I have setup FTP within IIS7 on a Windows 2008 Virtual Machine. I enabled Port 21 within the endpoints and Active FTP works just fine. But I am unsure to how to connect through Passive. I followed Microsoft documentation (enabled a range of ports within IIS and allowed the same ports on the local firewall) I also allowed the ports within the endpoints in Azure Management. This didnt work.
I read somewhere on an unofficial MS forum that MS do not allow Passive FTP within Azure. Is this true? If not can someone direct me to the right documentation?
Thanks
SOLUTION
I followed instructions in this article.
The problem I was having was I didn't stop and start the FTP service after doing this. It wont work otherwise.
Passive FTP should work fine in Windows Azure Virtual Machines. However, you may not be able to choose large port range since you can only have up to 25 endpoints in Azure and this could be limitation to have Passive FTP. This Forum discussion talk more about it.
You can find this blog which explains how they configure Passive FTP with IIS on Windows Virtual Machine.
An additional piece of info about the post referenced above (http://www.itq.nl/blogs/post/Walkthrough-Hosting-FTP-on-IIS-75-in-Windows-Azure-VM.aspx) - at the end it says you need to use the following command to add the port range in IIS:
appcmd set config /section:system.ftpServer/firewallSupport \
/lowDataChannelPort:7000 /highDataChannelPort:7014
This failed for me, because the port range is locked so it can only be set on the root IIS node. The error is:
Support (Your site name) /lowDataChannelPort:5000 /highDataChannelPort:6000
ERROR ( message:Can not set attribute "lowDataChannelPort" to value "5000".. Rea
son: This configuration section cannot be used at this path. This happens when t
he section is locked at a parent level. Locking is either by default (overrideMo
deDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny"
or the legacy allowOverride="false".
. )
If you traverse up the IIS nodes to the root server node, choose Features View, then FTP Firewall Support, you can set the Data Channel Port Range there using the text box, without the need for scripting, and avoiding this error. Once this is done, you then need to restart the ftp service (as noted above), and passive FTP works well.
I've added this additional answer here because being unable to run the appcmd command to set the port range had me going around in circles for a number of hours, and this may help others avoid the same problem.
I thought others might run into this. If you get the security message indicating that the parent is locked, just go back into your FTP and turn OFF Require SSL Connections. Then rerun the command. Setup your endpoints, open the firewall, etc. THEN go in and turn back on Require SSL Connections!
Related
I have a slight problem bit of the back story. recently ive been trying to test out univention which is a linux distribution with the goal of being able to replace Microsoft active directory.
I tested it locally and all went reasonably well after a few minor issues i then decided to test it remotely as the company wants to allow remote users to access this so i used myhyve.com to host it and its now been setup successfully and works reasonably well.
however
my main problem is DNS based as when trying to connect to the domain the only way windows will recognize it is by editing the network adapter and setting ip v4 dns server address to the ip address of the server hosting the univention active directory replacement. although this does allow every thing to work its not ideal and dns look up on the internet are considerably longer. i was wondering if any one had any ideas or have done something similar and encountered this problems before and know a work around. i want to avoid setting up a vpn if possible.
after initially registering the computer on the domain i am able to remove the dns server address and just use a couple of amendments to the HOST file to keep it running but this still leads to having issues connecting to the domain controller sometimes and is not ideal. any ideas and suggestions would be greatly received.
.Michael
For the HOST entries, the most likely issue is, that there are several service records a computer in the domain needs. I'm not sure, whether these can be provided via the HOST file or not but you'll definitely have authentication issues if they are missing. To see the records your domain is using issue the following commands on the UCS system.
/usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
For the slow resolution of the DNS records there are several points where you could start looking. My first test would be whether or not you are using a forwarder for the web DNS requests and whether or not the forwarder is having a decent speed. To check if you are using one, type
ucr search dns/forwarder
If you get a valid IP for either of the UCR Variables, dns/forwarder1, dns/forwarder2 or dns/forwarder3, you are forwarding your DNS requests to a different Server. If all of them are empty or not valid IPs then your server is doing the resolution itself.
Not using a forwarder is often slow, as the DNS servers caching is optimized for the AD operations, like the round robin load balancing. Likewise a number of ISPs require you to use a forwarder to minimize the DNS traffic. You can simply define a forwarder using ucr, I use Google on IPv4 for the example
ucr set dns/forwarder1='8.8.8.8'
The other scenario might be a slow forwarder. To check it try to query the forwarder directly using the following command
dig univention.com #(ucr get dns/forwarder1)
If it takes long, then there is nothing the UCS server can do, you'll simply have to choose a different forwarder from the ucr command above.
If neither of the above helps, the next step would be to check whether there are error messages for the named daemon in the syslog file. Normally these come when you are trying to manually remove software or if the firewall configuration got changed.
Kevin
Sponsored post, as I work for Univention North America, Inc.
I am currently trying to setup a Linux service with IBM Tivoli Identity Manager (IBM Security Identity Manager) a.k.a. ITIM, to a Linux development server where I work and have had some issues. All our Linux servers use ssh to connect. Our eventual goal is to implement single sign on across our networks using Identity Manager.
In the ITIM web interface, I chose the option MANAGE SERVICES and was displayed a page like the following, where I click the CREATE button to create a new service:
Then I am next shown a page where I choose the kind of service I want to make, in this page I choose the POSIX LINUX option because I want to connect to a Linux Server.
Then on the next page, I am entering the information for my Linux server that I want to connect to, the domain name for the server is phongdev.fit.edu, a server for development work.
Note on this page there is a field titled TIVOLI DIRECTORY INTEGRATOR (TDI) where there is default information for the TDI installation, in my case, TDI is installed on the same server as ITIM is installed, so the localhost domain name should be fine. However when I check the server using netstat command there is nothing running on that port, 16231, so I looked up the instructions for starting the TDIDispatcher on google and was told to run the following command, /etc/init.d/ITIMAd restart at the command line and that appeared to run successfully, however still nothing running on port 16231 on the server.
Since our servers use SSH I was required by ITIM to setup key based authentication, I did setup a key and passphrase on this Linux server using ssh, and entered the data on the next screen of ITIM which looks like the following, but as you can see an error is generated when I choose the TEST CONNECTION button:
I checked the logs and there is no info in the logs for these errors, I am not sure where to move next in trying to solve this issue, i suspect it may be related to the fact that the TDI Dispatcher does not appear to be running on port 16231.
Apart from what Matt said (the link especially is useful), the var/ibm/tivoli/common/TDI logs should tell you what the problem with TDI is when you start it up - if there's a problem.
The port number where it's listening ought to be mentioned somewhere in those logs.
Unless there was an upgrade or multiple attempts to configure the RMI dispatcher I don't see why the port shouldn't be 16231 or 1099.
TDI is probably running on a different port. You didn't specify if TDI is running on Windows or Linux, so my answer is assumes Linux since that is what I am most familiar with.
You can find your port # by looking in the solution.properties file in your TDI/timsol directory. It should be listed as api.remote.naming.port.
TDI runs on the default port 1099. Once you start TDI (service ITIMAd start, or however you start it on your system) use ps auxw | grep -i rmi (or something similar) to find the process. Then use netstat -anp | grep PID where PID is the process ID of the TDI RMI process. You should see immediately what port it is listening on. I am not where I have access to a TDI server right now to get you exact commands, but you should get the idea.
Here is a good article for ISIM 6 (should be the same for ITIM 5.1 on TDI 7) on changing the port # for the RMI:
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=%2Fcom.ibm.itim_pim.doc%2Fdispatcher%2Finstall_config%2Ft_changeportnum.htm
If you are experiencing error CTGIMT600E and you have multiple network interfaces on TDI 6 or lower, you may need to specify your server IP (or hostname) as a java property so the TDI RMI binds on the correct interface. Edit <tdi_home>/ibmdisrv and insert -Djava.rmi.server.hostname=<yourhost>. For more infomration refer to this article:
http://www-01.ibm.com/support/docview.wss?uid=swg21381101
If you are still having issues, watch your ITIM msg.log and trace.log when you test the connection and look for clues. Also look at the TDI ibmdi.log which will be located under your TDI directory. That may also help you out.
I have developed an intranet site using nodeJS and it is running successfully on one of the Windows servers in our office and am now ready to deploy.
At the moment the only route to access is ip:port (192.168.1.88:8888 for example)
I would like for the local users on the network to just type 'intranet' into their browsers and be forwarded to this location. I have tried modifying the system32\drivers\etc\hosts file (with 127.0.0.1 intranet), but it 404'd, telling me that index was not found, so maybe it's trying to serve the application statically with a different web server (IIS is installed on the machine, although it's not running?)
Is there any way to achieve this "shortcut" at network level? It must also work for external visitors to the site so I've ruled out any local solutions.
I am aware that this information already exists online, however I find it is above my knowledge level as a humble javascript developer and seems to strafe into network administration territory. I wonder if anybody could provide a lay mans write up.
I've just installed Neo4j 1.8.2 onto Azure by following this step-by-step process...
http://de.slideshare.net/neo4j/neo4j-on-azure-step-by-step-22598695
Unfortunately, when I browse to http://:7474/webadmin Fiddler says Error 10061 - No connection could be made because the target machine actively refused it.
I've followed the instructions exactly and haven't received any errors.
Any help much appreciated.
So, I think I got to the bottom of this. I think it was due to the size of compute / VM I was creating. It looks like the problem is caused when running on Extra Small instances. I created a new installation using a Small instance and everything now works :).
Try setting the server to accept connections form all hosts, and maybe use a newer Neo4j, say 1.9.4
http://docs.neo4j.org/chunked/stable/security-server.html#_secure_the_port_and_remote_client_connection_accepts
The way the VM Depot image is set up, it's pre-configured to allow all hosts to connect, and the Neo4j server will auto-start. The only thing you need to take care of, when constructing your VM, is to open an Input Endpoint, with any public port you want (preferably 7474 to stay true to Neo4j) and internal port 7474.
Note that the UI changed a bit since the how-to was published: You can specify the endpoint as the last step before creating your virtual machine. Other than that, the instructions should be the same. And... once the VM is up and running (it'll take about 5-10 minutes), you just visit http://yourservicename.cloudapp.net:7474 and you should see the web admin. Note: this is not the same as your vm name. If you named your VM something like 'neo' then you do not want http://neo:7474 or http://neo.cloudapp.net:7474. You need to use your cloud service name (you had to create a name for the service when you deployed the VM.
I've deployed that image several times in demos, and just tried again right now to make sure nothing wonky happened. Worked perfectly.
I followed this
http://blogs.technet.com/b/keithmayer/archive/2013/04/17/step-by-step-build-a-free-sharepoint-2013-lab-in-the-cloud-with-windows-azure-31-days-of-servers-in-the-cloud-part-7-of-31.aspx#.UX_iF7XvvQI
I created a VM using the datacentre Image it created successfully and the status shows Its running. I am trying to RDP It says
Remote Desktop cant connect to the remote computer for one of these reasons:
1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The remote computer is not available on the network
make sure the remote computer is turned on and conencted to the network and that remote access is enabled.
I did check the endpoints the public port is open and also 3389 private port is open too. I did try with different release one with latest patch and the other with the second latest OS patch but I am still not able to RDP.
Thanks
Yeah I already figured out firewall in my organization is blocking it. I did update the answer but it did not show up I am trying again :)
Make sure your VM has reached the "Running" status. If it's still in one of its pre-running statuses (such as Provisioning), you won't be able to RDP.
Also: Be sure you don't try logging in with 'Administrator' (the default in the rdp login box). Choose localhost\yourusername.
I had a similar problem the other day. It was solved by going to the Azure Portal, selecting the VM Dashboard, then clicking "Connect" in the grey toolbar at the bottom. This will download an RDP file that contains the correct connection settings. You can then send that rdp file to others who you would like to give access to.
I just opened one of the files used to connect, and it looks like the only real difference is the port used.
full address:s:[vm name].cloudapp.net:62808
username:s:Administrator
prompt for credentials:i:1
I am not sure if all Azure VM's use 62808, but the default RDP port is 3389 so just copying the DNS from the Dashboard into the RDP address will NOT work without adding the correct port.
One more thing folks should check when having trouble connecting is password length.
I thought I would be all secure by using a guid for a password. RDP worked fine from home (on older XP RDP client), but not from office. At first I thought it was a firewall issue. After verifying with the IT guys that I had full outbound access, I looked a little closer at the RDP error message.
It was saying my credentials were rejected. Finally, I created a second account on the VM and gave it RDP access. I was able to log in fine. The only difference between the two users was this time I didn't bother with a long password.
So I shortened the password on my main account and got in with no problem. I'm not sure what the limit is, but it seems to be less than 32.