Edventures in Normalcy

FusionReactor and Forwarded Headers

Posted by Rose Bush on November 6th, 2015

In some cases, FusionReactor may be behind a load balancer or CDN, or any other type of proxy that updates the source IP as seen by the server. It helps to see where the requests are actually originating from. For that, FusionReactor has an option for this:
http://www.fusion-reactor.com/support/kb/frs-351/

See the Requests>Settings>Proxy, which lets you tell FR that you need it to use some alternative header for the “real” ip address..

You will see that in the “proxy header” field there is a drop-down, but it doesn’t show your specific header, rather a couple of the most common alternatives. Just paste the name of your header into that field and save the configuration changes.

Once you have saved this change, you should be able to check the Requests>History page to confirm that you now see the real IP’s showing up.

Filed under: Code or Hosting | Comment (0)

Installing ColdFusion 11 Under cPanel

Posted by Rose Bush on November 3rd, 2015

First, you need your installation defaults, find the installer.properties example below:

With this file, you can install ColdFusion 11 with the following:

The output in the log file should look something like this:

Chown the CFIDE:

Backup your license.properties:

Add the service:

If the above does not exist, and well hey, it didn’t for me, I did write another article with the file needed.  Check that Article out.

 

sconfig wants the “real” hostname or the connector won’t install.

Turn the listen flag to false in the license.propterties:

Start ColdFusion:

Perform the wsconfig:

In my example, I happened to run the command twice, with varied setups.  I am documenting them both and will clean up at next install:

After the above, my CF11Installer.log added the following:

Performing the wsconfig generated the file I needed to move forward, /usr/local/apache/conf/mod_jk.conf to which the contents are below:

I then distilled the changes to ensure cPanel was copacetic with them, regenerated the conf and restarted apache:

During the last step, I did open for editing /usr/local/apache/conf/httpd.conf twice and /usr/local/apache/conf/mod_jk.conf once before distilling and restarting again.

 

Edit the neo-security.xml and throw in some good defaults.

set rds.security.usesinglerdsp to false

set allowconcurrentadminlogin to false

set admin.userid.required to true

set allowedAdminIPList to 127.0.0.1 and an any others of importance

set secureprofile.enabled to true

 

The admin.userid.root.salt string may need to be updated, idk.

Restart the CF’s

/opt/coldfusion11/cfusion/bin/coldfusion stop
/opt/coldfusion11/cfusion/bin/coldfusion start

Filed under: Code or Hosting | Comment (0)

Switching SSLs when on Multiple HTTPS Bindings

Posted by Rose Bush on November 2nd, 2015

I had to switch out a certificate on a server and got the below error messages, documented here to make this familiar int he future. I was worried that it would break the other sites on the server, 2 others using the old certificate. Instead the server updated the certificate on all 3 and all 3 remained up and running. I could swear that is not how it happened in the past, but this may have been a different case.

EditSiteBindingSSL1

Edit Site Binding

At least one other site is using the same HTTPS binding and the binding is configured with a different certificate.  Are you sure that you want to reuse this HTTPS binding and reassign the other site or sites to use the new certificate?

EditSiteBindingSSL2

Edit Site Binding

The certificate is associated with this binding is also assigned to another site’s binding.  Editing this binding will cause the HTTPS binding of the other site to be unusable.  Do you still want to continue?

Filed under: Code or Hosting | Comment (0)

ColdFusion 11 init.d script

Posted by Rose Bush on September 28th, 2015

I recently installed ColdFusion 11 on RHEL, but the cfinit script did not exist. I then pulled up a ColdFusion 10 init script, updated the CF10-CF11 bits, corrected the coding error for the CFSTATUS section particular to my OS and have the script below:

I then ensured permissions on the file and made sure it would add to startup correctly:

 

Filed under: Code or Hosting | Comment (0)

cPanel License Verification and Update Script

Posted by Rose Bush on September 17th, 2015

You can run the above to re sync the local status/key.  To verify your machine is licensed, browse to the following and enter in the external IP address:

https://verify.cpanel.net/

Personal use case scenarios for needing to run the aforementioned script are changing the IP on the machine, or if the license has been upgrades, from trial fro example.

Sauce: https://forums.cpanel.net/threads/cpanel-license-activation.97409/

 

Filed under: Code or Hosting | Comment (0)

Solved Internal Server Error 500 No response from subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/addon_dotDefender.cgi): The subprocess exited with statu s 2 (ENOENT).

Posted by Rose Bush on September 14th, 2015

After a recent installation of dotDefender, the following error came up:
“Internal Server Error

500

No response from subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/addon_dotDefender.cgi): The subprocess exited with statu s 2 (ENOENT).”

The log file for dotDefender, /usr/local/APPCure-full/log/dotDefender_bpd.log, gives further detail:

The fix was to install Crypt::Passwd::XS as such:

 

Update 1-29-2016

This error popped up again, and seemingly coincided to an upgrade in cPanel.  The upgraded version is WHM 54.0 (build 8).  The error was almost identical to the one above, but instead of outputting the error to the dotDefender log, it was going to the cPanel log (/usr/local/cpanel/logs/error_log) as such:

~

Can’t locate cPanel/PublicAPI.pm in @INC (@INC contains: /usr/local/cpanel /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at /usr/local/cpanel/Cpanel/Accounting.pm line 32.

BEGIN failed–compilation aborted at /usr/local/cpanel/Cpanel/Accounting.pm line 32.

Compilation failed in require at /usr/local/cpanel/whostmgr/docroot/cgi/addon_dotDefender.cgi line 5.

BEGIN failed–compilation aborted at /usr/local/cpanel/whostmgr/docroot/cgi/addon_dotDefender.cgi line 5.

[2016-01-28 17:35:38 -0500] info [cpsrvd] Internal Server Error: “GET /cpsess122967374/cgi/addon_dotDefender.cgi HTTP/1.1” 500 No response from subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/addon_dotDefender.cgi): The subprocess reported error number 2 when it ended.

~~

Speaking with cPanel support,

This should be fixed. After further review we didn’t acutally rename all of these packages, it looks to maybe only be some API calls rather than the package. This was failing because the following file was modified.

[21:37:25 cp root@7449479 ~]cPs# head /usr/local/cpanel/Cpanel/Accounting.pm

ypackage cPanel::Accounting;

It should have been this looking at another server.

[21:40:42 cp root@7449479 ~]cPs# head Accounting.pm package Cpanel::Accounting;

Once I corrected that I could load the page. I did have a token error and had to login and then got an access error but I believe as root you should have no issue now.

~~~

 

The updated file correcting the issue is below:

 

 

Filed under: Code or Hosting | Comment (0)

Starting Services That Should Be Running RHEL

Posted by Rose Bush on September 10th, 2015

I recently came across a server that ran services, I was not familiar with, and services were unclear as to the issues I was troubleshooting. As a quick fix, I decided to get a list of services that should be running and start any that were not from that list:

In some cases, the service was not listed as I had expected, so to get the list I had to run the following, where $3 is the service name from the prior commands. In some cases, I had to use $5, as history had a different output:

Now we can find out which are running:

Validate what you are starting, come on, be informed and intentful in what you are doing, and if safe, run the second and third command:

Filed under: Code or Hosting | Comment (0)

SOLVED SmarterMail Error This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

Posted by Rose Bush on September 2nd, 2015

When logging into a fresh installation of SmarterMail 13 and below, I was given the following error:

Oops!

There was an issue that caused this page to malfunction.

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. —> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
— End of inner exception stack trace —

Server stack trace:
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args)
at System.Security.Cryptography.MD5.Create(String algName)
at System.System_ExtensionMethods7BCA73B06BAB478aA3AC6AC60979BA25.GetMD5Hash(String val)
at MailService.Remoting.RemoteSecurity.GetNewKey()
at MailService.Remoting.Mail.InitializeSession()
at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at SmarterMail.RemoteInterface.IMail.InitializeSession()
at SmarterTools.SmarterMail.Remoting.RemoteMail.InitializeSession()
at SMWeb.HelperClasses.Security.LoginHelper.DoLogin(String email, String password, Boolean impersonationLogin, String visitorIpAddress)
at SMWeb.Login.DoLoginInternal(String username, String password, Boolean rememberMe)
at SMWeb.Login.DoLogin()
at SMWeb.Login.btnLogin_Click(Object sender, EventArgs e)
at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e)
at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

I found that a previous lockdown server in turn caused SmarterMail to fail to login whether using the Built in Web service or a site through IIS. The correction was listed here:
http://support.microsoft.com/kb/2550971

SOLUTIONS:

  • Change the configuration in the application-level Web.config file. Specify that ASP.NET use the Triple Data Encryption Standard (3DES) algorithm to process view state data
  • Disable FIPS compliant algorithms for encryption, and restart the SmarterMail Service.
  • Upgrade to SmarterMail 14

 

To “change the configuration in the application-level Web.config file. Specify that ASP.NET use the Triple Data Encryption Standard (3DES) algorithm to process view state data”: https://support.microsoft.com/en-us/kb/911722

  1. In a text editor such as Notepad, open the application-level Web.config file.
  2. In the Web.config file, locate the <system.web> section.
  3. Add the following <machineKey> section to in the <system.web> section:
  4. Save the Web.config file.
  5. Restart the Microsoft Internet Information Services (IIS) service. To do this, run the following command at a command prompt:
    iisreset

 

“#1 On Windows Server 2008 and in Windows Vista set the registry value for HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled to 0.
On Windows Server 2003 and in Windows XP set the registry value for HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy to 0.
You will need to restart the machine for this setting to take effect.

#2 Launch Local Security Policy from Control Panel->Administrative Tools. Expand Security Settings->Local Policies->Security Options. Open the security policy “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” and select the Disabled option. Retstart the machine.”

Filed under: Code or Hosting | Comment (0)

I was on TV, specifically Adult Swim.

Posted by Rose Bush on June 11th, 2015

I put my X the Eliminator Costume on the Dear Adult Swim forum, and along with many others, had the costume shown on live TV. I found this video below at http://www.bumpworthy.com.

Filed under: Blog | Comment (0)

Microsoft Rich Copy

Posted by Rose Bush on June 11th, 2015

So, there is this tool, and if you Google for it, Microsoft Rich Copy, you end up here:
http://social.technet.microsoft.com/Forums/en-US/w7itproperf/thread/33971726-eeb7-4452-bebf-02ed6518743e/

Click the ‘download Microsoft Rich copy’ link, and you will be prompted to download HoffmanUtilitySpotlight2009_04.exe, its 5.8 MB. Run this, Agree to the License Agreement, give it a path. It will export the HoffmanUtilitySpotlight folder to that location. Inside that folder, you will have the actual installer. Per the readme.txt: “It is simple. Please just run setup.exe. It will ask you all
necessary information to get RichCopy installed.”

 

[download id=”1″]

Filed under: Code or Hosting | Comment (0)
« Previous Entries
Next Entries »

Copyright © 2026 Edventures in Normalcy. All rights reserved.