them directly to my Exchange 2010 mail server. Is there a way to configure Exchange 2010 to look at a pickup directory on another server or do I have to use an SMTP server on my IIS server to forward email to my Exchange server? What are the best practices for delivering email using a pickup directory?

I have an NFS share on a Windows 2003 Server that is working perfectly with read/write access using anonymous access. I am moving to a Windows Server 2008 R2 machine and am trying to do the same. I have everything set up the same as the 2003 server and I can mount the NFS share on my linux box, but when I try to list the contents or write to it I get a "Permission Denied" message.

I have the NFS share set up to "allow anonymous access" with a -2 UID and -2 GID. I have the NFS share permissions set the ALL MACHINES read/write with no root access (the same as the 2003 server). I have the folder NTFS security set for ANONYMOUS LOGON for Full Control.

I found an article on the internet that said to give EVERYONE Full Control for NTFS security and then edit the local security policy to enable anonymous access to be in the EVERYONE group. This worked and allowed me to read/write to the NFS share, but this doesn't seem right to me. I don't want EVERYONE to have read/write access to the folder on the network. I just want to give ANONYMOUS LOGON read/write access.

I cannot figure out what I am doing wrong. Did something change in Server 2008 R2? How do I set this up?

We have a line-of-business app written in VB6. When the app starts, it checks a specific network path to see if there any updates to the application. If there are updates, the program logs in as the domain administrator and copies the new files. Since Windows Vista, this is broken because of UAC. In order for our app to update itself, the user has to right click and select "run as administrator". If the user is not a local admin on their computer, windows will ask for administrator credentials. Is their any way in group policy to specify that a particular executable can run as the administrator without prompting? If not, does any one have any suggestions on how to get around this?

I am running Windows Server 2008 (not R2) for a print server and I have a program that needs to write to the UNC path of the network printer. I have found that anyone in the Print Operators group is able to write to the UNC path of the network printer, but standard users are not. I have tried adding the same permissions as the Print Operators group to a user, but when I try to write to the UNC path, I get Access Denied. I cannot add users to the Print Operators group because it gives too many permissions. What permissions do I need to set to allow standard users to print to the UNC path of a network printer?

In our company, we have a 32 bit Windows 2008 print server. I have successfully installed many printers with both 32 bit and 64 bit drivers. We have two Xerox Wide Format printers and I cannot install the 64 bit drivers. I believe it's because they are not digitally signed. I can install the 32 bit drivers on the server and it comes up with the red security warning that they are not signed, but I installed them anyway. When I go to my Windows 7 64 bit machine to install the drivers, I get the message:

"Unable to install Xerox 6050A PS Wide Format with FreeFlow Accxes, x64, Type 3 - User Mode driver. Operation could not be completed (error 0x00000002)."

I did some searching and I think it's because the drivers are not signed. How would I get passed this problem? Is there a way I can manually install the drivers on the server?

On a side note for anyone thinking about buying a Xerox product: I don't know why a company as large as Xerox would not sign their drivers. I tried to contact Xerox technical support, but I can't get passed their 1st level support because I do not have a contract with them. I was refused support unless I wanted to pay for 2nd level support.

Here is our scenario: We have a shipping calendar as a public folder calendar in exchange 2007. There are three users in our company allowed to add/edit/delete appointments in the calendar. Our current trucking carrier would like to be able to view the calendar.

I have tried to use Outlook 2007 to publish the calendar, but you cannot publish a public folder calendar to a webdav server. Then I tried creating a mailbox just for this purpose and giving all three users permission to edit the calendar of that mailbox. This allowed one person to publish the calendar to a webdav server. This worked great except if a user that did not publish the calendar were to delete an item, the changes would not get synchronized with the iCalendar on the webdav server.

Is there anyway to produce an iCalendar from exchange without having to use outlook? Is there a url that Exchange provides to get a public folder (or user mailbox) calendar in an iCalendar format?

We would like our users to still use Outlook to edit the calendar as they do now, but would like the calendar updated in real time by accessing it from exchange. Is there any third party software to do this? I'm also a .NET developer, so if anyone knows of any sample code to pull this off, that would also be helpful.

I'm also open to other alternatives besides exchange, but the requirements are: Our three users have to be able to edit the calendar. The changes have to be in real time. There has to be a read-only way for our trucking carrier to view the calendar.

We have about ten client computers ranging from Windows XP to Windows 7 that have a little program that runs in the tray. This program needs to be running at all times and sometimes it either crashes or a user exits the program. We would like to be able to check every hour or so to see if this program is running. If it is not running, it should be started.

I have tried using powershell on one of our servers to get the process from a remote computer and if it doesn't find it, to start it. But, that fails because it cannot start the process as an interactive user.

I tried setting up a task in task scheduler, but Windows XP task scheduler is not very good or configurable.

We would like this to be as easy to administer as possible. What would be the best way to do this?

I wrote a custom module that hooks into the Application_Error event of ASP.NET to write a user friendly error message instead of the YSOD. This works great on my development machine running on the built-in visual studio web server. When I move it over to IIS 7, my module is not even being invoked.

I did a failed request trace and it listed a VIRTUAL MODULE UNRESOLVED event for my (as well as a few others) module. So it seems like the module is not being found, but I can't find any information on this event in google.