Archive for admin

.htaccess SSL rewrite not working – DocumentRoot in Apache Config – WordPress Multi-site

I wasted a good couple of hours on this one, please learn from my fail.

I had just set up SSL on our WordPress Sites and that was working as expected, what was not working as expected was the rewrite from HTTP to HTTPS where a directory or path was involved.

So http://mysite.com/thispath would end up going to: https://mysite.comthispath

The slash separating the domain and directory\path would be taken out, so any existing Google links would also be very broken.

After much trial and error with various plugins and variations of the rewrite rules in the .htaccess file, I had a lightbulb moment when I was checking my Apache config.

I had set up the VirtualHost for port 80 traffic(HTTP) without a DocumentRoot, so when I would come in on http://mysite.com it could not find the .htaccess file to properly process the rewrite rules.  As far as Apache knew, there were no rewrite rules to process.  Which still begs the question, why does it remove the slash between the domain and the directory\path, that I don’t know….

What I do know: Make sure you specify a DocumentRoot in your Apache config, under VirtualHost in my case, for the type of traffic you want to process any rewrite rules for!

Otherwise, you’re gonna have a bad time… I had not seen any comments around this in my searches, so here it is, I hope it saves someone some pain.

Windows Event Log Service – Error 13: The data is invalid

For me, I had run through a series of hardening of the server and I found that the Windows Event Log service would no longer start.

After trying a series of other attempted fixes, like clearing out the existing logs from: %SystemRoot%\System32\Winevt\Logs, as well as making sure the permissions on the folder were ok.

There was a suggestion to use Process Monitor(procmon), so I tried starting the service, worked out what PID it was then filtered the view by that PID.  I saw the PID was attempting to traverse a set of Registry Keys which were showing as NOT FOUND.

The full key was: HKLM\SOFTWARE\Policies\Microsoft\Windows\EventLog

I checked the registry and this contained a set of Keys for Application, Security and System. For me these then only contained an entry for Retention.

Which got me thinking, does this even need to be here?

I deleted the Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\EventLog then tried to start the Windows Event Log service and BAM! worked straight up 🙂

Phone Scammers and Internet Security

With scamming on the rise, people being fleeced of their savings and the phone calls from ‘Telstra’ and ‘Microsoft’ more numerous than ever, I thought it was time for myself to spread the gospel of how to deal with all of this… It’s not iron clad, but there are some very simple common sense rules to follow and you won’t have to worry if you’ve shared your personal details with the wrong person.

I’ve recently seen a lot of bullshit safety information being shared around on social media, this is not bullshit, please please if you find any of this useful to you, please share it.

  • Telstra, Microsoft, et al. NEVER call you… Never…. Even they do, it’s often a call that’s unsolicited to begin with, as soon as they mention who they are calling from, hang up, hang up immediately. If it’s important they will call back, maybe not immediately but they will try again if legitimate. Scammers don’t call back, they call the next number in their list looking for the next victim. They only may call back at a later date if they were able to engage you in some way, hanging up immediately puts you in the bottom of their list.
  • If you think the call may have had some legitimacy, call the company in question and enquire about the call you just received. If a staff member from their organisation did phone you, there will be a record of it under your account. Big corporations keep records of their contact and attempts to contact you in their systems. If someone called you in an official capacity, it will be recorded.
  • The same principle can be applied to emails you receive, from any corporation, banks, post office, Telstra or Microsoft. Pick up the phone and verify it with whomever supposedly sent you this message. If the company has no record of the communication, then you know it’s suspect and can be ignored.

Your greatest power in the battle against scammers is the ability to verify. If it sounds remotely suspect, stop, hang up the phone if it’s a phone call, and call the company in question. Even if it ends up being a totally legitimate call, you’ve been able to verify.

I cannot stress this enough, companies will rarely make contact with you via phone, so be skeptical, hang up and call the company in question. More often than not it’s a toll free number and will only take 5 minutes of your time… How much can that 5 minutes of your time be worth to you…? Verify everything.

SQL2012\2014 Management Studio – Cannot find one or more components. Please reinstall the application

Struck an issue with a Windows 2012 Server with VS2012 installed trying to open SQL 2012 Management Studio giving the error:

“Cannot find one or more components.  Please reinstall the application”

After having tried a heap of combination of things, installing SQL 2014 Management Studio, uninstalling, reinstalling… Then repairing VS2012, installing SQL 2014 Management Studio again. All to no avail.

What finally got me over the line was to uninstall the Visual Studio 2010 Shell, this was done by downloading the installer from this link: http://www.microsoft.com/en-us/download/details.aspx?id=1366

Once downloaded, run the installer and remove the VS2010 Shell component. Once done, run the SQL 2014 Management Studio installer or do a repair on your existing installation, this will itself reinstall the VS2010 Shell components.

Then bam, it finally opened for me.

Amazon Glacier – Backup your data now!

I have been meaning to put something together to explain to people that it’s not all the difficult to backup your data in the ‘cloud.’ And with Amazon Glacier costing $0.012 per Gb per month (that’s $10.20 per TB per month!!), there are no excuses now.  This price is likely to fall in the coming years as Google continues their price war with Amazon in the cloud computing arena.

It does not come without its caveats though, number one being that upload speeds blow chunks in Australia, an average connection seeing barely 1Mbps, which works out to around 150KB/s, which is not that fast when you’ve got Gigabytes of photos to back up.  But, persist with it, it’s well well worth doing.

Also remember too that Amazon Glacier it meant to be an archive, it cannot be treated like an online cloud drive.  Once you upload data it is immediately archived, if you require access to data uploaded to an Amazon Glacier Vault, you need to first ask Amazon to retrieve this data, which takes up to 3-4 hours to complete and also comes at a small cost for retrieval.

If there’s anything in the guide that does not make sense or needs some more clarification, please do let me know.

Enjoy your cheap peace of mind for your precious data.

Amazon Glacier Cloud Storage Guide

Command-line Passive FTP – Dreaded 150 Opening ASCII mode data connection.

I hope I can save someone some time with this.  I had to create some simple batch scripts to move some files around to different servers in geographical locations, fair enough.  I configured two without issue, but then my script ran into a problem, it would hang on the ‘ls’ command when testing at 150 Opening ASCII mode data connection.

It all boiled down to the inability for the default FTP command-line program to connect passively to an FTP server.  I could connect fine using Windows Explorer, which has passive mode enabled within IE and also via WinSCP with passive enabled also.  The annoying thing was that I had complete control over the FTP servers I was connecting to, so I went about trying to troubleshoot the server rather than the client side….!

After finally figuring this out, I went in search of a command-line solution, and found one in the form of NCFTP(http://www.ncftp.com/ncftp/) of which I just needed NCFTPPut (http://www.ncftp.com/ncftp/doc/ncftpput.html) of which I just downloaded the pre-complied Windows binaries and grabbed out NCFTPPut.exe from its installation destination to where I needed it in my batch script, yes I could have just left it there but didn’t.  And a couple of simple commands later, Passive FTP via the command line for use in a batch script! Example of the syntax I used below:

ncftpput.exe -u username-p password ftpserveraddress destinationfolder sourcefolder

As easy as that… 🙂 I hope it saves someone else hours of troubleshooting.

Testing SSL Ciphers

Stumbled across a sweet Windows port for SSLScan: http://code.google.com/p/sslscan-win/

Extremely useful when testing out 256-bit SSL on IIS 7.5 🙂

FTP in IIS 7.5 – Firewalled and Not

We have hosted infrastructure in the US and UK which both needed FTP access.  Previously FTP in IIS has been pretty straightforward, but given the setup of each environment FTP was going to be an issue.

I found the following walkthrough given by Microsoft, as we were using Windows Server 2008 R2, the installation of the additional module can be ignored: http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings-in-iis-7/

The one caveat for me given our environment was the step whereby you specify the ‘External IP Address of Firewall’, for the environment behind a load balancer, this must be specified.  When behind a firewall, at least in our instance, nothing should be specified.

The symptoms of issues were being able to log into the FTP server, but then not being able to list the directory, in both passive and active modes on the client side, it would just time out.

So if you’re seeing a timeout when you list directory from your FTP client connecting to an IIS 7.5 FTP server, tweak the settings specified in the link above.  In both cases, I had to specify a data channel port range.

Dell EqualLogic Multipathing Extension Module – Deleting existing vSwitch

When removing an existing iSCSIvSwitch created using the MEM module setup, you will need to remove the stagnant VMkernel bindings with the existing physical NICs.

This is done by SSH-ing into the ESX host and running the following command:

esxcli swiscsi nic remove –n <vmk_interface> –d <vmhba_device>

You can determine which vmk_interface is associated with which physical NIC and associated vmbha, by running the following command:

esxcli swiscsi nic list –d <vmhba_device>

Once this has been done, you can follow the process of creating the iSCSIvSwitch using the MEM Module.

Simple process that held me up for a while, reference link: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1030674