Search

Techkiwi's Blog

The adventures of a technical kiwi

Category

Server

Server 2012 – VPN Role Installation Always Requires Restart

Over the past few weeks I did a 2003/2008sbs to server 2012 R2 server migration and had an issue with the VPN role not installing through Server Manager giving a “restart required before installation can proceed” error even after a fresh restart and all updates installed.

You reboot till your hearts content but the error will keep appearing. This seems related to migrating away from an older domain as we have not had the issue on a fresh 2012 installation.

To resolve the issue you need to go to Group Policy Management and edit the ‘Default Domain Policy’ with the following details:

Computer Management -> Windows Settings -> Security Settings -> Local Policy

Edit the ‘User Rights Assignment’ policy

First enable the policy if it is not checked and add the following accounts:

IIS_WPG, NETWORK, NETWORK SERVICE, SERVICE

Save and close group policy, open command prompt (CMD) with administrator privileges and run the command which will force update group policy: gpupdate /force
Reboot the server and try to install the roles again from Server Manager and hopefully it will resolve your issue as it has done for us multiple times.

Advertisements

Cups Print Server – Slow Printing And Gui

I had a very weird issue on a new Debian installation where the Cups print server gui was very slow to respond and the printers were also slow to print. When you attempt to print a page there was a 4/5 second delay before the print job would be sent to the printer.

After much investigation I have since resolved the issue which relates to IPV6 even though there was no IPV6 entries for this server.

I had set IPV6 IP Tables firewall rules to just block all connections in and out.
The fix was to “Allow All” for the IPV6 loopback device which seemed to resolve the issue and then add a local entry for IPV6 into the hosts file.

Example:

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

#Allow Loopback
-A INPUT -i lo -j ACCEPT

COMMIT

The issue seems very odd since Cups was mean’t to be communicating over IPV4, There were no host entries for IPV6 either just IPV4 but this was definitely the fix I required.

Good Luck!

Hopefully someone else finds this post as I struggled to find resources on this issue!

Mail / Mailx – Content-Type: text/html: No such file or directory

Its been a long time between drinks, but I have some new content this week.

We had an issue with a few old send email scripts running on a new Debian box. The email scripts utilized the Mail command and send plain text emails fine, but when you tried to send HTML emails it would give the error “Content-Type: text/html: No such file or directory”.

It did not like the -a switch for setting the header content type, here is an example:

# mailx -a ‘Content-Type: text/html’ -s “Subject” test@test.com < test.html
Content-Type: text/html: No such file or directory

 

The end fix was easy. We just installed Mail Utils for Debian with the command “apt-get install mailutils” and after it had finished installing the -a switch no longer gave errors regarding html and not being able to find the directory.

 

 

Nginx & PHP5-FPM WordPress upgrade issue

Tonight I upgraded my Ubuntu 14.0 server to the latest of Nginx & PHP5-FPM packages  which broke my WordPress site running the latest 3.9.1 version of WordPress so I thought I would share the fixes used to resolve it.

 

It broke it in two different places, one was a PHP5-FPM related error the other was related to Nginx so I have split each resolution below.

 

First error: PHP5FPM

 

Firstly the issue straight after the upgrade was that I would get a “505 Error page not found” fault, I checked the nginx error log files to find this error: connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied).

 

The fix was update the php5 config file: /etc/php5/fpm/pool.d/www.conf

Find this block:

;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0660

Now edit the block to look like this:

listen.owner = www-data
listen.group = www-data
listen.mode = 0666

 

Now restart php5-fpm “service php5-fpm restart”

 

Second error: Nginx

 

This solved the first error but now I am getting a second error relating to the Nginx upgrade to version Nginx 1.4.6.

 

The error in the Nginx logs: “rewrite or internal redirection cycle while internally redirecting”

 

The resolution is to add this line of code into each Nginx server config, NOTE if might have two one for port 80 one for port 443 etc

 

I just added this block:

if(!e$request_filename){

            rewrite^(.*)$/index.php?q=$1last;
            break;
        }
Now restart Nginx: “service nginx restart” after rebooting all of my errors have been resolved.
Please use the above at your own risk and do your own research but in my case this has resolved my issues.

SBS 2008 SSTP 619 Error – After SSL Certificate Renewal

Came across an interesting issue today. This was on a SBS 2008 server which has had a 3rd party certificate installed before without any issues.

Renewed the certificate and installed it using the wizards and everything appeared to work fine, except the SSTP VPN connections now rejected Error: 619.

After a bit of head scratching here is the issue and resolution.

Error 619 reports that the certificate hashs do not match (which in this case was the issue).

Step 1: Run “netsh http show ssl” in an administrator command prompt. Check to see if both of the IPV4 :443 hashs are the same listed here. My guess is they will be different (if so follow to the next step)

Step 2: Click Start and type “mmc” and press enter, now click File ->Add/Remote Snapin -> Certificates -> Local Computer and follow the Next buttons. Click Personal -> Certificates and find the new certificate you have just installed. Double click the certificate -> Details -> scroll to the bottom and copy the ThumbPrint. Now take all of the spaces out so it heads something like this “f7a0z0b21773c4a2761f0b34588fafb895245e82”.

Step 3: Run these commands from an elevated command prompt ->

netsh http delete sslcert ipport=0.0.0.0:443

netsh http delete sslcert ipport=[::]:443

reg delete HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters /v SHA256CertificateHash /f

netsh http add sslcert ipport=0.0.0.0:443 certhash=YourHashFromAbove appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY

netsh http add sslcert ipport=[::]:443 certhash=YourHashFromAbove  appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY

net stop sstpsvc /y

net start remoteaccess

The first three commands remove both of the network bindings and the certificate hash from the registry, the second 2 then add the new hash in for both of the network bindings. The last 2 restart SSTP and remote access services.

Once you have completed the above steps if your issue is that the certificates don’t match then this should resolve your issue.

Create a free website or blog at WordPress.com.

Up ↑