David Elner's questions

I'm trying to setup a dedicated server for Rust (a game) on an AWS EC2 VPC instance running Ubuntu 14.04 64-bit. Following the instructions, I got the application started and listening on its default ports (UDP 28105, TCP 28106.)

netstat -tulpn shows:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address  State PID/Program name
tcp  0   0   0.0.0.0:28016    0.0.0.0:*  LISTEN   7370/RustDedicated
udp  0   0   0.0.0.0:28015    0.0.0.0:*           7370/RustDedicated    
udp  0   0   0.0.0.0:4209     0.0.0.0:*           7370/RustDedicated

That seems to look okay, but trying to connect to it with the game client and remote console (RCON) yielded a connection refused. I suspected it might be a typical firewall/security group issue, so just for testing purposes, I exposed instance's security group to all ports. Still no dice.

Instead, I decided to see if I could at least connect to it locally, from an SSH session on the same box the application is running.

I ran telnet 127.0.0.1 28106 which yielded:

Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

How can my application be listening on this port, but still refuse connections from its loopback address? As you can see, it's bound to 0.0.0.0.

How can configure this so it won't throw "Connection refused"?

EDIT

sudo iptables -L shows:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Then I updated it with settings that should allow connections through:

Chain INPUT (policy ACCEPT)
target     prot opt source    destination         
ACCEPT     tcp  --  anywhere    anywhere   tcp dpt:28016 flags:FIN,SYN,RST,ACK/SYN
ACCEPT     udp  --  anywhere   anywhere   udp dpt:28015
ACCEPT     tcp  --  anywhere   anywhere    tcp dpt:28015 flags:FIN,SYN,RST,ACK/SYN

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Trying to setup a Graphite/Carbon cluster. I have an elastic load balancer that directs traffic between two nodes in my cluster, each with one web app, relay, and cache.

In this example, I sent 1000 counts for Metric1 to the cluster.

Here's a diagram:

The problem

As seen above in the diagram, each server holds approximately half of the actual metric count. When queried via the web app, it only returns one half of the actual count. According to this fantastic post, this is expected behavior, because the web app returns the first result it sees. This implies (and is documented) that only complete counts should be stored on nodes (in my example, one or both of the nodes should have 1000.)

So my issue appears to be the improper sharding and replication of the count. In my example above, when a new count comes in from the web, it can be redirected to either NodeA or NodeB. I had assumed that counts can enter the cluster via any relay. To test this assumption, I removed the load balancer from the cluster, and directed all incoming counts to NodeA's relay. This worked: the full count appeared on one node, then replicated to the second, and the full count was returned correctly from the web app.

My question

The carbon-relay appears to act as an application-level load balancer. This is fine, however I'm concerned that when inbound traffic becomes too great, using a single carbon-relay as a load balancer will become a bottleneck, and single point of failure. I'd much prefer to use an actual load balancer to evenly distribute incoming traffic across the cluster's relays. However, carbon-relay doesn't seem to play nice, hence the problem illustrated above.

• Why did the relay cluster split Metric1 between the two caches in the above scenario? (When a load balancer distributed the input into different relays?)
• Can I use an elastic load balancer in front of my Graphite/Carbon cluster? Have I misconfigured my cluster for this purpose?
• If I can't, should I put my primary carbon-relay on its own box to function as a load balancer?

I'm trying to perform a fresh install of Ruby on Rails running with Apache2/Passenger on Ubuntu. I was able to successfully install apache2, rvm, ruby, rails and passenger, the latter part following this tutorial. All the installations went smoothly; I end up with these versions of software:

• Ubuntu 11.10 running on Amazon EC2
• Apache 2.2.20
• RVM 1.10.2
• Ruby 1.9.3p0
• Rails 3.1.3
• Passenger 3.0.11

After running passenger-install-apache2-module the installer recommended me to:

Please edit your Apache configuration file, and add these lines:

LoadModule passenger_module /usr/local/rvm/gems/ruby-1.9.3-p0/gems/passenger-3.0.11/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/rvm/gems/ruby-1.9.3-p0/gems/passenger-3.0.11
PassengerRuby /usr/local/rvm/wrappers/ruby-1.9.3-p0/ruby

When wiring up Apache2 to use mod_passenger, this is where I run into trouble.

I go to /etc/apache2/mods-available and edit:

passenger.load

LoadModule passenger_module /usr/lib/apache2/modules/mod_passenger.so`

to

LoadModule passenger_module /usr/local/rvm/gems/ruby-1.9.3-p0/gems/passenger-3.0.11/ext/apache2/mod_passenger.so` 

passenger.conf

<IfModule mod_passenger.c>
  PassengerRoot /usr
  PassengerRuby /usr/bin/ruby
</IfModule>

to

<IfModule mod_passenger.c>
  PassengerRoot /usr/local/rvm/gems/ruby-1.9.3-p0/gems/passenger-3.0.11
  PassengerRuby /usr/local/rvm/wrappers/ruby-1.9.3-p0/ruby
</IfModule>

Then I restart the server via apachectl restart. When I load the site, I'm greeted with an HTTP error, as viewed from Google Chrome:

Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.

And when I check the Apache /var/log/apache2/error.log , I find this:

[Thu Jan 19 19:32:07 2012] [notice] Apache/2.2.20 (Ubuntu) Phusion_Passenger/3.0.11 configured -- resuming normal operations
[Thu Jan 19 19:32:09 2012] [notice] child pid 4163 exit signal Segmentation fault (11)`

So it would appear the mod isn't loading or running properly; how do I fix this?

Edit: Extra info

My virtual host:

<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /somewhere/public
ServerName mydomain.com
ServerAlias *.mydomain.com

RackBaseURI /
RackEnv production
PassengerMaxPoolSize 4

<Directory "/somewhere/public">
        Options Indexes FollowSymLinks -MultiViews
        AllowOverride all
        Order allow,deny
        Allow from all
</Directory>
</VirtualHost>

I'm attempting to setup Mono/ASP.NET 4.0 on my Apache server (which is running on Ubuntu). Thus far, I've been following a few tutorials/scripts supplied here, and here.

As of now:

• Apache 2.2 is installed (accessible via 'localhost')
• Mono 2.10.5 is installed

However, I'm struggling to configure Apache correctly... apparently the Virtual Host setting isn't doing its job and invoking the mod_mono plugin, nor is it even pulling source from the proper directory. While the Virtual Host setting points to '\srv\www\localhost', it clearly is pulling content instead from 'var/www/', which I've found is the default DocumentRoot for virtual hosts.

I can confirm:

• "/opt/mono-2.10/bin/mod-mono-server4" exists.
• Virtual hosts file is being read, since undoing the comment in the main httpd.conf changed the root directory from 'htdocs' to 'var/www/'
• The Mono installation is at least semi-capable of running ASP 4.0, as evidenced by running XSP, navigating to 0.0.0.0:8080/ and getting an ASP.NET style error page with "Mono ASP 4.0.x" at the bottom.

Can anyone point out how to fix these configurations and get Mono linked up with Apache?

Here are my configs and relevant information:

/usr/local/apache2/conf/httpd.conf:

#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see 
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.  
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/foo_log".

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk.  If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
#
ServerRoot "/usr/local/apache2"

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to 
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User daemon
Group daemon

</IfModule>
</IfModule>

# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition.  These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. [email protected]
#

ServerAdmin david@localhost

#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#

ServerName localhost:80

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/apache2/htdocs"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories). 
#
# First, we configure the "default" to be a very restrictive set of 
# features.  
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/usr/local/apache2/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.2/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all

</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

#
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error_log"

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog "logs/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to 
    # exist in your server's namespace, but do not anymore. The client 
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar

    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path
    #
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL.  You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.

    #
    # ScriptAlias: This controls which directories contain server scripts. 
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client.  The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.
    #
    ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    #
    # ScriptSock: On threaded servers, designate the path to the UNIX
    # socket used to communicate with the CGI daemon of mod_cgid.
    #
    #Scriptsock logs/cgisock
</IfModule>

#
# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/usr/local/apache2/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

#
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain

<IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #
    TypesConfig conf/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi

    # For type maps (negotiated resources):
    #AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml
</IfModule>

#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type.  The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or 0 for unlimited
# Default setting is to accept 200 Ranges
#MaxRanges 0

#
# EnableMMAP and EnableSendfile: On systems that support it, 
# memory-mapping or the sendfile syscall is used to deliver
# files.  This usually improves server performance, but must
# be turned off when serving from networked-mounted 
# filesystems or if support for these functions is otherwise
# broken on your system.
#
#EnableMMAP off
#EnableSendfile off

# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be 
# included to add extra features or to modify the default configuration of 
# the server, or you may simply copy their contents here and change as 
# necessary.

# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf

# Multi-language error messages
#Include conf/extra/httpd-multilang-errordoc.conf

# Fancy directory listings
#Include conf/extra/httpd-autoindex.conf

# Language settings
#Include conf/extra/httpd-languages.conf

# User home directories
#Include conf/extra/httpd-userdir.conf

# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf

# Virtual hosts
Include conf/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf

# Various default settings
#Include conf/extra/httpd-default.conf

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

* /usr/local/apache2/conf/extra/httpd-vhosts.conf *

#
# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at 
# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

#
# Use name-based virtual hosting.
#
NameVirtualHost *:80

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#

<VirtualHost *:80>
ServerName localhost
 ServerAdmin david@localhost
  DocumentRoot "/srv/www/localhost"

    # MonoServerPath can be changed to specify which version of ASP.NET is hosted
    # mod-mono-server1 = ASP.NET 1.1 / mod-mono-server2 = ASP.NET 2.0
    # For SUSE Linux Enterprise Mono Extension, uncomment the line below:
    # MonoServerPath localhost "/opt/novell/mono/bin/mod-mono-server2"
    # For Mono on openSUSE, uncomment the line below instead:
    MonoServerPath localhost "/opt/mono-2.10/bin/mod-mono-server4"

    # To obtain line numbers in stack traces you need to do two things: 
    # 1) Enable Debug code generation in your page by using the Debug="true" 
    #    page directive, or by setting <compilation debug="true" /> in the 
    #    application's Web.config
    # 2) Uncomment the MonoDebug true directive below to enable mod_mono debugging
    MonoDebug localhost true

    # The MONO_IOMAP environment variable can be configured to provide platform abstraction
    # for file access in Linux.  Valid values for MONO_IOMAP are:
    #    case
    #    drive
    #    all
    # Uncomment the line below to alter file access behavior for the configured application
    MonoSetEnv localhost PATH=/opt/mono-2.10/bin:$PATH;LD_LIBRARY_PATH=/opt/mono-2.10/lib:$LD_LIBRARY_PATH;
    #
    # Additional environtment variables can be set for this server instance using 
    # the MonoSetEnv directive.  MonoSetEnv takes a string of 'name=value' pairs 
    # separated by semicolons.  For instance, to enable platform abstraction *and* 
    # use Mono's old regular expression interpreter (which is slower, but has a
    # shorter setup time), uncomment the line below instead:
    # MonoSetEnv localhost MONO_IOMAP=all;MONO_OLD_RX=1

    MonoApplications localhost "/:/srv/www/localhost"
    <Location "/">
       Allow from all
       Order allow,deny
       MonoSetServerAlias localhost
       SetHandler mono
       SetOutputFilter DEFLATE
       SetEnvIfNoCase Request_URI "\.(?:gif|jpe?g|png)$" no-gzip dont-vary
     </Location>
     <IfModule mod_deflate.c>
       AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript
      </IfModule>
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com"
    ServerName dummy-host.example.com
    ServerAlias www.dummy-host.example.com
    ErrorLog "logs/dummy-host.example.com-error_log"
    CustomLog "logs/dummy-host.example.com-access_log" common
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "/usr/local/apache2/docs/dummy-host2.example.com"
    ServerName dummy-host2.example.com
    ErrorLog "logs/dummy-host2.example.com-error_log"
    CustomLog "logs/dummy-host2.example.com-access_log" common
</VirtualHost>

mono -V output:

root@david-ubuntu:~# mono -V
Mono JIT compiler version 2.6.7 (Debian 2.6.7-5ubuntu3)
Copyright (C) 2002-2010 Novell, Inc and Contributors. www.mono-project.com
    TLS:           __thread
    GC:            Included Boehm (with typed GC and Parallel Mark)
    SIGSEGV:       altstack
    Notifications: epoll
    Architecture:  amd64
    Disabled:      none

I'm considering migrating my Windows virtual web server to EC2, but am struggling a bit with the implementation details.

As a part of the migration, I'm considering making the switch over to a Linux-based server (much cheaper)... only problem is, I've been completely indoctrinated into the Windows environment up to this point, and really would be starting from scratch with zero Linux IT experience. Thus far, what sparse material on the subject I've been able to pull up has looked pretty daunting.

What I'm actually asking for here is some general advice:

• Where might I find a good kickstart guide/resources for Linux administration and/or what services should I focus on learning? None of the 'basic tutorials' I read were very helpful: they assumed I knew a lot more about Linux than I actually do.
• Is there a 'remote desktop' client that's available that might ease the learning curve a bit, and help me manage a newly spun up EC2 instance with a little GUI? [VNC looked promising, but it sounds like I have to set the server up on the instance first?]
• Finally, (in your opinion) is it worth trying to learn Linux concurrently with my very first EC2 setup? Or am I biting off more than I can chew?

Here's my scenario:

I'm attempting to remotely start & stop IIS 7.0 sites on my server from my local machine, using PsExec.

Some important points:

• Local machine runs Windows Vista.
• Server runs Windows 2008 R2.
• Each machine runs on different domains.
• There is a one-way trust from my local machine's domain to my server's domain.
• PsExec is using a domain administrator account, who is authenticated as a local admin on the server machine.
• The local machine references the server via an alias; it does not use the server's real name.

I am using the command:

"C:\Program Files\PSTools\psexec.exe" \\(server-alias) -u (server-domain)\(domain-admin) -p (password) C:\Windows\System32\inetsrv\appcmd.exe stop site "Default Web Site"

This returns the error:

PsExec v1.94 - Execute processes remotely
Copyright (C) 2001-2008 Mark Russinovich
Sysinternals - www.sysinternals.com
Could not start PsExec service on (server-alias):
Access is denied.

And some important troubleshooting notes:

• This command works when executed from another machine (Windows 2003 R2) in the server's domain. (Intra-domain)
• This command also works when executed against another machine running Windows 2003 R2 from my local machine; the two of which are in different domains. (Inter-domain)
• Using the same PsExec command except with ping instead of appcmd.exe fails.
• The command has been run from the command prompt using "Run as Administrator".
• Registry key DisableStrictNameChecking has been set on the server to allow aliases to be used.
• Registry key LocalAccountTokenFilterPolicy = 1 has been set on the server and local machine.
• Windows firewall is not running on the server.
• UAC is disabled on the local machine.
• UAC is active on the server.
• UAC has "Admin Approval mode" disabled on the server; this allowed the command to work intra-domain (as opposed to inter-domain).

It seems to signal that this is an issue specific to Windows 2008 R2 which is security setting related, probably along the lines of domain or administrative permissions. However, I'm out of ideas. Any suggestions you might have would be much appreciated!