CruiseControl.NET multiple build servers authentication - cruisecontrol.net

I have CCNET 1.8.5.0 installed on two build servers and I configured WebDashboard on one server to monitor both of them. But it leads to such bug: when user logs in to one of the servers, webdashboard shows him as being authorized on other server too (Logout button is showed instead of Login). But when it tries to access project on second server he gets usual error:
Request processing has failed on the remote server: Permission to execute 'ViewProject' has been denied.
How could I force webdashboard to separate authorization on every server?

this seems to be a bug :-(
there is no configuration to my knowledge that would bypass this problem for the moment.

Related

ASP.NET Core 2.1 Give me HTTP Error 502.5 - Process Failure

After using deploying my .NET Core 2.1 App to my server, I get the following error when I access the page:
HTTP Error 502.5 - Process Failure
Following Microsoft's always helpful link on the same page (cough cough), I checked the Event View Log and it states:
Application 'MACHINE/WEBROOT/APPHOST/BLAH.COM' with physical root
'D:\inetpub\vhosts\BLAH.com\httpdocs\' failed to start process with
commandline 'dotnet .\blah.dll', ErrorCode = '0x80070002 : 0.
The message was not only unhelpful, but completely irrelevant. I tried to enable the web app's logging in web.config:
<aspNetCore requestTimeout="23:00:00" processPath="dotnet" arguments=".\blah.dll" forwardWindowsAuthToken="false" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" startupTimeLimit="3600" />
Oddly, no files were created in the Log directory until I granted permission to my IWPD process. The files it created weren't in the stdout directory as specified, but were in the parent log directory. They also were empty.
I ran the web app from the command line using:
dotnet .\blah.dll
The application appeared to run and I could see some messages on the screen, but I still got the same 502.2 error accessing the site with no additional information in the logs. I followed the troubleshooting steps for ASP.NET Core 2.1 and it mentioned this:
If the errors occur when making a request to the app, make a request
to the host and port where Kestrel listens. Using the default host and
post, make a request to http://localhost:5000/. If the app responds
normally at the Kestrel endpoint address, the problem is more likely
related to the reverse proxy configuration and less likely within the
app.
I ran the web app from the command line and tried to access it using http://localhost:5000. I was finally able to access the site, but I still got the same 502.2 error via IIS.
It's obvious IIS and Kestrel are not communicating with each other. I don't understand why there's two web servers and how to get them to communicate with each other.
Solved the problem. The installer for the server's IIS module doesn't restart or warn the user to restart IIS. Restarting IIS loaded the necessary module. Clearly, this is a bug by any other name.

Not able to fetch data or queue data from FTP server in Azure cloud nifi server?

I am using FTP server which is working in local and able to fetch data from FTP server, but in the Azure cloud nifi server same FTP server is not fetching a single record from the particular FTP server. I am using ListFTP associated with FetchFTP nifi processor and used the same configuration whatever I used in local for ListFTP and FetchFTP nifi processors.
Can someone please suggest what is happening here. I checked firewall and even I disabled the firewall. That FTP server is running on Active connection mode. I tried but I'm not able to figure out the exact reason.
I am attaching the screenshots of my FTP processors configuration. One very important thing while using GetFTP server it is not fetching a single data after running hours of hours and even not a single exception or error. But with ListFTP and FetchFTP server it is showing exception after some 15 minutes interval that is "Failed to perform listing on remote host due to java.net.SocketException"
I think once you go through your conf/nifi.properties file and check whether keystore certificate is enabled or disabled and if it is disabled then do it enable.
Here you can check nifi configuration documentation.

OpenVPN, ProxyRADIUS MS-CHAP and Windows AD

Trying to set up VPN authentication against different realms/windows domains.
I'm using OpenVPN Access Server which directs all authentication requests (username in the form of user#domain) to FreeRADIUS server (3.0.15) with required proxy.conf and realms config so that forwards (proxies) the access-request to home server. The OpenVPN is configured to use MS-CHAPv2.
The home server is also a freeRADIUS, same version. Home server is a member of windows domain (samba 4.6) and its clients.conf file includes the proxyRADIUS server as "NAS'....etc.
No issues on home server, when it comes to samba/winbind checks, etc. As a matter of facts, if I send requests from OpenVPN directly to it (without proxy), using username = sAMAccountName, authentication and group membership checks via LDAP work as expected.
However, if the request is proxied, the mschap module in home server reports:
(0) mschap: ERROR: Program returned code (1) and output 'Logon failure (0xc000006d)'
(0) mschap: External script failed
(0) mschap: ERROR: External script says: Logon failure (0xc000006d)
(0) mschap: ERROR: MS-CHAP2-Response is incorrect
(Outout above from radiusd in debug mode)
Just as a way of testing there was no issue with proxying the requests I enabled NPS on the domain controller and started proxying requests towards it and authentication worked with no issues, so, for whatever the reason, when home server tries to authenticate a proxied request the NT-Response (or at least as managed by mschap module) doesn't seem right.
I know there was a bug in an old version of samba about NT-Response, but I don't think that's the issue here, I think it got fixed a few years ago.
Has anyone come across a similar issue?
Thanks!
PS: Proxy and home RADIUS run in BSD 10.3
Fixed this. Realm definition in proxyRADIUS with "nostrip", so that user-stripped sent to home server includes user#domain. In home server, "proxy.conf" file, define the realm but with no server pool, so that the realm is treated as LOCAL but challenge is created using only the username (without #domain). That's it

WebDAV Server Error 401.2, connection issue with Windows Authentication after pausing virtual server/domain controller

We are connecting to a webdav server through IIS 6 using iPads running iAnnotate. Friday we performed some maintenance where all we really did was pause the virtual server/domain controller where the webdav is setup.
Ever since we did that, we are able to browse the webdav connection from iAnnotate on the iPads but when we try to sync a file back (PUT method I'm assuming) we get an error 411, which actually appears to be error "HTTP Error 401.2 - Unauthorized. You are not authorized to view this page due to invalid authentication headers", according to IIS.
Does anyone have any thoughts or ideas on this?
We figured out what was causing our issue although I may not be able to explain entirely why it mattered.
In IIS there is a setting in the "HTTP Response Headers" under "Set Common Headers" called "Enable HTTP keep-alive". We check marked this option as true and our Windows Authentication started working again.
It seemed to have something to do with the connection not staying open between requests and the application or IIS not realizing the connection was restarted during the SYNC operation.

Teamcity build agent in disconnected state

I am running teamcity on Linux server, and it was working completely fine. Once I reboot the server machine and it stopped working. I managed to start the teamcity server using runAll.sh command, but the build agent stays in "disconnected" state. The inactivity reason is being shown as 'server shutdown'. I tried to start the agent using 'agent.sh stop' and 'agent.sh start' but it does not seem to work. Could not get anything meaningful from the logs.
Kindly help.
Thanks
Incase, if you modified the teamcity port then you'll need to change the build agent configuration files to reflect the new serverUrl value. You can find this setting in the C:\TeamCity\buildAgent\conf\buildAgent.properties file.
On the machine that restarted, make sure the firewall didn't come back up in a state that blocks access to/from the agent.
When you restart the agent, the teamcity-agent.log file should have a line saying something like, "buildServer.AGENT.registration - Registering on server". If it succeeds, it should say something like "buildServer.AGENT.registration - Registered: id:.., authorizationToken:..".
Just found this while looking thru my unanswered questions, It was actually a permission issue. I wasn't running the commands as root user. Once I ran 'agent.sh stop' and 'agent.sh start' as a root user, it worked okay.

Resources