An Invalid Directory Pathname Was Passed

KB ID 0001338 

Problem

While attempting to delegate administration of an OU, I got this error;

Delegation of Control Wizard

The wizard cannot retrieve security information from the Active Directory. An invalid directory pathname was passed.

Solution

Took a while to figure out! The OU in question has a ‘slash’ in the name of it;

Once I changed this to a hyphen, the error ceased.

Related Articles, References, Credits, or External Links

NA

Using LDP to Find an Objects ‘Distinguished Name’ in Active Directory

KB ID 0001337 

Problem

There are a few occasions when you need to know an objects ‘Distinguished Name’ (DN). For me it’s usually when I’ve got a device that needs to do LDAP/LDAPS lookups, (RSA Appliance, Netscaler, Cisco FirePOWER, etc). Today someone needed to ‘bind’ a Checkpoint firewall to Active Directory, and asked me to create user, and give them the DN and password.

I’ve mentioned ldp.exe many times, but never dedicated a post to it, it’s a tiny executable, that was first seen in the server 2003 support tools.  With 2008 you needed to add the Active Directory Lightweight Directory Service Role to get it. With server 2012 and 2016 you will get it on any Domain Controller.

For a member server, (or non domain joined server) you can add LDP.exe by simply adding the following feature from server manager.

LDP Usage

Windows Key+R > ldp {Enter} > Connection > Connect > select localhost, (if you are on the DC, or the FQDN of a DC if you are not). Normally port 389 is fine, but if you have enabled LDAPS, you might want to use port 636, and tick SSL also > OK.

Now you need to bind to LDAP, I’m using my logged on account, but if you want to test a user account can bind to Active Directory, then you can specify a username/password and domain > OK.

Note: To bind to, and read all objects in Active Directory, only  domain user is required.

Now to view anything > View > Tree > Select the root DN to view all of AD, (in my case DC=pnl,DC=com) > OK.

You can now browse your AD, and get the DN for any object.

Related Articles, References, Credits, or External Links

Windows Server 2012 – Enable LDAPS

Cisco FirePOWER Management Center Appliance – Allowing Domain Authentication

Windows – Unable to Move an OU

KB ID 0001336 

Problem

I was doing some AD redesign work for a client this week, and I needed to move an Organisational Unit (OU). However the domain had other ideas;

Active Directory Domain Services

Windows cannot move object {OU-Name} because: Access is denied.

It wasn’t a rights issue, (I was an Enterprise Administrator). 

Solution

As it turns out, it was the same problem I’d had back when Server 2008 first came out deleting an OU. Make sure you have enabled advanced features in Active Directory Users and Computers (View > Advanced Features). Then untick the following option;

You can now move the OU (Don’t forget to re-tick that option, once you’ve got it where you want it!)

Related Articles, References, Credits, or External Links

NA

WordPress – HTTP Error

KB ID 0001335 

Problem

Quite a few times after I rebuilt my server, (and WordPress site), I saw the following when uploading images etc.

HTTP Error

Solution

I was quite sure everything was setup OK, I had set the max file upload limits set, but it turns out I needed to add a ‘memory limit’ in my wp-config.php file before the error ceased. For completeness I’ll include the other usual suspects, in case yours is setup a little differently from mine.

Edit Your php.ini File

Note: If you are running an earlier version of php, your path may be different.

[box]

sudo nano /etc/php/7.0/fpm/php.ini

[/box]

Ensure the following has been set;

[box]

upload_max_filesize = 50M
max_file_uploads = 20
post_max_size = 50M

[/box]

Edit Your nginx.conf File

(Obviously don’t do this if you are running Apache!)

[box]

sudo nano /etc/nginx/nginx.conf

[/box]

In the very bottom of the http section, (before the end ‘curly’ bracket ‘}’), add in the following;

[box]

client_max_body_size 100m;

[/box]

Edit Your wp-config.php File

[box]

sudo nano /var/www/html/wp-config.php

[/box]

Add the following to the very bottom of the file;

[box]

define('WP_MEMORY_LIMIT', '120MB');

[/box]

Related Articles, References, Credits, or External Links

NA

VMware Linux VM – ‘No DEFAULT or UI configuration directive found’

KB ID 0001334 

Problem

Last week while trying to create a Linux VM on a VMware ESX 6.5 server, I saw this;

No DEFAULT or UI configuration directive found

Solution

Normally the error indicates theres something wrong with the install media, so I deleted it and uploaded it again, same error. So I downloaded the setup iso file again and checked its checksum, to make sure it was OK, (it was, but the problem persisted).

To fix the problem I simply had to connect to the host, using a different browser, (I used Firefox). Upload the .iso file and start again. Once I did that, hey presto;

Related Articles, References, Credits, or External Links

NA

Exchange 2016 – Cannot Create a ‘Frontend Transport Receive Connector’

KB ID 0001333 

Problem

When trying to enable an IP to ‘Relay’ though my Exchange server, I found I was unable to select ‘Frontend TransportConnector’.

Solution

Apparently this is a a bug first seen in CU2, the only current fix is to either create the connector as a Hub Transport connector, then convert it using PowerShell, or create the connector in the Exchange Management Shell, which is what I did.

[box]

New-ReceiveConnector -Name “Allow-Relay-Connector” -Bindings ("0.0.0.0:25") -RemoteIPRanges ("192.168.100.100”) -MaxMessageSize 20MB –TransportRole FrontendTransport -Usage Custom –Server PNL-MAIL

[/box]

 

Related Articles, References, Credits, or External Links

NA

Setup RANCID and ViewVC (Part One)

KB ID 0001331

Problem

There are couple of good posts out there on setting up Rancid (Really Awesome New Cisco Config Differ). Some even show you how to set it up with ViewVC (Formally ViewVCS, basically a nice web based GUI front end, that does version control and highlights differences). It does this using a system called CVS (Concurrent Version System, hence the original name.)

Then I had to do some more searching to get it to back up my Cisco ASA firewalls and get the whole thing automated, which Ill cover in Part Two.

OS: CentOS 7 x64

Rancid: 3.4.1

ViewVC: 1.1.24

Solution

Once it’s built, let’s update our server;

[box]

yum upgrade
yum update
Answer any questions with 'y' for yes.

[/box]

Lets install all the components we need;

[box]

yum install nano wget ftp telnet mariadb-server mariadb perl tcl expect gcc cvs rcs httpd autoconf php-common php-gd php-pear php-pecl-memcache php-mysql php-xml mod_ssl MySQL-python

[/box]

We only need a simple web server, so set the firewall accordingly (I’m opening http (TCP 80) and https (TCP 443) but we will only configure http in this example);

[box]

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

[/box]

We have already installed Apache (web server), so we need to start it up, then set it to ‘auto-start’ with the server. Then create a group, and a user (rancid), and place that user in the group we created. Finally create a directory for us to ‘unzip’ rancid into.

[box]

systemctl enable httpd.service
systemctl start httpd.service
groupadd netadm
useradd -g netadm -c "Networking Backups" -d /home/rancid rancid
mkdir /home/rancid/tar

[/box]

Move into the directory, we just created then download RANCID, unzip it, then install it.

[box]

cd /home/rancid/tar/
wget ftp://ftp.shrubbery.net/pub/rancid/rancid-3.4.1.tar.gz
tar -zxvf rancid-3.4.1.tar.gz
cd rancid-3.4.1
./configure --prefix=/usr/local/rancid
make install

[/box]

Copy over the ‘clogin’ file, (more on this later). Then set the ownership and and permissions on the rancid files and directories.

[box]

cp cloginrc.sample /home/rancid/.cloginrc
chmod 0640 /home/rancid/.cloginrc
chown -R rancid:netadm /home/rancid/.cloginrc
chown -R rancid:netadm /usr/local/rancid/
chmod 775 /usr/local/rancid/

[/box]

Now to set the ‘top level’ groups. Above I’ve got Firewalls and Switches, you might want to create a group for each customer you are backing up, or each site. (the design is up to you), but these are the ‘folder names’ you will see when you first log into the ViewVC web front end. Next you need to edit the main Rancid configuration file;

[box]

nano /usr/local/rancid/etc/rancid.conf

[/box]

Uncomment and add your groups, i.e.
LIST_OF_GROUPS=”Firewalls Switches

Save and Exit the file, (in nano that’s CTRL+X, then Y to save, and finally {Enter}.) Now we need to change to the rancid user we created earlier, (remembering to swap back to ‘root’ afterwards). We do this to create the folder structure for the groups we just created. Most importantly this creates the router.db file(s) which lives in each group/folder. This file specifies what the devices are, and where they are, that you will be backing up.

[box]

su -rancid

Or 'su rancid' if you are logged in as root

/usr/local/rancid/bin/rancid-cvs
su

[/box]

Download and install ViewVC.

[box]

cd /home/rancid/tar/
wget http://viewvc.tigris.org/files/documents/3330/49471/viewvc-1.1.24.tar.gz
tar -zxvf viewvc-1.1.24.tar.gz
cd viewvc-1.1.24
./viewvc-install

[/box]

Open the ViewVC config file;

 

[box]

nano /usr/local/viewvc-1.1.24/viewvc.conf

[/box]

Uncomment and change the values, (as shown above).

root_parents = /usr/local/rancid/var/CVS : cvs
rcs_dir = /usr/local/bin
use_rcsparse = 1

Now to enable ViewVC to work with Apache, we need to copy over some CGI, and set some permissions.

[box]

cp /usr/local/viewvc-1.1.24/bin/cgi/*.cgi /var/www/cgi-bin
chmod +x /var/www/cgi-bin/*.cgi
chown apache:apache /var/www/cgi-bin/*.cgi

[/box]

Then in the Apache config file, scroll to the end and add the following text, (don’t forget to save and exit the file).

[box]

nano /etc/httpd/conf/httpd.conf

Paste the following (at the bottom)

# Custom Rancid Config

<VirtualHost>
        DocumentRoot /var/www
        ScriptAlias /cgi-bin/ "/var/www/cgi-bin"
        ScriptAlias /viewvc /var/www/cgi-bin/viewvc.cgi
        ScriptAlias /query /var/www/cgi-bin/query.cgi
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>
</VirtualHost>

[/box]

We already installed MariaDB, (similar to MySQL) earlier, we just need to start it up, then set it to auto start with the server. Out of the box, MariaDB is a little insecure, so there’s a process of hardening it called ‘mysql_secure_installation’.

Note: the first time you run the secure installation it will ask for a password, this is the root password for MariaDB NOT the Linux root password, this will be {blank} so just hit {Enter}, then Yes to set the password, and set the MySQL/MariaDB root password (NEVER LOSE OR FORGET THIS). You will need it in a minute anyway, for all the other questions simply press {Enter} to accept the defaults.

[box]

systemctl enable mariadb
systemctl start mariadb
sudo mysql_secure_installation

[/box]

Now that MariaDB is installed, we need to create a user in SQL that ViewVC will use, to do that we need to log into SQL using the root password you just setup.

[box]

mysql -u root -p
Enter your SQL root password
CREATE USER 'VIEWVC'@'localhost' IDENTIFIED BY ‘Password123’;
GRANT ALL PRIVILEGES ON *.* TO 'VIEWVC'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit

[/box]

Note: sometime it does not like you copying and pasting the first ‘CREATE USER…’ line, (I don’t know why.) If it complains, type it out manually!

Now that is set up we can get ViewVC to create its database.

[box]

cd /usr/local/viewvc-1.1.24/bin
./make-database

[/box]

Use the following settings when prompted;

MySQL Hostname (leave blank for default):{Enter}

MySQL Port (leave blank for default):{Enter}

MySQL User: VIEWVC

MySQL Password: Password123

ViewVC Database Name [default: ViewVC]:{Enter}

Then, (the same as you did earlier,) create another user in MariaDB, that will be a ‘read-only’ user.

[box]

mysql -u root -p
Enter your SQL root password
CREATE USER 'VIEWVCRO'@'localhost' IDENTIFIED BY ‘Password456’;
GRANT SELECT ON ViewVC.* TO 'VIEWVCRO'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit

[/box]

Edit the ViewVC configuration so that it uses all the parameters you have setup;

[box]

nano /usr/local/viewvc-1.1.24/viewvc.conf

[/box]

 

Un

Scroll down to the [csvdb] section, then uncomment and change the values shown (above,) so that look like.

enabled = 1
host = localhost
port = 3306
database_name = ViewVC
user = VIEWVC
passwd = Password123
readonly_user = VIEWVCRO
readonly_passwd = Password456

Then get ViewVC to ‘rebuild’ the database .

[box]

/usr/local/viewvc-1.1.24/bin/cvsdbadmin rebuild /usr/local/rancid/var/CVS/CVSROOT/

[/box]

Reboot the server, and if you browse to http://{ip-or-hostname}/viewvc you should see something like this;

 

In Part Two we will add some Cisco Devices (Switches and ASA Firewalls) and schedule the backups.

Related Articles, References, Credits, or External Links

NA

Linux – Install VMware Tools

KB ID 0001330 

Problem

Note: This is to install the VMware Tools NOT the OPEN-VM-TOOLS.

I’ve had to do this a few times now, and every time I Goolge how to do it, I get pages of instructions on how to install the open vm tools. When what I really want is to install the VMware Tools.

Solution

I’m using vSphere ESX, but even if you are using VMware Workstation or VMware Fusion, you can still select ‘Install/Upgrade VMware tools’, this presents a DVD image to the virtual machine.

The install for VMware tools uses Perl, so you will need to have that installed.

[box]

yum install perl

[/box]

Now we are going to mount the virtual CDROM/DVD drive into a folder, (called/mnt). Then when we have a look inside this folder, you will see the VMwareTools-{version}.tar.gz (take a note of this).

[box]

mount /dev/cdrom /mnt
cd /mnt
ls
TAKE NOTE OF THE VERSION!

[/box]

Unzip those files into the /tmp directory, then run the installer.

[box]

cd /tmp
tar zxf /mnt/VMwareTools-9.10.0-2476743.tar.gz
cd vmware-tools-distrib
./vmware-install.pl

[/box]

Keep pressing {Enter} to accept the defaults, when complete the mounted VMware tools DVD will be ejected.

 

Related Articles, References, Credits, or External Links

NA

CentOS / Redhat / Fedora – VMware VMXNET3 Adapter Not Working

KB ID 0001329 

Problem

This has tripped me up a couple of times, and if you Google the problem, you find a load of posts saying ‘Just install VMware tools that will fix the problem’

It Wont!

And I’ll tell you why, run ifconfig

You will notice you have a network card, but you will also notice that it’s got a strange name ‘ens160’ not eth0 as you would normally expect? Anyway let’s prove it’s not a driver issue by issuing a dhclient -v command. This basically forces the NIC up and makes it get a DHCP address, (assuming your NIC is connected to the correct network, and you have DHCP running of course!)

So this tells me it’s not a driver issue, and that installing VMware tools probably wont cure the problem.

It Didn’t!

Also if you reboot, you will find it’s not working again!

Solution

I’m going to use nano in a minute, (other editors are available), so I’ll install that first. (I’m logged in as root, you may need to prefix the following command with sudo if you are not).

[box]

yum install nano

[/box]

Remember my network card had a ‘funny name’, well change directory to the /etc/sysconfig/network-scripts directory, and you will see it’s config file, so let’s edit that, (change the text in red, to reflect your interface name, from the ifconfig command earlier);

[box]

cd /etc/sysconfig/network-scripts
nano ifconfig-ens160

[/box]

Make sure;

BOOTPROTO=dhcp

ONBOOT=yes

Now if you reboot your VM, it should come back up with networking enabled.

 

Related Articles, References, Credits, or External Links

NA