I recently came across a server that ran services, I was not familiar with, and services were unclear as to the issues I was troubleshooting. As a quick fix, I decided to get a list of services that should be running and start any that were not from that list:
In some cases, the service was not listed as I had expected, so to get the list I had to run the following, where $3 is the service name from the prior commands. In some cases, I had to use $5, as history had a different output:
When logging into a fresh installation of SmarterMail 13 and below, I was given the following error:
There was an issue that caused this page to malfunction.
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. —> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
— End of inner exception stack trace —
Server stack trace:
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object args)
at System.Security.Cryptography.MD5.Create(String algName)
at System.System_ExtensionMethods7BCA73B06BAB478aA3AC6AC60979BA25.GetMD5Hash(String val)
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object args, Object server, Object& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg)
Exception rethrown at :
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at SMWeb.HelperClasses.Security.LoginHelper.DoLogin(String email, String password, Boolean impersonationLogin, String visitorIpAddress)
at SMWeb.Login.DoLoginInternal(String username, String password, Boolean rememberMe)
at SMWeb.Login.btnLogin_Click(Object sender, EventArgs e)
at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e)
at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
I found that a previous lockdown server in turn caused SmarterMail to fail to login whether using the Built in Web service or a site through IIS. The correction was listed here: http://support.microsoft.com/kb/2550971
Change the configuration in the application-level Web.config file. Specify that ASP.NET use the Triple Data Encryption Standard (3DES) algorithm to process view state data
Disable FIPS compliant algorithms for encryption, and restart the SmarterMail Service.
Restart the Microsoft Internet Information Services (IIS) service. To do this, run the following command at a command prompt:
“#1 On Windows Server 2008 and in Windows Vista set the registry value for HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled to 0.
On Windows Server 2003 and in Windows XP set the registry value for HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy to 0.
You will need to restart the machine for this setting to take effect.
#2 Launch Local Security Policy from Control Panel->Administrative Tools. Expand Security Settings->Local Policies->Security Options. Open the security policy “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” and select the Disabled option. Retstart the machine.”
Click the ‘download Microsoft Rich copy’ link, and you will be prompted to download HoffmanUtilitySpotlight2009_04.exe, its 5.8 MB. Run this, Agree to the License Agreement, give it a path. It will export the HoffmanUtilitySpotlight folder to that location. Inside that folder, you will have the actual installer. Per the readme.txt: “It is simple. Please just run setup.exe. It will ask you all
necessary information to get RichCopy installed.”
In my example, it was not able to work as shown above, but not of by much. We quoted the last 0 in the lines we had written, giving us the following example:
SetEnvIf Logical AND
When tested, requests coming from the LB IP are listed as trusted, and only trusted requests are adjusted and trusted as having been forwarded. Other requests, we can assume (based on topology) with x-forwarded-for header are identified as falsified.
Option 2: Create the alias with cliconfg.exe
Log into the Application and/or front-end Web servers
Got to Start > cliconfg.exe (Note: it’s c-l-i-c-o-n-f-g-dot-e-x-e)
Then click on “Alias”:
If you already have an alias set up, it will show up there. Otherwise…
Specify the port number and give it a name. That’s it!
Test your SQL Alias:
To test your SQL alias, create a Microsoft Data Link (udl) file on your desktop:
From your desktop, right click on the desktop and choose New > Text file
A new file named New Text Document.txt appears in the directory.
Rename this file to “TestDBConnection.udl”, removing all spaces. Be sure to change its file extension to .udl.
Open the file and, under Connection, type either the SQL server name or, if you are testing an SQL alias, the alias name.
Under 2, chose “Windows Authenticated security”
If the connection was successful, list of databases should appear in the dropdown menu under #3.
I have a separate blog post that covers the same steps for creating a udl file here. http://smallcitydesign.com/how-to-test-a-database-connection-from-an-application-server/