Archive for January, 2010

Sonos does not work with Avast anti virus

Saturday, January 30th, 2010

Popped over to my friends Bob and Michael to take a look at their home setup and try to figure out why their Sonos system would not work. My Sonos systems at home has always just worked out of the box. it worked when the music library was on a PC, it worked when I moved the music off onto a NAS, it just plain works, so I could not think why it was not working for them.

The first Sonos unit was connected to the PC via ethenet connection, so it wan’t some weird wi-fi issue. When I launched the Sonos application and tried to add a library, it thought about it for approx. 6-10 seconds, and then came back with an error saying the server could not be reached !?

I turned off the Windows firewall temporarily to see if it was the culprit, no joy. I then disabled their anti virus product, which in this case happend to be Avast (will try to find exact version they had installed), and the Sonos burst into life and began to index their music library.

I replaced Avast with Clamwin, reactivated the Windows fire wall and everything is still working :o)

I can also confirm Sonos works ok with AVG and Symantec anti virus products. I will try downloading the latest version of Avast and see if the issue is still there.

Tags:
Posted in sonos | 1 Comment »

Odd Windows DNS Issue…….

Thursday, January 21st, 2010

Hmmmm, something is up with DNS at work. Randomly (anything from a week to 2 months) it seems to stop resolving .co.uk for some domains (especially www.bbc.co.uk) ? Nothing recorded in the eventlog for the times while it is behaving like this. Restarting DNS server fixes the problem for a while until it breaks again.

I recently patched server 2008 to SP2 as I found some issues that were fixed in that SP (like incomplete zone transfers which broke some stuff a while back).

But the service pack does not seem to have fixed this random sulking occuring in DNS.

For now I have enabled DNS debugging to a file on the system and restarted DNS, now I will need to patiently wait for it to act up again so I can have a peek and see if anything looks amiss.

I can find nothing solid on google either. If I ever get to the bottom of it I’ll re-post here, but in the mean time if anyone has any ideas let me know as I am stumped.

Tags: ,
Posted in dns, microsoft, windows | No Comments »

Reluctant MCSE……

Saturday, January 16th, 2010

Yep…..guess it probably about time to get my Microsoft certifications in order. My current ones are either :

a) Valid but horribly out of date
b) Lapsed completely

Well, the last MS exam I sat was back when NT4 was considered all the range !

So I’ll be procuring a box set of the core essentials books from MS press and spending a lot more nights at home.

Would also be cool to find a study group based in London (if such a thing exists, a quick skim of the first few pages of Google yielded nothing).

Will probably post progress and notes here as I go along (in the hope that it could help others).

Tags: , ,
Posted in mcse, microsoft | No Comments »

Apache2: No Listening Sockets Available…….

Friday, January 8th, 2010

Following on from the issue(s) I had with my OpenVPN server, I was still not happy/confident that in the event of a reboot or restart for any reason (wether deliberate or unintentional) all the necessary processes and services would startup successfully without some post boot intervention.

This in mind, I decided to create another server to transfer the live service(s) onto so I could get some much needed downtime on the existing server. Owing to the lack of another physical machine to do this with, I decided to create an virtual machine on our ESX cluster.

The initial steps were pretty easy, create a VM with x1 Vcpu, 1GB RAM, 30GB vdisk and x2 network interfaces. I installed Ubuntu server 9.04 i386 from the .iso and enabled LAMP and SSH. Installation completed and the system rebooted. Watching the console I saw that everything started at bootup time as it should.

Next step was to copy the websites across from the live server to this one. I installed NFS and mounted /var/www from the live server and copied all the sites across along with the relevant config files. I modified the config files to allow for the change of ip address and then restarted the system.

And that was when it started to go wrong. I only caught a glimpse of the error the first time I restarted the system. After reboot, I logged in a checked and apache was not running. Looking in /var/log/syslog did not show any clues why, even the error message itself did not seem to have been captured.

So I rebooted again and watched the console carefully, and this time saw the error :

apache2: no listening sockets available

along with

could not bind to address x.x.x.x:80 (where x was the ip address of the server)

Googling this made mention several times of other processes or programs perhaps using and blocking the socket/port in question, but this was happening at boot time, nothing else really had a chance to be up and running yet ? to test, I tried starting apache from the command prompt after bootup and it started fine, so what was going on

The main difference between this server and the live one was that this one was in a VM. Looking at the runlevel start scripts I noticed apache gets in there really early with S02apache2. Given my previous post where OpenVPN was trying to start before bridging on the live server, I wondered if perhaps the interface that Apache was trying to bind to was perhaps not quite ready at the time it tried during the boot process.

So I moved S02apache2 to S09apache2 for all runlevels and rebooted the VM again. Result, Apache was now loading as part of the boot process with no errors or manual intervention required.

So if you are also having issues with processes that do not start at boot time, but start fine after boot when you initiate them from the command prompt, you may just need to move them to a little late in the boot process to give other things time to start up beforehand.

I don’t profess to be the best system admin in the world, but I always get to the cause eventually :o)

Tags: , ,
Posted in apache, unix | No Comments »

iBlog……..

Thursday, January 7th, 2010

Writing this on my iPhone using wordpress 2 that I just downloaded from the Apple Appstore. Now has landscape entry which takes some of the pain out of inputting copy (just wish there was a way to stop iPhone dictionary keep trying to predict and auto complete as I type !)

Tags:
Posted in iphone | No Comments »

OpenVPN TCP/UDP: Socket Bind Failed…….

Tuesday, January 5th, 2010

My faithful office OpenVPN server required a reboot before the start of the Christmas holidays to install some updates and patches.

The server came back ok and seemed to be fine, so I thought nothing much of it and went home for a few days off……until the emails started arriving from users stating they could not connect to the vpn from their homes !

So Boxing day I trudged through the freezing cold to the office to logon to the box locally to find out what was going on (was obviously something big as I could not connect in either).

Initial findings were that the OpenVPN process did not seem to be running….? so I issued ‘/etc/init.d/openvpn start’ and it started fine. so, what caused it to stop running ? peeking into /var/log/messages.log I found the following lines


TCP/UDP: Socket bind failed on local address x.x.x.x:1194: Cannot assign requested address

Exiting

Googling this error revealed a few other people had also had this issue, but there was nothing definitive as to the cause.

Was another process grabbing port 1194 and preventing openvpn from starting up ? I decided to reboot the server to check, and there it was again, the openvpn process failed to start with the same error message, but nothing else was using port 1194 when I checked, and when I started openvpn manually after reboot it came up fine, what was going on ?

Going back over the installation steps I took to install and setup openvpn, I remembered that it requires the use of the bridge-utils app for bridging the ethernet interfaces on the server. I wondered if there was some kind of race condition happening whereby birdge-utils had not started in time for openvpn to bind to the virtual tap interface that gets created.

So I stopped openvpn with ‘/etc/init.d/openvpn stop’ an then stopped bridging using ‘/etc/openvpn/scripts/bridge-stop’

I then tried to start openvpn without bridge-utils running and got the same error that I was seeing in the syslog when I rebooted the system. So that was the problem, but how to fix ?

First off I need to check which run levels openvpn and bridge-utils were being loaded at. ‘checkconfig -l | grep -E “openvpn|bridge”‘ showed both loading at runlevels 2,3,4 and 5.

Looking into the run level 5 in /etc/rc5.d I could see the x2 scripts used for starting up these processes at boot time, S01openvpn and S06bridge-start. As the startup scripts execute in numerical order, openvpn was being started before bridge-start. Simply moving S01openvpn to S10openvpn was all that was required. A subsequent reboot of the server showed that the openvpn process was already running when I logged on to the server post boot.

then the trek back home again in the freezing cold :o(

Tags: , ,
Posted in unix | 3 Comments »

Refreshingly Secure…….Part 3

Monday, January 4th, 2010

For the final part of reminding myself how to secure a linux website, I need to include the bit on how to force unsecure traffic to be secure. This is done using rewrite rules to rewrite the url path from http:// to https:// you can make the whole site redirect to secure, or just certain subsections of the site.

To force the whole site secure, you first need to run x2 versions of the site, a secure version listening on port 443 and a non-secure version listening on port 80. You then need a rewrite rule on the port 80 site that basically say if this url is http:// rewrite the url to be https://

The config to do this is below and needs to be included between your <VirtualHost> tags on the non-secure site config

RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://www.sporticia.com/ [R]

This basically says if the url is not on port 443 then rewrite the url to be https://blah

As the re-write rules are written using regular expressions, you can actually do some pretty complex stuff, examplex of which you can find here and also here

padlock

Tags: , , ,
Posted in apache, security, ssl, unix | No Comments »