Howto: Install mod_python in cPanel box
Posted March 1st, 2006 by dreamwiz
* Advanced Guides
This is a simple guide to install mod_python in cPanel box, running Apache 1.3.x. You need to have Python installed for this to work - most RHEL+cpanel boxes have this installed by default.
1) Download and extract Python:
cd /usr/local/src
wget http://apache.dataphone.se/httpd/modpython/mod_python-2.7.11.tgz
tar zxvf mod_python-2.7.11.tgz
2) Configure & install Python
cd mod_python-2.7.11
./configure --with-apxs=/usr/local/apache/bin/apxs (check where your apxs is by typing: locate apxs)
make
make install
3) Configure Apache
pico -w /usr/local/apache/conf/httpd.conf
Locate your LoadModule - section by pressing CTRL-W and typing "LoadModule". Add the following line under the others:
LoadModule python_module libexec/mod_python.so
Now locate your AddModule - section by pressing CTRL-W and typing "AddModule". Add the following line under the others:
AddModule mod_python.c
4) Installation done, now time for testing!
First go to your public_html directory. Make a test directory for Python by typing:
Tuesday, November 6, 2007
Identifying Process
ps -A | grep mysql
lsof -p pid
see on the top after firing the command it will yield the things
lsof -p pid
see on the top after firing the command it will yield the things
httpd segmenation Fault
Fire following command to fix the issue.
ipcs -s | grep nobody | perl -e 'while () { @a=split(/\s+/); print `ipcrm sem $a[1]`}'
ipcs -s | grep nobody | perl -e 'while (
httpd issues , service started but sites not browsing
ipcs -s | grep nobody | perl -e 'while () {@a=split(/\s+/); print `ipcrm sem $a[1]`}'
Use this command when you are handeling the httpd down issues on linux servers
after firing service httpd restart command it shows httpd restarted but sites doesn't browse.
this time for a try you should fire the above command.
Use this command when you are handeling the httpd down issues on linux servers
after firing service httpd restart command it shows httpd restarted but sites doesn't browse.
this time for a try you should fire the above command.
View httpd , smtp other connections ( Unix )
ps -A | grep httpd | wc -l
change the scope as per needs , httpd , smtp etc..
change the scope as per needs , httpd , smtp etc..
http and https site issues
Some intresting Issue
A client was onlicne with the issue that he was able to view the site with http but not with https.
well I was new to this issue. Also he told that he was able to view a site with http and https.
I called shy. for the issue.
as the SSL needs a dedicated IP the site in the issue was having shared IP mean there are 2 sites running on a same IP so we just go to httpd.conf and change the IP to a dedicated one for the site in the issue.
A client was onlicne with the issue that he was able to view the site with http but not with https.
well I was new to this issue. Also he told that he was able to view a site with http and https.
I called shy. for the issue.
as the SSL needs a dedicated IP the site in the issue was having shared IP mean there are 2 sites running on a same IP so we just go to httpd.conf and change the IP to a dedicated one for the site in the issue.
Set up VPN for UNix servers
Hi,
I have had great difficulty in setting up OpenVPN, so I thought, when I finally do get it to work, I will write a HOWTO, so other can hopefully benefit…
This guide was done using a FC4 VPS, running on Xen, it will work on OpenVZ, all you need to do is ask your VPS provider to install “tun support”.
1. First of all get a few additional repos, If you already have your repos setup, skip this step
If you have Fedora 3, follow these steps,
http://stanton-finley.net/fedora_cor...notes.html#Yum
If you have Fedora 4, follow these steps,
http://stanton-finley.net/fedora_cor...notes.html#Yum
If you have Fedora 5, follow these steps,
http://stanton-finley.net/fedora_cor...notes.html#Yum
If you have CentOS, follow the “additional third party CentOS repos”
http://www.osresources.com/11_6_en.html
Then issue these commands, each line is a new command, anything beginning with "#" are comments so dont try to execute those.
Code:
yum update
yum install openssl openssl-devel
# openssl and openssl-devel may be installed already… so don’t worry
2. Right, now you want to install OpenVPN, here are the commands,
Code:
yum install openvpn -y
#Now check that it works
service openvpn start
service openvpn stop
3. A few things to setup before you can make certificates, issue these commands,
Code:
find / -name "easy-rsa"
#you should get an output like this…
/usr/share/doc/openvpn-2.0.7/easy-rsa
#Now, make a copy of the easy-rsa directory, to /etc/openvpn/ ( make sure you #have put the right version number in i.e. mine was -2.0.7, change if needed)
cp -R /usr/share/doc/openvpn-2.0.7/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa
chmod 777 *
mkdir /etc/openvpn/keys
4. You need to edit the vars file, located in /etc/openvpn/easy-rsa
You can use any editor you like, I used vi.
Change the line
Code:
export KEY_DIR=$D/keys
to
Code:
export KEY_DIR=/etc/openvpn/keys
Also at the bottom of this file you will see something similar to this,
Code:
export KEY_COUNTRY=US
export KEY_PROVINCE=CA
export KEY_CITY=SOMEWHERE
export KEY_ORG="My Org"
export KEY_EMAIL=me@mydomain.com
Change this to your own values.
5. Now its time to make the certificates, enter these commands
Code:
. ./vars
Code:
./clean-all
Code:
./build-ca
# just hit enter to the defaults apart from Common Name, this must be unique
# call it something like mydomain-ca
Code:
./build-key-server server
Code:
./build-key client1
# remember that common name must be unique e.g. use mydomain-client1
# and YES you want to sign the keys
Code:
./build-key client2
# do this step for as many clients as you need.
Code:
./build-dh
6. We are almost done now… right we need to create a few config files, you can download my template from here,
Code:
cd /etc/openvpn
Code:
wget www.designpc.co.uk/downloads/server.conf
# make sure you change a few things in the server.conf file, like DNS
# servers
Code:
touch server-tcp.log
~ this makes the log file..
Code:
touch ipp.txt
this makes the IP reservation list.
7. You need to make a few changes to OpenVPN itself. Go to..
Code:
cd /etc/init.d/
edit the openvpn file
#Uncomment this line (line 119)
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
Add these lines below it, changing 123.123.123.123 to your public IP address,
Code:
iptables -t nat -A POSTROUTING -s 192.168.2.3 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.4 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.5 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.6 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.7 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.8 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.9 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.10 -j SNAT --to 123.123.123.123
Now install iptables if you don’t have it already,
Code:
yum install iptables
#test it
service iptables start
service iptables stop
8. Now for the client config files. If your client is a Windows machine, make sure you have installed OpenVPN, use the gui version, downloadable from here;
http://www.designpc.co.uk/downloads/....3-install.exe
You need to copy a few files from the server to your client machine, here is the list, located in /etc/openvpn/keys/
## WARNING ## Use a secure way of transferring these files off the server, something like WinSCP.
ca.crt
client1.csr
client1.key
client1.crt
Put these files in this directory C:\Program Files\OpenVPN\config\
Now you need to make a client config, here is an example..
PHP Code:
client
dev tun
proto tcp
#Change my.publicdomain.com to your public domain or IP address
remote my.publicdomain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
#DNS Options here, CHANGE THESE !!
push "dhcp-option DNS 123.123.123.123"
push "dhcp-option DNS 123.123.123.124"
comp-lzo
verb 3
Make sure you edit any of the lines with comments above them.
Call this file client1.opvn and put it in C:\Program Files\OpenVPN\config\
Make sure the file extension is .opvn not .txt
To connect right click on OpenVPN in the taskbar >> Connect
To test ping 192.168.2.1
If you get a response, you in business
I have had great difficulty in setting up OpenVPN, so I thought, when I finally do get it to work, I will write a HOWTO, so other can hopefully benefit…
This guide was done using a FC4 VPS, running on Xen, it will work on OpenVZ, all you need to do is ask your VPS provider to install “tun support”.
1. First of all get a few additional repos, If you already have your repos setup, skip this step
If you have Fedora 3, follow these steps,
http://stanton-finley.net/fedora_cor...notes.html#Yum
If you have Fedora 4, follow these steps,
http://stanton-finley.net/fedora_cor...notes.html#Yum
If you have Fedora 5, follow these steps,
http://stanton-finley.net/fedora_cor...notes.html#Yum
If you have CentOS, follow the “additional third party CentOS repos”
http://www.osresources.com/11_6_en.html
Then issue these commands, each line is a new command, anything beginning with "#" are comments so dont try to execute those.
Code:
yum update
yum install openssl openssl-devel
# openssl and openssl-devel may be installed already… so don’t worry
2. Right, now you want to install OpenVPN, here are the commands,
Code:
yum install openvpn -y
#Now check that it works
service openvpn start
service openvpn stop
3. A few things to setup before you can make certificates, issue these commands,
Code:
find / -name "easy-rsa"
#you should get an output like this…
/usr/share/doc/openvpn-2.0.7/easy-rsa
#Now, make a copy of the easy-rsa directory, to /etc/openvpn/ ( make sure you #have put the right version number in i.e. mine was -2.0.7, change if needed)
cp -R /usr/share/doc/openvpn-2.0.7/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa
chmod 777 *
mkdir /etc/openvpn/keys
4. You need to edit the vars file, located in /etc/openvpn/easy-rsa
You can use any editor you like, I used vi.
Change the line
Code:
export KEY_DIR=$D/keys
to
Code:
export KEY_DIR=/etc/openvpn/keys
Also at the bottom of this file you will see something similar to this,
Code:
export KEY_COUNTRY=US
export KEY_PROVINCE=CA
export KEY_CITY=SOMEWHERE
export KEY_ORG="My Org"
export KEY_EMAIL=me@mydomain.com
Change this to your own values.
5. Now its time to make the certificates, enter these commands
Code:
. ./vars
Code:
./clean-all
Code:
./build-ca
# just hit enter to the defaults apart from Common Name, this must be unique
# call it something like mydomain-ca
Code:
./build-key-server server
Code:
./build-key client1
# remember that common name must be unique e.g. use mydomain-client1
# and YES you want to sign the keys
Code:
./build-key client2
# do this step for as many clients as you need.
Code:
./build-dh
6. We are almost done now… right we need to create a few config files, you can download my template from here,
Code:
cd /etc/openvpn
Code:
wget www.designpc.co.uk/downloads/server.conf
# make sure you change a few things in the server.conf file, like DNS
# servers
Code:
touch server-tcp.log
~ this makes the log file..
Code:
touch ipp.txt
this makes the IP reservation list.
7. You need to make a few changes to OpenVPN itself. Go to..
Code:
cd /etc/init.d/
edit the openvpn file
#Uncomment this line (line 119)
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
Add these lines below it, changing 123.123.123.123 to your public IP address,
Code:
iptables -t nat -A POSTROUTING -s 192.168.2.3 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.4 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.5 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.6 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.7 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.8 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.9 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.10 -j SNAT --to 123.123.123.123
Now install iptables if you don’t have it already,
Code:
yum install iptables
#test it
service iptables start
service iptables stop
8. Now for the client config files. If your client is a Windows machine, make sure you have installed OpenVPN, use the gui version, downloadable from here;
http://www.designpc.co.uk/downloads/....3-install.exe
You need to copy a few files from the server to your client machine, here is the list, located in /etc/openvpn/keys/
## WARNING ## Use a secure way of transferring these files off the server, something like WinSCP.
ca.crt
client1.csr
client1.key
client1.crt
Put these files in this directory C:\Program Files\OpenVPN\config\
Now you need to make a client config, here is an example..
PHP Code:
client
dev tun
proto tcp
#Change my.publicdomain.com to your public domain or IP address
remote my.publicdomain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
#DNS Options here, CHANGE THESE !!
push "dhcp-option DNS 123.123.123.123"
push "dhcp-option DNS 123.123.123.124"
comp-lzo
verb 3
Make sure you edit any of the lines with comments above them.
Call this file client1.opvn and put it in C:\Program Files\OpenVPN\config\
Make sure the file extension is .opvn not .txt
To connect right click on OpenVPN in the taskbar >> Connect
To test ping 192.168.2.1
If you get a response, you in business
View Error Logs ( unix )
cat /var/log/messages | more
it will give you the server wide error messages
for cpanel server apache logs.
cd /usr/local/apache/domlogs
cat domainname - it will give you the logs for a particular domain.
Cpanel logs:
/usr/local/cpanel/logs
Apache logs:
/usr/local/apache/logs
it will give you the server wide error messages
for cpanel server apache logs.
cd /usr/local/apache/domlogs
cat domainname - it will give you the logs for a particular domain.
Cpanel logs:
/usr/local/cpanel/logs
Apache logs:
/usr/local/apache/logs
View Server Info , Configs ( Unix )
cat /proc/meminfo
cat/proc/cpuinfo
cat /proc/cpuinfo
cat /proc/meminfo
fdisk -l
uname -a
cat /var/log/dmesg
/etc/sysconfig/hwconf
cat/proc/cpuinfo
cat /proc/cpuinfo
cat /proc/meminfo
fdisk -l
uname -a
cat /var/log/dmesg
/etc/sysconfig/hwconf
View IPs Causing attack
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
or
netstat -an | grep TIME_WAIT
netstat -an | grep :80 | grep TIME_WAIT
netstat -an | grep :80 | grep TIME_WAIT| wc -l
or
netstat -an | grep TIME_WAIT
netstat -an | grep :80 | grep TIME_WAIT
netstat -an | grep :80 | grep TIME_WAIT| wc -l
How to open ports
root@quix [/etc/init.d]# cd /etc/ip
root@quix [/etc/init.d]# iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
root@quix [/etc/init.d]# iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
root@quix [/etc/init.d]# ./iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
root@quix [/etc/init.d]# telnet localhost 53
root@quix [/etc/init.d]# iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
root@quix [/etc/init.d]# iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
root@quix [/etc/init.d]# ./iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
root@quix [/etc/init.d]# telnet localhost 53
Check mail logs for a particular Domain
cat /var/log/maillog | grep -i user@domain.com
or:
cat /var/log/maillog | grep -i domain.com
or:
cat /var/log/maillog | grep -i domain.com
Block the IPs / for particular port
If you want to block access to your server for whatever reason, you will need to log into the shell as root. Your server should either have ipchains or iptables to help accomplish this. In this example, the attacking IP is 192.168.56.210 .
If you are using ipchains, type "ipchains -A input -j DENY -p all -l -s 192.168.56.210/32"
If you are using iptables, type "iptables -A INPUT -s 192.168.56.210/32 -j DROP"
If you just want to block access to one port from an ip :
iptables -A INPUT -s 192.168.56.210/32 -p tcp --destination-port 23 -j DROP
The above would drop all packets from 192.168.56.210/32 to port 23 (telnet) on the server.
If you are using ipchains, type "ipchains -A input -j DENY -p all -l -s 192.168.56.210/32"
If you are using iptables, type "iptables -A INPUT -s 192.168.56.210/32 -j DROP"
If you just want to block access to one port from an ip :
iptables -A INPUT -s 192.168.56.210/32 -p tcp --destination-port 23 -j DROP
The above would drop all packets from 192.168.56.210/32 to port 23 (telnet) on the server.
full disk space issues ( Finding out the culprit )
if you wish to find out what file or directory is taking up the most space in a particular you location, you can use the du command. For instance, to display the 50 largest files/directores in /usr/local, you would issue the following command:
du -a /usr/local | sort -n -r | head -n 50
You can change the commands as per needs.
du -a /usr/local | sort -n -r | head -n 50
You can change the commands as per needs.
How to find out IPs trying to login to ssh
How to find out the IPs which were trying to login root via ssh:-
cat /var/log/secure | grep failed
1028 cat /var/log/messages | grep failed
1029 cat /var/log/messages | grep "Authentication failed for user"
1030 cat /var/log/secure | grep ssh
1031 cat /var/log/secure | grep ssh > /usr/local/apache/htdocs/ssh-attempts.txt
Suppose we need to download bakcup from the browser then :-
copy the backupfile into the path:-
/usr/local/apache/htdocs/cpmove.domainname.tar.gz
cat /usr/local/apache/htdocs/possible-attemps.txt | awk {'print $7}' | sort -n | uniq -c
65.64.217.180
cat /var/log/secure | grep failed
1028 cat /var/log/messages | grep failed
1029 cat /var/log/messages | grep "Authentication failed for user"
1030 cat /var/log/secure | grep ssh
1031 cat /var/log/secure | grep ssh > /usr/local/apache/htdocs/ssh-attempts.txt
Suppose we need to download bakcup from the browser then :-
copy the backupfile into the path:-
/usr/local/apache/htdocs/cpmove.domainname.tar.gz
cat /usr/local/apache/htdocs/possible-attemps.txt | awk {'print $7}' | sort -n | uniq -c
65.64.217.180
ffmpeg installation error , partition remounted
There was an issue with installing the ffmpeg software on a centos cpanel server
client was on chat saying that he need to unmount /tmp dir
I called up pankaj and he said that /tmp needs to be remounted
we used following command to do that
mount -o remount,exec /tmp
and we got the damn issue fixed
client was on chat saying that he need to unmount /tmp dir
I called up pankaj and he said that /tmp needs to be remounted
we used following command to do that
mount -o remount,exec /tmp
and we got the damn issue fixed
Exim load , finding email ID
tail -f /var/log/exim_mainlog
If the exim and spamd process eating the CPU
Fire the above command to see the logs
in this IP or user or email id which is causing the issue can be seen
just inform the client from which domain that email ID is
client will get the account suspended
and thus issue resolved.
If the exim and spamd process eating the CPU
Fire the above command to see the logs
in this IP or user or email id which is causing the issue can be seen
just inform the client from which domain that email ID is
client will get the account suspended
and thus issue resolved.
pure -ftpd , increase no . of dirctories viewable
editied the pure-ftpd.conf file on a server
edited the line 164
the line was regarding the no. of directories that can veiwed while ftping to the server
the limit was 2000 8 Nilesh was with me he fired the follwoing commands to get it done
first we found the file pure-ftpd.conf file
then
nano pure-ftpd.conf
went on line 164
changed the limit 5000 1 from 2000 8
save the file
after restart the pure-ftpd service.
issure resolved.
edited the line 164
the line was regarding the no. of directories that can veiwed while ftping to the server
the limit was 2000 8 Nilesh was with me he fired the follwoing commands to get it done
first we found the file pure-ftpd.conf file
then
nano pure-ftpd.conf
went on line 164
changed the limit 5000 1 from 2000 8
save the file
after restart the pure-ftpd service.
issure resolved.
How to flush DNS in linux
How to Flush DNS in Linux
In Linux, the nscd daemon manages the DNS cache.
To flush the DNS cache, restart the nscd daemon.
To restart the nscd daemon, use the command `/etc/rc.d/init.d/nscd restart`.
In Linux, the nscd daemon manages the DNS cache.
To flush the DNS cache, restart the nscd daemon.
To restart the nscd daemon, use the command `/etc/rc.d/init.d/nscd restart`.
Disable ping on the server ( unix )
/proc/sys/net/ipv4/icmp_echo_ignore_all
or
iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -j DROP
or
iptables -A INPUT -i eth0 -p icmp --icmp-type 8 -j DROP
Setting Index page ( Unix )
DirectoryIndex index.php
Entering the above line in .htaccess file in the httpdocs dir of the domain.
The above line makes to fetch index.php first instead of the index.html
Entering the above line in .htaccess file in the httpdocs dir of the domain.
The above line makes to fetch index.php first instead of the index.html
Detect DDOS
netstat -plan|grep TIME_WAIT|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
netstat -plan|grep SYN_RECV|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
command to prevent it
route add -host 67.101.47.224 reject
iptables -I INPUT -s 61.58.29.77 -j DROP
if apf is installed then fire this command
apf -d IP
it will deny those IPs
Few more Commands
netstat -a | find "TCP"
idetifying SYN attack
====================
Load becomes very inconcistant
netstat -an | grep SYN (if long list SYN_REC)
netstat -n -p|grep SYN_REC|wc -l (gives count of SYN attacks)
also checking acces_logs (if perticular IP found to be requesting most
then can block that IP)
you can go for below
====================
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
==============================
netstat -an | grep SYN | more
iptables -A INPUT -s IP -j DROP
iptables -A INPUT -s 168.75.16.116 -j DROP
iptables restart
look for this lines in your /etc/httpd/conf/httpd.conf
code:--------------------------------------------------------------------------------
# KeepAlive: Whether or not to allow persistent connections (more than
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request from the
KeepAliveTimeout 15
--------------------------------------------------------------------------------
set KeepAlive On to Off with your favorite text editor
that should work, if not you may be a victim of DoS attack
======================================================
echo 90 > /proc/sys/net/ipv4/tcp_keepalive_time
======================================================
netstat -plan|grep SYN_RECV|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
command to prevent it
route add -host 67.101.47.224 reject
iptables -I INPUT -s 61.58.29.77 -j DROP
if apf is installed then fire this command
apf -d IP
it will deny those IPs
Few more Commands
netstat -a | find "TCP"
idetifying SYN attack
====================
Load becomes very inconcistant
netstat -an | grep SYN (if long list SYN_REC)
netstat -n -p|grep SYN_REC|wc -l (gives count of SYN attacks)
also checking acces_logs (if perticular IP found to be requesting most
then can block that IP)
you can go for below
====================
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
==============================
netstat -an | grep SYN | more
iptables -A INPUT -s IP -j DROP
iptables -A INPUT -s 168.75.16.116 -j DROP
iptables restart
look for this lines in your /etc/httpd/conf/httpd.conf
code:--------------------------------------------------------------------------------
# KeepAlive: Whether or not to allow persistent connections (more than
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request from the
KeepAliveTimeout 15
--------------------------------------------------------------------------------
set KeepAlive On to Off with your favorite text editor
that should work, if not you may be a victim of DoS attack
======================================================
echo 90 > /proc/sys/net/ipv4/tcp_keepalive_time
======================================================
Exim Admin
exiqgrep -z -i | xargs exim -Mrm
To delete the mail in exim queue that are older frozen
exiqgrep -o 432000 -i | xargs exim -Mrm
to delete the mails in exim queue that are older than 5 days.
To delete the mail in exim queue that are older frozen
exiqgrep -o 432000 -i | xargs exim -Mrm
to delete the mails in exim queue that are older than 5 days.
Direct Admin License Issues
Your license has been updated. When you see this issue as it happens with
directadmin where their servers do not always update automatically run the
following
http://help.directadmin.com/item.php?id=30
cd /usr/local/directadmin/scripts
./getLicense.sh 123 1234
service directadmin restart
Where 123 and 1234 are your Client ID and License ID, respectively
The client and license IDs needed can be found in
/usr/local/directadmin/scripts/setup.txt
--
--Shannon
directadmin where their servers do not always update automatically run the
following
http://help.directadmin.com/item.php?id=30
cd /usr/local/directadmin/scripts
./getLicense.sh 123 1234
service directadmin restart
Where 123 and 1234 are your Client ID and License ID, respectively
The client and license IDs needed can be found in
/usr/local/directadmin/scripts/setup.txt
--
--Shannon
Cron Job
to list the cron jobs
crontab -l
to add the crontab
crontab -e
crontab -l will show you your currently set up cron jobs on the server.
crontab -r will delete your current cron jobs.
crontab -e will allow you to add or edit your current cron jobs by using your default text editor to edit your "crontab file".
#
Here are some examples to help you learn the syntax for the numbers:
# 32 * * * * : will be run every hour on the 32nd minute.
# 12,42 * * * * : will be run twice an hour on the 12th and 42nd minutes.
# */15 */2 * * *: will be run at 0:00, 0:15, 0:30, 0:45, 2:00, 2:15, 2:30, ...
# 43 18 * * 7: will be run at 6:43pm every Sunday.
crontab -l
to add the crontab
crontab -e
crontab -l will show you your currently set up cron jobs on the server.
crontab -r will delete your current cron jobs.
crontab -e will allow you to add or edit your current cron jobs by using your default text editor to edit your "crontab file".
#
Here are some examples to help you learn the syntax for the numbers:
# 32 * * * * : will be run every hour on the 32nd minute.
# 12,42 * * * * : will be run twice an hour on the 12th and 42nd minutes.
# */15 */2 * * *: will be run at 0:00, 0:15, 0:30, 0:45, 2:00, 2:15, 2:30, ...
# 43 18 * * 7: will be run at 6:43pm every Sunday.
Critical Namd Issue
There was an issue with the named service on a dedicated server all the things were fine just the domain was not able to resolve but was able ping the name servers and the server IP , well the issue was forwarded to jacob.
Following how the steps were taken to resolve that issue.
jacob@hivelocity.net says:
to get bind to respond remotely, the zone definition in /etc/named.conf need to following setting:
allow-query { any; };
Hivelocity - Yogesh says:
ok
jacob@hivelocity.net says:
the incorrect zone definitions were all removed
jacob@hivelocity.net says:
an A record was created for the hostname
Hivelocity - Yogesh says:
so you added A record
Hivelocity - Yogesh says:
modified named.conf
jacob@hivelocity.net says:
the allow-query entry I added directly to the named.conf, yes
jacob@hivelocity.net says:
the zones were removed via cPanel
jacob@hivelocity.net says:
the A record for the server's hostname was also added via cPanel
Following how the steps were taken to resolve that issue.
jacob@hivelocity.net says:
to get bind to respond remotely, the zone definition in /etc/named.conf need to following setting:
allow-query { any; };
Hivelocity - Yogesh says:
ok
jacob@hivelocity.net says:
the incorrect zone definitions were all removed
jacob@hivelocity.net says:
an A record was created for the hostname
Hivelocity - Yogesh says:
so you added A record
Hivelocity - Yogesh says:
modified named.conf
jacob@hivelocity.net says:
the allow-query entry I added directly to the named.conf, yes
jacob@hivelocity.net says:
the zones were removed via cPanel
jacob@hivelocity.net says:
the A record for the server's hostname was also added via cPanel
Mysql Admin
Note:
To login into Northbeach server use
username as root and password
and for all other servers username and password is same as plesk login info
===============================================
mysql path
/var/lib/mysql
===================================
Restart mysql
/etc/rc.d/init.d/mysql stop
/etc/rc.d/init.d/mysql start
===================================
mysql -u TYPEUSERNAMEHERE -p
username is "admin" (same as plesk) and password "chtnta0e" (plesk password)
=========================================
Grant previligaes and enable remotehost login etc.
Always use this one
GRANT ALL PRIVILEGES ON bCo.* TO nan@'%' IDENTIFIED BY 'weenie';
bCo is Databse name
nan is username
weenie is password
so in general form
GRANT ALL PRIVILEGES ON dbname.* TO username@'%' IDENTIFIED BY 'password';
===============================
Solutiuon
Posted by [name withheld] on December 30 2003 1:15pm [Delete] [Edit]
Your second example, in which you claim MySQL is wrong in their documentation, will not work because you are trying to use a backquote (`) instead of the single quote ('). They look similar but are completely different. Thus your example:
GRANT ALL PRIVILEGES ON testData.* TO jts@'%' IDENTIFIED BY 'lwr5021' WITH GRANT OPTION;
does not work because nan@'%` is not properly quoted. It should read nan@'%' instead which is fine. This works as expected:
GRANT ALL PRIVILEGES ON bCo.* TO nan@'%' IDENTIFIED BY 'weenie' WITH GRANT OPTION;
Posted by Mike Barrett on January 7 2004 10:52am [Delete] [Edit]
I wanted to create a use who can
1) login with a password either locally or from within our local 10.*.*.* network
2) do anything they want to their own database
3) see what other databases are on the server, but not do anything to them (to facilitate requests for additional access).
This seemed to do the trick:
GRANT SHOW DATABASES ON *.* TO hubert@localhost IDENTIFIED BY 'password';
GRANT SHOW DATABASES ON *.* TO hubert@'10.%' IDENTIFIED BY 'password';
GRANT ALL ON hubertsdb.* TO hubert;
==============================================
Reset or set password
SET PASSWORD FOR 'mynewuser'@'localhost' = PASSWORD('newpwd');
====================================================
Create Database
Log into Mysql as root:
mysql -u root -p
(On a Windows server, go start>>run type "command", and it is d:\mysql\bin\mysql -u root -p')
2. Create the database:
create database DATABASENAME;
3. Create the user and grant privileges for the database:
grant select,insert,update,delete,create,drop,alter on DATABASENAME.* to MYSQLUSERNAME@'%' identified by 'PASSWORD';
4. Send new MySQL database email to customer.
=======================================================
To Administrar the mysql processes
Logged in to mysql as root:
show processlist;
Or not logged into mysql, to get a running view:
watch mysqladmin processlist -u admin -pPASSWRD
==================================================
To flush the cache command is :
mysqladmin flush-hosts -uadmin -pchtnta0e
To login into Northbeach server use
username as root and password
and for all other servers username and password is same as plesk login info
===============================================
mysql path
/var/lib/mysql
===================================
Restart mysql
/etc/rc.d/init.d/mysql stop
/etc/rc.d/init.d/mysql start
===================================
mysql -u TYPEUSERNAMEHERE -p
username is "admin" (same as plesk) and password "chtnta0e" (plesk password)
=========================================
Grant previligaes and enable remotehost login etc.
Always use this one
GRANT ALL PRIVILEGES ON bCo.* TO nan@'%' IDENTIFIED BY 'weenie';
bCo is Databse name
nan is username
weenie is password
so in general form
GRANT ALL PRIVILEGES ON dbname.* TO username@'%' IDENTIFIED BY 'password';
===============================
Solutiuon
Posted by [name withheld] on December 30 2003 1:15pm [Delete] [Edit]
Your second example, in which you claim MySQL is wrong in their documentation, will not work because you are trying to use a backquote (`) instead of the single quote ('). They look similar but are completely different. Thus your example:
GRANT ALL PRIVILEGES ON testData.* TO jts@'%' IDENTIFIED BY 'lwr5021' WITH GRANT OPTION;
does not work because nan@'%` is not properly quoted. It should read nan@'%' instead which is fine. This works as expected:
GRANT ALL PRIVILEGES ON bCo.* TO nan@'%' IDENTIFIED BY 'weenie' WITH GRANT OPTION;
Posted by Mike Barrett on January 7 2004 10:52am [Delete] [Edit]
I wanted to create a use who can
1) login with a password either locally or from within our local 10.*.*.* network
2) do anything they want to their own database
3) see what other databases are on the server, but not do anything to them (to facilitate requests for additional access).
This seemed to do the trick:
GRANT SHOW DATABASES ON *.* TO hubert@localhost IDENTIFIED BY 'password';
GRANT SHOW DATABASES ON *.* TO hubert@'10.%' IDENTIFIED BY 'password';
GRANT ALL ON hubertsdb.* TO hubert;
==============================================
Reset or set password
SET PASSWORD FOR 'mynewuser'@'localhost' = PASSWORD('newpwd');
====================================================
Create Database
Log into Mysql as root:
mysql -u root -p
(On a Windows server, go start>>run type "command", and it is d:\mysql\bin\mysql -u root -p')
2. Create the database:
create database DATABASENAME;
3. Create the user and grant privileges for the database:
grant select,insert,update,delete,create,drop,alter on DATABASENAME.* to MYSQLUSERNAME@'%' identified by 'PASSWORD';
4. Send new MySQL database email to customer.
=======================================================
To Administrar the mysql processes
Logged in to mysql as root:
show processlist;
Or not logged into mysql, to get a running view:
watch mysqladmin processlist -u admin -pPASSWRD
==================================================
To flush the cache command is :
mysqladmin flush-hosts -uadmin -pchtnta0e
Configure User Quota on a Plain server ( Unix )
To configure or manage user quotas on a RedHat server (with no control panel installed), follow the steps below:
1. Understanding the user's quota file structure.
Below is an example of a user's quota file:
Disk quotas for user bob (uid 501):
Filesystem blocks soft hard inodes soft hard
/dev/hda2 1944 0 0 120 0 0
Each column represents the following (working from left to right):
* Filesystem - Linux filesystem that you are configuring quotas on for the specific user.
* Blocks - Number of blocks (Kilobytes) the user is currently using.
* Soft - The soft limit for the amount of blocks (Kilobytes) the user can use. The soft limit can be surpassed, up to the hard limit, but only for a specified grace period - which is also configurable.
* Hard - The hard limit for the amount of blocks (Kilobytes) the user can use. The hard limit is the maximum limit that can be used by the user and cannot be surpassed.
* Inodes - Number of inodes the user is currently using. An inode is used for every file or directory on a linux filesystem. Limiting the number of inodes is usually not as important to most system administrators as limiting block usage - however, it isn't a bad idea to limit a user's inode usage too, as a filesystem can run out of inodes (which will deny the server from creating any new files or directories).
* Soft - The soft limit for the amount of inodes the user can use. The soft limit can be surpassed, up to the hard limit, but only for a specified grace period.
* Hard - The hard limit for the amount of inodes the user can use. The hard limit is the maximum limit that can be used by the user and cannot be surpassed.
2. Defining or editing the quota limits for a user.
To define or edit a user's quota limits on your RedHat server, use this command:
edquota -u
example: edquota -u bob
After executing the edquota command, it will bring up the specified user's quota file (shown in step 1) in the popular editor 'vi' (for more information on how to use vi, please see our knowledgebase article pertaining to such). Change the soft/hard limits for the user's block and inode usage as you see fit. Setting any of the user's limits to '0' provides unlimited usage for that particular setting. Once you are finished setting the user's limits, save and exit the file - the settings you have edited will be applied immediately.
3. Viewing a user's quota limits.
To view the changes you've just made, or, to view any user's current quota limits, use the command below:
quota -u
example: quota -u bob
Also, to see a summary of all of your system users' quota usage, use this command:
repquota -a
1. Understanding the user's quota file structure.
Below is an example of a user's quota file:
Disk quotas for user bob (uid 501):
Filesystem blocks soft hard inodes soft hard
/dev/hda2 1944 0 0 120 0 0
Each column represents the following (working from left to right):
* Filesystem - Linux filesystem that you are configuring quotas on for the specific user.
* Blocks - Number of blocks (Kilobytes) the user is currently using.
* Soft - The soft limit for the amount of blocks (Kilobytes) the user can use. The soft limit can be surpassed, up to the hard limit, but only for a specified grace period - which is also configurable.
* Hard - The hard limit for the amount of blocks (Kilobytes) the user can use. The hard limit is the maximum limit that can be used by the user and cannot be surpassed.
* Inodes - Number of inodes the user is currently using. An inode is used for every file or directory on a linux filesystem. Limiting the number of inodes is usually not as important to most system administrators as limiting block usage - however, it isn't a bad idea to limit a user's inode usage too, as a filesystem can run out of inodes (which will deny the server from creating any new files or directories).
* Soft - The soft limit for the amount of inodes the user can use. The soft limit can be surpassed, up to the hard limit, but only for a specified grace period.
* Hard - The hard limit for the amount of inodes the user can use. The hard limit is the maximum limit that can be used by the user and cannot be surpassed.
2. Defining or editing the quota limits for a user.
To define or edit a user's quota limits on your RedHat server, use this command:
edquota -u
example: edquota -u bob
After executing the edquota command, it will bring up the specified user's quota file (shown in step 1) in the popular editor 'vi' (for more information on how to use vi, please see our knowledgebase article pertaining to such). Change the soft/hard limits for the user's block and inode usage as you see fit. Setting any of the user's limits to '0' provides unlimited usage for that particular setting. Once you are finished setting the user's limits, save and exit the file - the settings you have edited will be applied immediately.
3. Viewing a user's quota limits.
To view the changes you've just made, or, to view any user's current quota limits, use the command below:
quota -u
example: quota -u bob
Also, to see a summary of all of your system users' quota usage, use this command:
repquota -a
Command to change the Date ( Unix )
command to change date
date -s "03/24/2006 14:0:10"
Commands:
FreeBSD:
date 0604111425
06 - year
04 - month
11 - date
14 -- hours
25 -- mins
second option
/usr/sbin/ntpdate -s 204.123.2.72 204.34.198.40 128.252.19.1 192.5.41.40
CentOS
rdate -s time.nist.gov
date -s "05/07/2007 00:11:59"
checking error logs for a domain and httpd logs plain server ( Unix )
var/log/httpd/error_log is a general error log for whole server
for a specific domain it is as follows:
/home/httpd/vhosts/DomainName.com/statistics/logs/error_log
for a specific domain it is as follows:
/home/httpd/vhosts/DomainName.com/statistics/logs/error_log
Check and close your DNS servers ( unix )
Howto: Check and close your open DNS servers
Posted May 9th, 2006 by dreamwiz
* General system administration
I just noticed www.dnsreport.com seems to have new check: it checks for open DNS server. This is how you check:
1) Go to http://www.dnsreport.com/tools/dnsreport.ch?domain=mydomain.com
2) Check for BIG RED "FAIL" (7th box, going down from up) saying "Open DNS servers".
If you see the message, you can correct it the following way:
1) login to your server as root
2) nano -w /etc/named.conf (if you are running Bind)
3) Look for // query-source address * port 53; and right below write the following line:
recursion no;
4) Save and exit, restart Bind by typing service named restart
5) Check DNSReport.com to make sure it went right. You should not see the error message anymore.
If you run something else than Bind then please check http://www.dnsreport.com/info/opendns.htm for instructions.
Posted May 9th, 2006 by dreamwiz
* General system administration
I just noticed www.dnsreport.com seems to have new check: it checks for open DNS server. This is how you check:
1) Go to http://www.dnsreport.com/tools/dnsreport.ch?domain=mydomain.com
2) Check for BIG RED "FAIL" (7th box, going down from up) saying "Open DNS servers".
If you see the message, you can correct it the following way:
1) login to your server as root
2) nano -w /etc/named.conf (if you are running Bind)
3) Look for // query-source address * port 53; and right below write the following line:
recursion no;
4) Save and exit, restart Bind by typing service named restart
5) Check DNSReport.com to make sure it went right. You should not see the error message anymore.
If you run something else than Bind then please check http://www.dnsreport.com/info/opendns.htm for instructions.
How To change the port ( SSH )
You can edit sshd_config to change the port sshd listens on. The default directory for ssh configuration is /etc/ssh.
Backup the current configuration and use your favorite editor to change the Port line:
root@root [~]# cd /etc/ssh/
root@root [/etc/ssh]# cp sshd_config sshd_config.save
root@root [/etc/ssh]# vi sshd_config
#Port 22
I will set mine to port 4000. Do not forget to remove the comment (#).
Port 4000
root@root [/etc/ssh]# diff sshd_config sshd_config.save
13c13
< Port 4000
---
> #Port 22
root@root [/etc/ssh]#
Restart sshd and verify that it is listening on the new port.
root@root [/etc/ssh]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
root@root [/etc/ssh]# netstat -anp | grep sshd
tcp 0 0 0.0.0.0:4000 0.0.0.0:* LISTEN 1605/sshd
Backup the current configuration and use your favorite editor to change the Port line:
root@root [~]# cd /etc/ssh/
root@root [/etc/ssh]# cp sshd_config sshd_config.save
root@root [/etc/ssh]# vi sshd_config
#Port 22
I will set mine to port 4000. Do not forget to remove the comment (#).
Port 4000
root@root [/etc/ssh]# diff sshd_config sshd_config.save
13c13
< Port 4000
---
> #Port 22
root@root [/etc/ssh]#
Restart sshd and verify that it is listening on the new port.
root@root [/etc/ssh]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
root@root [/etc/ssh]# netstat -anp | grep sshd
tcp 0 0 0.0.0.0:4000 0.0.0.0:* LISTEN 1605/sshd
CGI Issues not able to bowse the page
there was as issue with CGI scripts on the linux server
when I try to browse a CGI page its gives the internal server error.
well Rohan was there with me to check out the issue
the configurations of the CGI folders are as follows
the permission on CGI folder is set to be 755
and the pages under that directory should have 755 permissions
usr/bin/perl - path to perl on linux server.
when I try to browse a CGI page its gives the internal server error.
well Rohan was there with me to check out the issue
the configurations of the CGI folders are as follows
the permission on CGI folder is set to be 755
and the pages under that directory should have 755 permissions
usr/bin/perl - path to perl on linux server.
Bind Configuration ERRor ( Named )
Simon on chat was getting the following error while adding the domain or subdomains in the cpanel it was centos server.
Bind reconfiguring on cp using rndcError reconfiguring bind on cp: rndc: connection to remote host closedThis may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect,or the key is invalid.
I called shy. to resolve the issue.
and the resolution was so simple
just fire the following command.
/scripts/fixndc
acutally it is a script that needs to fire , it reconfigure the named and get it restarted.
Bind reconfiguring on cp using rndcError reconfiguring bind on cp: rndc: connection to remote host closedThis may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect,or the key is invalid.
I called shy. to resolve the issue.
and the resolution was so simple
just fire the following command.
/scripts/fixndc
acutally it is a script that needs to fire , it reconfigure the named and get it restarted.
Adding IPs on plain CentOS server ( Unix )
1) cd /etc/sysconfg/network-scripts
2) cp ifcfg-eth0 ifcfg-eth0:0
3) pico ifcfg-eth0:0
4) DEVICE=eth0 will bereplaced to DEVICE=eth0:0
5) IPADDR=69.46.20.77 will be replaced to IPADDR=69.46.20.78
6) exit the file
7) ifup ifcfg-eth0:0
8) same way cp ifcfg-eth0:0 ifcfg-eth0:1 ifcfg-eth0:2 ifcfg-eth0:3 ifcfg-eth0:4 ifcfg-eth0:5
and replace the IPs.
2) cp ifcfg-eth0 ifcfg-eth0:0
3) pico ifcfg-eth0:0
4) DEVICE=eth0 will bereplaced to DEVICE=eth0:0
5) IPADDR=69.46.20.77 will be replaced to IPADDR=69.46.20.78
6) exit the file
7) ifup ifcfg-eth0:0
8) same way cp ifcfg-eth0:0 ifcfg-eth0:1 ifcfg-eth0:2 ifcfg-eth0:3 ifcfg-eth0:4 ifcfg-eth0:5
and replace the IPs.
High Traffic balance with this script ( Unix )
Okay, Well... This script is not a security script, nore a load balencing script. But it is a very useful script if you get high traffic or are hosting a Game Server. I've Had CounterStrike Server player ping go down as much as 50ms after running this script.
So what you want to do is log into your server's shell, and create a file (nano filename.sh). Once you create the file, you need to put this code in the file;
#!/bin/bash
# Create backup
if [ ! -e ./speed_backup.sh ] ; then
echo -n "Creating backup (`pwd`/speed_backup.sh)... "
echo "#!/bin/bash" > ./speed_backup.sh
echo "" >> ./speed_backup.sh
echo "echo \"`cat /proc/sys/net/ipv4/tcp_sack`\" > /proc/sys/net/ipv4/tcp_sack" >> ./speed_backup.sh
echo "echo \"`cat /proc/sys/net/ipv4/tcp_timestamps`\" > /proc/sys/net/ipv4/tcp_timestamps" >> ./speed_backup.sh
echo "echo \"`cat /proc/sys/net/ipv4/tcp_mem`\" > /proc/sys/net/ipv4/tcp_mem" >> ./speed_backup.sh
echo "echo \"`cat /proc/sys/net/ipv4/tcp_rmem`\" > /proc/sys/net/ipv4/tcp_rmem" >> ./speed_backup.sh
IIS Tunning
Maximize your installation
Before you even decide to enable IIS, it is a good idea to evaluate the server you are going to install IIS on. What is this box currently running? Does it have sensitive and/or confidential information stored on it? You need to ask yourself such questions prior to opening up the box to the Internet or even an intranet.
If the Web server is going to be a stand-alone box, it is important to strip away all services and programs that aren’t necessary so you can optimize the security and performance of the box. For example, you might remove any applications that affect performance, such as File and Print services, UNIX services, or maybe even an Exchange or ISA server. Other services that are not needed on a stand-alone Web server include:
* DHCP server
* WINS server
* Fax service
* Messenger
* Telnet
* Internet Connection Sharing
* NetMeeting
* Computer Browser
Tweaking the registry
Let’s talk about managing the Windows registry as it relates to IIS. The registry stores settings for all installed hardware and applications. For your OS to work effectively, the registry must not be corrupt.
——————————————————————————–
Important note
Remember to back up your entire registry whenever you tweak it for performance.
——————————————————————————–
You can access the registry by selecting Start | Run and typing regedt32. The registry is broken down into these five areas:
* HKEY_Classes_Root
* HKEY_Current_Config
* HKEY_Current_User
* HKEY_Local_Machine
* HKEY_Users
Let's walk through the steps for tweaking the registry to make IIS purr like a kitten. The registry settings for IIS are stored in HKEY_LOCAL_MACHINE | SYSTEM | CURRENTCONTROLSET | SERVICES | INETINFO | PARAMETERS. You can work with following values:
Cachesecuritydescriptor—Enter 1 to enable security descriptors or 0 to disable. If you have this option enabled, IIS will not have to reaccess user access rights; it will be able to look in the cache. This tweak is recommended for authenticated users only.
Checkcertrevocation—If you enter a value of 1, IIS will check to see whether a client certificate has been revoked. This is recommended only if you have your own certificates.
Disablememorycache—This setting allows you to disable the memory cache. It is enabled by default, and I see no need to disable it.
Listenbacklog—This registry setting specifies how many active connections IIS has in its queue. The default value is 15, and it can range all the way up to 250.
Maxcachedfilesize—You can determine the maximum size of a file that can be placed in cache. The maximum setting is 256 KB.
Maxconcurrency—This setting specifies how many threads per processor can run at the same time. It defaults to 0.
These are just some of the registry settings you can tweak for better performance. For more information on how to tweak the IIS registry, see IIS Common Registry Parameters (Q143180).
IIS metabase settings
Along the same lines as performing registry edits is using the Metabase to optimize IIS performance. The metabase is essentially a private registry just for IIS configuration data. This Microsoft Q article provides a good introduction to the IIS metabase, and this Q article includes a useful example of how to maximize metabase settings to configure IIS to handle a high-traffic load. For more information on the metabase settings, see the IISFAQ.
Once you have installed your IIS Web server for maximum performance and tweaked it using the registry and the IIS metabase, you're ready to read my article on monitoring and tuning IIS and take the next step toward achieving the most optimal performance
Before you even decide to enable IIS, it is a good idea to evaluate the server you are going to install IIS on. What is this box currently running? Does it have sensitive and/or confidential information stored on it? You need to ask yourself such questions prior to opening up the box to the Internet or even an intranet.
If the Web server is going to be a stand-alone box, it is important to strip away all services and programs that aren’t necessary so you can optimize the security and performance of the box. For example, you might remove any applications that affect performance, such as File and Print services, UNIX services, or maybe even an Exchange or ISA server. Other services that are not needed on a stand-alone Web server include:
* DHCP server
* WINS server
* Fax service
* Messenger
* Telnet
* Internet Connection Sharing
* NetMeeting
* Computer Browser
Tweaking the registry
Let’s talk about managing the Windows registry as it relates to IIS. The registry stores settings for all installed hardware and applications. For your OS to work effectively, the registry must not be corrupt.
——————————————————————————–
Important note
Remember to back up your entire registry whenever you tweak it for performance.
——————————————————————————–
You can access the registry by selecting Start | Run and typing regedt32. The registry is broken down into these five areas:
* HKEY_Classes_Root
* HKEY_Current_Config
* HKEY_Current_User
* HKEY_Local_Machine
* HKEY_Users
Let's walk through the steps for tweaking the registry to make IIS purr like a kitten. The registry settings for IIS are stored in HKEY_LOCAL_MACHINE | SYSTEM | CURRENTCONTROLSET | SERVICES | INETINFO | PARAMETERS. You can work with following values:
Cachesecuritydescriptor—Enter 1 to enable security descriptors or 0 to disable. If you have this option enabled, IIS will not have to reaccess user access rights; it will be able to look in the cache. This tweak is recommended for authenticated users only.
Checkcertrevocation—If you enter a value of 1, IIS will check to see whether a client certificate has been revoked. This is recommended only if you have your own certificates.
Disablememorycache—This setting allows you to disable the memory cache. It is enabled by default, and I see no need to disable it.
Listenbacklog—This registry setting specifies how many active connections IIS has in its queue. The default value is 15, and it can range all the way up to 250.
Maxcachedfilesize—You can determine the maximum size of a file that can be placed in cache. The maximum setting is 256 KB.
Maxconcurrency—This setting specifies how many threads per processor can run at the same time. It defaults to 0.
These are just some of the registry settings you can tweak for better performance. For more information on how to tweak the IIS registry, see IIS Common Registry Parameters (Q143180).
IIS metabase settings
Along the same lines as performing registry edits is using the Metabase to optimize IIS performance. The metabase is essentially a private registry just for IIS configuration data. This Microsoft Q article provides a good introduction to the IIS metabase, and this Q article includes a useful example of how to maximize metabase settings to configure IIS to handle a high-traffic load. For more information on the metabase settings, see the IISFAQ.
Once you have installed your IIS Web server for maximum performance and tweaked it using the registry and the IIS metabase, you're ready to read my article on monitoring and tuning IIS and take the next step toward achieving the most optimal performance
IIS Tweaking
As an administrator of Internet Information Services (IIS) Web servers, you pride yourself on keeping your IIS systems running at peak condition. You want your visitors to have a great experience when coming to your site and not have to put up with slow loading pages or crawling links. But what do you do when your Web site just can’t handle the load? The information in this article will help you tune your IIS Server to achieve the most optimal performance.
Performance Monitor basics
The first step in tuning your IIS server is to learn the tools that allow you to do so. The primary tool for monitoring your IIS server is the native Windows Performance Monitor. With the Performance Monitor, you can perform the following:
* Log Performance data
* Create charts and reports
* Configure and set alerts
* Identify bottlenecks
In Windows NT/2000/XP, you can access the Performance Monitor from the Administrative Tools folder. (In Win2K and WinXP, the Performance Monitor icon is simply called Performance.) Because the Performance Monitor is so customisable, you must spend some time getting to know what counters you will need to use to measure specific events on your systems. When adding counters, you are provided with an Explain button that helps sort out what each counter means. In addition, you can specify different colours and widths for each counter you choose, so that you can immediately recognise them when they are graphed.
Tip
You can save the Performance Monitor results to a file for later viewing. I also recommend that for your mission-critical Web servers, you have a dedicated workstation that you use to monitor your Web servers full-time so that you can quickly examine their status at regular intervals and whenever you think there may be a problem.
To add counters to your Performance Monitor:
* Open Performance Monitor from the Administrative Tools Folder.
* Click the Add button and add the appropriate counters.
* Click Close.
Another useful feature of the Performance Monitor is the ability to add alerts. For example, you might specify alerts to warn you if your processor utilisation becomes too high or if your memory becomes too low.
To configure an alert:
* Open Performance Monitor.
* Expand Performance Logs And Alerts.
* Right-click on Alert and select New Alert Settings.
* Select a Name, add your counters, and select your action.
Now let's see how to use the Performance Monitor to look at the two most important performance metrics: memory and CPU.
Memory tuning
Performance of your IIS Web server can be drastically reduced if you do not have enough memory to handle the load. You want to make sure that you have enough memory on your IIS system so that swapping does not occur. Windows 2000 and IIS will cache memory as long as there is enough installed on the box. Caching is much faster than swapping. To make sure that you have enough memory for IIS, you should monitor the following counters:
* File Cache Hits
* File Cache Hits %
* File Cache Misses
* File Cache Flushes
By monitoring the successful and failed hits, you can determine whether IIS has to rely on paging as opposed to going to cache. Keep in mind that the IIS file cache can use up to 4 GB of RAM for caching.
CPU utilisation
Obviously, it is important to take a look at your CPU utilisation. Monitoring counters such as %Processor Time and Total Processor Time will give you a bigger picture of how your CPU is handling the load. You processor should not sustain a level of more than 80 percent for either of these counters. If it does, you need to look at upgrading your processor or adding another processor, if the system allows for it.
Task Manager
Another quick and useful tool for monitoring IIS is the Task Manager (in Win2K and WinXP). You can access the task manager quickly by pressing [Ctrl][Shift][Esc]. With the Task Manager, you can:
* View CPU and memory usage quickly.
* Monitor the CPU and memory usage of Inetinfo.exe (the global IIS process).
* Monitor the Index Server and Certificate Server, if applicable.
Furthermore, you can add columns to the graphs on the Processes tab of the Task Manager by clicking View | Select Columns. A good column to add is the Memory Usage Delta column. This is useful in determining which applications might have a memory leak. I have used this many times when troubleshooting third-party applications. I can’t tell you how often third-party tools request memory and don't release it when they are finished. This counter helps in determining memory leaks, which can definitely degrade the performance of your Web server.
Event Viewer
The Event Viewer can give you a detailed first glimpse of a problem. When identifying problems, look for the following keywords in the source column in the Event Viewer:
* NNTP Service—NNTPSVC
* WWW Service—W3SVC
* FTP Service—MSFTPSVC
* SMTP Service—SMTPSVC
* Active Server Pages
* Microsoft COM+ MSDTC
* Certificate Services CERTSVC
Bandwidth Throttling
Now that you have a basic grasp of the Windows tools used in troubleshooting your IIS systems, let’s take a look at a helpful tip for tuning the performance of your Web server. In some cases, you might need to enable Bandwidth Throttling.
Many companies in today’s market run more than just IIS on a Web server. It is safe to assume that they could also be running DHCP, an SMTP server, DNS, and/or other related services. Bandwidth Throttling allows other applications to use the available bandwidth. In addition, if you use host headers and run more than one Web site on your IIS server, you can throttle bandwidth based on each Web site.
After you have gone over the basics, go ahead and take a look at Microsoft’s Web Application Stress Tool, which allows you to simulate multiple machines connecting to a Web site. This tool was created so that an administrator can find and eliminate any problems with an IIS Web site prior to bringing the IIS Web server live on the production network.
Performance Monitor basics
The first step in tuning your IIS server is to learn the tools that allow you to do so. The primary tool for monitoring your IIS server is the native Windows Performance Monitor. With the Performance Monitor, you can perform the following:
* Log Performance data
* Create charts and reports
* Configure and set alerts
* Identify bottlenecks
In Windows NT/2000/XP, you can access the Performance Monitor from the Administrative Tools folder. (In Win2K and WinXP, the Performance Monitor icon is simply called Performance.) Because the Performance Monitor is so customisable, you must spend some time getting to know what counters you will need to use to measure specific events on your systems. When adding counters, you are provided with an Explain button that helps sort out what each counter means. In addition, you can specify different colours and widths for each counter you choose, so that you can immediately recognise them when they are graphed.
Tip
You can save the Performance Monitor results to a file for later viewing. I also recommend that for your mission-critical Web servers, you have a dedicated workstation that you use to monitor your Web servers full-time so that you can quickly examine their status at regular intervals and whenever you think there may be a problem.
To add counters to your Performance Monitor:
* Open Performance Monitor from the Administrative Tools Folder.
* Click the Add button and add the appropriate counters.
* Click Close.
Another useful feature of the Performance Monitor is the ability to add alerts. For example, you might specify alerts to warn you if your processor utilisation becomes too high or if your memory becomes too low.
To configure an alert:
* Open Performance Monitor.
* Expand Performance Logs And Alerts.
* Right-click on Alert and select New Alert Settings.
* Select a Name, add your counters, and select your action.
Now let's see how to use the Performance Monitor to look at the two most important performance metrics: memory and CPU.
Memory tuning
Performance of your IIS Web server can be drastically reduced if you do not have enough memory to handle the load. You want to make sure that you have enough memory on your IIS system so that swapping does not occur. Windows 2000 and IIS will cache memory as long as there is enough installed on the box. Caching is much faster than swapping. To make sure that you have enough memory for IIS, you should monitor the following counters:
* File Cache Hits
* File Cache Hits %
* File Cache Misses
* File Cache Flushes
By monitoring the successful and failed hits, you can determine whether IIS has to rely on paging as opposed to going to cache. Keep in mind that the IIS file cache can use up to 4 GB of RAM for caching.
CPU utilisation
Obviously, it is important to take a look at your CPU utilisation. Monitoring counters such as %Processor Time and Total Processor Time will give you a bigger picture of how your CPU is handling the load. You processor should not sustain a level of more than 80 percent for either of these counters. If it does, you need to look at upgrading your processor or adding another processor, if the system allows for it.
Task Manager
Another quick and useful tool for monitoring IIS is the Task Manager (in Win2K and WinXP). You can access the task manager quickly by pressing [Ctrl][Shift][Esc]. With the Task Manager, you can:
* View CPU and memory usage quickly.
* Monitor the CPU and memory usage of Inetinfo.exe (the global IIS process).
* Monitor the Index Server and Certificate Server, if applicable.
Furthermore, you can add columns to the graphs on the Processes tab of the Task Manager by clicking View | Select Columns. A good column to add is the Memory Usage Delta column. This is useful in determining which applications might have a memory leak. I have used this many times when troubleshooting third-party applications. I can’t tell you how often third-party tools request memory and don't release it when they are finished. This counter helps in determining memory leaks, which can definitely degrade the performance of your Web server.
Event Viewer
The Event Viewer can give you a detailed first glimpse of a problem. When identifying problems, look for the following keywords in the source column in the Event Viewer:
* NNTP Service—NNTPSVC
* WWW Service—W3SVC
* FTP Service—MSFTPSVC
* SMTP Service—SMTPSVC
* Active Server Pages
* Microsoft COM+ MSDTC
* Certificate Services CERTSVC
Bandwidth Throttling
Now that you have a basic grasp of the Windows tools used in troubleshooting your IIS systems, let’s take a look at a helpful tip for tuning the performance of your Web server. In some cases, you might need to enable Bandwidth Throttling.
Many companies in today’s market run more than just IIS on a Web server. It is safe to assume that they could also be running DHCP, an SMTP server, DNS, and/or other related services. Bandwidth Throttling allows other applications to use the available bandwidth. In addition, if you use host headers and run more than one Web site on your IIS server, you can throttle bandwidth based on each Web site.
After you have gone over the basics, go ahead and take a look at Microsoft’s Web Application Stress Tool, which allows you to simulate multiple machines connecting to a Web site. This tool was created so that an administrator can find and eliminate any problems with an IIS Web site prior to bringing the IIS Web server live on the production network.
ERROR 2003: Can't connect to MySQL server on 'localhost' (10061)
1. Uninstalled mysql (I guess my first installation
was corrupted).
2. c:\mysql\bin>mysqld-nt.exe --install or run it from GUI.
if mysqld-nt.exe does not work run mysqld-max-nt.exe
3. Reboot (not necessary)
4. Now, check the task manager and mysqld-nt.exe
should be running at the background. If not, there is
something wrong with the install -- I believe
it was my problem.
5. C:\mysql\bin>mysql -u root mysql
6. mysql> set password for
root@localhost=PASSWORD("funfun");
7. mysql> update user set password=PASSWORD
("funfun") where user='root';
8. mysql> flush privileges;
Note that funfun is my password
was corrupted).
2. c:\mysql\bin>mysqld-nt.exe --install or run it from GUI.
if mysqld-nt.exe does not work run mysqld-max-nt.exe
3. Reboot (not necessary)
4. Now, check the task manager and mysqld-nt.exe
should be running at the background. If not, there is
something wrong with the install -- I believe
it was my problem.
5. C:\mysql\bin>mysql -u root mysql
6. mysql> set password for
root@localhost=PASSWORD("funfun");
7. mysql> update user set password=PASSWORD
("funfun") where user='root';
8. mysql> flush privileges;
Note that funfun is my password
Retrieve IUSER Password with this Script
Dim Argcomputer, IISObject, ArgPath
ArgComputer = "localHost"
ArgPath = "/W3SVC/1/Root"
Sub DisplayUsage
WScript.Echo "usage: cscript ShowPasswords.vbs"
WScript.Echo " [--help|-?]"
WScript.Echo ""
WScript.Quit(1)
End Sub
Sub checkCmdLine()
Dim OArgs, ArgNum
Set oArgs = WScript.Arguments
ArgNum = 0
While ArgNum < oArgs.Count
Select Case LCase(oArgs(ArgNum))
Case "--help","-?":
Call DisplayUsage
Case Else:
WScript.Echo "Unknown argument "& oArgs(ArgNum)
Call DisplayUsage
End Select
ArgNum = ArgNum + 1
Wend
If (Left(Argpath,1) <> "/") Then
ArgPath = "/" & ArgPath
End If
End Sub
Sub ShowDetails(ShowWAM, Header, OBJ)
on error resume next
WScript.Echo Header
WScript.Echo " Annonymous user name : " & OBJ.AnonymousUserName
WScript.Echo " Annonymous user account password : " & OBJ.AnonymousUserPass
If (ShowWAM= True) Then
WScript.Echo
WScript.Echo " WAM user name : " & OBJ.WAMUserName
WScript.Echo " WAM password : " & OBJ.WAMuserPass
End If
WScript.Echo
WScript.Echo " ODBC username : " & OBJ.LogOdbcUserName
WScript.Echo " ODBC password : " & OBJ.LogOdbcPassword
WScript.Echo
End Sub
Sub DoObject(ObjectName, Objectclass)
Dim FullPath, IISOBJ, IISOBJ1
on error resume next
FullPath = "IIS://" & ArgComputer & "/" & ObjectName
Set IISOBJ = getObject(FullPath)
If (err <> 0) Then
WScript.Echo "Unable to access object : " & ObjectName & " on computer: " & Argcomputer & vbcrlf
exit sub
Else
If (Objectname <> "W3SVC") Then
Showdetails False, ObjectName, IISOBJ
Else
Showdetails True, ObjectName, IISOBJ
End If
For Each Server In IISOBJ
If (Server.Class = Objectclass) Then
if (ObjectName = "W3SVC") then
FullPath = "IIS://" & ArgComputer & "/" & ObjectName & "/" & Server.Name& "/Root"
else
FullPath = "IIS://" & ArgComputer & "/" & ObjectName & "/" & Server.Name
end if
Set IISOBJ1 = getObject(FullPath)
ShowDetails False, ObjectName & "/" & Server.Name, IISOBJ1
Set IISOBJ1 = Nothing
End If
Next
End If
set IISOBJ = nothing
End Sub
Call CheckCmdLine()
Call DoObject("MSFTPSVC", "IIsFTPServer")
Call DoObject("NNTPSVC", "IIsNNTPServer")
Call DoObject("W3SVC", "IIsWebServer")
'*******************************************************************
'*******************************************************************
ArgComputer = "localHost"
ArgPath = "/W3SVC/1/Root"
Sub DisplayUsage
WScript.Echo "usage: cscript ShowPasswords.vbs"
WScript.Echo " [--help|-?]"
WScript.Echo ""
WScript.Quit(1)
End Sub
Sub checkCmdLine()
Dim OArgs, ArgNum
Set oArgs = WScript.Arguments
ArgNum = 0
While ArgNum < oArgs.Count
Select Case LCase(oArgs(ArgNum))
Case "--help","-?":
Call DisplayUsage
Case Else:
WScript.Echo "Unknown argument "& oArgs(ArgNum)
Call DisplayUsage
End Select
ArgNum = ArgNum + 1
Wend
If (Left(Argpath,1) <> "/") Then
ArgPath = "/" & ArgPath
End If
End Sub
Sub ShowDetails(ShowWAM, Header, OBJ)
on error resume next
WScript.Echo Header
WScript.Echo " Annonymous user name : " & OBJ.AnonymousUserName
WScript.Echo " Annonymous user account password : " & OBJ.AnonymousUserPass
If (ShowWAM= True) Then
WScript.Echo
WScript.Echo " WAM user name : " & OBJ.WAMUserName
WScript.Echo " WAM password : " & OBJ.WAMuserPass
End If
WScript.Echo
WScript.Echo " ODBC username : " & OBJ.LogOdbcUserName
WScript.Echo " ODBC password : " & OBJ.LogOdbcPassword
WScript.Echo
End Sub
Sub DoObject(ObjectName, Objectclass)
Dim FullPath, IISOBJ, IISOBJ1
on error resume next
FullPath = "IIS://" & ArgComputer & "/" & ObjectName
Set IISOBJ = getObject(FullPath)
If (err <> 0) Then
WScript.Echo "Unable to access object : " & ObjectName & " on computer: " & Argcomputer & vbcrlf
exit sub
Else
If (Objectname <> "W3SVC") Then
Showdetails False, ObjectName, IISOBJ
Else
Showdetails True, ObjectName, IISOBJ
End If
For Each Server In IISOBJ
If (Server.Class = Objectclass) Then
if (ObjectName = "W3SVC") then
FullPath = "IIS://" & ArgComputer & "/" & ObjectName & "/" & Server.Name& "/Root"
else
FullPath = "IIS://" & ArgComputer & "/" & ObjectName & "/" & Server.Name
end if
Set IISOBJ1 = getObject(FullPath)
ShowDetails False, ObjectName & "/" & Server.Name, IISOBJ1
Set IISOBJ1 = Nothing
End If
Next
End If
set IISOBJ = nothing
End Sub
Call CheckCmdLine()
Call DoObject("MSFTPSVC", "IIsFTPServer")
Call DoObject("NNTPSVC", "IIsNNTPServer")
Call DoObject("W3SVC", "IIsWebServer")
'*******************************************************************
'*******************************************************************
Reverse DNS lookup in Windows
To create the reverse dns lookup zone, follow these steps
1) Open the DNS console and expand the server whre you want to create the zone.
2) Right click Reverse Lookup Zones, and choose New zone to launch the New zone Wizard.
3) Click next , choose standard primary and click next
4) In the netword ID field enter the first three octets of the zone's IP address and click next.
5) when the wizard offers a name for the DNS zone file click next to accept the default name and click finish.
1) Open the DNS console and expand the server whre you want to create the zone.
2) Right click Reverse Lookup Zones, and choose New zone to launch the New zone Wizard.
3) Click next , choose standard primary and click next
4) In the netword ID field enter the first three octets of the zone's IP address and click next.
5) when the wizard offers a name for the DNS zone file click next to accept the default name and click finish.
Server Application Error
The server failed to load application '/LM/W3SVC/1/Root/'. The error was 'The server process could not be started because the configured identity is incorrect. Check the username and password'
there are 2 ways to resolve the issue.
1)
Give "Logon as a batch job" rights to the IWAM_MACHINENAME and IUSR_MACHINENAME accounts. To do this, follow these steps: 1. On the Administrative Tools menu, expand Local Security Policies.
2. Select User Rights Assignment.
3. Select the IWAM_MACHINENAME and IUSR_MACHINENAME accounts.NOTE: If domain level policy settings are defined, they override local policy settings. Make sure that the Effective Policy Setting is also selected (this setting is dimmed). Contact your domain administrator if this setting is not selected
2 ) Resetting the application in IIS
Go to Sites properties and on home directory tab, set app process from high to low and click apply, then set back to high and click apply
All set.
there are 2 ways to resolve the issue.
1)
Give "Logon as a batch job" rights to the IWAM_MACHINENAME and IUSR_MACHINENAME accounts. To do this, follow these steps: 1. On the Administrative Tools menu, expand Local Security Policies.
2. Select User Rights Assignment.
3. Select the IWAM_MACHINENAME and IUSR_MACHINENAME accounts.NOTE: If domain level policy settings are defined, they override local policy settings. Make sure that the Effective Policy Setting is also selected (this setting is dimmed). Contact your domain administrator if this setting is not selected
2 ) Resetting the application in IIS
Go to Sites properties and on home directory tab, set app process from high to low and click apply, then set back to high and click apply
All set.
Server Performance Advisor ( Windows )
As I mentioned earlier, you can download Server Performance Advisor for free from the Microsoft Web site. The download URL is: http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-47b9-901b-cf85da075a73&displaylang=en The download consists of a 4 MB Windows Installer file named SPA.MSI.
To install the Server Performance Advisor, create an empty folder on your server and download the SPA.MSI file into it. When the download completes, double click on the SPA.MSI file and Windows will ask you whether you’d like to open the file, or save it to your computer. Click the Open button and the Windows Installer will launch the Server Performance Advisor Setup Wizard. Click Next to bypass the wizard’s Welcome screen and you will see a screen asking you to accept the end user license agreement. Accept the license agreement, click Next and you will be prompted for the installation path. Verify that the installation path is OK and choose whether or not you want the Server Performance Advisor to be available to other administrators who log directly on to the server, and click Next. You will now be prompted to enter a location for the data storage folder. The data storage folder is used as a storage point for the performance data that the utility collects. You can use any folder that you want, but the volume containing the folder must have at least 150 MB of free space.
Click Next and you will be prompted for the path to the report folder. This folder will contain analytical reports based on the performance data that has been collected. The reports usually don’t take up very much space, so there are no special considerations for the Reports folder.
Click Next twice and the wizard will begin installing all of the necessary files. When the file copy process complete, click the Finish button to close the Wizard.
To install the Server Performance Advisor, create an empty folder on your server and download the SPA.MSI file into it. When the download completes, double click on the SPA.MSI file and Windows will ask you whether you’d like to open the file, or save it to your computer. Click the Open button and the Windows Installer will launch the Server Performance Advisor Setup Wizard. Click Next to bypass the wizard’s Welcome screen and you will see a screen asking you to accept the end user license agreement. Accept the license agreement, click Next and you will be prompted for the installation path. Verify that the installation path is OK and choose whether or not you want the Server Performance Advisor to be available to other administrators who log directly on to the server, and click Next. You will now be prompted to enter a location for the data storage folder. The data storage folder is used as a storage point for the performance data that the utility collects. You can use any folder that you want, but the volume containing the folder must have at least 150 MB of free space.
Click Next and you will be prompted for the path to the report folder. This folder will contain analytical reports based on the performance data that has been collected. The reports usually don’t take up very much space, so there are no special considerations for the Reports folder.
Click Next twice and the wizard will begin installing all of the necessary files. When the file copy process complete, click the Finish button to close the Wizard.
Setting Up IPsecurity with ADSI ( Script )
There are different ways to restrict clients from viewing resources on an IIS server. Resources can be configured to authorize access only to clients who use certificates, or to specific authenticated client user names, or to specific IP addresses or DNS host names.
This topic provides examples to configure IIS to restrict client access based on IP addresses or DNS host names. Each example modifies the IPSecurity metabase property, which can be configured for a service, a site, a virtual directory, or a Web file.
Using ADSI in VBScriptUsing ADSI in VBScript
The following example shows you how to use the VBScript scripting language to set an IP restriction on the default Web site and display the restrictions contained in the IPSecurity metabase property.
This example uses ADSI. For an example that uses System.DirectoryServices, see Setting IP Security Using System.DirectoryServices.
Visual Basic Script
' Set up variables.
Set IIsWebVirtualDirObj = GetObject("IIS://localhost/W3SVC/1/Root")
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
Dim IPList
IPList = Array()
' If GrantByDefault is True, you can only use IPDeny and DomainDeny.
If True = IIsIPSecurityObj.GrantByDefault Then
' Insert a new restriction.
IPList = IIsIPSecurityObj.IPDeny
If (-1 = Ubound(IPList)) Then WScript.Echo("Currently no IP Addresses are denied")
Redim IPList (Ubound(IPList)+1)
IPList (Ubound(IPList)) = "123.0.0.1,255.255.255.0"
' Set the new lists back in the metabase in two stages, and then save
' the metabase.
IIsIPSecurityObj.IPDeny = IPList
IIsWebVirtualDirObj.IPSecurity = IIsIPSecurityObj
IIsWebVirtualDirObj.Setinfo
WScript.Echo("The IPRestriction has been set")
' Display the IP restrictions.
IIsWebVirtualDirObj.Getinfo
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
IPList = IIsIPSecurityObj.IPDeny
WScript.Echo("These IP addresses are denied:")
For Each IP In IIsIPSecurityObj.IPDeny
WScript.Echo(IP)
Next
End if
This topic provides examples to configure IIS to restrict client access based on IP addresses or DNS host names. Each example modifies the IPSecurity metabase property, which can be configured for a service, a site, a virtual directory, or a Web file.
Using ADSI in VBScriptUsing ADSI in VBScript
The following example shows you how to use the VBScript scripting language to set an IP restriction on the default Web site and display the restrictions contained in the IPSecurity metabase property.
This example uses ADSI. For an example that uses System.DirectoryServices, see Setting IP Security Using System.DirectoryServices.
Visual Basic Script
' Set up variables.
Set IIsWebVirtualDirObj = GetObject("IIS://localhost/W3SVC/1/Root")
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
Dim IPList
IPList = Array()
' If GrantByDefault is True, you can only use IPDeny and DomainDeny.
If True = IIsIPSecurityObj.GrantByDefault Then
' Insert a new restriction.
IPList = IIsIPSecurityObj.IPDeny
If (-1 = Ubound(IPList)) Then WScript.Echo("Currently no IP Addresses are denied")
Redim IPList (Ubound(IPList)+1)
IPList (Ubound(IPList)) = "123.0.0.1,255.255.255.0"
' Set the new lists back in the metabase in two stages, and then save
' the metabase.
IIsIPSecurityObj.IPDeny = IPList
IIsWebVirtualDirObj.IPSecurity = IIsIPSecurityObj
IIsWebVirtualDirObj.Setinfo
WScript.Echo("The IPRestriction has been set")
' Display the IP restrictions.
IIsWebVirtualDirObj.Getinfo
Set IIsIPSecurityObj = IIsWebVirtualDirObj.IPSecurity
IPList = IIsIPSecurityObj.IPDeny
WScript.Echo("These IP addresses are denied:")
For Each IP In IIsIPSecurityObj.IPDeny
WScript.Echo(IP)
Next
End if
System Restore Windows
The most requested feature (apart from the Logon Screen & Fast User Switching) is here! You will need your Windows XP CD on hand to install this, as files from Windows XP are required to install System Restore into Windows Server 2003.
Please take care when using System Restore, as system instabilities are still unknown at this point, although it has been tried and tested! If your copy of Windows Server 2003 is to be used as a 100% workstation, then it should be OK to use System Restore!
The installation of System Restore is as easy as pie, follow the instructions below:
Download: Add System Restore
1. Extract the zip file into a folder, you will see two main files - AddSystemRestoreEntries.reg and sr.inf
2. Double click on AddSystemRestoreEntries.reg and click on Yes when prompted.
3. Insert your Windows XP CD
4. Right click on sr.inf and select Install.
5. Point to the /i386 directory on the CD if prompted.
6. Reboot!
That simple eh! Many thanks to Gosh for this excellent hack!
Screenshots: Main System Restore Screen | System Restore tab in My Computer Properties
Let's move on to the last section, where you can find information and configure the little bits here and there!
Please take care when using System Restore, as system instabilities are still unknown at this point, although it has been tried and tested! If your copy of Windows Server 2003 is to be used as a 100% workstation, then it should be OK to use System Restore!
The installation of System Restore is as easy as pie, follow the instructions below:
Download: Add System Restore
1. Extract the zip file into a folder, you will see two main files - AddSystemRestoreEntries.reg and sr.inf
2. Double click on AddSystemRestoreEntries.reg and click on Yes when prompted.
3. Insert your Windows XP CD
4. Right click on sr.inf and select Install.
5. Point to the /i386 directory on the CD if prompted.
6. Reboot!
That simple eh! Many thanks to Gosh for this excellent hack!
Screenshots: Main System Restore Screen | System Restore tab in My Computer Properties
Let's move on to the last section, where you can find information and configure the little bits here and there!
Monday, November 5, 2007
Error while Removing Name serversfromWHM ICANN error
Cannot be removing since it is still registered with an ICANN register.
http://forums.spry.com/archive/index.php/t-150.html
http://www.fdcservers.net/vbulletin/archive/index.php/t-1012.html
http://layer0.layeredtech.com/archive/index.php?t-3666.html
Recently I have seen several instances of the following error in WHM:
"Sorry, the nameserver ip a.b.c.d cannot be removing since it is still registered with an ICANN register."
This error occurs under "Networking Setup -> Nameserver IPs" when you click the X to remove a nameserver.
This is caused by WHM doing whois lookups to determine if the nameservers are registered or not.
To correct the issue, go to Server Configuration -> Tweak Settings and check the box labeled "Disable whois lookups for the nameserver ip manager.".
Save the changes and you should be able to remove the nameserver now.
Wednesday, October 17, 2007
How to configure SQL Server 2005 to allow remote connections
Enable remote connections for SQL Server 2005 Express or SQL Server 2005 Developer Edition
You must enable remote connections for each instance of SQL Server 2005 that you want to connect to from a remote computer. To do this, follow these steps:| 1. | Click Start, point to Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click SQL Server Surface Area Configuration. | ||||||||||||||||||||||||||||
| 2. | On the SQL Server 2005 Surface Area Configuration page, click Surface Area Configuration for Services and Connections. | ||||||||||||||||||||||||||||
| 3. | On the Surface Area Configuration for Services and Connections page, expand Database Engine, click Remote Connections, click Local and remote connections, click the appropriate protocol to enable for your environment, and then click Apply. Note Click OK when you receive the following message: | ||||||||||||||||||||||||||||
| 4. | On the Surface Area Configuration for Services and Connections page, expand Database Engine, click Service, click Stop, wait until the MSSQLSERVER service stops, and then click Start to restart the MSSQLSERVER service.Enable the SQL Server Browser serviceIf you are running SQL Server 2005 by using an instance name and you are not using a specific TCP/IP port number in your connection string, you must enable the SQL Server Browser service to allow for remote connections. For example, SQL Server 2005 Express is installed with a default instance name of Computer Name\SQLEXPRESS. You are only required to enable the SQL Server Browser service one time, regardless of how many instances of SQL Server 2005 you are running. To enable the SQL Server Browser service, follow these steps.Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.
Create exceptions in Windows FirewallThese steps apply to the version of Windows Firewall that is included in Windows XP Service Pack 2 (SP2) and in Windows Server 2003. If you are using a different firewall system, see your firewall documentation for more information.If you are running a firewall on the computer that is running SQL Server 2005, external connections to SQL Server 2005 will be blocked unless SQL Server 2005 and the SQL Server Browser service can communicate through the firewall. You must create an exception for each instance of SQL Server 2005 that you want to accept remote connections and an exception for the SQL Server Browser service. SQL Server 2005 uses an instance ID as part of the path when you install its program files. To create an exception for each instance of SQL Server, you must identify the correct instance ID. To obtain an instance ID, follow these steps:
Create an exception for SQL Server 2005 in Windows FirewallTo create an exception for SQL Server 2005 in Windows Firewall, follow these steps:
Create an exception for the SQL Server Browser service in Windows FirewallTo create an exception for the SQL Server Browser service in Windows Firewall, follow these steps:
|
Tuesday, October 16, 2007
Server failed to load application ( WIndows )
The server failed to load application '/LM/W3SVC/1/Root/'. The error was 'The server process could not be started because the configured identity is incorrect. Check the username and password'
there are 2 ways to resolve the issue.
1)
Give "Logon as a batch job" rights to the IWAM_MACHINENAME and IUSR_MACHINENAME accounts. To do this, follow these steps: 1. On the Administrative Tools menu, expand Local Security Policies.
2. Select User Rights Assignment.
3. Select the IWAM_MACHINENAME and IUSR_MACHINENAME accounts.NOTE: If domain level policy settings are defined, they override local policy settings. Make sure that the Effective Policy Setting is also selected (this setting is dimmed). Contact your domain administrator if this setting is not selected
2 ) Resetting the application in IIS
Go to Sites properties and on home directory tab, set app process from high to low and click apply, then set back to high and click apply
All set.
there are 2 ways to resolve the issue.
1)
Give "Logon as a batch job" rights to the IWAM_MACHINENAME and IUSR_MACHINENAME accounts. To do this, follow these steps: 1. On the Administrative Tools menu, expand Local Security Policies.
2. Select User Rights Assignment.
3. Select the IWAM_MACHINENAME and IUSR_MACHINENAME accounts.NOTE: If domain level policy settings are defined, they override local policy settings. Make sure that the Effective Policy Setting is also selected (this setting is dimmed). Contact your domain administrator if this setting is not selected
2 ) Resetting the application in IIS
Go to Sites properties and on home directory tab, set app process from high to low and click apply, then set back to high and click apply
All set.
Restore Corrupted DHCP DB
The DHCP database is contained in the Dhcp.mdb file located in the %SystemRoot%\System32\Dhcp folder. The DHCP server uses this file to record and store information concerning active leases and reservations. Most of this information is also contained in the following registry key:
Windows NT 4.0:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Configuration
Windows 2000:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DhcpServer\Configuration
Whenever the DHCP service shuts down correctly, it makes a backup copy of both the database file (Dhcp.mdb) and the registry key. The backup information from the registry is contained in the file Dhcpcfg. For Windows NT 3.51, the file Dhcp.mdb is located in the %SystemRoot%\System32\Dhcp\Backup\Jet folder. In Windows NT 4.0, the file Dhcp.mdb is located in the %SystemRoot%\System32\Dhcp\Backup\Jet\New folder. Both versions of Windows NT store the Dhcpcfg file in the %SystemRoot%\System32\Dhcp\Backup folder.
To recover a corrupted DHCP database, use one of the following methods:
• Restore a backup copy of the database file, Dhcp.mdb
- or-
• Generate a new database file using the DHCP Configuration registry key.
Restoring a backup copy of the database file is the recommended method because you will not lose information when you use it.
After you recover your database file using one of the methods mentioned earlier, you must reconcile the information between the database file and the registry information.
NOTE: The following steps assume that your DHCP server will not start because of a corrupted DHCP database. If your DHCP server starts, but the database is corrupted, you have to start by stopping the service.
To stop the DHCP server service, type the following at a command prompt:
net stop dhcpserver
Back to the top
Restoring a Backup Copy of the Database
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
1. Move the files from your existing DHCP folder to a different location, being careful to keep the DHCP folder structure intact. For example, type the following at a command prompt and press ENTER after each line:
md c:\Olddhcp move %SystemRoot%\system32\DHCP\*.* C:\Olddhcp
2. Remove the corrupted database file.
3. Copy the backup database file into the DHCP folder by typing the following at a command prompt, and then pressing ENTER:
• Windows NT 3.51
copy %SystemRoot%\system32\dhcp\backup\jet\dhcp.mdb %SystemRoot%\system32\dhcp\dhcp.mdb
• Windows NT 4.0
copy %SystemRoot%\system32\dhcp\backup\jet\new\dhcp.mdb %SystemRoot%\system32\dhcp\dhcp.mdb
If your computer is running Microsoft Windows 2000, modify the following registry key to restore the DHCP server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters
Change the RestoreFlag REG_DWORD value in this registry key to 1.
You may also choose to restore the Dhcp.mdb file to the %SystemRoot%\System32\Dhcp folder from a tape backup or other backup media.
Because you are using an existing database file, whether you restore it from backup media or the backup folder, you must use the Jetpack utility to compress it.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
145881 (http://support.microsoft.com/kb/145881/EN-US/) How to Use Jetpack.exe to Compact a WINS or DHCP Database
The above procedure should allow the service to start, but if your scope information is missing, you must use a backup copy of the Dhcpcfg registry file to restore your scope and reservation information. See steps 5 through 11 in the "From the New DHCP Server" section of the following article:
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
130642 (http://support.microsoft.com/kb/130642/) How to Move a DHCP Database to Another Windows Server
Back to the top
Generating a New Database File
1. Move the files in your existing DHCP folder to a different location, being careful to keep the DHCP folder structure intact. For example, type the following at a command prompt, pressing ENTER after each line:
md c:\olddhcp move %SystemRoot%\system32\dhcp\*.* c:\olddhcp
2. Select the next step from the following list, depending on which version of Windows NT Server you are using:
Windows NT Server 3.51:
Expand a new copy of System.mdb from the original Windows NT Server source media by inserting your original Windows NT Server 3.51 CD into your CD-ROM drive. To do so, type the following at a command prompt, and then press ENTER:
expand D:\I386\System.md_ %SystemRoot%\System32\Dhcp\System.mdb
where D: is your CD-ROM drive and i386 is your platform.
Windows NT Server 4.0:
Restart the DHCP server with an empty DHCP folder. Windows NT 4.0 and Windows 2000 do not use a System.mdb file.
The above procedure should allow the service to start, but if your scope information is missing, you must use a backup copy of the Dhcpcfg registry file to restore your scope and reservation information. See steps 5 through 11 in the "From the New DHCP Server" section of the following article:
Windows NT 4.0:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Configuration
Windows 2000:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DhcpServer\Configuration
Whenever the DHCP service shuts down correctly, it makes a backup copy of both the database file (Dhcp.mdb) and the registry key. The backup information from the registry is contained in the file Dhcpcfg. For Windows NT 3.51, the file Dhcp.mdb is located in the %SystemRoot%\System32\Dhcp\Backup\Jet folder. In Windows NT 4.0, the file Dhcp.mdb is located in the %SystemRoot%\System32\Dhcp\Backup\Jet\New folder. Both versions of Windows NT store the Dhcpcfg file in the %SystemRoot%\System32\Dhcp\Backup folder.
To recover a corrupted DHCP database, use one of the following methods:
• Restore a backup copy of the database file, Dhcp.mdb
- or-
• Generate a new database file using the DHCP Configuration registry key.
Restoring a backup copy of the database file is the recommended method because you will not lose information when you use it.
After you recover your database file using one of the methods mentioned earlier, you must reconcile the information between the database file and the registry information.
NOTE: The following steps assume that your DHCP server will not start because of a corrupted DHCP database. If your DHCP server starts, but the database is corrupted, you have to start by stopping the service.
To stop the DHCP server service, type the following at a command prompt:
net stop dhcpserver
Back to the top
Restoring a Backup Copy of the Database
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
1. Move the files from your existing DHCP folder to a different location, being careful to keep the DHCP folder structure intact. For example, type the following at a command prompt and press ENTER after each line:
md c:\Olddhcp move %SystemRoot%\system32\DHCP\*.* C:\Olddhcp
2. Remove the corrupted database file.
3. Copy the backup database file into the DHCP folder by typing the following at a command prompt, and then pressing ENTER:
• Windows NT 3.51
copy %SystemRoot%\system32\dhcp\backup\jet\dhcp.mdb %SystemRoot%\system32\dhcp\dhcp.mdb
• Windows NT 4.0
copy %SystemRoot%\system32\dhcp\backup\jet\new\dhcp.mdb %SystemRoot%\system32\dhcp\dhcp.mdb
If your computer is running Microsoft Windows 2000, modify the following registry key to restore the DHCP server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters
Change the RestoreFlag REG_DWORD value in this registry key to 1.
You may also choose to restore the Dhcp.mdb file to the %SystemRoot%\System32\Dhcp folder from a tape backup or other backup media.
Because you are using an existing database file, whether you restore it from backup media or the backup folder, you must use the Jetpack utility to compress it.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
145881 (http://support.microsoft.com/kb/145881/EN-US/) How to Use Jetpack.exe to Compact a WINS or DHCP Database
The above procedure should allow the service to start, but if your scope information is missing, you must use a backup copy of the Dhcpcfg registry file to restore your scope and reservation information. See steps 5 through 11 in the "From the New DHCP Server" section of the following article:
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
130642 (http://support.microsoft.com/kb/130642/) How to Move a DHCP Database to Another Windows Server
Back to the top
Generating a New Database File
1. Move the files in your existing DHCP folder to a different location, being careful to keep the DHCP folder structure intact. For example, type the following at a command prompt, pressing ENTER after each line:
md c:\olddhcp move %SystemRoot%\system32\dhcp\*.* c:\olddhcp
2. Select the next step from the following list, depending on which version of Windows NT Server you are using:
Windows NT Server 3.51:
Expand a new copy of System.mdb from the original Windows NT Server source media by inserting your original Windows NT Server 3.51 CD into your CD-ROM drive. To do so, type the following at a command prompt, and then press ENTER:
expand D:\I386\System.md_ %SystemRoot%\System32\Dhcp\System.mdb
where D: is your CD-ROM drive and i386 is your platform.
Windows NT Server 4.0:
Restart the DHCP server with an empty DHCP folder. Windows NT 4.0 and Windows 2000 do not use a System.mdb file.
The above procedure should allow the service to start, but if your scope information is missing, you must use a backup copy of the Dhcpcfg registry file to restore your scope and reservation information. See steps 5 through 11 in the "From the New DHCP Server" section of the following article:
Install php 4.x on windows
Howto: Install PHP on Windows 2003 Web Edition
1) Download latest version of PHP from www.php.net
2) Unzip contents to c:php
3) Copy all files from c:phpdlls to c:windowssystem32
4) Copy all files from c:phpsapi to c:windowssystem32
5) Copy c:phpphp.ini to c:windowsphp.ini
6) Open IIS, and add a "Web Service Extension"
7) Call the extension "PHP"
8) set the path as c:windowssystem32php4isapi.dll
9) set the status to "allow"
10) Right click the "Web Sites" folder, and select properties
11) On the "Home Directory" tab, select "Configuration"
12) Click "Add", then browse to c:windowssystem32php4isapi.dll, set the extension as .php, and deselect "Verify that the file exists".
13) Click Okay
14) Apply the setting to all sites.
15) Restart IIS
if the sites runs temp. sessions then we will need to provide the everyone write access
just add the every one to the ACL and give it write permission.
1) Download latest version of PHP from www.php.net
2) Unzip contents to c:php
3) Copy all files from c:phpdlls to c:windowssystem32
4) Copy all files from c:phpsapi to c:windowssystem32
5) Copy c:phpphp.ini to c:windowsphp.ini
6) Open IIS, and add a "Web Service Extension"
7) Call the extension "PHP"
8) set the path as c:windowssystem32php4isapi.dll
9) set the status to "allow"
10) Right click the "Web Sites" folder, and select properties
11) On the "Home Directory" tab, select "Configuration"
12) Click "Add", then browse to c:windowssystem32php4isapi.dll, set the extension as .php, and deselect "Verify that the file exists".
13) Click Okay
14) Apply the setting to all sites.
15) Restart IIS
if the sites runs temp. sessions then we will need to provide the everyone write access
just add the every one to the ACL and give it write permission.
Php Issues with Windows
Notice: Undefined offset: 3 in D:\webspace\iconres\familydoctor\familydoctor.co.in\www\includes\sites.php on line 45
Notice: Undefined offset: 3 in D:\webspace\iconres\familydoctor\familydoctor.co.in\www\includes\sites.php on line 45
Put this in sites.php on the top
// Report all errors except E_NOTICE
error_reporting(E_ALL ^ E_NOTICE);
Mysql on windows
had the problem with "*ERROR 2003: Can't
connect to MySQL server on 'localhost' (10061)*"
and here is how I resolved the issue. I thought I
would share my solution with you...
1. Uninstalled mysql (I guess my first installation
was corrupted).
2. c:\mysql\bin>mysqld-nt.exe --install or run it from GUI.
if mysqld-nt.exe does not work run mysqld-max-nt.exe
3. Reboot (not necessary)
4. Now, check the task manager and mysqld-nt.exe
should be running at the background. If not, there is
something wrong with the install -- I believe
it was my problem.
5. C:\mysql\bin>mysql -u root mysql
6. mysql> set password for
root@localhost=PASSWORD("funfun");
7. mysql> update user set password=PASSWORD
("funfun") where user='root';
8. mysql> flush privileges;
Note that funfun is my password
connect to MySQL server on 'localhost' (10061)*"
and here is how I resolved the issue. I thought I
would share my solution with you...
1. Uninstalled mysql (I guess my first installation
was corrupted).
2. c:\mysql\bin>mysqld-nt.exe --install or run it from GUI.
if mysqld-nt.exe does not work run mysqld-max-nt.exe
3. Reboot (not necessary)
4. Now, check the task manager and mysqld-nt.exe
should be running at the background. If not, there is
something wrong with the install -- I believe
it was my problem.
5. C:\mysql\bin>mysql -u root mysql
6. mysql> set password for
root@localhost=PASSWORD("funfun");
7. mysql> update user set password=PASSWORD
("funfun") where user='root';
8. mysql> flush privileges;
Note that funfun is my password
Microsoft uninstaller utility
Not able to remove or uninstall an application in Windows XP using either the Uninstall option or the Add/Remove Programs tool? Try using the Windows Installer CleanUp Utility. As long as you installed the application using the Windows Installer, this utility will remove all the folders, files, registry keys, and entries from your system and allow you to start over with a clean slate.
Here's how:
Download the Windows Installer CleanUp Utility from the Microsoft Download Center.
Locate and run msicuu2.exe to install the Windows Installer CleanUp Utility.
Locate and launch the Windows Installer CleanUp Utility on the Start menu.
From the Windows Installer CleanUp Utility window, locate the application in the list and click the Remove button.
Once the application has been removed, click the Exit button to close the utility.
You may now reinstall the application.
Here's how:
Download the Windows Installer CleanUp Utility from the Microsoft Download Center.
Locate and run msicuu2.exe to install the Windows Installer CleanUp Utility.
Locate and launch the Windows Installer CleanUp Utility on the Start menu.
From the Windows Installer CleanUp Utility window, locate the application in the list and click the Remove button.
Once the application has been removed, click the Exit button to close the utility.
You may now reinstall the application.
Mail Enable Issue account asking for password
There was an issue with mail enable on a windows server
when client is trying to access the mails through outlook
outlook was constantly asking for password.
it was a dedicated windows mail server have mail enable as a mail client.
as per Rajashree what I have done. is
I went to C://program files / mail enable / configs/ auth.tab
auth.tab is a file where all the username and passwords are saved.but it was clear
there was one more file auth.sav these file also contains the same info.
I rename the auth.tab with auth3.tab and save as the auth.sav as auth.tab
and issue resolved.
`
when client is trying to access the mails through outlook
outlook was constantly asking for password.
it was a dedicated windows mail server have mail enable as a mail client.
as per Rajashree what I have done. is
I went to C://program files / mail enable / configs/ auth.tab
auth.tab is a file where all the username and passwords are saved.but it was clear
there was one more file auth.sav these file also contains the same info.
I rename the auth.tab with auth3.tab and save as the auth.sav as auth.tab
and issue resolved.
`
Issue with Lsass.exe with windows
Issue with lsass.exe on windows server 2003
can be resolved as follows. -
IF you are getting lsass.exe is terminated unexpectedly and server shutting down now.
the issue can be resolved as follows.
The main reason behind that is the virus attack as trojan and worms.due lack of update the antivirus.
lsass.exe - its a important system process that should be stable on the server ,
"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server. It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token. More info
Note: The lsass.exe file is located in the C:\Windows\System32 folder. In other cases, lsass.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.
The .exe file can be trying to use files and functions that aren't working properly. This can be a cause of EXE errors.
you will find Here are some of the processes running. These are the infected processes.
1. avserve.exe
2. avserve2.exe
3. hognubn.exe
4. rundll32 cwcprops
Update your existing ativirus. or scan the server with norton or Mcaffe.
Use a firewall. This can be as simple as turning on the Internet Connection Firewall included in Windows XP, to purchasing and installing hardware devices such as a NAT router. Either of these solutions will likely protect you from Sasser and many other types of non-email-based threats.
Install the patch. This patch for your operating system can be found with Microsoft Security Bulletin MS04-011.
Remove the virus. There are several Sasser removal tools floating around, Microsoft's What You Should Know About the Sasser Worm and Its Variants has one.
Update and run your Anti-Virus software. Make sure that both of those steps happen automatically in the future as well. For example, my virus scanner is configured to check for updates and run a scan nightly.
Stay up-to-date. There are several options, but I endorse running Windows Automatic Update for Windows XP. My preference is to have it download and notify me of changes that are ready to install. In addition - or, if you prefer, instead - you should also visit Windows Update on a regular basis for additional updates to your system. I probably visit once a month.
can be resolved as follows. -
IF you are getting lsass.exe is terminated unexpectedly and server shutting down now.
the issue can be resolved as follows.
The main reason behind that is the virus attack as trojan and worms.due lack of update the antivirus.
lsass.exe - its a important system process that should be stable on the server ,
"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server. It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token. More info
Note: The lsass.exe file is located in the C:\Windows\System32 folder. In other cases, lsass.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.
The .exe file can be trying to use files and functions that aren't working properly. This can be a cause of EXE errors.
you will find Here are some of the processes running. These are the infected processes.
1. avserve.exe
2. avserve2.exe
3. hognubn.exe
4. rundll32 cwcprops
Update your existing ativirus. or scan the server with norton or Mcaffe.
Use a firewall. This can be as simple as turning on the Internet Connection Firewall included in Windows XP, to purchasing and installing hardware devices such as a NAT router. Either of these solutions will likely protect you from Sasser and many other types of non-email-based threats.
Install the patch. This patch for your operating system can be found with Microsoft Security Bulletin MS04-011.
Remove the virus. There are several Sasser removal tools floating around, Microsoft's What You Should Know About the Sasser Worm and Its Variants has one.
Update and run your Anti-Virus software. Make sure that both of those steps happen automatically in the future as well. For example, my virus scanner is configured to check for updates and run a scan nightly.
Stay up-to-date. There are several options, but I endorse running Windows Automatic Update for Windows XP. My preference is to have it download and notify me of changes that are ready to install. In addition - or, if you prefer, instead - you should also visit Windows Update on a regular basis for additional updates to your system. I probably visit once a month.
Jmail mailer ASP error issue
There was an issue with a contact us page of the site
it was throwing the error
like
Server object error 'ASP 0178 : 80070005'
Server.CreateObject Access Error
The call to Server.CreateObject failed while checking permissions. Access is denied to this object.
when I checked I found jmail as the mail component on the server
First I checked for all the ASP use permission , it was right
then checked for Default SMTP server permission
added IIS_WPG user to it and then checked but no luck
then after searching on google I got a forum link on swsoft
and the resolution was to find the .dll file for that mailer component
like jmail.dll for jmail . I found it and as per solution I gave full permissions to everyone user and issue resolved.
it was throwing the error
like
Server object error 'ASP 0178 : 80070005'
Server.CreateObject Access Error
The call to Server.CreateObject failed while checking permissions. Access is denied to this object.
when I checked I found jmail as the mail component on the server
First I checked for all the ASP use permission , it was right
then checked for Default SMTP server permission
added IIS_WPG user to it and then checked but no luck
then after searching on google I got a forum link on swsoft
and the resolution was to find the .dll file for that mailer component
like jmail.dll for jmail . I found it and as per solution I gave full permissions to everyone user and issue resolved.
Installing,Configuring ISAPI on windows
Installing ISAPI Filters
Like ISAPI extensions, ISAPI filters are programs that respond when the Web server receives an HTTP request. They are different from applications in that they are driven by Web server events rather than by a client request. You can associate an ISAPI filter with a particular Web server event; the filter is then notified every time its associated event occurs. For example, a filter could be notified when a Read or Write event occurs and then encrypt the raw data to be returned to the client.
You can install filters for all sites on a server (global filters), and you can install filters for individual Web sites. If you install both global filters and site filters, the two filter lists are merged for the site.
When several filters have registered for the same event, they are called sequentially. Filters with a higher priority are run before filters with a lower priority. If several filters have the same priority, global filters set in the master properties are run before filters set at the site level. Filters with the same priority at the same inheritance level are run according to the order in which they were loaded. You can change the filter load order on the property sheets for the Web server or Web site.
Unlike ISAPI extensions, ISAPI filters are always run in the server process.
To add a filter to a Web server or Web site
In the Internet Information Services snap-in, select the Web server or Web site and open its property sheets.
Click the ISAPI Filters tab.
Note If you are adding filters to a Web site, you will not see any global filters inherited from the Web server's master properties. You will see only the filters installed for the Web site, even though both sets of filters are run.
Click the Add button.
Type the name of the filter in the Filter Name box and either type or browse for the DLL file in the Executable box.
Click OK.
To change the load order of a filter, use the arrows.
Note You can only change the load order of filters with the same priority.
If you have added or changed a global filter, you must stop and restart the Web server to load the new filters into memory. A filter added at the Web site level is automatically loaded when you add it.
Note If an HTTP request triggers an event for which the filter is registered, the filter will receive the data contained in the request regardless of whether the request is for a file, a CGI application, or an ISAPI extension.
Like ISAPI extensions, ISAPI filters are programs that respond when the Web server receives an HTTP request. They are different from applications in that they are driven by Web server events rather than by a client request. You can associate an ISAPI filter with a particular Web server event; the filter is then notified every time its associated event occurs. For example, a filter could be notified when a Read or Write event occurs and then encrypt the raw data to be returned to the client.
You can install filters for all sites on a server (global filters), and you can install filters for individual Web sites. If you install both global filters and site filters, the two filter lists are merged for the site.
When several filters have registered for the same event, they are called sequentially. Filters with a higher priority are run before filters with a lower priority. If several filters have the same priority, global filters set in the master properties are run before filters set at the site level. Filters with the same priority at the same inheritance level are run according to the order in which they were loaded. You can change the filter load order on the property sheets for the Web server or Web site.
Unlike ISAPI extensions, ISAPI filters are always run in the server process.
To add a filter to a Web server or Web site
In the Internet Information Services snap-in, select the Web server or Web site and open its property sheets.
Click the ISAPI Filters tab.
Note If you are adding filters to a Web site, you will not see any global filters inherited from the Web server's master properties. You will see only the filters installed for the Web site, even though both sets of filters are run.
Click the Add button.
Type the name of the filter in the Filter Name box and either type or browse for the DLL file in the Executable box.
Click OK.
To change the load order of a filter, use the arrows.
Note You can only change the load order of filters with the same priority.
If you have added or changed a global filter, you must stop and restart the Web server to load the new filters into memory. A filter added at the Web site level is automatically loaded when you add it.
Note If an HTTP request triggers an event for which the filter is registered, the filter will receive the data contained in the request regardless of whether the request is for a file, a CGI application, or an ISAPI extension.
Create IP security policy
How to Create an IPSec Filter List
To create an IPSec filter list that applies to both inbound TCP port 80 and TCP port 25:
1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
2. Click to expand Security Settings.
3. Right-click IP Security Policies in the left pane, and then click Manage IP filter.
4. Click the Manage IP Filter Lists tab in the Manage IP filter lists and filter actions dialog box, and then click Add.
5. Type Inbound TCP 80 and 25 in the Name box, and then type Allows inbound traffic to TCP ports 80 and 25 in the Description box.
6. Click to clear the Use Add Wizard check box, and then click Add to add a new filter list entry.
7. Click the Addressing tab.
8. Click Any IP Address in the Source address box.
9. Click My IP Address in the Destination addressbox. This configuration indicates that the filter will be applied to inbound packets.
10. Click to clear the Mirrored check box.
11. Click the Protocol Tab.
12. Click TCP in the Select a protocol type box.
13. Click From any port, and then click To this port.
14. In the To this port box, type 80.
15. Click Apply, and then click OK.
16. Click Add in the IP Filter List dialog box.
17. Click the Addressing tab.
18. Click Any IP Address in the Source address box.
19. Click My IP Address in the Destination address box. This configuration indicates that the filter will be applied to inbound packets.
20. Click to select the Mirrored check box. When you do this, a filter with the opposite source and destination IP address is created.
21. Click the Protocol tab.
22. Click TCP in the Select a protocol type box.
23. Click From any port, and then click To this port.
24. Type 25 in the To this port box.
25. Click Apply, and then click OK.
26. Click Close in the IP Filter List dialog box.
How to Create an IPSec Policy That Is Based on the Filter List
To create an IPSec policy that is based on the filter list:
1. Right-click IP Security Policies in the left pane, and then click Create IP Security Policy.
2. In the Welcome to the IP Security Policy Wizard, click Next.
3. In the IP Security Policy Name dialog box, type Permit Inbound TCP 80 and 25 in the Name box, and then click Next.
4. Click to clear the Activate the default response rule check box, and then click Next.
5. In the Completing the IP Security Policy Wizard dialog box, click to select the Edit properties check box if it is not already selected, and then click Finish.
6. Click the Rules tab.
7. Click to clear the Use Add Wizard check box, and then click Add.
8. Click the IP Filter List tab.
9. Click Option that is to the left of Inbound TCP 80 and 25 IP Filter List.
10. Click the Filter Action tab.
11. Click Option that is to the left of Permit.
12. Click Apply, and then click OK.
13. The Inbound TCP 80 and 25 Filter List check box is selected. Click Close.
The IPSec policy checks for packets that are destined for TCP port 80 and TCP port 25 on the local interface, and then matches those packets to the Permit filter action, which allows the packets through the interface.
To create an IPSec filter list that applies to both inbound TCP port 80 and TCP port 25:
1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
2. Click to expand Security Settings.
3. Right-click IP Security Policies in the left pane, and then click Manage IP filter.
4. Click the Manage IP Filter Lists tab in the Manage IP filter lists and filter actions dialog box, and then click Add.
5. Type Inbound TCP 80 and 25 in the Name box, and then type Allows inbound traffic to TCP ports 80 and 25 in the Description box.
6. Click to clear the Use Add Wizard check box, and then click Add to add a new filter list entry.
7. Click the Addressing tab.
8. Click Any IP Address in the Source address box.
9. Click My IP Address in the Destination addressbox. This configuration indicates that the filter will be applied to inbound packets.
10. Click to clear the Mirrored check box.
11. Click the Protocol Tab.
12. Click TCP in the Select a protocol type box.
13. Click From any port, and then click To this port.
14. In the To this port box, type 80.
15. Click Apply, and then click OK.
16. Click Add in the IP Filter List dialog box.
17. Click the Addressing tab.
18. Click Any IP Address in the Source address box.
19. Click My IP Address in the Destination address box. This configuration indicates that the filter will be applied to inbound packets.
20. Click to select the Mirrored check box. When you do this, a filter with the opposite source and destination IP address is created.
21. Click the Protocol tab.
22. Click TCP in the Select a protocol type box.
23. Click From any port, and then click To this port.
24. Type 25 in the To this port box.
25. Click Apply, and then click OK.
26. Click Close in the IP Filter List dialog box.
How to Create an IPSec Policy That Is Based on the Filter List
To create an IPSec policy that is based on the filter list:
1. Right-click IP Security Policies in the left pane, and then click Create IP Security Policy.
2. In the Welcome to the IP Security Policy Wizard, click Next.
3. In the IP Security Policy Name dialog box, type Permit Inbound TCP 80 and 25 in the Name box, and then click Next.
4. Click to clear the Activate the default response rule check box, and then click Next.
5. In the Completing the IP Security Policy Wizard dialog box, click to select the Edit properties check box if it is not already selected, and then click Finish.
6. Click the Rules tab.
7. Click to clear the Use Add Wizard check box, and then click Add.
8. Click the IP Filter List tab.
9. Click Option that is to the left of Inbound TCP 80 and 25 IP Filter List.
10. Click the Filter Action tab.
11. Click Option that is to the left of Permit.
12. Click Apply, and then click OK.
13. The Inbound TCP 80 and 25 Filter List check box is selected. Click Close.
The IPSec policy checks for packets that are destined for TCP port 80 and TCP port 25 on the local interface, and then matches those packets to the Permit filter action, which allows the packets through the interface.
Backup IIS configuration
To back up your IIS configuration, follow these steps: 1. In the IIS snap-in on the local computer, click the Computer icon under Internet Information Services.
2. Click Action and select Backup/Restore Configuration.
3. Click Create backup, choose a name for your backup file, and then click OK.
NOTE: The default location of the backup is the %SystemRoot%\system32\inetsrv\MetaBack folder. If you want to save your backup file to another location, you can copy the file from this default location to another location. Keep a copy in the default location to allow for an easy restoration. Note that by default, C:\Winnt is the %SystemRoot% folder in Microsoft Windows 2000.
2. Click Action and select Backup/Restore Configuration.
3. Click Create backup, choose a name for your backup file, and then click OK.
NOTE: The default location of the backup is the %SystemRoot%\system32\inetsrv\MetaBack folder. If you want to save your backup file to another location, you can copy the file from this default location to another location. Keep a copy in the default location to allow for an easy restoration. Note that by default, C:\Winnt is the %SystemRoot% folder in Microsoft Windows 2000.
Enable IP routing
To enable IP routing
1. Click Start, click Run, type regedit.exe, and then click OK.
2. In the registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3. Select the IPEnableRouter entry.
4. Click Edit, and then click Modify.
5. Under Value data, set the value of this field to 1, to enable IP routing for all network connections installed and used by this computer.
6. Close the registry editor.
1. Click Start, click Run, type regedit.exe, and then click OK.
2. In the registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
3. Select the IPEnableRouter entry.
4. Click Edit, and then click Modify.
5. Under Value data, set the value of this field to 1, to enable IP routing for all network connections installed and used by this computer.
6. Close the registry editor.
Assign or unassign IPsec policy for local computer
To assign or unassign IPSec policy for local computer policy
1. Click Start, click Run, type MMC, and then click OK.
2. Click File, click Add/Remove Snap-in, and then click Add.
3. Click Group Policy Object Editor, and then click Add.
4. Click Finish, click Close, and then click OK.
5. In the Group Policy console tree, click IP Security Policies on Local Computer.
1. Click Start, click Run, type MMC, and then click OK.
2. Click File, click Add/Remove Snap-in, and then click Add.
3. Click Group Policy Object Editor, and then click Add.
4. Click Finish, click Close, and then click OK.
5. In the Group Policy console tree, click IP Security Policies on Local Computer.
Disable TCP / IP Packet Filtering
To disable TCP/IP packet filtering
1. In Control Panel, double-click Network Connections.
2. Right-click the connection, and then click Properties.
3. Select Internet Protocol (TCP/IP), and then click the Properties tab.
4. Click Advanced, and then click the Options tab.
5. Under Optional Settings, click TCP/IP Filtering, and then click Properties.
6. Clear the Enable TCP/IP Filtering (All adapters) check box, and then click OK.
1. In Control Panel, double-click Network Connections.
2. Right-click the connection, and then click Properties.
3. Select Internet Protocol (TCP/IP), and then click the Properties tab.
4. Click Advanced, and then click the Options tab.
5. Under Optional Settings, click TCP/IP Filtering, and then click Properties.
6. Clear the Enable TCP/IP Filtering (All adapters) check box, and then click OK.
Internet Explorer can not open the site on server itself
the issue -
Internet explorer not able to browse the site , throwing up the error message as "Invalid Syntax error" though all the things like DNS , network , IP resolution working fine
here are the steps
RESOLUTION
To resolve this problem in Internet Explorer, follow these steps:
1. Quit all programs that are running.
2. Click Start, and then click Run.
3. Type regsvr32 urlmon.dll, and then click OK.
4. When you receive the "DllRegisterServer in urlmon.dll succeeded" message, click OK.
If this does not resolve the problem, repeat steps 2 through 4 for each of the following files (in step 3, replace Urlmon.dll with each of the file names below):
• Shdocvw.dll
• Actxprxy.dll
• Oleaut32.dll
• Mshtml.dll
• Browseui.dll
• Shell32.dll
Truncate SQL Log Files
How to truncate the sql database on the sql server.
1) login to sql server on which the datebase is hosted.
2) Open the enterprise manager >> select the database >> opent the properties for it.
3) check the size.
4) Open the query analyzer select the database and fire the following query.
BACKUP LOG "DATABASE_NAME" WITH TRUNCATE_ONLY
DBCC SHRINKFILE ('database-name_Log', 1) it means that you are truncating the database at 1 mb.You can specify the size whatever you want.
1) login to sql server on which the datebase is hosted.
2) Open the enterprise manager >> select the database >> opent the properties for it.
3) check the size.
4) Open the query analyzer select the database and fire the following query.
BACKUP LOG "DATABASE_NAME" WITH TRUNCATE_ONLY
DBCC SHRINKFILE ('database-name_Log', 1) it means that you are truncating the database at 1 mb.You can specify the size whatever you want.
Active Directory authorative restoration
Restart the domain controller (DC) of interest.
When you see the menu to select the OS, press F8.
From the Windows Advanced Options Menu, select Directory Services Restore Mode, then press Enter.
Select the Windows 2003 OS, then press Enter.
Use the restore mode password and log on as the administrator.
Click OK to the confirmation that Windows is running in Safe mode.
Start the Windows Backup application (go to Start, Programs, Accessories, System Tools, and click Backup).
Select the Restore option, then select the media where the backup is stored and ensure that the System State is selected.
Click OK to close any warning dialog boxes.
After the AD recovery is complete, click Close to the displayed dialog box and click Yes to restart the computer.
When the machine restarts, you need to specify which parts of the restoration will be authoritative by performing the following steps:
When you see the menu to select the OS, press F8.
From the Windows Advanced Options Menu, select Directory Services Restore Mode, then press Enter.
Select the Windows 2003 OS, then press Enter.
Use the restore mode password to log on as the administrator.
Click OK to the confirmation that Windows is running in Safe mode.
Open a command prompt--go to Start, Run and type
cmd
Start the Ntdsutil utility.
To access the authoritative restore mode, type
ntdsutil: authoritative restore
If you want to mark the entire database as authoritative, type
authoritative restore: restore database
If you want to mark only a certain object as authoritative (e.g., an organizational unit--OU), type
authoritative restore: restore subtree
To exit Ntdsutil, type
quit
Restart the DC as usual.
If you perform an authoritative restoration of a backup that's more than 14 days old, some trust relationships might be broken because the passwords used by the trust would have been changed twice (the directory stores both the current and previous password, which changes every 7 days). So, for example, when restoring NT LAN Manager (NTLM) trusts, you would have to break the trust, then recreate it.
--------------------------------------------------------------------------------
When you see the menu to select the OS, press F8.
From the Windows Advanced Options Menu, select Directory Services Restore Mode, then press Enter.
Select the Windows 2003 OS, then press Enter.
Use the restore mode password and log on as the administrator.
Click OK to the confirmation that Windows is running in Safe mode.
Start the Windows Backup application (go to Start, Programs, Accessories, System Tools, and click Backup).
Select the Restore option, then select the media where the backup is stored and ensure that the System State is selected.
Click OK to close any warning dialog boxes.
After the AD recovery is complete, click Close to the displayed dialog box and click Yes to restart the computer.
When the machine restarts, you need to specify which parts of the restoration will be authoritative by performing the following steps:
When you see the menu to select the OS, press F8.
From the Windows Advanced Options Menu, select Directory Services Restore Mode, then press Enter.
Select the Windows 2003 OS, then press Enter.
Use the restore mode password to log on as the administrator.
Click OK to the confirmation that Windows is running in Safe mode.
Open a command prompt--go to Start, Run and type
cmd
Start the Ntdsutil utility.
To access the authoritative restore mode, type
ntdsutil: authoritative restore
If you want to mark the entire database as authoritative, type
authoritative restore: restore database
If you want to mark only a certain object as authoritative (e.g., an organizational unit--OU), type
authoritative restore: restore subtree
To exit Ntdsutil, type
quit
Restart the DC as usual.
If you perform an authoritative restoration of a backup that's more than 14 days old, some trust relationships might be broken because the passwords used by the trust would have been changed twice (the directory stores both the current and previous password, which changes every 7 days). So, for example, when restoring NT LAN Manager (NTLM) trusts, you would have to break the trust, then recreate it.
--------------------------------------------------------------------------------
Helm License Issues
Helm Issue with windows server,
was facing the issue while login in to the control panel.
Error message
" Unable to login to the control panel configuration error , please contact support "
solution -
there may be the issue with the license , you can check the error logs on the server
at /Helm / logs / errors
if you got the error like license expired
click on start >>Helm>>helm license tool
click on update.it will update the license for the CP issue resolved.
but while accessing that tool I was getting the error message of invalid Pic.
that tool is a third party tool of Helm and can be downloaded manually .
the I call Ganesh
in the helm folder we found the .exe file of that tool and it was renamed
we renamed it to proper name and access the tool
update that license and got the issue resolved.
was facing the issue while login in to the control panel.
Error message
" Unable to login to the control panel configuration error , please contact support "
solution -
there may be the issue with the license , you can check the error logs on the server
at /Helm / logs / errors
if you got the error like license expired
click on start >>Helm>>helm license tool
click on update.it will update the license for the CP issue resolved.
but while accessing that tool I was getting the error message of invalid Pic.
that tool is a third party tool of Helm and can be downloaded manually .
the I call Ganesh
in the helm folder we found the .exe file of that tool and it was renamed
we renamed it to proper name and access the tool
update that license and got the issue resolved.
Dynamic Disks ( Raid 0 , 1 )
Dynamic disks
Dynamic disks support new features and sport new terminology. Here's a look at the different types of volumes you can create with a dynamic disk:
Simple volumes use space from a single disk or a hardware array volume.
Spanned volumes are non-fault-tolerant disk sets that use free space from multiple disks in the system.
Striped volumes are non-fault-tolerant disk sets (RAID 0) that stripe data across multiple disks in the system.
Mirrored volumes are fault-tolerant disk sets (RAID 1) that mirror data from one disk to another.
RAID 5 volumes are fault-tolerant disk sets that stripe data across three or more disks and include parity information.
Dynamic disks support new features and sport new terminology. Here's a look at the different types of volumes you can create with a dynamic disk:
Simple volumes use space from a single disk or a hardware array volume.
Spanned volumes are non-fault-tolerant disk sets that use free space from multiple disks in the system.
Striped volumes are non-fault-tolerant disk sets (RAID 0) that stripe data across multiple disks in the system.
Mirrored volumes are fault-tolerant disk sets (RAID 1) that mirror data from one disk to another.
RAID 5 volumes are fault-tolerant disk sets that stripe data across three or more disks and include parity information.
Diskusage Utility in Windows Server
The Windows Server 2003 Resource Kit includes the User Disk Usage tool (Diskuse.exe), a command-line utility that monitors disk space usage on a per-user basis.
This utility offers a number of parameters. For a complete list of these parameters, enter diskuse /? at the command line.
Here are some of the most useful parameters of this utility:
/s: This returns results for the current directory and all subdirectories.
/t: This returns the output in a tabular format.
/f:: This writes the results to the specified file, which you can import into Excel for analysis.
This utility offers a number of parameters. For a complete list of these parameters, enter diskuse /? at the command line.
Here are some of the most useful parameters of this utility:
/s: This returns results for the current directory and all subdirectories.
/t: This returns the output in a tabular format.
/f:
DDOS potection on Windows Server
SUMMARY
Denial of service (DoS) attacks are network attacks that are aimed at making a computer or a particular service on a computer unavailable to network users. Denial of service attacks can be difficult to defend against. To help prevent denial of service attacks, you can use one or both of the following methods: • Keep your computer updated with the latest security fixes. Security fixes are located on the following Microsoft Web site:
http://www.microsoft.com/security (http://www.microsoft.com/security)
• Harden the TCP/IP protocol stack on your Windows Server 2003 computers. The default TCP/IP stack configuration is tuned to handle standard intranet traffic. If you connect a computer directly to the Internet, Microsoft recommends that you harden the TCP/IP stack against denial of service attacks.
Back to the top
TCP/IP Registry Values That Harden the TCP/IP Stack
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
The following list explains the TCP/IP-related registry values that you can configure to harden the TCP/IP stack on computers that are directly connected to the Internet. All of these values should be created under the following registry key, unless otherwise noted:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
NOTE: All values are in hexadecimal unless otherwise noted. • Value name: SynAttackProtect
Key: Tcpip\Parameters
Value Type: REG_DWORD
Valid Range: 0,1
Default: 0
This registry value causes Transmission Control Protocol (TCP) to adjust retransmission of SYN-ACKS. When you configure this value, the connection responses time out more quickly during a SYN attack (a type of denial of service attack).
The following parameters can be used with this registry value: • 0 (default value): No SYN attack protection
• 1: Set SynAttackProtect to 1 for better protection against SYN attacks. This parameter causes TCP to adjust the retransmission of SYN-ACKS. When you set SynAttackProtect to 1, connection responses time out more quickly if the system detects that a SYN attack is in progress. Windows uses the following values to determine whether an attack is in progress: • TcpMaxPortsExhausted
• TCPMaxHalfOpen
• TCPMaxHalfOpenRetried
Note In Windows Server 2003 Service Pack 1, the default value for the SynAttackProtect registry entry is 1.
• Value name: EnableDeadGWDetect
Key: Tcpip\Parameters
Value Type: REG_DWORD
Valid Range: 0, 1 (False, True)
Default: 1 (True)
The following list explains the parameters that you can use with this registry value: • 1: When you set EnableDeadGWDetect to 1, TCP is permitted to perform dead-gateway detection. When dead-gateway detection is enabled, TCP may ask the Internet Protocol (IP) to change to a backup gateway if a number of connections are experiencing difficulty. Backup gateways are defined in the Advanced section of the TCP/IP configuration dialog box in the Network tool in Control Panel.
• 0: Microsoft recommends that you set the EnableDeadGWDetect value to 0. If you do not set this value to 0, an attack may force the server to switch gateways and cause it to switch to an unintended gateway.
• Value name: EnablePMTUDiscovery
Key: Tcpip\Parameters
Value Type: REG_DWORD
Valid Range: 0, 1 (False, True)
Default: 1 (True)
The following list explains the parameters that you can use with this registry value: • 1: When you set EnablePMTUDiscovery to 1, TCP tries to discover either the maximum transmission unit (MTU) or the largest packet size over the path to a remote host. TCP can remove fragmentation at routers along the path that connect networks with different MTUs by discovering the path MTU and limiting TCP segments to this size. Fragmentation adversely affects TCP throughput.
• 0: Microsoft recommends that you set EnablePMTUDiscovery to 0. When you do so, an MTU of 576 bytes is used for all connections that are not hosts on the local subnet. If you do not set this value to 0, an attacker may force the MTU value to a very small value and overwork the stack.
Important Setting EnablePMTUDiscovery to 0 negatively affects TCP/IP performance and throughput. Even though Microsoft recommends this setting, it should not be used unless you are fully aware of this performance loss.
• Value name: KeepAliveTime
Key: Tcpip\Parameters
Value Type: REG_DWORD-Time in milliseconds
Valid Range: 1-0xFFFFFFFF
Default: 7,200,000 (two hours)
This value controls how frequently TCP tries to verify that an idle connection is still intact by sending a keep-alive packet. If the remote computer is still reachable, it acknowledges the keep-alive packet. Keep-alive packets are not sent by default. You can use a program to configure this value on a connection. The recommended value setting is 300,000 (5 minutes).
• Value name: NoNameReleaseOnDemand
Key: Netbt\Parameters
Value Type: REG_DWORD
Valid Range: 0, 1 (False, True)
Default: 0 (False)
This value determines whether the computer releases its NetBIOS name when it receives a name-release request. This value was added to permit the administrator to protect the computer against malicious name-release attacks. Microsoft recommends that you set the NoNameReleaseOnDemand value to 1.
Back to the top
Troubleshooting
When you change the TCP/IP registry values, you may affect programs and services that are running on the Windows Server 2003-based computer. Microsoft recommends that you test these settings on nonproduction workstations and servers to confirm that they are compatible with your business environment.
Denial of service (DoS) attacks are network attacks that are aimed at making a computer or a particular service on a computer unavailable to network users. Denial of service attacks can be difficult to defend against. To help prevent denial of service attacks, you can use one or both of the following methods: • Keep your computer updated with the latest security fixes. Security fixes are located on the following Microsoft Web site:
http://www.microsoft.com/security (http://www.microsoft.com/security)
• Harden the TCP/IP protocol stack on your Windows Server 2003 computers. The default TCP/IP stack configuration is tuned to handle standard intranet traffic. If you connect a computer directly to the Internet, Microsoft recommends that you harden the TCP/IP stack against denial of service attacks.
Back to the top
TCP/IP Registry Values That Harden the TCP/IP Stack
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
The following list explains the TCP/IP-related registry values that you can configure to harden the TCP/IP stack on computers that are directly connected to the Internet. All of these values should be created under the following registry key, unless otherwise noted:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
NOTE: All values are in hexadecimal unless otherwise noted. • Value name: SynAttackProtect
Key: Tcpip\Parameters
Value Type: REG_DWORD
Valid Range: 0,1
Default: 0
This registry value causes Transmission Control Protocol (TCP) to adjust retransmission of SYN-ACKS. When you configure this value, the connection responses time out more quickly during a SYN attack (a type of denial of service attack).
The following parameters can be used with this registry value: • 0 (default value): No SYN attack protection
• 1: Set SynAttackProtect to 1 for better protection against SYN attacks. This parameter causes TCP to adjust the retransmission of SYN-ACKS. When you set SynAttackProtect to 1, connection responses time out more quickly if the system detects that a SYN attack is in progress. Windows uses the following values to determine whether an attack is in progress: • TcpMaxPortsExhausted
• TCPMaxHalfOpen
• TCPMaxHalfOpenRetried
Note In Windows Server 2003 Service Pack 1, the default value for the SynAttackProtect registry entry is 1.
• Value name: EnableDeadGWDetect
Key: Tcpip\Parameters
Value Type: REG_DWORD
Valid Range: 0, 1 (False, True)
Default: 1 (True)
The following list explains the parameters that you can use with this registry value: • 1: When you set EnableDeadGWDetect to 1, TCP is permitted to perform dead-gateway detection. When dead-gateway detection is enabled, TCP may ask the Internet Protocol (IP) to change to a backup gateway if a number of connections are experiencing difficulty. Backup gateways are defined in the Advanced section of the TCP/IP configuration dialog box in the Network tool in Control Panel.
• 0: Microsoft recommends that you set the EnableDeadGWDetect value to 0. If you do not set this value to 0, an attack may force the server to switch gateways and cause it to switch to an unintended gateway.
• Value name: EnablePMTUDiscovery
Key: Tcpip\Parameters
Value Type: REG_DWORD
Valid Range: 0, 1 (False, True)
Default: 1 (True)
The following list explains the parameters that you can use with this registry value: • 1: When you set EnablePMTUDiscovery to 1, TCP tries to discover either the maximum transmission unit (MTU) or the largest packet size over the path to a remote host. TCP can remove fragmentation at routers along the path that connect networks with different MTUs by discovering the path MTU and limiting TCP segments to this size. Fragmentation adversely affects TCP throughput.
• 0: Microsoft recommends that you set EnablePMTUDiscovery to 0. When you do so, an MTU of 576 bytes is used for all connections that are not hosts on the local subnet. If you do not set this value to 0, an attacker may force the MTU value to a very small value and overwork the stack.
Important Setting EnablePMTUDiscovery to 0 negatively affects TCP/IP performance and throughput. Even though Microsoft recommends this setting, it should not be used unless you are fully aware of this performance loss.
• Value name: KeepAliveTime
Key: Tcpip\Parameters
Value Type: REG_DWORD-Time in milliseconds
Valid Range: 1-0xFFFFFFFF
Default: 7,200,000 (two hours)
This value controls how frequently TCP tries to verify that an idle connection is still intact by sending a keep-alive packet. If the remote computer is still reachable, it acknowledges the keep-alive packet. Keep-alive packets are not sent by default. You can use a program to configure this value on a connection. The recommended value setting is 300,000 (5 minutes).
• Value name: NoNameReleaseOnDemand
Key: Netbt\Parameters
Value Type: REG_DWORD
Valid Range: 0, 1 (False, True)
Default: 0 (False)
This value determines whether the computer releases its NetBIOS name when it receives a name-release request. This value was added to permit the administrator to protect the computer against malicious name-release attacks. Microsoft recommends that you set the NoNameReleaseOnDemand value to 1.
Back to the top
Troubleshooting
When you change the TCP/IP registry values, you may affect programs and services that are running on the Windows Server 2003-based computer. Microsoft recommends that you test these settings on nonproduction workstations and servers to confirm that they are compatible with your business environment.
Subscribe to:
Posts (Atom)