How to add static routes in Windows Server 2008 R2

Download PDF

– Open CMD (elevated only – Run As Administrator)
– To display existing routes type: route print

EXAMPLE:
route add 1.1.1.10 mask 255.255.255.255 10.0.1.1
Where first destination IP, mask if single IP than /32 (.255) and then the next hop (other server)

So the example would be:
route add 192.168.10.15 mask 255.255.255.255 192.168.10.254

– To delete the route: route delete 192.168.10.15

IF YOU WISH TO SPECIFY THE INTERFACE ROUTE WILL USE DO THIS:
route add 192.168.10.15 mask 255.255.255.255 192.168.10.254 if 1 (where 1 is the interface number). You can see the interface numbers when route print.

How to Redirect HTTP to HTTPS with IIS 7

Download PDF

In IIS, to redirect (force) HTTPS on every HTTP request, do the following.

Before you start, make sure you have the following done;

  • IIS 7 installed
  • Microsoft URL Rewrite Module installed
  • Create HTTPS bindings to your IIS website and assign certificate
  • Ensure Require SSL is NOT checked under SSL Settings for your website

Once you have this done you can simply copy and paste the following code between the <rules>and </rules> tags in your your web.config file in your website root directory.

Please note if you already have some rules in you web.config file, make sure to put the bellow rule within <rules>. Every rule ends with <rule> and then all rules end with <ruleS>, so make sure not to put this rule inside another rule.

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>

Now save the web.config file and it’s all done.

MySQL error: Field doesn’t have a default value – ClipBucket – Clip-bucket

Download PDF

Clip-bucket Field ‘action_link’ doesn’t have a default value

or

MySQL error: Field doesn’t have a default value

When inserting a new record with varchar or text field that is required and has no default value. This error will display for example:error : Field ‘description’ doesn’t have a default value

The possible reason is that sql-mode in my.ini is set to STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION.

Change the value to
sql-mode = “”

Update 2011/4/25:
Add Default value “” if possible to avoid changing mysql setting.

Generate CSR and install SSL on IIS servers in Load Balanced Environment – SSL Behind a Load Balancer

Download PDF

To install SSL certificate in a Load Balanced environment, for example with 3 host web servers.

 

  • On the first server create a certificate request – CSR by doing the following:

 

Generating a CSR (IIS7)

  1. From Start, select Administrative Tools, and then select Internet Information Services (IIS) Manager.
  2. In the Connections panel on the left, click the server name for which you want to generate the CSR.
  3. In the middle panel, double-click Server Certificates.
  4. In the Actions panel on the right, click Create Certificate Request….
  5. Enter the following Distinguished Name Properties, and then click Next:
  6. NOTE: The following characters are not accepted when entering information: < > ~ ! @ # $ % ^ * / \ ( ) ? &
    • Common Name — The fully-qualified domain name (FQDN) — or URL — for which you plan to use your certificate (the area of your site you want customers to connect to using SSL).
      • An SSL certificate issued for www.domain.com.au is not valid for sub.domain.com.au. If you want your SSL to cover sub.domain.com.au, make sure the common name submitted in the CSR is sub.domain.com.au.
      • If you are requesting a wildcard certificate, add an asterisk (*) on the left side of the Common Name (e.g.,*.domain.com.au or *.sub.domain.com.au).
    • Organization — The name in which your business is legally registered. The organization must be the legal registrant of the domain name in the certificate request.
    • NOTE: If you are enrolling as an individual, enter the certificate requester’s name in the Organization field, and the Doing Business As (DBA) name in the Organizational Unit field.
    • Organizational Unit — Use this field to differentiate between divisions within an organization (such as “Digital” or “IT”).
    • City/Locality — The full name of the city in which your organization is registered/located. Do not abbreviate.
    • State/Province — The full name of state or province where your organization is located. Do not abbreviate.
    • Country — The two-letter International Organization for Standardization- (ISO-) format country code for the country in which your organization is legally registered.
  7. For Cryptographic service provider, select Microsoft RSA SChannel Cryptographic Provider .
  8. For Bit length, select 2048, and then click Next.
  9. Click …, enter the location and file name for your CSR, and then click Finish.

 

  • After CSR has been created, submit it to the Certification Authoroty (CA)
  • When the certificate has been issued it is time to install it – to COMPLETE THE CSR REQUEST ON THE FIRST SERVER WHERE CSR WAS CREATED.

 

Installing a SSL cert (IIS7)

  1. Click Start, mouse-over Administrative Tools, and then click Internet Services Manager.
  2. In the Internet Information Services (IIS) Manager window, select your server.
  3. Scroll to the bottom, and then double-click Server Certificates.
  4. From the Actions panel on the right, click Complete Certificate Request….
  5. To locate your certificate file, click ….
  6. In the Open window, select *.* as your file name extension, select your certificate (it might be saved as a .txt, .cer, or .crt), and then click Open.
  7. In the Complete Certificate Request window, enter a Friendly name for the certificate file, and then click OK.
  8. NOTE: For Wildcard SSL certificates make sure your Friendly Name to matches your Common Name (i.e. *.domain.com.au)

NEXT INFO IS ONLY FOR NEW CERTIFICATES – RENEWALS WILL ALREADY HAVE ALL THE INFO IN – YOU JUST HAVE TO SELECT THE RENEWED SSL IN EDIT SITE BINDING (BINDINGS>HTTPS>EDIT>SSL Certificate>Select the renewed one – if you named both old and renewed SSL with the same friendly name, you can select one and click view to see the expiry date)

  1. In the Internet Information Services (IIS) Manager window, select the name of the server where you installed the certificate.
  2. Click + beside Sites, select the site to secure with the SSL certificate.
  3. In the Actions panel on the right, click Bindings….
  4. Click Add….
  5. In the Add Site Binding window:
    • For Type, select https.
    • For IP address, select All Unassigned, or the IP address of the site.
    • For Port, type 443.
    • For SSL Certificate, select the SSL certificate you just installed, and then click OK.
  6. Close the Site Bindings window.
  7. Close the Internet Information Services (IIS) Manager window. Your SSL certificate installation is complete

 

  • Now we need to install the certificate on the other web servers behind Load Balancer. To do so we need to Export the certificate from the first server and import it into other two

 

Exporting to a .pfx File on the first server where we installed the new(or renewed) SSL.

  1. On the Start menu click Run and then type mmc.
  2. Click File > Add/Remove Snap-in.
  3. Click Certificates > Add.
  4. Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the add standalone snap-in window and the add/remove snap-in window.
  5. Click the + to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
  6. Right-click on the certificate you want to backup and select ALL TASKS > Export.
  7. Choose Yes, export the private key and include all certificates in certificate path if possible.
  8. Warning: Do not select the delete private key option.
  9. Leave the default settings and then enter your password if required.
  10. Choose to save the file and then click Finish. You should receive an “export successful” message. The .pfx file is now saved to the location you selected

 

  • After we exported the certificate from the first server, it needs to be imported in the rest of the servers. Follow this procedure on any remaining web server

 

Importing from a .pfx File

  1. On the Start menu click Run and then type mmc.
  2. Click File > Add/Remove Snap-in.
  3. Click Certificates > Add.
  4. Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the add standalone snap-in window and the add/remove snap-in window.
  5. Click the + to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
  6. Right-click on the certificate you want to backup and select ALL TASKS > Import.
  7. Follow the certificate import wizard to import your primary certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.

 

 

  • When the importing is complete, you have to select the new certificate in the site bindings

 

All done

iSCSI Naming and Addressing

Download PDF

In an iSCSI network, each iSCSI element that uses the network has a unique and permanent iSCSI name and is assigned an address for access.
iSCSI Name
Identifies a particular iSCSI element, regardless of its physical location. The iSCSI name can use IQN or EUI format.

IQN (iSCSI qualified name)

. Can be up to 255 characters long and has the following format:
iqn.yyyy-mm.naming-authority:unique name

yyyy-mm
The year and month when the naming authority was established.

naming-authority
Usually reverse syntax of the Internet domain name of the naming authority. For example, the iscsi.vmware.com naming authority could have the iSCSI qualified name form of iqn.1998-01.com.vmware.iscsi. The name indicates that the vmware.com domain name was registered in January of 1998, and iscsi is a subdomain, maintained by vmware.com.

unique name
Any name you want to use, for example, the name of your host. The naming authority must make sure that any names assigned following the colon are unique. For example, iqn.1998-01.com.vmware.iscsi:name1.

EUI (extended unique identifier)

. Includes the eui. prefix, followed by the 16-character name. The name includes 24 bits for the company name assigned by the IEEE and 40 bits for a unique ID, such as a serial number.
For example,
eui.0123456789ABCDEF

iSCSI Alias
A more manageable, easy-to-remember name to use instead of the iSCSI name. iSCSI aliases are not unique, and are intended to be just a friendly name to associate with the node.

IP Address
An address associated with each iSCSI element so that routing and switching equipment on the network can establish the connection between different elements, such as the host and storage. This is just like the IP address you assign to a computer to get access to your company’s network or the Internet.

Install XenApp – Failed to configure component ‘Citrix licensing’

Download PDF

xenapp

Installing Citrix XenApp 6 Fundamentals on Server 2008R2

 

Citrix XenApp 6 installation instructions say all necessary prerequisites will be automatically installed by it’s installer. Maybe in Citrix world, but not in reality. Installation fails after 10 seconds and logs usually shows a message like “Failed to configure component ‘Citrix licensing’ “ or “Failed to configure component ‘Citrix Delivery Services Console’ “.

To get it going, you will have to start with a clean system.. No updates installed, nothing! I made a mistake here by updating my Server 2008 R2 OS with latest patches. It seems that some of them are causing install to crash even with all prerequisites installed. So first thing to do is NOT TO UPDATE YOUR OS. After XenApp install is complete, you can make an image of your system and install updates one by one and test which one fails. But in this post we won’t talk about that.

1. Install clean Server 2008 R2 – NO WINDOWS UPDATES (you can play with that later)

2. Join the domain (setup it’s IP, name etc first)

3. Add the following ROLES

– .net 3.5 (Application Server Role – not under Features)

– IIS 7 (Web Server Role – I added IIS 6 compatibility service as well)

– Remote Session Host and Licensing server

4. Reboot the server

5. Run the installer

 

It should work fine now.

Thanks Citrix for making it easy 🙂

How to insert a USB into Hyper-V 2012 R2 Virtual Machine

Download PDF

Windows Server 2012R2 has introduced the ability to insert a USB drive into a virtual machine! Finally!

New feature is called Virtual Machine Enhanced Session Mode. Beside USB support, this feature allows us to share  following local resources:

  • Display configuration
  • Audio
  • Printers
  • Clipboard
  • Smart cards
  • USB devices
  • Drives
  • Supported Plug and Play devices

The enhanced session mode connection uses a Remote Desktop Connection session via the virtual machine bus (VMBus), so no network connection to the virtual machine is required.

Only the following guest operating systems support enhanced session mode connections:

  • Windows Server 2012 R2 
  • Windows 8.1

Here is how to enable it:

1.  Right Click on the “SERVER NAME” and then Hyper-V Settings, in Hyper-V Manager

1-hyper-v-settings

 

2. Under SERVER>Enhanced Session Mode Policy tick Allow enhanced session mode

2-server-enhanced-mode

 

3. Under USER>Enhanced Session Mode and tick Use enhanced session mode

3-user-enhanced-mode

 

4. Right click on the VM and press Connect…

4-connect

 

5. Click on Show Options

5-show-options

 

6.  Select Local Resources tab

6-local-resources

 

7.  Click More…

7-local-resources-more

 

8. Select the drive you wish to add to the VM and press Ok

8-drives

 

9. Done

Synology Failed to establish IEEE 802.3ad connection Cisco

Download PDF

Cisco_logo_2006       logo-Synology-300x300

 

 

Failed to establish IEEE 802.3ad connection

Failed to establish IEEE 802.3ad connection

Configuring Synology Link Aggregation

I am using Synology RS814+ and Cisco Catalyst 3750G. RS814+ has 4 gigabit ports. In my case I have only used first 2 ports to create an aggregation link.

If you wish to create 2 and 2 links, then make sure to create interface Port-channel2 for second link and use channel-group2 mode active on switch interfaces.

This configuration works 100%, please let me know if any problems.

interface Port-channel1
switchport
switchport access vlan 100
switchport mode access

interface GigabitEthernet1/0/1
description “Synology NIC1”
switchport access vlan 100
switchport mode access
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/2
description “Synology NIC2”
switchport access vlan 100
switchport mode access
channel-protocol lacp
channel-group 1 mode active

Stable FastCGI configuration on a cPanel server

Download PDF

A default installation of FastCGI on cPanel server is dangerously simple. It’s dangerous because one cPanel account (or one vhost) is capable of crashing down a whole server if, say, traffic were to spike up. It’s also simple because it won’t allow complex scripts to run cleanly. In brief, it’s absolutely not ready for production as-is. In this post, I’ll go over what it takes to configure FastCGI on a cPanel node properly.

Before you continue reading, be sure to have FastCGI up and running as the PHP handler on your cPanel server. The installation of FastCGI is covered in the online cPanel documentation. From here on now, I’ll assume you’re ready to add the settings for FastCGI.

The following is a list of settings that you need to add to /etc/httpd/conf/php.conf upon switching to FastCGI:

MaxRequestsPerProcess 1000
FcgidMaxProcesses 200
FcgidProcessLifeTime 7200
MaxProcessCount 500
FcgidIOTimeout 400
FcgidIdleTimeout 600
FcgidIdleScanInterval 90
FcgidBusyTimeout 300
FcgidBusyScanInterval 80
ErrorScanInterval 3
ZombieScanInterval 3
DefaultMinClassProcessCount 0
DefaultMaxClassProcessCount 3
MaxRequestLen 20468982

You’re more likely to adjust the settings in bold above. DefaultMinClassProcessCount 0 instructs FastCGI to keep zero PHP processes running for user when traffic is idle (cPanel account user) . On the other hand, DefaultMaxClassProcessCount 3 tells FastCGI to never allow more than 3 PHP processes running at a time. This settings prevents one users from crashing the server were they to receive a lot of traffic.

So go ahead and copy/paste the above into your httpd.conf and restart Apache (service httpd restart). You’re good to go now!

Please note this configuration will be removed once EasyApache is run next, make sure you have a backup.


How to change the primary IP addres of a WHM/cPanel server

Download PDF

How to change the primary IP addres of a WHM/cPanel server

This is for CentOS/RHEL based servers.
Steps in WHM:

  • Log into WHM and go to Basic cPanel & WHM Setup
  • Change the Primary IP here with the option that says “The IP address (only one address) that will be used for setting up shared IP virtual hosts

Log in to SSH, and do the following:

  1. Edit /etc/sysconfig/network-scripts/ifcfg-eth0
    • Change the IPADDR and GATEWAY lines to match the new IP and Gateway for the new ip
  2. Edit /etc/sysconfig/network
    • Change the GATEWAY line here if it does not exist in the ifcfg-* file.
  3. Edit /etc/ips
    • Remove the new primary IP from this file if it is present
    • Add the old primary IP to this file with the format <IP address>:<Net Mask>:<Gateway>
  4. Edit /var/cpanel/mainip
    • Replace the old primary IP with the new primary IP
  5. Edit /etc/hosts
    • Replace the old primary IP with the new one if needed. The hostname’s dnswill need to be updated too
  6. Restart the network service to make the new IP the primary
    • service network restart
    • Note: You’re probably going to be disconnected at this point, and have to log in to ssh using the new primary ip.
  7. Restart the ipaliases script to bring up the additional IPs
    • service ipaliases restart
  8. Run ifconfig and make sure all IPs show up correctly
  9. Update the cpanel license to the new primary IP
  10. Verify you can still log in to WHM and there is no license warning