Category: Server

Posted on by

Error from Filezilla Client to Microsoft IIS FTP Server

When you connect to ftp server create with Microsoft IIS using Filezilla Client you should have this error

GnuTLS error -48: Key usage violation in certificate has been detected. Could not connect to server

Your configuration settings are something like this :

  • Protocol: FTP – File Transfer Protocol
  • Encryption: Require explicit FTP over TLS

The problem is with self signed certificate on server side. This is a problem with the certificate generation of Microsoft IIS, as it does not allow the certificates to be used for digital signatures.

How to generate a valid certificate with IIS

This is a server-side issue, and it did not appear previously because earlier versions of FileZilla shipped with a GnuTLS version that didn’t make this check.

Quoting Tim Kosse’s post in the FileZilla forum thread:

In any case, the problem is with your server’s X.509 certificate chain: Either the server certificate itself or another certificate in the chain has a key usage restriction that is violated. For example a certificate with a key usage restriction to signing cannot be used to authenticate TLS connections. See section 4.2.1.3 of RFC 5280.

This is a problem with the certificate generation of Microsoft IIS (but may also happen if you incorrectly generated a certificate with another method), as it does not allow the certificates to be used for digital signatures. OpenSSL is much more relaxed about this and won’t fail because of it, so it may work with other apps.

On the client side, you can either disable TLS, downgrade to an earlier version of FileZilla (neither of these is recommended due to potential security risks), or use a different client which uses another library such as OpenSSL for now.

How to generate a valid certificate with IIS

This needs to be done on the server side, Yobviously.you can generate the certificate with PowerShell instead until the issue is fixed by Microsoft. Open PowerShell in admin mode.

The following powershell command will create our self-signed certificate for our binding and store it in the Personal Store (Note how I also store a reference to the certificate in a variable called $cert this will be needed further on):

$binding = "192.168.1.70"
$cert = New-SelfSignedCertificate -DnsName "$binding" -CertStoreLocation "cert:\LocalMachine\My"

However, this is not enough to make the certificate work for HTTPS in our browser. We need to add our newly created certificate to the Trusted Root Certificate store. To do this we take our $cert variable which references our created certificate and add it to our Trusted Root Certificate store like so:

$DestStore = new-object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::Root,"localmachine")
$DestStore.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$DestStore.Add($cert)
$DestStore.Close()

Now you have to set the new certicate on your ftp site using IIS Admin.

Posted on by

SQLSERVER – Backup on mapped drive

Scenario

You are trying to backup a sqlserver db on mapped network drive. You have already mapped the drive in Windows and you can see that drive in Windows Explorer. You are not able to see the drive which is mapped when you open the backup procedure using SqlServer Managment studio.

Solution

First of all you not need the previous mapped network drive created by Explorer. You have to create this drive using SqlServer, and you’ll not be able to see it using Exploer.

Enable xp_cmdshell

You need to execute below to enable xp_cmdshell as its disabled by default due to security reasons. (Please turn off again once you done with the work)

Using SSMS execute thesse commands :

EXEC sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
EXEC sp_configure 'xp_cmdshell',1
GO
RECONFIGURE
GO

After this you ‘ll have a positive reaction a this command that using SSMS you should use for testing previous operations :

EXEC XP_CMDSHELL 'Dir C:'

Map Network Drive

To map network drive you have to use the same command that you should use over Windows ysig command prompt :

'net use Z: \\networkShare\Test'

So, using SSMS you have to run the command

EXEC XP_CMDSHELL 'net use Z: \\networkShare\Test'

Now you should test this connection with the command

EXEC XP_CMDSHELL 'Dir Z:'

but, the most important goal, is tha you’ll be able to see teh drive Z during backup proceure over SSMS

Map Network Drive cmd – net use user password

The above command will work and completes successfully without asking the user to provide a username/password if the user has authorized access to this network share. If not, But the easy way is to use the “net use” command on the command prompt line explained above.

net use Z: \\networkShare\Test /u:domainname\username password

So, using SSMS you have to run the command

EXEC XP_CMDSHELL 'net use Z: \\networkShare\Test /u:domainname\username password'
Posted on by

vmware workstation – unable to connect guest to my PCIe LPT port

Scenario

You are are using vmware workstation and you have mount on your computer a PCIe LPT card. You are unable to connect this LPT port to your guest vm.

Solution

Uninstall VM-Ware and to Reinstallit

Note

Posted on by

VMWARE – UNABLE TO REMOUNTING NFS datastore from the ESXi

You cannot see nfs datastore on esxi. Try to do the munting, but the procedure fails saying that the datastore already exists.

To resolve this issue, remove and re-add the datastore via the command line

  1. To list the mounted datastores on the host: 
    esxcli storage nfs list
  2. Make a note of the NFS datastore from step 1. Run this command to delete the NFS mount:esxcli storage nfs remove -v NFS_Datastore_Name

 

Run this command to mount the NFS datastore:

esxcli storage nfs add -H NFS_IP|NFS_HOSTNAME -s Share_mount_point_on_the_NFS -v DatastoreName

Documentation

Posted on by

Bitdefender – How to test GravityZone VA

Scenario

You downloaded and installed a Bitdefender Gravityzone virtual appliance and you need to test the product but you have only a free trial license that you can you use only on cloud solution exclusively.

Solution

To register for a trial for the on premise GravityZone, please use this link: https://www.bitdefender.com/business/free-trials/ (You will need to use a different email address).
When filling out the required form, select only one of these on-premises products: Bitdefender Security for Virtualized Environments, Bitdefender GravityZone Security for Endpoints, Bitdefender GravityZone Security for Exchange, Bitdefender GravityZone Security for Mobile.

Posted on by

How to fix read-only file-system on Ubuntu

When you have this error, it means that your system has by default, a line in /etc/fstab which indicates that if there is an error in the file system, that it should go into read-only mode, to prevent further corruption or dataloss.

You could use lsblk to determine the partition name.

Use the command

sudo fsck -f /dev/sdxx

where “sdxx” is the partition of the hard drive that Linux resides on

Posted on by

Migrate IMAP mailboxes to Microsoft 365 – Office 365 – Exchange online

Here are the steps required in sequence to migrate an IMAP domain to Exchange Online.

  1. Add the domain to your Microsoft 365 tenant. You don’t have to complete the mail server setup.
  2. Add domain users to Microsoft 365. Each user must have a Microsoft 365 Business Basic, Standard, or Premium license
  3. Prepare the csv file for migration, separated by commas. In the first line put EmailAddress, UserName, Password. In the following lines the data: “EmailAddress is the Microsoft account,” UserName “is the imap server account and” Password “is the imap server password

example of csv

EmailAddress,UserName,Password
terrya@contoso.edu,contoso\terry.adams,1091990
annb@contoso.edu,contoso\ann.beebe,2111991
paulc@contoso.edu,contoso\paul.cannon,3281986
  1. Log in as an administrator in Microsoft 365 and go to the Exchange admin center. (Note: this guide is for the “classic” Exchange administration interface. Select “recipients” on the left; select “migration” at the top.
  2. At the center of the page there is a button with three dots: …. Selecting it, the endpoint is inserted, that is the Imap source server. In the next window add the new endpoint (IMAP).
  3. Create a new migration. launch the migration
  4. once the migration is complete, in the tenant, you can finish configuring the domain for what concerns the mail server, following the instructions on the tenant and changing your dns

The Rules of Migration

You can put all users in a migration. When a migration ends in error, you can delete a user from it and put the same user in another migration. You can have multiple migrations at the same time but the same user cannot exist in more than one migration. Migration can exist for up to 60 days.

It is not a migration

In reality, Microsoft does a more sophisticated operation than a “trivial” migration: it makes a sync. Synchronize entire imap mailbox to Exchange mailbox in one direction (from imap to exchange). It is sophisticated but less effective than a normal migration: it is not in real time but after 24/30 hours. So if you want to replace the mail server, users would lose at least 24 hours of email.

Configuring perspectives

On Outlook clients, you can add the new Exchange account online. It will be the same as the old mailbox, but will be managed by Exchange. For a while you will then have 2 mailboxes that manage the same mail but on different servers: one is the old imap server, the other one the new Exchange server. When the migration is finished and you have also moved the mx records on the dns, you can delete the old mailbox. Before doing this, however, you must also memorize the contacts and the calendar from the “old” to the “new”:

Contacts: select all contacts, right click, select “move” and then “copy to folder …”, Exchange mailbox contacts.

Calendar: To move appointments between 2 calendars: both calendars and drag appointments from old to new.

Problems in migration

If you have any problem you can investigate using PowerShell. First install ExchangeOnlineManagement.

Connect to the tenant:

Connect-ExchangeOnline -UserPrincipalName <your Admin Username>

The password request screen appears.

List of all endpoints in the tenant

get-migrationendpoint|FL

endpoint test

Test-MigrationServerAvailability -Endpoint <Identity of the endpoint from above>

view sync configuration of single user

Get-SyncRequest -Mailbox  <user>

esport migration result for a user

Get-MigrationUserStatistics <user> -IncludeSkippedItems -IncludeReport 
-DiagnosticInfo "showtimeslots, showtimeline, 
verbose" | Export-Clixml C:\temp\MigMyUser.xml

Exchange mailboxes have a 35MB limit. If you have to move something bigger during the migration you have to change this limit.

Set-Mailbox -Identity <user> -MaxReceiveSize 150MB

Documentation:

Posted on by

wordpress error on qtranslate switching from php 5 to php 7

Switching from php 5 to php 7, you will get this error on the qtranslate X plugin

Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /public_html/wp-content/plugins/qtranslate-x/qtranslate_frontend.php on line 497

Warning: Parameter 2 to qtranxf_postsFilter() expected to be a reference, value given in /public_html/wp-includes/class-wp-hook.php on line 286

Solution

Using ftp open the file qtranslate-x/qtranslate_frontend.php. you need to make 3 substitutions :

  • In line 497 change
continue;

to

break;
  • In line 523 change
function qtranxf_postsFilter($posts,&$query) {//WP_Query

to

function qtranxf_postsFilter($posts,$query) {//WP_Query
  • in line 597 change
function qtranxf_excludeUntranslatedPosts($where,&$query) {//WP_Query

to

function qtranxf_excludeUntranslatedPosts($where,$query) {//WP_Query