I have continues login request on windows server 2016.
Each time it requested different IP address,also the countries where we don't have user for sure,because we have only a 10 users in one country in one office only,we sure all in One country . I know our server should have only specific IP address of One country,but why below log with different countries IP we got
We have trying to prevent this.
Why or what is below login?
If we prevent below, can we still have access to server on RDP? we need RDP still...
in event viewer server log.
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Versand
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: workstation
Source Network Address: xxx.x.x.x.x
Source Port: 0
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
NTLM is just the authentication protocol on Windows domain network and it is still widely used in comparison Kerberos which is a newer protocol released by Microsoft. Disabling NTLM will mean you prevent any users using that protocol to connect. One option is to disable NTLM and use Kerberos but that means all your users must be configured to use Kerberos as well.
Check out this page for more info: http://woshub.com/disable-ntlm-authentication-windows/
Rather than going through that I would recommend that you restrict the IP address that can connect through RDP if you know the IP addresses of all 10 users.
Open Windows Firewall with Advanced Security, click on Inbound Rules and locate the RDP rule and right click and then Properties and click on the Scope tab. There in the Remote IP Addresses section you should be able to manually add the IP addresses of your users that should be able to connect. Any IP address not within the scope will not be able to connect.
Reference: https://support.managed.com/kb/a2499/restrict-rdp-access-by-ip-address.aspx
Also, you pointed out that the logon attempts were from different countries so you can't eliminate the possibility that users were using VPNs.
Related
I have come to an issue while logging into the Parallels Plesk Panel with the username and password provided by our hosting agent.
It was going fine until I removed a directory through FileZilla application, which was holding the contents of a running live website.
After resetting the directory, I got an error message:
Internal error: Domain Service Web not exists: domain=example.com,
id=XXXX Domain Service Web not exists: domain=example.com, id=XXXX File
DSWeb.php Line 76 Type PleskFatalException
Then I found a solution after searching the error. But that was saying about removing and adding entries from and to psa database. I am using a windows system and no way to access this psa database.
Then I found some server administration service providers can solve this issue but they are asking tickets and payments. I doubt if they can help or if they ask me the credentials of the service. Is that the only and safe solution?
And somewhere else I saw I can use dbclient utility for running SQL query on Windows. How does that help?
Now I can't login through the panel, it shows the error:
The xxx.xxx.xxx.xx page isn’t working
xxx.xxx.xxx.xx redirected you too many times. Try: Reloading the page
Clearing your cookies ERR_TOO_MANY_REDIRECTS
I am not able to access mail accounts and some domains(were running good) show this error message:
The service is unavailable.
The one which I removed (directory and files) shows Web Server's Default Page of Parallels Plesk Panel when accessing the domain address through web browser.
I don't see any questions like this here in Stack overflow, but there are tags.
Waiting for your suggestion and help me to find the best solution for this.
Have you tried this?
http://download1.parallels.com/Plesk/PP11/11.0/Doc/ru-RU/online/plesk-linux-advanced-administration-guide/index.htm?fileName=68745.htm
Trouble shouting for:
Cannot Access Panel
Cannot Log In to Panel
If you get the error message "Access for administrator from address xx.xx.xx.xx is restricted in accordance with IP Access restriction policy currently applied." when trying to access Parallels Plesk Panel, it means that the Panel IP access policy does not allow you to log in from your current IP.
To access Panel from an IP address:
Here is a way of access psa table.
1-Log in to the server via SSH.Using Putty
2-Change the IP access policy in the psa database:
To find the current policy and its restricted and allowed IP addressess,run the following commands.
mysql -uadmin -p`cat /etc/psa/.psa.shadow ` psa
mysql> select * from cp_access;
mysql> select * from misc where param='access_policy';
Panel in a Virtuozzo Container: Broken Layout
I want to perform load test on some of the web services through VS2012. To do that we need to access the URL of the web service, but I am unable to do that since when i try to access the URL its displaying the below message
Your connection is not private
Attackers might be trying to steal your information from 116.50.77.22 (for example, passwords, messages or credit cards).
advanced
This server could not prove that it is 116.50.77.22; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.
Proceed to 116.50.77.22 (unsafe)
How can i handle this, how can i install the security certificate or is there some other way i can access the given URL
This error message appears to be from the Chrome browser when it detects an SSL certificate issue. I assume that the URL for the web service begins with https://116.50.77.22 (secure HTTP).
Normally SSL certificates are issued to a computer host name or internet domain name versus an IP address. You may be seeing this message due to a name mismatch, and instead of using the IP address should use the name specified in the SSL certificate. You can view more details about what is causing the error by manually browsing to the web service URL, and if prompted with the original error choose to "Proceed to 116.50.77.22". You should then be able to click on the padlock icon in the address bar as shown below, and on the Connection tab you should see details similar to those shown. If you see "Server's certificate does not match the URL", click on the "Certificate information" link to view details on the SSL certificate being used by the server. The name you see after "Issued to:" is the name associated with the certificate and should be the name used in the URL. For example if you see "Issued to: M23458" you should use a URL beginning with https://M23458/ to access the web service.
If you see other errors listed under the Connection tab, my advice would be to search Stack Overflow for specific guidance in dealing with each one. You may need to resolve all before you original error message (your connection is not private...) will go away, and each one will require a different set of steps to address.
Docusign connect service is not posting data to the url specified in the connect service option. Actually if i resend the data from log it works but it do not works on its own.
Please help me
Thanks
Usually when DocuSign Connect is not publishing to a URL it is caused by one of a few things:
Your server is not listening on the correct port(s).
You are not testing for the correct events.
You do not have the user (sender) configured for Connect.
Your server is not publicly accessible.
Your firewall or network security is not letting the requests going through.
Your server has crashed.
A potential bug with DocuSign Connect.
Possible resolutions:
If testing in DocuSign demo environment (demo.docusign.net) ports 80 (http) and 443 (https) are allowed. If testing in production environment (www.docusign.net) only 443 - https is allowed.
Make sure you are testing for the correct event triggers - this can be confirmed on your Connect settings page. Login to the Console and go to Preferences -> Connect -> (select one of your Connect configurations). On the following page you'll see how to select events that you want Connect to push on, as well as for which users.
Followup answer to 2 - you need to also make sure you have the correct account members enabled for Connect on the Console -> Preferences -> Connect page.
You can not use a localhost address for the Connect URL - it must be a publicly accessible URL.
Your network administrator might have a firewall (physical or virtual) or other security software setup that is stopping the requests from going through. Check your security settings and test that the proper ports are enabled, etc.
Ensure that your server is still up and running and that it hasn't crashed.
Although DocuSign Connect has been around for some time it still occasionally exhibits a bug or two. If not one of the other potential reasons then provide the failure log in your post and someone from DocuSign will follow up.
If you are running into issues with DocuSign Connect hopefully one of the above remedies resolve your issue.
I have deployed Orchard on azure and enable Email Messaging module. Enabling says it enables successfully and asks for email settings. I provided it the mail server setting. Strange thing is, User setting does not show me the settings which are dependent on email messaging module (Contact us email address and public site name) and does not show me ("Lost your password") link . Also I have built a module which sends email. This module is not sending email.
Same orchard package works fine and also email on my dev server with same mail server settngs(gmail smtp settings.) But email is not working on azure.
What am i Missing ?
thanx
Just FYI for anyone else who visits this Question, I just got this working from Azure using the gmail SMTP server without any third party add-ons. I simply added the following SMTP details:
Then used the contact form to send an email to myself. The first email gives me an alert to my gmail account:
Hi Simon,
Someone recently tried to use an application to sign in to your Google Account - XXX#gmail.com.
We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt:
Monday, April 8, 2013 9:33:46 PM UTC
IP Address: 65.52.168.70
Location: United States
...blah blah blah
If this was you, and you are having trouble accessing your account, complete the troubleshooting steps listed at http://support.google.com/mail?p=client_login
Following the link give you the option to allow an application to login with your credentials. Just follow the link in step 3 and then you have 10 minutes to send another email from your orchard site. The next test message I received without issue.
Got it. Windows Azure itself does not allow sending email neither it allows to use SMTP. WE have to use third party email service like PostMark,SendGrid etc
http://blogs.msdn.com/b/publicsector/archive/2011/10/14/sending-and-receiving-email-in-windows-azure.aspx
So, I'm just curious how does WordPress, installed on Windows Azure (gallery), able to send emails?
http://coffee2code.com/wp-plugins/configure-smtp/
There are still too many different suggestions on the subject so i thought i should write what I've found useful. Here's what i did to get it to work:
My SMTP settings:
Sender address: myname#gmail.com
Hostname: smtp#gmail.com
Port: 587 (25 will also do)
SSL Communications: Checked
Credentials: My Gmail address and my password
These settings should work on your local environment just fine. But on the cloud you may need to do the following:
As your Azure VM may be at some arbitrary location, Gmail marks the login attempts as suspicious and blocks them. If this is the case, you should see a mail informing you about this suspicious activity in your inbox. Just follow the instructions there and mark the login as trusted. It will remain that way until somehow your IP on the cloud changes (e.g. deleting your deployment slot). VM relocation shouldn't be an issue since the IP still remains the same. You may have to do this separately for your staging and production slots.
Lastly, I enabled full trust for my web role as shown here:
http://blogs.msdn.com/b/windowsazure/archive/2009/03/18/hosting-roles-under-net-full-trust.aspx
I hope this helps others having this problem.
Cheers
No more third-party with GitLab 15.5 (October 2022):
Deliver emails using Microsoft Graph API with client credentials flow
If you’ve enabled security defaults in Azure AD,
legacy authentication protocols for SMTP are blocked.
You can now configure your GitLab instance to deliver emails using
Microsoft Graph API
with OAuth 2.0 client credentials flow.
See Epic, Documentation and Merge Request.
The gitlab.rb would include:
gitlab_rails['microsoft_graph_mailer_enabled'] = true
# The unique identifier for the user. To use Microsoft Graph on behalf of the user.
gitlab_rails['microsoft_graph_mailer_user_id'] = "YOUR_USER_ID"
# The directory tenant the application plans to operate against, in GUID or domain-name format.
gitlab_rails['microsoft_graph_mailer_tenant'] = "YOUR_TENANT_ID"
# The application ID that's assigned to your app. You can find this information in the portal where you registered your app.
gitlab_rails['microsoft_graph_mailer_client_id'] = "YOUR_CLIENT_ID"
# The client secret that you generated for your app in the app registration portal.
gitlab_rails['microsoft_graph_mailer_client_secret'] = "YOUR_CLIENT_SECRET_ID"
gitlab_rails['microsoft_graph_mailer_azure_ad_endpoint'] = "https://login.microsoftonline.com"
gitlab_rails['microsoft_graph_mailer_graph_endpoint'] = "https://graph.microsoft.com"
I have two servers:
S1 is Exchange2010
S2 is Exchange 2007
Both servers are in the same domain in ActiveDirectory.
Idea is to have "service account" on S1 with enabled impersonation of users from both servers. My app is using credentials of "service account" and then starts to iterate through a list of smtp addresses. It impersonates each smtp address and does some processing on content of mailbox of that account.
That is a theory, now time for problems.
I can connect as a service account and can access its mailbox but when I try to access mailbox of impersonated user I get exception saying that "SMTP address has no mailbox associated with it". And exception happens for both servers.
I started to debug and google about possible reasons and out of nothing I changed this:
svc.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, smtpAddress);
into this:
svc.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.PrincipalName, smtpAddress);
and it worked which is very strange because month ago I had different setup only with one server and using SmtpAddress enum worked and my admin swears that config of impersonation is exactly the same.
Now, if anyone could provide me with some hints on why I cannot use ConnectingIdType.SmtpAddress and what I should do to make it possible to work?
Of course it turned out that admin did something different way for my current configuration. New environment has a policy that account name is different than smtp address for an account and smtp has a dot between name and surname of a user. So, for example on old config I could impersonate User100#example.com no matter what ConnectingIdType I chose but on new environment I have to set proper id type depending if I'm using smtp or account name as impersonated id.
Hope it will help in case somebody else's admin "didn't changed anything" too :)