Latest Server related questions

Currently we need to deploy a new on premises Exchange 2019 with 500 mailboxes, This exchange server will work as an internal only exchange server.

At the same time we have Exchange Online with 60 mailboxes. The current Domain name used for the Exchange online is (For example) MYDOMAIN.COM and The current on premises AD domain name is CORP.MYDOMAIN.COM

The Question is: what is the best practice for ...

Is there any way to group the output given by netstat into process? I am running netstat -ano and doing manual count to know which process is using how many ports. I am using Windows Server.

We have port exhaustion issue and we want to know which find which process is using most of ports quickly?

Like, Process Id 1 is using 100 ports Process Id 2 is using 20 ports and so on

Environment: MS Server 2019 DC, Windows 10 Workstations joined to the Domain.

The goal here is to set the Data Execution Prevention on a bunch of machines to OptOut. The way to do this via a command line or PowerShell script is this:

Cmd: bcdedit.exe /set {current} nx OptOut

PS: bcdedit.exe /set "{current}" nx OptOut

I got my initial guidance from here: https://techraptor.net/technology/guides ...

I'm restructuring my server structure by splitting them up instead of running everything from one server.

I looked here but that just specifies what I were already doing in the original setup with just 1 server.

I'm having a structure like this:

• 2x Web-Server
• 1x Load-Balancer
• 1x Cache-Server
• 1x Worker-Server
• 1x Database-Server

Everything works great except the socket connection.

My Load-Balancer  ...

I have bastion host and private EC2 instance in the same VPC. I am trying to set up bastion host tunnel to private EC2

[ec2-user@ip-10-0-1-130 ~]$ ssh -L 4000:10.0.0.146:22 [email protected]
Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

Instance summary inbound rules

Source

I tried this ssh -v -N -A -J [email protected] -L 4001:localhost:8000 [email protected]

it shows

OpenSS ...

We have many virtualization hosts with VM disks residing typically on LVM. When VM is migrated across hosts it maybe required to do some work like rebuilding initramfs. We got used to mount VM disk to the host /mnt, mount proc-dev-sys inside mnt and chrooting into mnt.

kpartx -a /dev/kubrick/vm-pooi-arr
mount /dev/mapper/kubrick-vm--pooi--arr2 /mnt/
cd /mnt
mount -t proc /proc proc/
mount --rbind / ...

I'm trying to create a provisioning package for test PCs and I'm having hard time finding Defender CSP in Windows Configuration Designer.

at first I downloaded Windows Configuration designer from Microsoft store, there was no Defender CSP, only a Defender under policies which has only 20% of the options shown in the actual Defender CSP.

then I installed Windows ADK and used the Windows imaging and ...

We had the warning about spf containing to many lookups. Deleted txt ourdomainname.com v=spf1 ip4:50.87.253.89 a mx include:websitewelcome.com ~all as we are no longer on bluehost which the ip references.

Hosted on siteground but use cloudflare dns and use gmail to send mail through our domain.

current mx records

Cleaned up references of SRV _caldavs._tcp entries related to an old bluehost blue rock  ...

Sometimes nginx randomly crashes (once every few months) Here's the log I got when I ran systemctl status nginx

    nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset:>
     Active: failed (Result: core-dump) since Tue 2023-01-24 11:09:29 UTC; 3h 4>
       Docs: man:nginx(8)
   Main PID: 26551 ...

I'm trying to familiarize myself with Wireguard. As a test case, I started an Ubuntu 22.04 Docker container within an Ubuntu 22.04 host. The host and container are connected to each other over 172.18.0.0/16.

After starting Wireguard on each with wg-quick up wg0 and letting the peers perform the handshake, the host has

[Interface]
Address = 172.100.0.1/16
SaveConfig = true
PostUp = iptables -A FOR ...

We have Debian 10, it has two physical interfaces which we bridge to KVM.

The issue I have is, when I shutdown the port from my virtual operating system or I disconnect the cable the birdge and physical interface of the host image (Debian 10) still shows up. and in virtual machine its shows up as well . what is could be reason? Below is my network config file.

# Backplane ("internal") network interfac ...

(Below is a hypothetical scenario and this question came to my mind when I found out about complexities of gRPC load balancing and how its not efficient due to long lived TCP connection)

Imagine there is a HTTP client that maintains a single TCP long lived connection for making HTTP 1.1 requests to an API service sitting behind HA proxy. There are multiple redundant servers part of the service and ...

I have a Debian 10 server that is randomly rebooting, though no error were written to journald. The server has rebooted 20 times in last 3 days.

$ journalctl --list-boots
-22 bdb1799f0c9a4e81af6d41b0bd6c5cd9 Tue 2023-01-17 12:42:00 UTC—Sat 2023-01-21 22:01:24 UTC
...
 -2 e306cc0481784a0cad5e7138b0fcfcdb Mon 2023-01-23 13:18:52 UTC—Mon 2023-01-23 13:28:54 UTC
 -1 e4ca2701610640cfb11c39c38d05c091 Mon 20 ...

I'm doing backup via a shell script on multiple machines and uploading the files to a FTP server. The backup is triggered either by Ansible (or for testing purposes via a cronjob). All servers are identical, but the FTP program works on some machines and on some other machines it lies. The lie No such file (or directory) is only made when started by Ansible or cronjob. When I run the script from my S ...

I got a problem, with installing installimage on 1 SDD and leaving 2 HDD for future RAID. After clean installimage, server is not responding. Only rescue bring it back to live.

I usually had to pay $0.10 per function, which made about a few cents a month. Now it costs a few dollars and seems to come from non-firebase services, which I dont understand. Image of Cost Increase

I have 2 projects. One of them I didnt even touch and suddenly the costs are higher and is shown under the description "Jobs".

Image of non firebase services

Does anyone know, why that could be the cas ...

this is tested on mysql 8.0.28, but other versions show it too

we get occasions where a metadata lock persists after the thread that created it has terminated. For example for these locks in performance_schema.metadata_locks

| OBJECT_TYPE | OBJECT_SCHEMA | OBJECT_NAME | COLUMN_NAME | OBJECT_INSTANCE_BEGIN | LOCK_TYPE   | LOCK_DURATION | LOCK_STATUS | SOURCE      | OWNER_THREAD_ID | OWNER_EVENT_ID | ...

I used reverse proxy but seeing the nginx log it changes the address to ip and it doesn't work because the destination server is vhost and it only works with domains.

location  = /video {
    resolver 8.8.8.8;
    if ( $arg_net != "" ) {
        proxy_pass https://$arg_net.serverA.com;
    }
    proxy_redirect off;
  }

I see in the nginx log

... upstream: "https://[2a02:2518:4:3875::d]:443/video? ...

I use Ubuntu as main operating system.

I have found that when a new kernel is included in a system upgrade, during the upgrade, certain kernel-related items are compiled (kernel modules?).

During this process, I check that the processor usage is low, as it is making use of 1 single processor thread.

With multicore technologies available today, is there any way to set that, every time there is a kernel  ...

I'm not sure what I have wrong here. It used to work on Ubuntu 18.04, but doesn't on 20.04 it seems. I have unbound DNS server setup:

unbound-control status
version: 1.9.4
verbosity: 1
threads: 1
modules: 3 [ subnet validator iterator ]
uptime: 314 seconds
options: reuseport control(ssl)
unbound (pid 1074177) is running...

In /etc/resolv.conf I have:

#domain members.linode.com
#search members.linode.com ...

In OpenLDAP I had an access rule using users that are roleOccupants in a specific organizationalRole like this (the example is just a fragment):

olcAccess: to * by group/organizationalRole/roleOccupant.exact="cn=Manager,dc=roles,dc=example,dc=org" write

Unfortunately I'm not able to convert this to an ACI for 389-DS. What I tried without success was:

aci: (targetattr = "*")(version 3.0; acl "Manager  ...

I have an nginx reverse proxy for multiple domains one of which i want to restrict access to unless connected to VPN. So i have added allow for the vpn ip addresses for this one particular server and it's denying access no matter whether i'm connected to the vpn or not.

If it helps it's a bare metal server with fasthosts and using the vpn supplied with my account, here is the config (this runs in ...

I'm trying to run a docker that gets its data from an NFS mount, something in the trend of:

docker -v /mnt/nfs1:/input ...

but I'm getting errors like:

docker: Error response from daemon: error while creating mount source path '/mnt/nfs1/input/large_files/quickstart-output': mkdir /mnt/nfs1/input: permission denied.

The NFS mount point is mounted as a non-root user and has root-squash set on the ...

I'm running a Linux2 webserver on Amazon EC2 which is hosting a number of (mainly wordpress) websites.

Every day at about the same time the server CPU jumps to run at 100% CPU for about an hour.

Using the Top command i see that an instance of httpd is running at 90%+ CPU.

How can i determine which specific site is causing this?

Is it possible to equate the PID to a website?

any other ideas how i ca ...

0

I am trying to deploy ARO azure redhat openshift cluster but it get failing stating The resource operation completed with terminal provisioning state ResourceQuotaExceeded Resource quota of cores exceeded. Maximum allowed: 21, Current in use: 2, Additional requested: 36

Is 40 cores compulsory for this ARO cluster deployment?

https://developers.redhat.com/articles/2022/03/04/create-azure-red-hat-openshif ...

We are going to be integrating our own software system with Exchange using EWS (either Exchange 2016 or Exchange Online), meaning we intend to call out to Exchange for booking resources and people. We will then also store these events locally on our own system. What I am not sure how to do is how to ensure events are synchronized, should someone move events around directly in Exchange.

Does Exchan ...

I run a Kerberos / LDAP user authentication on Debian, which works nicely for decades. I now would like to use notebooks, which may connect by wire or by WiFi. I'm stuck thinking how to set up this infrastructure, and I refuse to believe that there is no solution for that. The ball of wool in my head goes along these lines:

The NIC for LAN and WiFi have different MAC and thus DHCP will assign dif ...

I've to compile a linux 32b kernel 5.15.86 RT56 for running on 2 different computers with Intel CPUs : one with an i7-9700TE and 32Gb RAM, and the other one using an i9-10900TE with 64 Gb RAM.

I need to activate the support of 64Gb of RAM (CONFIG_HIGHMEM64G=y) + PAE (Physical Address Extension) Support (CONFIG_X86_PAE=y)

Once the linux kernel is compiled, it is working correctly on the i7-9700TE CPU ...

I have a container on which I want to install ca-certificates, but despite being ubuntu, it doesn't recognize both apt and apt-get

~ # cat /proc/version
Linux version 5.4.0-109-generic (buildd@ubuntu) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #123-Ubuntu SMP Fri Apr 8 09:10:54 UTC 2022
~ # apt update
/bin/sh: apt: not found
~ # apt-get update
/bin/sh: apt-get: not found
~ # apk update
/bin ...

I applied the terraform code in this link, which contains code to apply the specific roles and permission s to service dlm lifecycle for ebs volumes.

But still I am getting access errors.

Please share any suggestions on how to fix this.

Few more steps I tried. With policy actions set to all ec2 permissions ("ec2:*"), snapshots are created without error.

But if I tried below permissions, which I got from ...