Mumblestiltskin

Thursday, February 23, 2012

PING–Partimage is not Ghost–How to manually force an ip

When booting from the PING iso, you are prompted to either go to a shell or to continue onto the PING gui.

If you are having trouble with it assigning a IP during the gui, you can go to the shell first manually assign an ip and then restart the GUI.

Go to the shell (x).

use root with no password

then type

ifconfig eth0 up
ifconfig eth0 <ip> netmask <netmask>
route add default gw <gateway ip>

Once this is done run, this will restart the gui and you should be able to progress.

/etc/rc.d/rc.ping

Note: Also in the shell you could add a route if needed

route add –net <ip> netmask <netmask> gw <ip> dev eth0

added 20120426 – Note:

On machine with multiple network cards I found it hard to identify which nic was which on the DELL servers. Luckily One card was a 4 port intel card and the other was the onboard broadcom nics. I brought the interfaces up one at a time using the ifconfig ethx up, then used ifconfig ethx to show details about the interface. Then i took the first 3 parts of the hardware/MAC address of the nic and looked it up online. The broadcom nics came up as DELL and the Intel Nics as Intel. As the purpose of the nics was split broadcom to the network i needed to use and intel to another network, this allowed me to identify the nic i needed to add an ip to.

Tuesday, February 14, 2012

SQL Server - List Database Recovery Models

Nice simple queries to list all databases with recovery models

SQL Server 2000
SELECT name,DATABASEPROPERTYEX (name, 'Recovery')
FROM sysdatabases
WHERE category IN ('0', '1','16')

If you want to limit results
AND DATABASEPROPERTYEX (name, 'Recovery') = 'SIMPLE'

SQL Server 2005+
SELECT name AS [Database Name], recovery_model_desc AS [Recovery Model]
FROM sys.databases

If you want to limit results
WHERE recovery_model_desc = 'SIMPLE'

Thursday, January 26, 2012

Reg Expression: Match between characters (non greedy)

Needed to match characters on one line from start string >; to end string <

>;(.*?)<

Note:

.* –This will match all characters (except end of line), this is called greedy as it will keep on matching until eol. then backtrack as it still wants to match the <. It will therefore match from first to last.

.*? – This will make it not greedy and will match from >; to first instance of <

i.e.

Example

string to be searched:- >;banana<blinky>;apple<cider>;orange<beer>

Greedy
reg expressions:- >;(.*)<
result:- >;banana<blinky>;apple<cider>;orange<

Non Greedy
reg expressions:- >;(.*?)<
result:- >;banana<

Monday, January 23, 2012

ColdFusion 9.01 Native IIS 7 support (applicationhost.config and web.config)

We recently have been upgrading our CF servers and wanted to utilise the new native support for IIS, removing the IIS6 compatibility that we had to use prior to 9.01.

Now if you have done the install then you will know that the easiest way to set this up is to run through the install and then run the IIS configurator (wsconfig). This java tool uses ASP.NET to setup IIS.

You have an option to add CF to individual sites or All. Now all is a bit misleading as in fact it will just go through the sites individually (but will do all sites). This is different from the CF8 we were using, in that if you selected all it would add the necessary settings at the server level, this meant any new websites created would inherit the CF settings. With the CF9.01 wsconfig tool setting things up per site, it means that every time you add a new website in IIS you will have to run the wsconfig tool.

Now by running the wsconfig tool it is doing a couple of things

1. Adding an IIS config file called web.config to the root of each website folder, it then places the additional CF IIS config in that file. (So you will find a web.config file for each website you run the wsconfig tool against).

2. It kindly adds VDs cfdocs and cfide to all sites…. What this means is that you may find that the CF administration site is available through every single website on your server. For us this was a security risk and a pain as every time the wsconfig tool was run you had to remember to go and clear out these newly created VDs.

In addition for us the web.config file caused us issues with code deployment, as it was not included.

So I started to look for a way to try and get the old functionality back that allowed CF to be set up at the server level and then all sites created would inherit these settings.

I won’t bore you with all the ins and outs, but in essence IIS runs a master config file called applicationhost.config which you should find here

C:\Windows\System32\inetsrv\config\applicationhost.config

Now individual site config can be included in this applicationhost.config file or in web.config files in the root of each website. Now Adobe chose to put there config in the web.config, and I can see why, there is less risk in totally screwing up the entire IIS config.

Now the settings can be applied to site or server levels. So below I show the web.config file that a CF install will create for per site config.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <defaultDocument>
      <files>
        <remove value="index.cfm" />
        <add value="index.cfm" />
      </files>
    </defaultDocument>
    <handlers>
      <add name="JWildCardHandler" path="*" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\1\jrun_iis6_wildcard.dll" resourceType="Unspecified" requireAccess="None" />
      <add name="hbmxmlHandler" path="*.hbmxml" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
      <add name="cfswfHandler" path="*.cfswf" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
      <add name="cfrHandler" path="*.cfr" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
      <add name="cfcHandler" path="*.cfc" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
      <add name="cfmlHandler" path="*.cfml" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
      <add name="cfmHandler" path="*.cfm" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
      <add name="jwsHandler" path="*.jws" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
      <add name="jspHandler" path="*.jsp" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
    </handlers>
    <staticContent>
      <mimeMap fileExtension=".air" mimeType="application/vnd.adobe.air-application-installer-package zip" />
    </staticContent>
  </system.webServer>
</configuration>

So what I wanted to do was move this config to applicationhost.config.

Note: It must be noted that I had run the wsconfig tool once in the initial setup, so you will need to do this once to ensure that everything is initially setup properly for IIS and CF to interface. By running the wsconfig it creates a subfolder in

C:\ColdFusion9\runtime\lib\wsconfig with the more content.

The subfolder is \1\, and contains a few files. These need to be there for the wildcard handler

OK with the Dlls in place, the first thing is to allow IIS to run the CF dlls, this is done in the isapiCgiRestrictionsection of the applicationHost.config file

Now the applicationhost.config file is huge so I am summarising below, showing where each of the entries will go within that xml file, I have highlighted the added data.

“xxxxxxxx” indicates there is content in the file that I am not showing

“………” indicates there is further content in the file that I am not showing

<system.webServer>
xxxxxxxxxxx
<staticContent lockAttributes="isDocFooterFileName">
  <mimeMap fileExtension=".323" mimeType="text/h323" />
  <mimeMap fileExtension=".aaf" mimeType="application/octet-stream" />
  <mimeMap fileExtension=".aca" mimeType="application/octet-stream" />
  <mimeMap fileExtension=".accdb" mimeType="application/msaccess" />
  <mimeMap fileExtension=".accde" mimeType="application/msaccess" />
  <mimeMap fileExtension=".accdt" mimeType="application/msaccess" />
  <mimeMap fileExtension=".acx" mimeType="application/internet-property-stream" />
  <mimeMap fileExtension=".afm" mimeType="application/octet-stream" />
  <mimeMap fileExtension=".ai" mimeType="application/postscript" />
  <mimeMap fileExtension=".aif" mimeType="audio/x-aiff" />
  <mimeMap fileExtension=".aifc" mimeType="audio/aiff" />
  <mimeMap fileExtension=".aiff" mimeType="audio/aiff" />
  <mimeMap fileExtension=".air" mimeType="application/vnd.adobe.air-application-installer-package zip" />

  1: <location path="" overrideMode="Allow">
  2:   <system.webServer>
  3:     <modules>
  4:       xxxxxxxxxxx
  5:     </modules>
  6:   <handlers accessPolicy="Read, Script">
  7:     <clear />
  8:     <add name="JWildCardHandler" path="*" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\1\jrun_iis6_wildcard.dll" resourceType="Unspecified" requireAccess="None" />      
  9:     <add name="hbmxmlHandler" path="*.hbmxml" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
 10:     <add name="cfswfHandler" path="*.cfswf" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
 11:     <add name="cfrHandler" path="*.cfr" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
 12:     <add name="cfcHandler" path="*.cfc" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
 13:     <add name="cfmlHandler" path="*.cfml" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
 14:     <add name="cfmHandler" path="*.cfm" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
 15:     <add name="jwsHandler" path="*.jws" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
 16:     <add name="jspHandler" path="*.jsp" verb="*" modules="IsapiModule" scriptProcessor="E:\ColdFusion9\runtime\lib\wsconfig\jrun_iis6.dll" resourceType="Either" responseBufferLimit="0" />
 17:     <add name="ISAPI-dll" path="*.dll" verb="*" modules="IsapiModule" resourceType="File" requireAccess="Execute" allowPathInfo="true" />
 18:     <add name="TraceHand........

I hope that is clear.

There is one other settings that we put in to allow coldfusion errors to be displayed, without this IIS intercepts the error status and displays a “friendly message” is stead of of a helpful CF error page. The addition here is just this httpErrors node attributeexistingResponse="PassThrough", I am afraid my highlight only allows entires lines to be highlighted.

  1: <httpErrors lockAttributes="allowAbsolutePathsWhenDelegated,defaultPath" existingResponse="PassThrough">

So with these changes in place in the applicationhost.config file you can remove the web.config files from the website root folders.

As always please back up these files before you start messing with them.

You will need to restart IIS for the changes to be picked.

Now I have not yet tried not running the wsconfig on a new install and then adding these changes to the applicationhost.config file. That is next on my list. When I do I will update here.

Default Documents

To add a default document to all sites, i.e. to add index.cfm, add the bold line to applicationhost.config

Thursday, December 01, 2011

Allow non admin user to run a scheduled task on Windows 2008+ server

This is all stemmed from an initial requirement in that I want a sql job to run a windows scheduled task. To do this I had to setup xp_cmdshell on SQL server, I don’t want to go into the pros/cons of xp_cmdshell Smile , but to try to reduce risk I setup xp_cmdshell to use a proxy account, which is a reduced level windows user.

However in doing this I discovered that the user could not run the scheduled tasks. This in the end turned out to be that the scheduled tasks are only visible to the user that created them or a user with same permissions or higher. So the existing tasks having been created by an administrator were not accessible to this lower user.

After trying many thing to get this working I settled on this solution. This may or may not be the correct way but it works for me. Smile

So I logged into windows using the lower user, then created a basic task in task scheduler. This task did nothing except fire up cmd.

Once this task had been created, I then logged in as an administrator and modified the task to fully do what I wanted. Including the option run as another user (which you cannot set using the low end user).
So in essence once the initial task is setup by the user it appears that you can use an admin account to change the options that cannot be changed with the low level user.
In addition if you don’t set the run as another user option you will have to ensure that the non admin account has appropriate access to the objects it will try and access.

With this done, you will find that the task can now be executed by the low level user, and hence the xp_cmdshell procedure can be run within a reduced security user and run the scheduled task I desired.

In addition it must be noted that any higher level user (administrator) can see and run all scheduled tasks including the low level user generated tasks.

Now if I can just figure out how to assign rights to allow non admin users to manage scheduled tasks, that would be great…

Wednesday, November 30, 2011

Netgear Switch – Setup routing between VLANs on same switch.

Scenario: I wanted to create 2 VLANs. 1 VLAN would be major VLAN (i.e. most ports), then a second smaller VLAN (less ports). I wanted to be able to route traffic between these VLANS.

Caveat: I am not a Netgear expert and the stuff written here are my experiences/research to setup the required scenario. For my future reference and hopefully might help someone else.

Initial switch setup

I will not cover the initial setup but just list how the switch was configured prior to me starting this process.

All 24 ports assigned to VLAN1 as untagged, it was running over one subnet 192.168.1.0/24 with a default gateway of 192.168.1.1.

Note: The Learned routes will not appear until devices are connected to the switch on the member ports. So if you have nothing listed do not be alarmed, unless you have something connected to one of the ports and are expecting it to appear!!

VLAN IDs

VLAN subnets

VLAN1: 192.168.1.0/24
VLAN8: 192.168.8.0/24

VLAN switch Ports assignment

VLAN1: untagged ports 1 – 22
with VLAN Routing interface of 192.168.1.253
VLAN8: untagged ports 23 – 24
with routing interface of 192.168.8.1

PVID: Port VLAN ID

PVID is the Port VLAN ID, basically this will tag all traffic arriving at the member ports with that ID. So the PVID for the port should match the VLAN ID to which the port is a member.

Note: like I mentioned earlier with the Learned Routes, if the learned routes do not appear in the routing configuration you will not be able to ping VLAN interface routing IP. This threw me for a while as I was expecting to be able to ping it, it was only when I connected equipment to the member ports that the learned routes appeared and I was able to then to ping the VLAN IPs. My guess is that it is all to do with routing and that when the ports (interfaces) are not connected the unit sees them as down, and therefore it is not active. I have not tested that but I am pretty certain that would be why.

So with that all that done you should find that the unit should happily route traffic between the VLANs.

Multiple switches

Now if you wanted to this between separate switches, I am guessing you would setup the VLANs on each switch and have to add static routes using the VLAN IPs as next hops for the VLAN networks.

Sunday, November 13, 2011

SQL Server–Shrink Transaction Log without taking database offline

We have a database that captures a large amount of data every day. Whilst the data is important, it is not critical so it is backed up on a daily basis but we do not perform transaction log backups on it, as this would be expensive and is just not warranted (to lose one days worth of data is acceptable).

With this setup this means that the transaction log is not given a checkpoint, and so never shrinks. So to shrink it we need to issue 2 commands.

BACKUP LOG <db name> WITH TRUNCATE_ONLY

basically truncates the entire log file all data lost.
DBCC SHRINKFILE(<logical transaction log name>,1000)
Where 1000 is the size in MB to shrink the log file to, in this case 1GB.