I finally got too fed up working with a crippled PC and installed the Windows Vista Beta 2 on my laptop. It looks really nice, although slightly slow. I connected my camera and, lo and behold, the Picture import works flawlessly, creating a separate folder per session, the Vista Photo browser and editor remind me a lot of Google’s Picasa. Internet Explorer 7 has tabbed browsing at last, and seemed quite stable and robust. In all, I was quite happy to have a working system again.
Continue reading ‘From XP to Vista back to XP’
If you're new here, you may want to subscribe to my RSS feed or receive updates via email. Thanks for visiting!
If your (Belgian) parents or grand-parents want to buy a cheap PC to get started on the Web, tell them to hold back for a couple more days. The Federal Government - through FEDICT - has set up a program to sponsor a complete package of PC + software + broadband + training for a sharp price. The title of the project: IVI or “Internet voor Iedereen” - the launch is planned for next week, April 18th.
Continue reading ‘IVI: Internet voor Iedereen’
Due to one of life’s mysteries, the following error shows up dozens of times per day in the event log of one of our web servers (Win2000/IIS):
Event ID 1016: The data buffer created for the “NTFSDRV” service in the “C:\WINNT\system32\snprfdll.DLL” library is not aligned on an 8-byte boundary. This may cause problems for applications that are trying to read the performance data buffer. Contact the manufacturer of this library or service to have this problem corrected or to get a newer version of this library.
A search on Google delivers nothing. Similar Performance Monitor problems are mentioned in
MSKB 267831, but for IIS related services (ASP/W3SVC/FTP/…). The remedy cited involves unlodctr/lodctr commands in a CMD box.
MSKB 324712 and MSKB 249138, same error 1016 for other dll and ‘fix by disabling’ solution.
I choose for the 2nd solution: adding a value to the registry. I create a .reg file that contains
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib]
"Configuration Flags"=dword:00000001
It works. That is, the warnings in the event log disappear. Have I just disconnected a fire alarm or was it innocent? Time will tell …
We use port redirection/proxy often on our platforms. In the production setup, separate (Linux-based) servers take care of this, but for our development and testing environment, we need port redirection for Windows system. I generally use 2 command-line packages:
stunnel.org: TCP proxy for adding or removing TLS (tunnel encryption aka SSL) from a stream
rinetd: plain TCP proxy for that accepts TCP connections and just transfers them to another TCP/IP address/port
Typical use of stunnel:
adding TLS to a non-secure server (you will need a server certificate for this), HTTP to HTTPS, SMTP to SMTPS, POP3 to POP3S, FTP to FTPS, … stunnel -d smtps -r localhost:smtp
adding TLS to a non-secure client, e.g. a mail client without SMTPS
tunnel an existing non-TLS capable protocol through a TLS tunnel (e.g. DNS)
Typical use of rinetd:
transfer a site on port 8080 to another IP address on port 80, to get rid of server:8080 side effects
transfer a port 88 to port 80, so you can have different Network Load Balancing policies on both ports, while they both run off the same site
Meanwhile on the other screen: Claire Forlani in ‘Meet Joe Black’. Mediocre movie, lousy acting by most of the crew, but mmmmm, that face.
I hate when things don’t go my way. One server in our NLB (Network Load Balancing) cluster did not want to join the cluster anymore. When I issued a wlbs start, it tried for a couple of seconds to join the cluster, but then remained in ‘Converging’ state. A couple of times I saw an entry in the System Log " ... does not have the same number or type of port rules ...".
I tried:
- Reboot: worked 1st time, but after that: did not help
- Compare rules 1: compared output of
wlbs display: changed all load parameters to ‘Equal’ (I normally give the servers weights that take into account the # of processors and #MB RAM)
- Compare rules 2: compared output of
wlbs display: identical
- Compare rules 3: compared output of
regedit -e wlbs.reg.%COMPUTERNAME%.reg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WLBS: no significant differences
- Recreate rules 1: recreate all 18 port rules on rogue server (so much fun :-/ ): did not help
- Recreate rules 2: change ALL servers to use only 1 rule: did not help
- Curse: did not help
- Restart service: disable NLB on network adapter, press OK, re-enable NLB => Bingo! Server back in the cluster without a blink.
Now I only have to re-create the 18 rules on all servers and I’m done!
Mental note to self: check out if I can build a dedicated load balancing device in Linux, one that (1) takes into account server load (give work to least busy server) (2) response time on individual ports (and automatically disable non-responsive ports) (3) has a web interface, so I can configure from any server in the subnet.
If you’re a web server administrator - as I am - every now and then, someone yells at you “The site is down, fix it!”.
A tool you should always keep handy is CURL. It’s a command-line web client (multi-platform - I use it on Win2K), that allows you to see the conversation between a web server and a client (like e.g. your browser).
Let’s say if you check out a page like this: curl -I http://someserver.com/whatever, you could get
curl: (6) Couldn't resolve host someserver.com'
can you CURL www.google.com? => you’re using a wrong domain name (DNS record does not exist)
you can’t CURL anything => your DNS settings are wrong, or your DNS server does not work as expected
curl: (7) Connect failed
there is no web server answering on that port
=> is the server down? does site run on other port? does a restart help?
HTTP/1.1 401 Access Denied [WWW-Authenticate: Basic realm="someserver.com"]
you have to log in to this page - your browser would pop up a username/password screen
HTTP/1.1 403 Access Forbidden
there is no ‘default’ document in the folder you are requesting
=> option 1: there should be a document index.html, default.htm, … in each folder
=> option 2: you want the folder to be browsable, so you have to configure this on the server
HTTP/1.1 404 Object Not Found
the document you ask for does not exist.
=> are you asking for the right document (typo)? on the right server?
HTTP/1.1 500 Server Error
typically only for dynamic pages (asp/php/cgi), where the program code contains an error and there is no HTML result that can be shown.
=> go look into the web server or program logs in order to find the bug.
HTTP/1.1 302 Found [Location: http://someotherserver.com/somepath]
the site is redirecting you to some other URL, which itself might give an error 404/403/connect failed/…
302 codes are not errors, it’s a common way of sending browser to the right location.
(for example: if this 302 redirects you to a wrong port http://someserver.com:88/whatever and nothing responds on that port, in your IE browser it looks like someserver.com is failing, whereas it really is someserver.com:88)
HTTP/1.1 200 OK
This is the ‘normal’ result of asking a web page.
For SSL/HTTPS problems, you better use curl -Ivk, because it gives you “* Connected to someserver.com port 443 * SSL connection using RC4-MD5 * Server certificate: (certificate content) …” information.
Have CURL installed on all your machines, Linux or Windows. Actually, add unxutils.sourceforge.net to your Windows machine, so you can work with gawk and wget too.
CURL is not the same as a real browser (especially when working with cookies/sessions), but it can help you solve 90% of typical web server problems. If the problem is browser-related, and you want to see the actual conversation between your browser and the web server, use the Ethereal network protocol analyzer.
The task seemed easy enough:
set up a new web site sub.domain.com such that every URL http://sub.domain.com/some_path is automatically redirected to process.aspx/?path=some_path (on the same domain or on www.domain.com - both have .Net running)
Because we run our sites on Win2K/IIS the following options were immediately discarded:
- A. Install & configure Apache
- I like Apache, let there be no mistake about that, but it’s just too much hassle managing 2 different web servers on 1 machine. I like having one management interface. Mind you, it would have been so easy:
RedirectMatch /(.*) http://www.domain.com/process.aspx?path=$1
- B. Develop a Python daemon
- What’s wrong with being a geek
? This is after all a simple single-purpose web site, you have an HTTP GET coming in and a 302 Redirect going out with super-basic parsing (check out the regular expression above). But again: having several web servers on 1 machine is asking for chaos. Plus, how robust is the Python SimpleHTTPServer? Has it been tested with attacks from Blaster/Mydoom and the likes?
Ok, this leaves us with the IIS server. So I create a new IIS site, that takes all the sub.domain.com requests (using a host-header). And now just add redirection, right? Let’s see …
- C. /default.asp page
- This might have worked if all the incoming URLs were like http://sub.domain.com/?some_path (see the question mark?). But that’s not the case.
BTW: Why .asp instead of .aspx? Because it’s basically a hack, and hacking is way easier in ASP (if you’re me).
- D. Custom 404 script
- Configure the IIS to redirect all not found pages (’404′ errors) to a /404.asp script. The script basically has to do:
Response.Redirect "/process.aspx?path=" & Request.ServerVariables("URL")
Only that I get as URL “/404.asp” instead of the original URL. I can’t seem to get the some_path. So I try this for 10 minutes and then move on, basically because I ‘m thinking the last method will be the fastest. If I would have looked further, the QueryString contains “404;http://sub.domain.com/some_path“, and I could have parsed it out.
Additional remark here: if your home directory is empty, and you call http://sub.domain.com/ (home page), you get an error 403 Access Forbidden error, instead of 404 Page not found. So you would have to either remap that error 403 too, or create a /default.asp that catches this case.
- E. Use IIS redirection
- Sure, IIS supports automatic redirection out of the box! Regular expressions and everything! Let’s elaborate on this method.
- Trial E.1: Redirect all URLs to /process/?path=$V ($V would translate here in “/some_path”). Only, when you redirect everything to to a subfolder, this policy is inherited by this subfolder, and you also redirect calls to that subfolder. So you get a nice endless redirection loop that creates links like /process/?path=process/?path=process/?path=process/?path=…
- Trial E.2: oh, but that is what the checkbox ‘A directory below this one’ is for. Only, it doesn’t work: I get 404 errors. I’m probably doing something wrong.
- Trial E.3: oh, but you can use a more sophisticated redirection, and turn off redirection for subfolders with “!”. Ok, I try *;/process/*;!/*;/process/?path=$0. Nope. Try setting “!” as redirection for /process/ folder. Syntax error. Try “*;*;!” as redirection for /process folder. Nope, I get get redirection to a non-existent page “!”. Ok, drop this one.
- Trial E.4: wait, what if I don’t redirect to a script one folder lower, but just to /process.aspx?path=$V? Ta-daaa! Here’s the endless loop again!
- Final try E.5: This is what worked at last: install the process.aspx on the destination server and redirect to it (in other words, exactly what I would have done if I had used Apache)
*;/*;http://www.domain.com/process.aspx?path=$0
Trivial, right? Did I ’solve’ the redirection spaghetti in IIS? Not really. Did I get a final result that worked? Yep. Who’s the man?
Latest Comments
grapplica, Djivy, Nadia, futtta
Naca-Yoda, Naca-Yoda, josh, Stijn, Mike, Peter, lamazone, Peter, nwalrave, Manuel [...]
Ben Licher, ine, Nils Walravens
randompasserby, Karun Ganesh, Peter
megan borrman, Melissa, beebooo
kashin, MagicianXV, dude, brunoodb, Pascal Van Hecke, brunoodb