8/4/21

Quick HTTP to HTTPS - Apache2

There are several methods for redirecting your Apache-based website visitors who might type your servers URL using the plain (non-secure) HTTP protocol to be sent to the encrypted HTTPS version of your website which effectively, forces any visitor to your website to HTTPS.

The method below is my favorite for its simplicity and my own experience with it that it worked 100% of the time.

Before adding the redirection code to your Apache's config file you'd obviously need to have a working Apache and SSL configuration for your website, preferably with a valid SSL certificate. Once that condition is satisfied, the next step is to make sure that you have Apache's rewrite module installed and loaded.

You could quickly find out if your serve has the rewrite module installed and loaded by running the following command: apache2ctl -M 

The above command will return a list of installed & loaded modules, look for the following entryrewrite_module

Or, you could run the command this way: apache2ctl -M|grep rewrite which will give you this output - assuming that you do have the rewrite module installed and loaded-

rewrite_module (shared)

if not, then you need to add this module by following the instructions for your particular O.S flavor

First and last step for sending HTTP to HTTPS:

All you need to do is insert the following 3 lines into the <virtual host> usually located in /etc/apache2/sites-enabled/000-default.conf on Ubuntu based servers and in  /etc/httpd/conf/httpd.conf in Redhat-based servers like CENTOS using your favorite editor:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

Save your conf file and run /usr/sbin/apache2ctl configtest to make sure that your conf file is free of syntax errors before you reload Apache. Once the configtest returns the result of "Syntax OK" you can run /usr/sbin/apache2ctl restart to apply your changes.

Finally, verify your work results by accessing the website you modified via your browser and make sure to call the website using http://your-server.com and watch your browser redirect you to the https://your-server.com




4/16/21

Windows Update Troubleshooting

Found this post after running into this error (8024401C) following error 0x80244007 which I received after scanning for Windows Updates.

after attempting to check for Windows updates on a Windows 2012R2 system and it helped me solve my issue. Thanks to the original poster.

The following outlines how to stop services pertaining to Windows Update, rename system folders, register related DLL files, and then restart the previously mentioned services. This troubleshooting generally applies to all Windows Update related issues.


 Stopping services pertaining to Windows Update


  1. Click Start, click All Programs, click Accessories, right-click Command Prompt, and select Run as Administrator.
  2. If you receive a notification from User Account Control simply click Continue.
  3. At the command prompt, type the following, commands and then press ENTER after each command.
    1. net stop wuauserv
    2. net stop bits
    3. net stop cryptsvc
      Please do not close the Command Prompt window.
  4. Renaming folders pertaining to Windows Update
  5. At the command prompt, type the following commands, and then press Enter after each command:
  6. ren %systemroot%\System32\Catroot2 Catroot2.old
  7. ren %systemroot%\SoftwareDistribution SoftwareDistribution.old

    Please do not close the Command Prompt window.


Registering DLL’s pertaining to Windows Update


  • Please copy and paste the following text into a new Notepad document, and save the file as WindowsUpdate.BAT
    If saved correctly the icon will change from a Notepad file to BAT file which has two blue cogs as its icon.


            -OR-


  • You can manually type each command at the command prompt:


regsvr32 c:\windows\system32\vbscript.dll /s

regsvr32 c:\windows\system32\mshtml.dll /s

regsvr32 c:\windows\system32\msjava.dll /s

regsvr32 c:\windows\system32\jscript.dll /s

regsvr32 c:\windows\system32\msxml.dll /s

regsvr32 c:\windows\system32\actxprxy.dll /s

regsvr32 c:\windows\system32\shdocvw.dll /s

regsvr32 wuapi.dll /s

regsvr32 wuaueng1.dll /s

regsvr32 wuaueng.dll /s

regsvr32 wucltui.dll /s

regsvr32 wups2.dll /s

regsvr32 wups.dll /s

regsvr32 wuweb.dll /s

regsvr32 Softpub.dll /s

regsvr32 Mssip32.dll /s

regsvr32 Initpki.dll /s

regsvr32 softpub.dll /s

regsvr32 wintrust.dll /s

regsvr32 initpki.dll /s

regsvr32 dssenh.dll /s

regsvr32 rsaenh.dll /s

regsvr32 gpkcsp.dll /s

regsvr32 sccbase.dll /s

regsvr32 slbcsp.dll /s

regsvr32 cryptdlg.dll /s

regsvr32 Urlmon.dll /s

regsvr32 Shdocvw.dll /s

regsvr32 Msjava.dll /s

regsvr32 Actxprxy.dll /s

regsvr32 Oleaut32.dll /s

regsvr32 Mshtml.dll /s

regsvr32 msxml.dll /s

regsvr32 msxml2.dll /s

regsvr32 msxml3.dll /s

regsvr32 Browseui.dll /s

regsvr32 shell32.dll /s

regsvr32 wuapi.dll /s

regsvr32 wuaueng.dll /s

regsvr32 wuaueng1.dll /s

regsvr32 wucltui.dll /s

regsvr32 wups.dll /s

regsvr32 wuweb.dll /s

regsvr32 jscript.dll /s

regsvr32 atl.dll /s

regsvr32 Mssip32.dll /s

  • Restarting services pertaining to Windows Update
  1. Click Start, click All Programs, click Accessories, right-click Command Prompt, and select Run as Administrator.
  2. If you receive a notification from User Account Control simply click Continue.
  3. At the command prompt, type the following, commands and then press ENTER after each command.
    1. net start wuauserv
    2. net start bits
    3. net start cryptsvc


      Type <exit> to leave the command prompt

You might want to try a clean boot once you're done with the above, then check for updates once your system is back up. Rebooting was what I had to do in my case.

  • Now please check for updates using Windows Update to see if the issue has been resolved.


Original Post:
https://answers.microsoft.com/en-us/windows/forum/all/access-denied-on-open-commands/2d31ce25-46a7-4ba0-838d-5b842e9991fa

8/20/20

Simple way to Boot up CentOS 7 / RHEL 7 in single user mode

The simplest way I found to boot up CentOS or RHEL version 7 is as follows:

  • Boot up or reboot your server
  • Choose the desired kernel from the Grub boot loader menu by moving with your keyboard's arrow keys
  • Press "e" (for Edit ) on your keyboard then scroll down the lines till you see the line that begins with "linux16" word
  • Navigate to the end of the line and type “rd.break” at end of the line
  • Hold down "Ctrl+x" to boot up that kernel you just edited


  • Once booting up is finished, you should see a message saying "Entering Emergency Mode" and you should be presented with a shell prompt 
  • Remount /sysroot in ‘rw’ mode with the following commands:
    • switch_root:/# mount -o remount,rw /sysroot
    • switch_root:/# chroot /sysroot


  • Once mounting the fs is done successfully,  you can proceed with whatever the reason was for booting in Single user mode, like checking/fixing partitions, resetting root's password, disabling/enabling service, etc..
Once you are finished doing what you need to do while in Single User Mode, type exit or hold down the "Ctrl+d" keys to exit that shell, then reboot your system your usual way like shutdown -r now or reboot etc..

That's all.


8/5/20

PowerShell Solution for the trust relationship between this workstation and the primary domain failed

This is one possible solution for the error of 

trust relationship between this workstation and the primary domain failed

Note the solution will be using powershell run as an admin.

First you need to get an idea of when the user computer/workstation domain password was last synchronized. So I ran the following Powershell command:

get-adcomputer -Identity ProblematicComputerName -Properties PasswordLastSet
Which should give you a result like the following. Note the the only entry we care about is the PasswordLastSet field shown in the redbox here:
 


Next step is to reset that machine account password as a domain admin to fix that trust relationship without having to disjoin and rejoin the domain.

This is accomplished by running the following PowerShell command on the affected machine. Note that you have to run Powershell as admin here as well:
Reset-ComputerMachinePassword -Server dc1.your.domain.com -Credential domain\adminusr
Once you click or hit your Enter key to execute the command, you should get a prompt to enter your admin password. So fill-in your domain admin password and click OK.
Assuming all was done correctly, you should be returned to your PowerShell prompt.

So now you need to re-run your the first command to see the result of your command. So wait a minute for the command to synch across your DCs (assuming you have more than one DC) and re-run the command:

get-adcomputer -Identity ProblematicComputerName -Properties PasswordLastSet
and you should get an updated PasswordlastSet field value:



PowerShell Command reference:

7/17/20

Error: Rpmdb changed underneath us

Problem:

Ran into this error while attempting to apply a yum update on a CentOS 6 machine to update its kernel packages.
Error: Rpmdb changed underneath us 
The same scenario applies if you get this error as well:
error: can not open Packages database in /var/lib/rpm

Cause:

The problem has to do with corruption in the RPM database files under the /var/lib/rpm directory.

Solution:

  • Check for any processes that might be currently running and having a lock on the rpm database and kill them if they exist:
    • ps -aufx | grep /var/lib/rpm
  • Delete the temporary DB files:
    • rm -fv /var/lib/rpm/__*\
  • Rebuild your server RPM database using the below command:
    • rpm --rebuilddb -v -v

After completing these steps, attempt to run a "yum update" again and it most likely would work fine now. 
It worked for me.



Original Solution Post:

4/29/20

Postfix fails with (error: postdrop: warning: mail_queue_enter: create file maildrop/randomfilename.xxxxx: Permission denied)

Problem: Postfix delivery fails with error

(postdrop: warning: mail_queue_enter: create file maildrop/randomfilename.xxxxx: Permission denied)


** see note below

Cause:

/usr/sbin/postdrop has incorrect permissions. 
Correct the permissions for /usr/sbin/postdrop are as follows:
# ll /usr/sbin/postdrop

-rwxr-sr-x. 1 root postdrop 180808 Aug 23  2018 /usr/sbin/postdrop

Solution:

Fix permissions with the following:


rpm --setperms postfix
rpm --setugids postfix

In order to prepare for this next part, you need to make sure that you have the yum-plugin-verify.noarch installed from your standard CentOS or RedHat YUM repository.

You can figure out the default permissions for whatever file that maybe having a permissions issue on your Linux system.

To prepare for this task, you need to make sure that you have the yum plugin
by doing the following:
  • figure out which package provides the file you are troubleshooting.
    • On my CentOS 6 system, this can be accomplished by running the command 
    • rpm -q --whatprovides /usr/sbin/postdrop which will produce the following output indicating the package name that provided our postdrop file when it was installed:
      • postfix-2.6.6-8.el6.x86_64
    • Next step is to run the yum verify-all command against the package name to see the default ownership & permissions for its files as follows:
    • yum verify-all postfix-2.6.6-8.el6.x86_64 
    • The command above will produce something similar to the following output:

  • Just please not that this screenshot is not indicative of the problem at hand because the permissions issues were fixed. This screenshot part is only complaining about checksums & mtime values since this postfix install was updated and modified multiple times.

4/27/20

resolv.conf reverts to old DNS entries

/etc/resolv.conf keeps reverting back to its old entries after updating your DNS server list whether manually or via the setup front-end tool for setting up your Network, authentication, services etc on RHEL or CentOS version 5,6,7.

The solution comes from Redhat's KB article entitled "How to make persistent changes to the /etc/resolv.conf?"https://access.redhat.com/solutions/7412


The issue is that DNS servers in /etc/resolv.conf changed after a reboot or network service restart.

If a single ifcfg-file both specifies a nameserver using DNS1 and also gets a nameserver via DHCP, both nameservers will be placed in resolv.conf.


Root Cause:

- From the script /etc/sysconfig/network-scripts/ifdown-post if the "RESOLV_MODS=no" or "PEERDNS=no" is not present in the relevant /etc/sysconfig/network-scripts/ifcfg-* files, the contents of /etc/resolv.conf could get overwritten with /etc/resolv.conf.save.
- /etc/sysconfig/network-scripts/ifup-post script, checks for the presence of "RESOLV_MODS=no" or "PEERDNS=no"


Resolution:

The change in my situation was due to the ifcfg-eth0 file directives DNS1 and DNS2 which lead to modification of resolv.conf

In my particular situation, the solution was to mark the /etc/resolv.conf as immutable with this command:

chattr +i /etc/resolv.conf
to prevent any tool or configuration from modifying it.

For diagnosing the issue, look for entries similar to the following in your /var/log/messages:

Oct 14 12:40:52 hostname NET[22961]: /etc/sysconfig/network-scripts/ifdown-post : updated /etc/resolv.conf
Oct 14 12:40:57 hostname NET[23256]: /etc/sysconfig/network-scripts/ifup-post : updated /etc/resolv.conf

Quick HTTP to HTTPS - Apache2

There are several methods for redirecting your Apache-based website visitors who might type your servers URL using the plain (non-secure) HT...