I'm a software engineer that wrote my own SMTP delivery agent. I recently added the STARTTLS support to my software and I was doing some testing, when I noticed that Google's SMTP transfer agents are not sending STARTTLS commands to my server. This was very surprising to me!

Does anyone know why Google's mail servers don't even attempt to upgrade the connection to a secure one?

My logs reveal that many transfer agents are upgrading their connections, including Microsoft operated transfer agents.

My server is accepting connections on ports 25, 587, and 2525. I did some experimenting to determine if Google's transfer agent would send STARTTLS if it were forced to connect to 587 instead of 25, by temporarily closing port 25. But I stopped getting delivery attempts altogether at that point. My understanding is that port 25 is the standard port used for relaying email and that 587 is standard for submission, so that makes sense I guess.

Here's a log sample from Microsoft's MTA:

[20:00:00 INF] Session established
< 220 ***REDACTED***
> EHLO NAM11-DM6-obe.outbound.protection.outlook.com
< 250-STARTTLS
< 250 8BITMIME
> STARTTLS
< 220 Go ahead
[20:00:01 INF] Connection is now using TLS
> EHLO NAM11-DM6-obe.outbound.protection.outlook.com
< 250 8BITMIME
> MAIL FROM:<***REDACTED***>
< 250 ok
> RCPT TO:<mstest@***REDACTED***>
< 250 ok
> DATA
< 354 ok
…

And when Google connects to my server:

[20:10:00 INF] Session established
< 220 ***REDACTED***
> EHLO mail-ed1-f45.google.com
< 250-STARTTLS
< 250 8BITMIME
> MAIL FROM:<***REDACTED***>
< 250 ok
> RCPT TO:<***REDACTED***>
< 250 ok
> DATA
< 354 ok
…

And as you can see, no attempt to upgrade the connection. I'm still learning the protocols and conventions, so if there's a reason for this and I can encourage more transfer servers to upgrade to TLS, I'd like to know what I can do. Or if there's just some other reason that is outside of my control that would be useful information, too.

Thanks!

I have about 1000 azure web apps that I've recently enabled backup for via Edit-AzureRmWebAppBackupConfiguration.

I've taken the backups and now I wish to disable the backups (analogous to the reset button pictured here)

I'm struggling to find a way to automate this task for all of the apps. How can this be done?

I'm comfortable using either powershell, CLI, or HTTP, but I just can't find any documented way of doing it.

Why not?!

How can I find out why not?

I recently enabled Bitlocker without TPM in our domain controller:

Update

Thanks to Greg's 2nd comment I've discovered that I need a basic disk:

C:\Windows\system32>bdehdcfg -driveinfo
BitLocker Drive Preparation Tool version 6.3.9600
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Initializing, please wait...

BitLocker Setup requires a basic disk. Convert your dynamic disk to a basic
disk and run BitLocker Setup again.

This could be problematic in my case:

This machine is a Buffalo Terastation - WS5000R2 series.

When I installed .net 4.5.1 on my windows server 2012 (version 6.2 build 9200), all sql server connections were broken. Any time I tried to connect to the sql server, I'd see an error stating:

The message received was unexpected or badly formatted.

I also saw this C++ runtime error in some programs like linqpad and SSMS:

r6025 pure virtual function call

This caused app pools in IIS to completely stop for any site connecting to sql server.

When I finally uninstalled .net 4.5.1, connectivity to sql server was restored, but applications requiring that version of .net fx were out of commission.

Google and event logs haven't turned up anything useful for how I should proceed to get .net 4.5.1 on this machine.

Any ideas?

I have an authenticode certificate living in a backup created with Drive Snapshot, which is a byte level backup of the c: partition from my development machine.

I need to export that certificate.

I have converted that backup to a vmdk file and tried to boot windows 7, but I get a blue screen which I feel has something to do with the virtual disk controller drivers. Anyway....

Is there any way to export a certificate or use certmgr from the command line, because I can get to a command prompt using a windows 7 disk. I just can't boot into windows.

I have 2 servers:

• SQL Server 2005 w/ Reporting Services Configured
• SQL Server 2008

I need to move the reporting services stuff from 2005 to 2008 so we can decommission the 2005 machine.

Can someone give me all the necessary steps to get things moved over?

I've been given vpn access to a clients network. We set the vpn up using the built in vpn client in Windows server 2008.

When I connect to the VPN, it interrupts the connections to the physical interface of the server. How can I configure the vpn so that this doesnt happen.

I've already deselected the checkbox in the IPv4 properties that says " Use default gateway on remote network".

What else can I do?

My company has a CentOS 5 Linux server. The network card died today and we replaced it with an Intel Pro 1000 GT network adapter.

I'm not great with Linux. How can I get this new NIC working?

Thanks

I am trying to setup a new user on a Standalone (non-domain) Windows Server 2003 SP2.

The user needs FTP access to 1 folder in our web site's directory structure.

Here's exactly what I have done so far:

1. Created the new user in Computer Management.
2. Removed this new user from any groups.
3. In the security tab in the folder properties dialog (NTFS permissions) for the entire volume that holds our site, I explicitly denied full control access for this new user.
4. In the NTFS permissions for the folder that I wanted to GRANT access, I checked Allow Modify.
5. I logged in with the new users credentials from a remote FTP client.
6. I was able to read/write/modify/delete files and folders in the entire FTP structure, regardless of the deny permissions from #3 above.

Why is this happening?

When editing the NTFS permissions for some folders on my Windows 2003 Server w/ SP2, I see many accounts like

Account unknown(s-1-5-21-545330648-264140627-1714.....)

This server isn't a member of an Active Directory domain, just a standalone server.

How can I get rid of these orphaned accounts that are showing up?

I have a sql server 2008 database that is in Full Recovery mode.

I haven't made a backup of the database or log.

Some data was inadvertently deleted from the database. I would like to go back to before the point in time that the data was deleted. How can I do this?

Is there a way to serve unknown file types in IIS 7?

I only want to do this for a single directory where execution is turned off and everything will be served as a static file.

As it is now, I have to add each file extension that I want to serve as a MIME type. I want to serve everything. How can this be done?

I have an ASP.net web site that allows users to upload files to an upload folder on the server. The site is served by IIS 7.

I have configured the upload folder to not execute any script files that are requested, but how can I configure IIS 7 to serve these files as it would any other static file ONLY for this folder?

Thanks

EDIT

Here is what I have in the Handler Mappings for my upload folder:

Here is the web.config for the folder:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
    <handlers accessPolicy="Read">
        <remove name="TRACEVerbHandler" />
        <remove name="OPTIONSVerbHandler" />
        <remove name="SimpleHandlerFactory-Integrated" />
        <remove name="SSINC-shtml" />
        <remove name="ScriptHandlerFactory" />
        <remove name="SimpleHandlerFactory-ISAPI-2.0" />
        <remove name="HttpRemotingHandlerFactory-soap-Integrated" />
        <remove name="AXD-ISAPI-2.0" />
        <remove name="ASPClassic" />
        <remove name="AssemblyResourceLoader-Integrated" />
        <remove name="HttpRemotingHandlerFactory-rem-Integrated" />
        <remove name="PageHandlerFactory-Integrated" />
        <remove name="ScriptResource" />
        <remove name="SSINC-shtm" />
        <remove name="WebServiceHandlerFactory-ISAPI-2.0" />
        <remove name="SSINC-stm" />
        <remove name="ISAPI-dll" />
        <remove name="PageHandlerFactory-ISAPI-2.0" />
        <remove name="ScriptHandlerFactoryAppServices" />
        <remove name="SecurityCertificate" />
        <remove name="TraceHandler-Integrated" />
        <remove name="UrlRoutingHandler" />
        <remove name="WebAdminHandler-Integrated" />
        <remove name="MvcHttpHandler" />
        <remove name="HttpRemotingHandlerFactory-soap-ISAPI-2.0" />
        <remove name="HttpRemotingHandlerFactory-rem-ISAPI-2.0" />
        <remove name="CGI-exe" />            
    </handlers>
</system.webServer>
</configuration>

And here is what I get if I request an aspx file that is in my upload folder:

Server Error 404 - File or directory not found. The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

I have copied an IIS 7 site's files to a new directory, created a new site for copied files in IIS 7, set up bindings that aren't conflicting, configured the copied site to use a different database than the production site.

I can go to the login page of the copied site. The login page can authenticate me, but when it redirects me to a subdirectory, I get a 500 error from the server. I cannot figure out why I can't access these subdirectories.

Any ideas? This is driving me crazy.

I have 2 Windows 2008 Servers. One is a web server (IIS7). The other is a database server (SQL Server 2008). The instance of sql server 2008 is configured to use mixed mode authentication. Neither are joined to an active directory domain.

How should ASP.NET applications on the web server login to the databases on the database server? I have tested with the SA account, but obviously I need to change that.

I am confused about what to use: sql server account, windows accounts configured on each machine, or "Application Roles," which I don't really have a great understanding of.

The account just needs to be able to read and write data, and execute stored procedures. What should I do and how do I set it up?

...

Instead of just a quick answer, please give me instructions on how to set this up. Thanks.

I have a Windows Server 2008 machine hosting sites from IIS 7. I have bought certs from trusted authorities before and installed on IIS 6, but I just want to make my own certificate to encrypt the data, and I am not sure how to go about doing this on server 2008.

How can I use Server 2008 to generate an SSL Certificate to secure a site?

How then do I install the certificate on a site?

I have used the Web Platform Installer 2.0 beta to install php on IIS6.

I tried this first on a test server with success.

When I did this on the production server and browse to a test php file, I see:

The page cannot be found

Is there anything I need to configure in IIS 6 to get this working?

I need to allow untrusted providers in IIS7. I think that this is accomplished by editing the trustedProviders section of Administrator.config, but I don't know exactly how to do this.

I want to do this so that I can manage users directly from IIS7's gui.

Is it a text file? Where is it? If I can't edit it directly, how do I do it?

I have successfully set up sending and receiving email in the Thunderbird for my Groupwise account. But, I am missing the feature that suggests contacts when I start typing their name in the To field (or cc or bcc).

Is there a way to connect thunderbird to the groupwise contacts? If not is there a way to manually import the contacts.

Thanks

I have ran into this a few times:

I get a new email address that can only be accessed by IMAP or through a web browser. I want to read mail from all of my other accounts through my gmail account.

Gmail lets me connect to other pop servers out in the world, but not IMAP.

Well, to get around this in the past I have created a forwarding rule in for my new email address and have all the email sent to an account that I can access by POP and get the email to gmail that way.

Well now I have a new university email account that I can't access by POP but only IMAP and Outlook Web Access. In OWA, I don't have the option to set up the forwarding rule.

What can I do?

I have looked for some software that will download email from an IMAP account and serve it through POP, but I can't find any.

Any ideas?