Pages

Thursday, November 7, 2013

system-config-lvm Won't Display

After having just installed a new CentOS 6 VM using the 'Database Server' installation type, I discovered I couldn't display any GUI applications (particularly system-config-lvm) back to my Linux desktop.  The GUI LVM management tool was also not installed.  All I had to do to get this working was to install the system-config-lvm and xauth packages:

  • yum install -y system-config-lvm xauth
After installing those by using yum, I was able to get system-lvm-config-lvm to display back to my desktop.  Unfortunately, it had the following warning/error messages:
debug1: client_input_channel_open: ctype x11 rchan 3 win 65536 max 16384
debug1: client_request_x11: request from ::1 59816
debug1: channel 1: new [x11]
debug1: confirm x11
Gtk-Message: Failed to load module "pk-gtk-module": libpk-gtk-module.so: cannot open shared object file: No such file or directory
Gtk-Message: Failed to load module "canberra-gtk-module": libcanberra-gtk-module.so: cannot open shared object file: No such file or directory
 This was solved by installing the PackageKit-gtk-module and libcanberra-gtk2 packages:
yum install PackageKit-gtk-module libcanberra-gtk2
Once I started system-config-lvm,  some dbus-related errors were reported.  This was solved by installing dbus-x11:
yum install -y dbus-x11
Now I can manage LVM with the comfort of the GUI.

Note: All of the above yum commands can be run in the following single command:
yum install -y system-config-lvm xauth PackageKit-gtk-module libcanberra-gtk2 dbus-x11

Monday, March 11, 2013

Nexenta NMS Web Interface Not Responding?

When I arrived to work this morning and tried to view the status of my Nexenta storage server, its web interface just would not respond and displayed, "Waiting to establish NMS connection."  I know it's "time-change" Monday, but come on!  To try to find out what the problem was, I opened a SSH session and checked the 2 log files that could possibly tell me what is wrong with the NMS service:

  • /var/log/nms.log
  • /var/svc/log/application-nms\:default.log
Unfortunately, the first one was completely empty and the second one hadn't been written to since last week.  So I figured the easiest thing to try next was to simply restart the nms service with the following commands:
  1. svcadm disable -st nms\:default
  2. svcadm enable -rs nms\:default
It took a couple of minutes for the commands to finish, but they eventually gave the command prompt back.  If the disable command does not want to come back, run the following to clear its status:
svcadm clear nms\:default
That should cause the disable command to complete and allow you to run the enable command.
After the nms service was restarted, I then checked the web interface and it came right up.  It would not have been a good start to my week had I needed to reboot the file server.  Thankfully, a simple service disable and enable did the trick.

Monday, December 10, 2012

The Case of the Disappearing SSL Server Certificate

I received a request last week to purchase and install a SSL certificate for one of our new websites.  This should be a piece of cake as I've been through this process so many times, right?  Well, this actually turned out to be an unexpected pain in the ass this morning.  I did the following:

  1. Logged into one of my IIS servers
  2. Generated a CSR
  3. Purchased a SSL certificate from godaddy.com 
  4. Generated and downloaded a godaddy-signed certificate for the previously-created CSR.
  5. Installed the intermediate certificate onto my IIS server.
  6. Completed the certificate request for that CSR on (inadvertently) a different IIS server.
  7. Observed the certificate appear in the list of Server Certificates.
  8. Went to the bindings setting for said website to setup a https binding to use that signed certificate and the damn thing didn't appear in the list of certificates!
  9. Went back to the list of Server Certificates only to find that the newly-completed certificate was gone - POOF - like magic.
I kept my cool and didn't panic.  There has to be an explanation, right?  So I retraced my steps during the whole process.  Thankfully I quickly found the "smoking gun."  What did I do wrong?  
I generated the CSR on IIS server 1 (where the public and private keys for the certificate live when it generated the CSR) and then tried to run Complete Certificate Request on IIS server 2.
For what are (hopefully) obvious reasons, one cannot Create Certificate Request on an IIS server and then try to Complete Certificate Request on a different IIS server.  The whole process must be completed on the same IIS server.  Once that process is complete, then the certificate can be exported on the originating IIS server and imported to another IIS server.

Tuesday, August 14, 2012

Admin Horror has a New Home!

I am constantly striving to find ways to save myself money.  For the last couple of years, I've been hosting my sites at a shared-hosting company and paying about $10/month.  I figured there must be a way to host my sites at no cost somewhere else.  Seeing as my blogs have been running on WordPress, I thought it would make sense to have them running on WordPress.com hosting.  But they won't let bloggers use a custom domain name for free.  Enter Google Blogger. I discovered that I can import my blogs and run them on Google Blogger with my custom domain names at no cost.  What a no-brainer!  So here you have it.  adminhorror.com is now running on Blogger.

Thursday, July 12, 2012

Windows 7 Screensaver Shortcut Key

I'm all about using keyboard shortcuts. Any shortcuts that keep one from having to reach for the mouse is a plus. Recently, for some reason, I have found it necessary to be able to use a keyboard shortcut to activate the screensaver. I found a fantastic article for doing this:

http://www.dummies.com/how-to/content/how-to-create-a-screen-saver-boss-key-in-windows-7.html

I'm not actually using it as a "boss" key. Honestly. Really.

Tuesday, November 15, 2011

Websites Should Disable SSL 2.0

In my previous post Enable TLS 1.1 and TLS 1.2 in IIS, I discussed how to enable TLS 1.1 and TLS 1.2. Now I want to take that a step further by disabling SSL 2.0 as it is an old (1995) and vulnerable protocol - not to mention that you cannot obtain PCI compliance if your web servers allow it. I found an excellent post that describes how to disable SSL 2.0 in IIS. The procedure is very simple but unfortunately requires a reboot of the server - a small price to pay for increasing the security of your website.

Wednesday, October 5, 2011

Enable TLS 1.1 and TLS 1.2 on Windows Server 2008 R2 and IIS 7.5

You are probably aware that SSL has been hacked - that is versions of SSL before 3.2 and TLS 1.1 are vulnerable. Thankfully Windows Server 2008 R2 comes with the capability to support TLS 1.1 and TLS 1.2; however, they are not enabled by default. I found some decent information on how to enable TLS 1.1 and TLS 1.2, but no straightforward instructions on how to do so. The bottom line is you have to edit the registry then reboot the server.

Update: This tool should make this job much easier: https://www.nartac.com/Products/IISCrypto/Default.aspx

But feel free to use the following information to do the job...

Here are the straightforward steps to enable TLS 1.1 and TLS 1.2 on a Windows Server 2008 R2 server:
  1. Please backup your registry.
  2. Start the registry editor (regedit)
  3. Browse to the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  4. Add the following keys:
    TLS 1.1 and TLS 1.2
  5. Within each of the TLS 1.1 and TLS 1.2 keys (they look like folders), add these keys: Client and Server
  6. Within each of the Client and Server keys, create the following DWORD values:
    • DisabledByDefault with a value of 0
    • Enabled with a value of 1
  7. Reboot the server.
You should now have registry settings that look like:


I tested the new settings by configuring Internet Explorer 9 to only use TLS 1.2 and connected to a secure page on one of the websites on my server. Here is where you configure IE9 to do this:


Do your customers a favor (and thus yourself) by allowing them to use a more secure version of SSL/TLS on your website. Configure your IIS server to use TLS 1.1 and TLS 1.2. Hopefully all web browsers will support these versions in the very-near future - but at least Internet Explorer 9 already does.