Django Reinhardt's questions

This is a big question, so I'm only looking for a high-level overview answer to help me research the bits I don't know.

Essentially the problem is this: I need to take a dedicated Mac Mini (or similar macOS machine) and use it to host a website that's only accessible to those on the same local network.

My first instinct was to buy a domain (and certificate) and point it to a local address (eg. 10.10.10.152) that I know my server will be located at. So that way anyone trying to access that domain will be redirected locally to my website if they're on the right network.

Will this work? If so, what are the major steps in taking a domain, installing a certificate, and pointing it to a local IP?

I'm trying to receive the default Windows password so I can RDP into my EC2 instance. According to the AWS documentation, it's just as simple as sharing the contents of the Key Pair that used during the creation of the instance.

However when I do that, I get the following error:

Looking at my .pem file, the contents do appear to be encrypted:

So I've tried to decrypt the RSA key using the following command in macOS (taken from this question):

base64 -D -i /Users/home/desktop/pw.txt | openssl rsautl -decrypt -inkey $HOME/aws-remote.pem

But I keep getting the following error in Terminal:

Error reading input Data

The .pem file is being found OK (it gives another error if it can't find it). What am I doing wrong?

We've had some issues with our domain provider (1&1) automatically resetting our CNAME record for a subdomain (which is www.).

I've spoken to them about this and they say they're resetting it because it's "inadvisable" to have a CNAME on a www subdomain, stating that Tim Berners Lee designed it to only be used with the root. This is news to me. As I understand it, there is nothing special about the www subdomain in a technological sense.

It may be unusual, but in our case its use with a CNAME is very deliberate. Is it actually breaking some technological best practice?

I've created a new SSL Certificate using AWS's service for a subdomain that points to an Elastic Beanstalk instance. It appears in the Certificate Manager correctly...

but it doesn't appear in the EB instance's Load Balancer dropdown...

According to the documentation (Configuring Your Elastic Beanstalk Environment's Load Balancer to Terminate HTTPS), all I need to do is "choose your certificate from the SSL certificate ID drop down menu", but it's not there.

I've tried to add the SSL certificate through a .config file using CLI and I got the following error:

ERROR: Service:AmazonCloudFormation, Message:Stack named 'awseb-e-upxkf5kr8b-stack' aborted operation. Current state: 'UPDATE_ROLLBACK_IN_PROGRESS' Reason: null ERROR: Updating load balancer named: awseb-e-u-AWSEBLoa-xxx failed Reason: Server Certificate not found for the key: arn:aws:acm:eu-west-1:xxx:certificate/xxxx

What have I done wrong?

The following "fix" is found on Microsoft's site under KB968003, but it's unclear which operating systems it's for.

The instructions call for you to run the following batch file:

@echo off

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f 
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f 
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f 
subinacl /subdirectories %SystemDrive% /grant=administrators=f 
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f 
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f 
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f 
subinacl /subdirectories %SystemDrive% /grant=system=f

@pause

But I've read that this was written for Windows XP, and that this script will cause permanent damage to Windows 2008 R2 or Windows 7.

Is there any truth to this? Or will it be OK?

I was just looking at our server, thinking about disabling any Services that we're not using, and it got me wondering:

Provided a Service is never called by anything to start, and it's just sat on "Manual", does it take any system resources in that state? Purely from a system resources POV, is it better to set unused Services to "Disabled" instead?

Just wondering if there was any real difference to resources? (Forgetting security concerns, which are obviously another issue.)

Really weird problem here. Our main web server has started running at a snail's pace, for absolutely no reason we can discern. Even after restarting the machine, when there's no little or no ram usage and CPU usage is fluctuating between 0 and 30%, simple tasks, like opening Internet Explorer, or waiting for My Computer to open, take forever.

There are no processes hogging system resources that we can see... the machine itself is just exhibiting extremely slow behaviour. I've never seen a machine do this.

A lot of security updates had built up, so we decided to let Windows install them. When we looked through the history upon restarting, though, they had failed with error code 800706BA. I don't know if this could be related or not.

Any help in this matter would be greatly appreciated. As mentioned in the title, we're running a Windows Server 2008 R2 machine. It's also running SQL Server and IIS. It has 16GB of RAM and a decent Quad Core processor. It's also been fine until now -- and we haven't changed a thing.

Thanks for any help.

I was just looking at our site on WebPageTest.org and one of their recommendations for speeding up a website is:

ETag headers should generally not be used unless you have an explicit reason to need them

I was wondering what this means. Does it mean that static content you know will not be changing should not have them, or does it mean content you know will be changing regularly shouldn't have them, or does it mean that you shouldn't use them generally unless you have a specific need.

If it's the latter, when is the right time to use them?

I hope someone can help. We've got a Windows Server 2008 R2 machine with 16GB of RAM that keeps getting all its available memory eaten by something. Nothing in Task Manager or Resource Monitor reveals any process using memory above 300MB... but memory usage on the server is 15.7GB.

The only things running are SQL Server 2008 and IIS7.5 (with ASP.Net).

Note: RAM usage after a reboot starts low and works its way up. After a week or so we keep finding outselves in this situation.

How can I discover what's eating all our memory? :(

I hope this has a really simple solution, but I have a feeling it won't. I've not been able to find any information on this anywhere else, which isn't a good start!

Basically we're running SQL Server 2008 on a Windows Server 2008 R2 machine with 16GB RAM.

The problem is that our RAM usage keeps creeping up to 15.6GB and causing us problems, and I was wondering if it could be SQL's cache.

We've now configured SQL to use a min/max of 13GB, but I'm still worried that it might be something else eating the RAM, so before I reset the server and flush out whatever is using it, I thought I'd try and see if it was SQL behind it.

How can I see the size of SQL's cache RAM usage? Is it just the figure in the task manager?

Thanks for any help.

This question has previously been asked, but that was a year ago and I wanted to know if there had been any developments since then.

Basically we'd like to use a MemCached Server on a Windows Server 2008 R2 machine... which is only x64, obviously.

I haven't found any details on a Win64 version of MemCached, but there is still the solution from the previous thread (which I haven't tried yet) to use a bit of software called MemCacheD Manager running MemCached 1.2.6. However, the current version of MCd is 1.4.4 and I was wondering if there had been any improvements since then.

We've recently upgraded our ASP.NET Website to a Web Application and we're shocked by the sudden leap in difficulty when deploying it. Considering how common a task this must be, I was wondering what plug-ins/software people use to deploy a rapidly evolving, remotely stored, project (ie. a website)?

There must be a better way than just "Publishing" in Visual Studio and then having to manually FTP the files that have changed? Not least because the site goes down when we're uploading our .DLLs.

There are so many fiddly file exceptions that I'd must rather automate the process as much as possible, to prevent accidental uploads.

With our old solution (on our WebSite) we used Dispatch for ASP which totally rocked and made the entire process one click. Unfortunately it's not great for DLLs (as previously mentioned).

So how does your team do it?

Thanks for any advice.

PS - I've read that Visual Studio 2010 is supposed to address these shortcomings in VS2005/08, but until then...

this should be a really simple one:

In Advanced Windows Firewall on Windows Server 2008+, Properties > Advanced, what does "Edge Traversal" mean?

I Googled it, of course, and was unable to come up with a concrete answer, and I was especially shocked to see the following on Thomas Schinder's blog:

The Edge traversal option is an interesting one, because it’s not documented very well. Here’s what the Help file says:

“Edge traversal This indicates whether edge traversal is enabled (Yes) or disabled (No). When edge traversal is enabled, the application, service, or port to which the rule applies is globally addressable and accessible from outside a network address translation (NAT) or edge device.”

What do you think this might mean? We can make services available across a NAT device by using port forwarding on the NAT device in front of the server. Could this have something to do with IPsec? Could it have something to do with NAT-T? Could it be that the Help file writer for this feature didn’t know either, and made something up that represented a tautology?

I don’t know what this does, but if I find out, I’ll make sure to include this information in my blog.

I appreciate his honesty, but if this guy doesn't know, who does?!

We're having difficulty connecting to a VPN as soon the machine is on the other side of a router, and I was wondering if this might help? So I'm pretty keen to hear a proper description of what "Edge Traversal" does!

as some of you may be aware, I'm currently involved in an on-going saga in getting our servers up and running. As pretty much a newb, I'm slowly making progress, but I've hit a stumbling block.

Here's a bit more about us: We're a website. We've grown too big for our server and hit the ceiling our lowly PowerEdge can handle. For a solution we're adding two servers: One as a Firewall/Router/VPN and one as a Web Application server. The original will be altered to become a DB server.

All three boxes are running Windows Server 2008 R2 and I'm using RRAS to configure it all. All three boxes are DIRECTLY connected (there are no hardware hubs, switches or routers).

This diagram hopefully gives a clearer idea of what I'm talking about (even though it's pretty vague).

The IP addresses are the static IPs I'm configuring for each network adapter.

Focussing on the "left-hand leg" (10.0.1.1 to 10.0.2.1), we currently have the following setup:

FIREWALL/ROUTER

For the adapter facing the Web App server (10.0.1.1):

• IP: 10.0.1.1
• Subnet: 255.255.255.0
• Default gateway: (blank)

WEB APPLICATION SERVER

For the adapter facing the Firewall/Router (10.0.2.1):

• IP: 10.0.2.1
• Subnet: 255.255.255.0
• Default gateway: 10.0.1.1

What's odd is that the Web Application server thinks that the connection is an identified network and thus I've been able to set it to Private Network (Work), but on the Firewall/Router it classes the connection to the Web Application server as unidentified Public.

Why would it do this? How can I fix it? What should I put in the (blank) space?

Thankfully the Web Application server is able to get an internet connection through RRAS's NAT on the Firewall/Router, so things appear to be configured correctly so far. Am I going about this the right way?

Thanks for any help or pointers.

UPDATE

Thanks to advice from Massimo and Sim, we've decided to get a switch. Now our configuration looks more like this...

Thanks again, folks. This has been (and will continue to be) a real learning experience.

I hope someone can help. I'm currently setting up my first VPN on a Windows Server 2008 R2 box and every tutorial I've found says to configure Active Directory first. I've not actually done that before, either, so I was wondering if it was completely necessary?

Also, what type of VPN would you recommend? L2TP/IPSec or SSTP?

Thanks for any help.

We have an old PowerEdge 860 that we're trying to install Windows Server 2008 R2 onto. At present the machine doesn't have any OS installed, so we're doing a clean install from a DVD. Pretty simple stuff.

The problem is that, although the installation process starts off well (asking for language and locale settings), as soon as we click "Install Now" we're told

"A required CD/DVD device driver is missing."

The operating system has already booted from our only DVD drive(!!!).

Hardware wise, our DVD drive is a Hitachi LG GWA-4400N, salvaged from an old laptop. There have never been any drivers released for this device, nor any firmware updates.

I've seen other people complain about this problem (usually in relation to installing Vista or Windows 7) but I've not found a 100% solution yet. The most promising lead I have is from someone claiming that Windows is actually asking for a driver for the ATAPI/IDE Controller here.

UPDATE
See my answer below... (It was a corrupt download from MSDN. *shame*)

I can't seem to find a simple, step-by-step tutorial on how to use Performance Monitor remotely. I just want to give non-admin rights to one of our DBA guys so he can get the results he needs from perfmon on our server. Remote desktop seems like overkill, and a potential security concern if his laptop is ever stolen (even though you can only RDP from our IP, but still).

Can anyone point me to a simple tutorial on getting remote Performance Monitor access? (eg. What ports need to be opened, etc.) Or perhaps just explain it yourself? I can't imagine there's that many steps involved...?

Thanks for any help, I'm surprised at how hard it is to find the answer I'm looking for!

We're currently in the process of adding additional servers to our website. We have a pretty simple topology planned: A Firewall/Router Server infront of a Web Application Server and Database Server.

Here's a simple (and technically incorrect) diagram that I used in a previous question to illustrate what I mean:

We're now wondering about the specs of our two new machines (the Web App and Firewall servers) and whether we can get away with buying a couple of old servers. (Note: Both machines will be running Windows Server 2008 R2.)

We're not too concerned about our Firewall/Router server as we're pretty sure it won't be taxed too heavily, but we are interested in our Web App server. I realise that answering this type of question is really difficult without a ton of specifics on users, bandwidth, concurrent sessions, etc, etc., so I just want to focus on the general wisdom on buying old versus new.

I had originally specced a new Dell PowerEdge R300 (1U Rack) for our company. In short, because we're going to be caching as much data as possible, I focussed on Processor Speed and Memory:

• Quad-Core Intel Xeon X3323 2.5Ghz (2x3M Cache) 1333Mhz FSB
• 16GB DDR2 667Mhz

But when I was looking for a cheap second-hand machine for our Firewall/Router, I came across several machines that made our engineer ask a very reasonable question: If we stuck a boat load of RAM in this thing, wouldn't it do for the Web App Server and save us a ton of money in the process?

For example, what about a second-hand machine with the following specs:

• 2x Dual-Core AMD Opteron 2218 2.6Ghz (2MB Cache) 1000Mhz HT
• 16GB DDR2 667Mhz

Would it really be comparable with the more expensive (new) server above?

Our engineer postulated that the reason companies upgrade their servers to newer processors is often because they want to reduce their power costs, and that a 2.6Ghz processor was still a 2.6Ghz processor, no matter when it was made.

Benchmarks on various sites don't really support this theory, but I was wondering what server admin thought.

Thanks for any advice.

I'm currently taking stock of our server before we add a new one. I wasn't involved in its purchase (before my time) but the more I learn about its specifications the more concerned I am. Note: Ultimately it will be used as a Database Server in our new configuration (I don't know if this will change the answer to my question or not).

The server currently has a single dual-core Opteron 2212 (2.0Ghz). The problem is that while I've been investigating this processor, I've come across statements like this one: "Dual- and quad-socket set-ups are a must with this chip... It would be pointless to only use one."

Plus, all the benchmarks I've seen for this CPU only show a two-socket configuration.

For example: CPUBenchmarks.net

In fact, I can't even find any benchmarks for the single CPU... everything lists it in a two-socket set-up.

Did we do something wrong here? Should this chip always be used in a dual-socket configuration? If so, why? What's so bad about having only one? And why did Dell allow us to buy a PowerEdge SC1435 from them with only chip installed?

I'm really confused why so many places would seemingly list this as an issue.

we're currently in the process of putting together our own server Firewall/Router. We were going to use a dedicated solution from someone like Juniper or Watchguard, but it is going to be a lot more cost-effective if we use a server machine we were planning to get already, instead.

About us: We're a website that is going to have two servers behind the Firewall/Router Server (a web server and a database server). All three servers are going to be running Windows Server 2008 R2 x64.

Excuse the crudity of my diagram (I know it's not even close to being technically correct, but it hopefully makes our topology a little clearer)...

#1 ROUTING

We are using RRAS to configure our routing. At the moment this is configured to give our Web App server internet access (through RRAS's NAT) but I need to set up port forwarding so that any request to port 80 is sent directly to the Web App server.

#2 FIREWALL

Would Windows Advanced Firewall do our required job acceptably? (I imagine the answer to this is yes.)

#3 VPN

Setting up a VPN has been a pain so far (certificates are annoying!). Every tutorial I've seen seems to have a DNS and DHCP roles running on their VPN machine... why is this? Are they both necessary or can I bin them?

Overall

Are the any more tips on how to configure this server for our needs?

Thanks for any advice. I'm sorry if this is a really badly asked question! (There is a bounty, at least :)