Error: WebHost failed to process a request. Sender Information.
Exception: System.ServiceModel.ServiceActivationException: The service ‘/EWS/exchange.asmx’ cannot be activated due to an exception during compilation. The exception message is: Security settings for this service require ‘Anonymous’ Authentication but it is not enabled for the IIS application that hosts this service.. —> System.NotSupportedException: Security settings for this service require ‘Anonymous’ Authentication but it is not enabled for the IIS application that hosts this service.
It’s simple permissions error in IIS.
Solution
1. Locate the Virtual Directory in the error message, in the example above that the EWS virtual directory. (Exchange Web Services).
2. Click Start > Administrative Tools > Internet Information Services (IIS) Manager > Expand Sites > Default Web sites > locate the problem virtual directory > Select it then open authentication.
3. Make sure “Anonymous Authentication” is set to enabled.
4. Then restart web services, click Start > in the run/search box type cmd{enter} > Execute the following command,
[box]iisreset /noforce[/box]
Related Articles, References, Credits, or External Links
The title may raise an eyebrow, in a time when people are concerned with hardening their servers and making things more secure, why would you want a shared folder anyone can access without a password? Well because most of us operate in the real world where the biggest secret on our network is ‘who has not paid into the biscuit fund?’
I have a folder on my test domain that I use for sharing files and programs with my colleagues. I don’t want to start creating user accounts for them, so they have to ask me what the password is every time they need to copy an ISO file, or want to drop some service packs in there.
Solution
1. Create your folder, and from its properties, share the folder and grant anonymous access.
2. Don’t forget to also set the NTFS permissions on the ‘Security tab.
3. Even with these permissions set you will get prompted for a username/password unless you enable the ‘Guest’ account.
Note: Here the share is on a domain controller, if your server is simply a member/workgroup server, then enable the Guest account in ‘local users and groups’, (Windows Key+R > lusrmgr.msc {enter}).
Related Articles, References, Credits, or External Links
While testing mail flow on a new SBS 2011 Server, outbound mail worked fine, but no mail would flow in. When I attempted to Telnet in from a remote host this was what I saw;
421 4.3.2 Service not available
Connection to host lost.
Solution
Normally I’d expect to see an error like this if the Exchange ‘Receive Connector’ was misconfigured, (if you’re not using SBS 2011 create a new default receive connector and make sure there are no firewalls in the way).
If you are using SBS 2011 you need to run the ‘Connect to the Internet’ Wizard (seriously!)
After this check inbound mail flow again.
Related Articles, References, Credits, or External Links
Back in the early days of email, just about all mail servers let you relay mail though them. That was fine until someone worked out you could then get someone else to send out your “spam”, and they would look like the guilty party. Even today people misconfigure their Exchange servers and make them an open relay.
But what happens if you have a particular server or machine that you want to let use your Exchange server as a relay? e.g. a Linux server that sends mail, or a SQL server running SQLMail? Then you need to allow relaying from either that IP address, or the network it’s on.
Allow Relay from an IP with Exchange 2010 and 2007
1.From the Exchange Management Console > Server Configuration > Hub Transport > New Receive Connector.
2. Give the connector a name and select Custom > Next.
3. Next.
4. Add > Add in the IP address(s) or network you want to allow relay from > OK.
5. Select the 0.0.0.0 255.255.255.255 entry and click DELETE.
Warning: Leaving this entry in will make your Exchange Server an Open Relay. (Note: This does NOT mean that your default connector is an “Open Relay” as this uses “authentication”
6. Next.
7. New.
8. Finish.
9. Select your new connector then right click > Properties.
10. On the Permission Groups tab ensure “Exchange Servers” is selected.
11. On the Authentication Tab > Tick “Externally Secured (for example with IPSEC).” > Apply > OK.
Allow Relay from an IP with Exchange 2003 and 2000
1. Launch Exchange System Manager > Administrative Groups > Administrative group Name > Servers > Servername > SMTP > Right click Default SMTP Virtual Server > Properties.
Note: If you can’t see administrative groups right click the top level (in this case “First Organization (Exchange)) and tick the box to show administrative groups.
I needed to back up a Cisco firewall, and perform an upgrade remotely, despite my best efforts to use the ASDM and update via http, I had to go ‘old school’ and bring up a TFTP server on one of my CentOS Linux servers.
Solution
1. Log onto the server and install the xinetd TFTP Server. Execute the following command and follow the on-screen prompts.
[box]Using username “root”.
Last login: Thu Aug 7 17:58:10 2014 from midd-8.cable.virginm.net
[root@Web-Test ~]# yum install tftp tftp-server xinetd[/box]
2. Now you need to edit the config file, here I’m using nano, but you could use vi as well.
# default: off
# description: The tftp server serves files using the trivial file transfer
# protocol. The tftp protocol is often used to boot diskless
# workstations, download configuration files to network-aware printers,
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = yes
per_source = 11
cps = 100 2
flags = IPv4
}
[/box]
4. Edit the file and save it, so it looks like this;
[box]
# default: off
# description: The tftp server serves files using the trivial file transfer
# protocol. The tftp protocol is often used to boot diskless
# workstations, download configuration files to network-aware printers,
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
Note: if you run SELinux you may also need to execute the following command, ‘setsebool -P tftp_anon_write 1‘.
WARNINIG: This enables anonymous access on the TFTP root folder, if your server is public facing and not firewalled, then I would suggest you do what I do, (stop and start the service manually, and only open the firewall for TFTP when you need to use it – see below).
6. If you use iptables as a firewall, you will need to open the TFTP port (UDP Port 69).
10. I could SSH into the server and change to the /var/lib/tftpboot directory and see the file. But I’ve got WinSCP installed so I can view the backup with that.
11. Let’s see if we can copy a file off the TFTP server back to the firewall.
[box]
Petes-ASA# copy tftp flash
Address or name of remote host []? 123.123.123.123