Piers Karsenbarg's questions

I'm using AWS and have a VPC which is connected to the local network via a VPN. I can launch EC2 instances, put them in various subnets in various AZ's and connect to them via internal IP.

I can also join them to the local domain.

However, I want to be able to automatically put them into specific groups within the AD domain, based on their IP address, when they join the domain.

Therefore, when I create a new instance of my image it will be joined to the domain and because it has a particular IP address, will be added to a certain group.

I have an ELB. It has the address myelbname.eu-west-1.elb.amazonaws.com as one would expect.

I also have an EC2 instance behind that ELB. The load balancer is saying that the instance is healthy (the status is "In Service").

I can access the EC2 instance over IP on my network (using VPN to the VPC) but if I go to the A record of the load balancer in a browser then it can't be found.

Also, if I run nslookup it does show an IP address for the load balancer.

I've also tried adding a CNAME record and pointing it to the ELB's DNS name but that didn't work.

I'm trying to use msbuild/webdeploy with teamcity to deploy to IIS. However, I'm getting an ERROR_USER_UNAUTHORIZED error message and link pointing me to this page on iis.net.

I'm using the Web Management Service to do this and I can verify that the username and password exist (I can log into the server with that combination), the site exists and the the user has IIS manager permissions:

So what am I missing out?

Edit: New screenshot to answer @dirt:

I'm currently connected to a VPN, but the machine I'm on is not connected to the Windows domain that the rest of the network is on.

On that network is a Windows 2008R2 server that I am an admin on. Files on that server can be accessed through Explorer by going \\server.fqdn\share.

There is a share on that server called git (can you tell where I'm going yet?). Through Explorer I can go \\server.fqdn\git\website.git and see the contents of that folder.

However, I would like to access a git repo in that folder. I know that I can add a remote as //server.fqdn/git/website.git but I keep getting an error saying I do not have permission.

I used to get past this error by opening up Windows Explorer, going to \\server.fqdn\git and entering my username and password, however this doesn't seem to be working anymore.

Any thoughts?

I've set up a git server using instructions from Scott Chacon's ProGit book. I can connect, and interact with the repositories that I've set up with no problems using Git Bash or Git GUI from msysgit with no problems. I'm running git on a VM under Virtualbox on my machine, with ssh being port forwarded.

However, when I try to access the repository using either SmartGit or Teamcity, I get error messages that say that the remote end hung up unexpectedly.

I'm using an ssh key for authentication and it seems to work with Git Bash and GUI as I'm asked for the passphrase that links to those but I'm not sure why it doesn't work with teamcity (which is also running on my machine).

The URL that I'm using to connect to git is ssh://git@3439vsweb/home/git/readme.git

This URL works (as I've said before) with Git Bash and Gui so I can't figure out any reason why it wouldn't work with teamcity.

I'm trying to allow the IUSR account access to certain folders. Currently when I do this, it gets the little red arrow (as seen in this question) and although I can see it in the list and it appears to be given access, it doesn't work.

What do I need to do to allow IUSR access?

I've got an AD domain and I have admin access so can change anything.

I want to run DFS replication between a couple of servers. It's my understanding that the servers need to be part of a domain for this. Being able to give people a username and password that works on all servers would be useful too, so I can lock up the admin password.

All machines will be running Windows 2008R2 and they will all be running Windows Firewall, so I need to be able to allow the other machines to connect to this server, but lock out everyone else.

So my question is: what ports do I need to allow the machines to connect to the Domain Controller over?

I'm planning a few servers to be run on Rackspace cloud. Aside from using load balancers to control the flow of web traffic, how good is the Windows Firewall? I'm thinking in terms of throughput as well as security.

I've been trying to secure RDP to a new Windows 2008R2 server (using Windows Firewall) by only allowing RDP traffic from one IP address.

Under the "Computers" tab, it seems I can only allow user or computer authentications when the server is set to only allow secure connections.

So, I go to the "General" tab and under "Action" I set to "allow the connection if it is secure". That's when I get shut out, cannot reconnect over RDP and have to rebuild (this is a Rackspace cloud server so easily done).

Where am I going wrong? I haven't done anything to my local workstation (which I'm assuming I have to) as I can't find anything in the RDP client to change regarding encrypting the connection.

We're currently using ISAPI rewrite. However, we're moving to servers with IIS7 on them. If we're going down the route of using IIS7's url rewriting tool (which, if I remember correctly changes the web.config, which in turn causes an application restart) is there a way to do without causing the application to restart?

This question is specific to Rackspace, but I guess it could be applied to something like AWS as well.

Say I have the following group of machines: 1 load balancing VM, 2 web VMs and a database VM. If the database is only accessed by the web machines (over an internal IP where the bandwidth usage is free) and the web machines are only accessed (by the general public) over internal IPs (again, free) via the load balancer, does this mean that the only bandwidth that I'm actually paying for is the incoming and outgoing from the loadbalancer?

Have I got that right?

I know of iptables. I know of ufw. I've been using ufw in the past just because it's easier to setup and use.

However, which one should I be using? Is iptables more secure? Is ufw more stable?

I have no idea, hence why I'm asking here.

I'm running Ubuntu 10.04 and am having issues getting to the log files in /var/log/apache2

I can cd to most other places (I haven't tried every single file, obviously) but when I try to get to the above directory, I get the error message sudo: cd: command not found

... I've just tried something else and I can't cd when used in conjunction with sudo. I can use sudo when doing things like apt-get but it seems I can't change directory when using sudo.

I haven't been on this server for a while but I know I used to be able to do this.