Latest Server related questions

I'm wondering if there is a specific format for the "Class" attribute in Windows NPS logs.

Specifically, I'm looking at logs from Windows Server 2019 which are under %SystemRoot%\System32\LogFiles\NPS and have the filename format of INYYMMDD.log (e.g. IN230317.log).

I understand the logs for the most part, especially with help from:

Microsoft's "Interpret IAS Format Log Files" and DEEPSOFTWARE's "Li ...

I am on Ubuntu Server 22.04 using Apache2 2.4.56. I have PHP FPM 8.1 installed, and should be using MPM Worker enabled via module:

a2query -m
setenvif (enabled by maintainer script)
dir (enabled by maintainer script)
actions (enabled by unknown)
rewrite (enabled by unknown)
proxy_fcgi (enabled by site administrator)
autoindex (enabled by maintainer script)
authz_user (enabled by maintainer script) ...

I'm trying to use Apache2 as a reverse proxy to access an application (calibre web) running inside a Docker container. Since the application is using redirects (more details here), I'm trying to use apache's mod_substitute to modify the URLs in the redirects so they point to the right URL. I wrote the following inside a file called calibreweb.conf and enabled both the site and the substitute mod.

Here is my main.cf:

myhostname = mail.mydomain.co.za
myorigin = mydomain.co.za
mydestination = mail.mydomain.co.za, mydomain.co.za, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/24 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

smtpd_tls_cert_file=/etc/let ...

How can I set an O365 mail archive policy for all mailboxes where mails are older than 5 years and size larger than 50GB

I have looked up Office365 admin portal, however can't see any options to achieve that Perhaps powershell command ?

Ideally, I would like this to be an automatic process that applies to all mailboxes. Rather than manually checking the mailbox periodically, the system checks regula ...

I'm trying to set up a virtualhost that uses CGI scripts that run as a particular user and group. I'm using the SuexecUserGroup directive, but that doesn't seem to work.

Basic setup. User "Bob" has some CGI scripts that work correctly in his cgi-bin directory. So for this URL:

http://myhost.com/~bob/cgi-bin/whoami.cgi

where the whoami.cgi script prints the uid, that URL works correctly and report's Bo ...

I got an email notifying me that Google will activate the service appenginereporting.googleapis.com on my Google Cloud project, called My Project. Which is a surprise to me because I have never attempted to use Google Cloud. Ever. Also, My Project has a creepy Project ID, secret-air-######. It's so secret I never even told myself about it, apparently.

What is this nonsense, and how do I kill i ...

I have a few hosts in a private subnet. All connections, incoming and outgoing, for this private subnet must go through a proxy. I have rsyslog running on the hosts in the private subnet. I must send the logs from the private subnet hosts to our central rsyslog server. How do I set this up using my proxy server?

I have Squid Setup as a transparent HTTP+HTTPS proxy in my network, using SSL-Bump. I am having trouble with a handful of domains and those domains showing me cert errors while dumping and splicing, self-signed certificate in the chain, that way I've written the below rule to bump all the requests.

# peek on SslBump1 step
ssl_bump peek step1 all
# just tunnel (no decryption) based on whitelisting (dom ...

Hi I have a script trying to pull out the price value from a html file. the Regex works when I assign it in the script but when I put the regex in CSV, it refuses to give me the result. Could someone help with this?

$htmlcontent = Get-Content ".\Temp.html" -Raw
$priceregex = "(?<=<span class=""a-offscreen"">\$)[\d\.]+"
Write-Host "Regex value is: " $priceregex
IF ($htmlcontent -match $pric ...

I have a Kubernetes cluster on Azure AKS with an ingress controller that uses TLS 1.3 protocol. I want to disable a specific cipher suite (e.g., TLS_AES_128_GCM_SHA256) for security reasons.

I've tried configuring the "ssl-ciphers" parameter in the ingress controller's configuration file, but it doesn't seem to work for TLS 1.3. I suspect that I may need to configure the cipher suite differently  ...

I have installed multi master cluster, referring to the guide Setting up k8 multi master cluster

Setup details as following.

Load balancer: Haproxy LB

frontend kubernetes-frontend
    bind 192.168.1.11:6443
    mode tcp
    option tcplog
    default_backend kubernetes-backend

backend kubernetes-backend
    mode tcp
    option tcp-check
    balance roundrobin
    server master21.server 192.168.1.21:6443 c ...

Reading the documentation, I'm seeing:

bindnetaddr
This specifies the network address the corosync executive should bind to.
For example, if the local interface is 192.168.5.92 with netmask 255.255.255.0, set bindnetaddr to 192.168.5.0. If the local interface is 192.168.5.92 with netmask 255.255.255.192, set bindnetaddr to 192.168.5.64, and so forth.

This may also be an IPV6 address, in which case ...

I am starting the research phase of setting up a PXE server to cover a Junior High School campus but have never done so and have a few questions that pertain to our School District networking setup and I am unsure if those details will change the way I set up PXE.

From what I have seen it is necessary to make configuration changes on the DHCP server to get the clients to successfully connect to t ...

I am attempting to set up remote management of my campus computers via Windows Admin Center. I am starting with my main desktop workstation (referred to as Base) and my take-along laptop (referred to as Remote).

I ran winrm qc to enable BOTH Base and Remote to connect to themselves in Windows Admin Center but when they try to connect to each other they get the same error:

Connecting to remote server [Ba ...

I just ran into an issue I cannot explain and need help. I'm on a domain controller (as a domain admin) running Powershell 5.1.

I'm searching for a specific user that I simply cannot find, but I know it's there. I can see it in ADUC, and I can see it via Powershell on my own PC.

Note: I am querying this DC specifically so it's not a replication issue.

get-aduser -filter {samAccountName -eq 'test ...

I want to run a simple GO application on the registry.access.redhat.com/ubi8/ubi-micro image.

But unfortunately I get x509: certificate signed by unknown authority errors in my app because there it seems there is no root ca truststore on the ubi8-micro containers.

Tried something like this in my Dockerfile without success:

FROM registry.access.redhat.com/ubi8/go-toolset as build

USER root

RUN yum ...

We have in our nginx config a location that is protected with OpenID Connect. Now in the mobile app we want to reuse the login session to show the pages in app-browser. to do that we want to ignore the oidc flow if the sso-id-token and x-access-token headers are already present in the request.

 location /group/my-site {
  auth_jwt \"\" token=$session_jwt
  error_page 401 = @do_oidc_flow
  auth_jwt_ ...

I have a "2048 worker_connections are not enough" error in nginx looks like something wrong with redirects but I can't figure out what

Here is a config file of Nginx

# Server globals
user                    www-data;
worker_processes        8;
worker_rlimit_nofile    65535;
error_log               /var/log/nginx/error.log;
pid                     /run/nginx.pid;

include /etc/nginx/modules-enabled/*.c ...

I'm trying to use calibre web as a Docker container and have it exposed via Apache2 acting as a reverse proxy. I already have a Nextcloud installation under example.com/nextcloud, and I would like to be able to access the Docker container with calibre web via example.com/calibre-web. To do so so, I added the following at the end of my 000-default-le-ssl.conf file (I have a Let's Encrypt cretificate manage ...

Our application is run on multiple VMs (isolated instances). It comprises of a few services and ASP.NET website. This issue is happening on almost all of them to some degree.

It was found that the service was crashing often, like every 2-4 hours, sometimes less, sometimes more. Shockingly, the website worker process also crashed at the same time. On some environment there would be additional proc ...

I want to spin up redundant instances depending on the current load. So when there's much load, spawn more instances, if there's low traffic, shut down unnecessary instances.

I therefore want to use the VM ScaleSet with each instance using the same image. I also use autoscaling for the ScaleSet

When spawning new instances, they by default have different/ new IPs. But I need the instances to all be

At my company we use Azure cloud services. For our local department we want to setup a set of Linux servers. These servers are used to form a test setup.

To setup and maintain these servers we chose to use Ansible. To store secrets such as login details, we use Azure keyvault. Or we can use a ansible-vault encrypted file with the password stored in the Azure keyvault.

This is were the problem is. ...

I have linked a service on my server through this reverse proxy

           var httpProxy = require('http-proxy');
           var fs = require('fs');
           
           httpProxy.createServer({
             target: {
               host: 'redacted',
               port: redacted
            },
            ssl: {
               key: fs.readFileSync(
               '/etc/letsencrypt/live/redacted/ ...

I am using sshuttle to route some traffic automatically via an ssh jump server. It works well but in some situations i.e. switching to another Wifi network the connection breaks an i'll have to restart sshuttle manually.

Is it possible to start sshuttle in a way that it restarts automatically whenever a network connection is available again?

We already built a workaround with until which retries  ...

A HPE Gen10 server could not update from ILO 5 version 2.10 to the current one. I tried the ILO webinterface and the local update function.

The signature was not correct. Even after manually downloading the .bin file the signature was not accepted by the server.

I found a hint to download the SuSE RPM installer, extract the files and upload ilo5_278.bin from there via webinterface. This worked fi ...

I'm trying to create a new GPU instance in GCP but I keep getting the following error:

A n1-standard-1 VM instance is currently unavailable in the us-central1-a zone. Alternatively, you can try your request again with a different VM hardware configuration or at a later time. For more information, see the troubleshooting documentation.

I understand GPU machines are limited, so I tried different region ...

I'm following these steps to be able to connect to my BitBucket account/repo on a remote server.

I'm a bit confused. I already have a separate pair of keys for BitBucket (i.e. to do stuff on my local machine). So, I need to generate a new pair of keys for every remote server we have as well?

I'm also not clear about the "Create an SSH key pair" and "Add your key to the SSH agent" steps -- I'm supp ...

The server is a VPS running CentOS 7 64bit.

I'm trying to get the server to execute Perl scripts called by a browser (CGI). To this end I have a thread on the webmasters forum. But while trying to perform the recommended tasks to accomplish this I ran into some errors generated by the operating system. Specifically, the systemctl restart command fails.

[root@WANNABEsports /]# sudo systemctl restart ...

I've got a postfix+dovecot server. I use virtual mailboxes with mysql backend. I'm, checking for implementing 2 factor authentication. I see in dovecot auth.conf there is "otp" option. But I can't find the documentation explaining what method of OTP it uses. I would like to use google authenticator, but I should store the secret key somewhere and configure dovecot to use it. I have no problem on writing ...