This infuriatingly happens to me a lot! Every time the fix is the same, (but is a little impractical). Essentially you attempt to log in to ECP (Exchange Admin Center), you a prompted for your credentials, then you just get a ‘500 Error”.
The website cannot display the page
HTTP 500
Most likely causes:
•The website is under maintenance.
•The website has a programming error.
What you can try:
Refresh the page.
Go back to the previous page.
Exchange 500 Error: Fix
Firstly (let’s check the basics,) make sure all the services are up and running, (this can take a while).
Start All Exchange Services
[box]
Get-Service *Exchange* | Start-Service
[/box]
I can see that my ECP virtual directory is setup correctly
So the most common advice out there is to removeethe virtual directories, and recreate them, but when I attempt to remove them I get the error;
The operation couldn’t be performed because object ‘EX-SERVER-NAME\owa <Default Web Site>’ couldn’t be found on
‘DC-NAME.pnl.com’.
There are some posts that suggest (I simply re-sync my Exchange to my Domain Controller). But I’m not really sure how thats possible, (without a reinstall?). If someone would like to post below an alternative solution I’d be happy to publish it?
This is how I end up fixing it every time, which impractical because it involves downtime! Download the latest Cumulative update, mount the the CD image, and run;
YES I ACCEPT: That’s like using a sack of sledgehammers to crack a nut, but it works. As I’ve pointed out above, I’m happy to publish a more elegant solution, if someone posts one below.
Exchange 500 Error Gone
Related Articles, References, Credits, or External Links
Before on Part One we setup our RANCID and ViewVC server ready to start backing up our devices, now we will look at adding the devices, and automating the backup process.
Solution
To add a Cisco device you need to do TWO things*. Firstly you need to add and entry in the ‘router.db‘ file that lives in the ‘Group’ folder you created back in part one. Secondly you need to add the access details, you do this in the ‘.cloginrc‘ file.
*Note: There’s really three things, but we have already setup the rancid.conf file and created the groups.
I’m going to add my Cisco ASA firewall to the router.db file thats in the Firewalls group.
[box]
nano /usr/local/rancid/var/Firewalls/router.db
[/box]
You enter devices in the following format;
{ip-or-hostname};cisco;up
OR
{ip-or-hostname};cisco;up; LOCATION: {Your test here}
Note: If you have a device that goes down for maintenance, or is retired but you want to retain its config you change the keyword up to down and Rancid wont try and back it up.
REMEMBER: I have Firewalls and a Switches (Groups) created, so I will add in my switch into the Switches router.db file exactly the same as I did above;
For the system to access the remote devices, it needs to know how to gain access, (method}, and a username and password, these are setup in the .cloginrc file. This is the file Rancid uses for Cisco devices if you look in the folder that the file lives in, you will see other login files for other vendors.
[box]
nano /home/rancid/.cloginrc
[/box]
Adding Cisco Device Logins
You will notice (screenshot above, and text below) I’ve used two different methods, the reason I have done this is because the first item (the device on 192.168.100.119) is a Cisco IOS device (it’s actually a CSR1000,) and when I logon as the rancid-user I am ‘automatically’ logged on in enable mode. Cisco ASA Firewalls (like the second entry) only very recently had the ‘auto-enable’ feature added to them (version 9.2(1)) so for older models, you have to login, and then go to enable mode, and then enter a second password. This is why the second entry has two passwords, usually they are the same, but if a specific enable password has been set on the firewall they will NOT be.
[box]
Cisco Router / Switch Example
# You can enter some sensible text here to define the device below
add user {ip-or-hostname} {username}
add password {ip-or-hostname} {password}
add method {ip-or-hostname} {ssh or telnet}
add autoenable {ip-or-hostname} 1
#
Cisco ASA Firewall Example
# You can enter some sensible text here to define the device below
add user {ip-or-hostname} {username}
add password {ip-or-hostname} {password} {enable-password}
add method {ip-or-hostname} {ssh or telnet}
#
[/box]
Now we are pretty much setup, you can test your configuration by running the following command;
[box]
/usr/local/rancid/bin/rancid-run
[/box]
It wont return any output but if you browse to your ViewVC total you ‘should’ now see the configs have been added;
Troubleshooting Rancid
If you do a test run and it appears nothing has happened then you can look at the logs to see what went wrong.
[box]
cd /usr/local/rancid/var/logs/
ls
nano {log-name}
[/box]
Usually it will give you an error that will point you in the right direction, if the file is completely empty, (i.e. a start time and and end time and nothing else). This usually indicates an error in the router.db file.
Scheduling Rancid Backups
This is done with crontab, which means we need to edit it with vi (I don’t like vi either, see the following article for a 2 minute crash course).
In Part 3 we ran through manual pools, if you want to deploy automated pools using ‘Linked Clones’, then you will need VMware Composer. Composer installs on your Virtual Center Server. It also requires a database, the following is a step by step guide to installing SQL Server 2008 R2 and configuring it for Composer.
VMware View 5 Suppored Database Platforms
When you have your databse platform installed and configured, on the Virtual center server create an ODBC connection to the database and install VMware Composer. Finally you will need to enable composer in the VMware View Administrator Console.
Solution
VMware View – Installing SQL 2008 R2 and Configuring for Composer
1. Let the SQL DVD auto-run and choose Installation > New installation > OK > Product Key > Next > Accept the EULA > Next > Install the setup files.
2. Take note of any warnings, here it’s complaining that I’m on a domain controller (in a test environment this is OK, don’t do this in production!). And it’s giving me a firewall warning. I’m going to disable the firewall as I’m behind a corporate firewall, BUT if you want to create an exception for TCP port 1433, or run the following command. That would be the correct way to address the warning.
[box] netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN [/box]
3. You only need the “Database Engine Services” and the “Management Tools” , or you can simply install everything > Next > Next > Select Default Instance* > Next > Next.
*Unless you specifically want a named instance.
4. I set the services to run under the ‘System’ account, if you want to use the domain admin, or another domain service account use that instead. You can use the “Use same account button for all” to save typing > Next.
5. We will need SQL authentication, type in a suitable complex password (You can add the current user of the domain administrator as well) > Next > If your installing Analysis services you can add an account here > Next.
6. Install the native mode default configuration > Next > Next > Next > Install > Close > Exit the SQL installer.
7. Launch the SQL Management Studio > Log in (for servername simply type in localhost) > Right click Databases > New Database..
8. Give the Database a name > Select the ‘Options’ Settings.
9. Change the recovery model to ‘Simple’ > OK.
10. Expand Security > Logins > Create a new login.
13. Give the new user/login a name, select SQL authentication > Set a complex password > Untick Enforce password expiration > Select the user mappping section (on the left).
14. Select the database you have just created and give this new user the “db_owner” role > OK > Exit the management studio
VMware View – Configure ODBC Settings on the Virtual Center Server
15. On the vCenter Server > Start > Administrative Tools > Data Sources (ODBC).
16. System DSN > Add > SQL Server Native Client > Finish,
17. Add in the Database name and the server you installed SQL on > Next.
18. Supply the details for the user you created and the password you set > Next.
19. Change the default database from ‘master’ to the one you created > Next > accept all the defaults > Finish.
20. Click ‘Test Data Source’ and it should say TEST COMLPETED SUCESSFULLY > OK > OK > OK.
VMware View – Installing VMware Composer
Note: Composer MUST be installed on your VMware virtual Center (vCenter) Server.
21. Run the installer > Next > Next > Accept the EULA > Next > Next > Enter the ODBC details and login you created earlier > Next.
22. Next > Install > Finish.
VMware View – Add Composer to VMware View Administrator Console
23. Connect to, and log into the VMware View Administrator Console > View Configuration > Servers > If you already have a vCenter server select Edit > If not select Add.
24. On the vCenter Server settings tab ensure ‘Enable View Composer’ is ticked and add in a domain user (with rights to create, and delete computer objects in the domain) > OK.
25. You will know if the operation was successful as the vCenter logo will change, it will now have a gold/yellow box around it.
Related Articles, References, Credits, or External Links
A client showed me this today, I don’t support their Sage, but I was on site and the people who do support their Sage (I wont name and shame one of our competitors), had told them it was their DNS server that was causing the error.
Logon Error
Loon failed due to unexpected error.
Please check if the Sage200Configuration database is configured and running.
(Message was: The remote server returned an error: (502) Bad Gateway.)
Solution
A couple of quick ping tests on the affected machine disproved the DNS theory! I thought it might be permissions as it didn’t error on my domain admin account. After some frowning, I though the error looked vaguely “web server” related and had a brain wave.
The affected client was set to web browse through a proxy server, as soon as I created an exception for the server that was running Sage, It started working!
Related Articles, References, Credits, or External Links
Active directory keeps a log of the last time a domain user has authenticated to the domain (from server 2000 onwards) , the drawback with 2000 is that this value didn’t replicate so you had to query each domain controller and cobble the results together.
After 2003 this value was replicated (after convergence,) to all domain controllers.
Solution
Update Here’s a much better way of showing who logged on last, on a computer-by-computer basis.
There are various scripts that will do this for you, but the best way of finding your users last logon time is to run ADTidy.
Run this on a domain controller and it will list your domain users, the last time they logged on, (and what DC authenticated them).
Note: If you have mobile devices (e.g. phones picking up Exchange mail) these events will be logged as well, so don’t panic if you see authentication events at odd times.
In addition this software will also let you disable/delete inactive accounts, and export the details to CSV file.
Related Articles, References, Credits, or External Links
I’m more used to HP servers with iLO’s and Dell servers with DRAC’s, but today I had to put in an IBM System X (now Lenovo) Server with an IMM on it. Once I’d got its IP address from my DHCP servers list of leases I was faced with a logon screen.
Solution
Took some hunting, but the credentials are as follows;
Username: USERID
Password: PASSW0RD (That’s a zero, not an ‘O’ for Oscar).
Note: They are case sensitive also.
With iLO I would leave the default username and password setup, (because it’s written on the chassis, and if someone needed to get in they could, (if they had local access to the server).</p?
However for the IMM I would suggest at least changing the default password.
And if it’s internet facing I’d remove/rename that account completely.</p?
Related Articles, References, Credits, or External Links
This used to quite common when attempting to contact the HP Management Homepage, (or the local insight manager page) you can no longer get access.
ERROR: Username and password do not match
Solution
With much older versions of the Systems Management Homepage (before it used domain user names and passwords) you could simply copy over the CPQHMMD.DLL file from a server you knew the password for, and then you could get in.
Then they switched to domain authentication, and when that broke you could navigate to C:compaqwbemhomepage, edit the cpqhmmd.ini file with the following entries;
Then restart the Server (or the HP Services if that’s easier) and you could log in.
With newer versions of the HP Management Homepage those files no longer exist!
1. Head over to www.hp.com and do a drivers/software search for the model of your server, select the operating system you are using and look in the “Software – System Management” section. Locate, download, and install the HP Management homepage software.
Note: Don’t panic this will not need a reboot.
2. It says Administrators always gets access but I still add it in anyway (Note: If this is a domain controller, the local Administrators group is the domain admins group anyway).
3. Set as follows.
4. I’m leaving mine open from any server.
5. Now we are in! (hooray!) and I’ve got a broken BBWC (boo!).
Related Articles, References, Credits, or External Links
To save you creating multiple users on your FireSIGHT appliance, and assigning roles to them you can utilise your existing Active Directory. In fact FireSIGHT does a good job of enabling granular administration based on AD Groups, by assigning them to ‘roles’ on the appliance.
Below I’m just going to create one AD group and assign the administrator role to that group,as you would in a small organisation. but I will point out how to enable RBAC on the appliance.
I had to work out how to do this, because the official documentation just does not work? Or at least it did not work for me with my 2012 R2 domain controller.
Solution
1. Log into FireSIGHT > System > Local > User Management > Create External Authentication Object.
2. Authentication Method = LDAP > Name = Something descriptive > Description = {optional} > Primary Server IP = IP of you Domain Controller > Port = 389.
Note: If you change the authentication method below to SSL the port will automatically change to 636 (LDAPS).
3. Enter a secondary domain controller IP if you have one.
4. In my AD I’ve created a user for the appliance to connect to AD with (svc_sourcefire), and a group called Sourcefire-Admins that I’ve put my administrative users in.
5. In the FireSIGHT console you have to enter domain objects by their DN. If you’re unused to using DN notation, on the domain controller run LDP (Connection > Connect > Server=Localhost > OK > Connection > Bind > OK > View > Tree > OK) In the left window you can expand and navigate up and down your domain tree. When you find th group/user you want right click copy DN, Then you can paste it into FireSIGHT without having to write it out.
6. Set the Base DN (usually the root of the domain) e.g.
[box]DC=petenetlive,DC=com[/box]
Enter the DN for the user the appliance will use to bind to Active Directory, e.g.
Enter the user (above) password. Set the UIAccess Attribute and the Shell Access Attribute to;
[box]sAMAccountName[/box]
Note: The drop down arrow unlocks the advanced options if you wanted to use LDAPS then this is where you would select it and upload the root CA certificate.
7. Expand Group Controlled Access Roles (Optional) > Enter your AD group against the role you want to assign to it e.g.
Note: These are the built in roles, you can clone and create new ones. (System > Local > User Management > User Roles).
Set the Default user role to ‘Security Analyst (Read Only)’.
8. Group Member attribute = member > Shell Access Filter = ‘Same as Base Filter’ > Username enter an administrative username form the group you specified above > Password = password for the user you are testing > Test.
Note: Shell Access Filter wont actually do anything in this instance.
9.You will get a lot of info, but hopefully you will see ‘Success’.
10. Now you need to use this authentication method for the appliance. System > Local > System Policy > Select the policy in use > Edit, (pencil icon).
11. External Authentication > Status = Enabled > Default User Role = Security Analyst (read Only), No I don’t know why you do this twice > Change the ‘slider button’ to enabled > Save Policy and Exit.
12. Because the policy has changed and not updated > Update.
13. Select All > Apply.
14. Success.
15. You can not log in with your administrative AD accounts.
16. You will also notice the users appear under local user management > Users.
17. You could, (if you wished) Untick the ‘Use External Authentication Method’ option and turn this user into a ‘local’ user.
Related Articles, References, Credits, or External Links
