First user in Ubuntu 14.04.3 has membership of groups:
- adm
- cdrom
- sudo
- dip
- plugdev
- lpadmin
- sambashare
Another user created as administrator from the GUI gets:
- adm
- sudo
- lpadmin
- sambashare
Author: Jamie Scott
IT Administrator at the Institute for Gravitational Research, University of Glasgow
Synchronisation problems with Outlook 2010 for accounts with secondary mailboxes
We had a problem with a couple of users who kept having synchronisation problems with an Exchange (2010) server, using Outlook 2010. Some mail would not appear in mailboxes, but would appear in the web client. The sync would claim to complete ok, but looking at the Sync Issues folder there were a lot of messages of the form:
13:22:28 Error Synchronizing Hierarchy for Mailbox 'TeamShared' 13:22:28 [80040305-54A-4DE-1900] 13:22:28 Your server administrator has limited the number of items you can open simultaneously. Try closing messages you have opened or removing attachments and images from unsent messages you are composing.
This can occur if the secondary mailbox has a a lot of folders, which this one does – there’s a big tree of stuff in there. To solve this we turned off caching of the secondary mailbox. The details of the problem and the various workarounds are given at:
Performance problems when you try to access folders in a secondary mailbox in Outlook
Using custom Diffie-Hellman parameters with Apache 2.2.22 and OpenSSL 1.0.1e (Debian 7 Wheezy)
See https://weakdh.org for the problem – 1024 bit Diffie-Hellman keys are potentially breakable (the ‘logjam’ vulnerability). This can be fixed in Apache 2.4 by pointing it at a custom key, but up to recently ver 2.2 was vulnerable. The issue was fixed in apache 2.2.22-13+deb7u5, which allows a custom DH key to be appended to the server certificate. To use this in Debian 7:
Update to apache 2.2.22-13+deb7u5 or higher.
Generate a new Diffie-Hellman group using
openssl dhparam -out dhparams.pem 2048
Find where the appropriate server certificate file is – standard debian setup specifies this in
/etc/apache2/sites-available/default-ssl
Append the DH group to the server certificate
cat dhparams.pem >> server_certificate.pem
The resulting file should look like
-----BEGIN CERTIFICATE----- stuff -----END CERTIFICATE----- -----BEGIN DH PARAMETERS----- more stuff -----END DH PARAMETERS-----
Restart Apache.
Checking this using the https://www.ssllabs.com/ssltest/ shows DH 2048 bits
Proxmox clustering and multicast (also, DNS)
After much problems with getting a new Proxmox cluster up and running two things have helped:
Putting the SAN IP addresses in the hosts file, avoiding DNS dependancies (especially when one of the systems isn’t in there yet…). This put me on track: http://blog.rhavenindustrys.com/2013/04/curious-proxmox-clustering-fix.html
Important bit:
127.0.0.1 localhost.localdomain localhost 169.254.0.1 proxmox1.local proxmox1 pvelocalhost 169.254.0.2 proxmox2.local proxmox2 10.10.5.101 proxmox1.example.com 10.10.5.102 proxmox2.example.com
This associates the short aliases with the network used by corosync, while leaving the long addresses to the outside world.
Then tried tests detailed at: https://pve.proxmox.com/wiki/Troubleshooting_multicast,_quorum_and_cluster_issues
The multicast test failed – i.e. running
omping -c 10000 -i 0.001 -F -q <list of all nodes>
on both nodes at the same time resulted in 100% loss. Fixed this by disabling IGMP snooping on the SAN VLAN. ExtremeOS command is:
disable igmp snooping <vlanname>
Hey presto, after getting the second node to join properly:
pvecm add 192.168.xxx.xxx -force
it gets quorum immediately. I suspect this issue was causing a lot of the historical issues with getting quorum to work on this switch.
Outlook 2010 and .pst files on network shares
What everyone says is true. Don’t do it! 2010 seems to be very sensitive to .pst issues. Best to import old ones.
Configuring Proxmox hosts (and other postfix installs) to send email via smarthost V2
In this post suggested using the Satellite system option. However, this seems to do the same as the mail sent by smarthost; no local mail option in exim – i.e. even local mail to root tries to go via the smarthost, which then complains. The Internet with smarthost option is probably the better choice (equivalent to exim’s mail sent by smarthost; received via SMTP or fetchmail).
N.B. Normal proxmox setup seems to be for postfix to use /etc/aliases directly. Double check this file!
Dell OMSA install on Server 2012 R2 issues
- Did install first as network admin – couldn’t get page to display and update patch (from 7.4.0 to 7.4.0.2) didn’t complete. Scrubbed and reinstalled as local admin – no problems.
- firewall exception may be required for remote access.
- https listener warning isn’t relevant for the https web interface!
- send test email button didn’t work in ie11, does in chrome.
Windows Server 2012 R2 install on Dell R520 – boot order issue
Installing Windows Server 2012 R2 on a Dell PowerEdge R520. Initially had problems with the “We couldn’t create a new partition or locate an existing one” error. Fixed by going into the bios and changing the boot order so that the internal SD card module came second rather than first (which was needed to make it boot from the SD cards).
Permissions for scm-manager repository directory (.deb install)
For new server mounted storage volume at /var/lib/scm to fit with scm-manager defaults on debian. Note – need to give the scm user permissions to this if the install doesn’t create the directory first!
Booting from dual SD card module on Dell R520
Installed FreeNAS 9.3 on Kingston Ultimate 16 Gb cards on dual SD module in Dell R520 (took ages – so did card synchronisation when first inserted). Came up as boot device missing initially on reboot. Changed hard drive order in the bios to put SD cards first and it booted ok.