We're Having an issue with sending an MSMQ message to the second DNS name on a server. If we send the IP for that same server, we're fine, but thats not where we are going architecturally. Any ideas as to why MSMQ would care about which name it receives?
Server Information:
The physical server load-int-01, has a second IP and DNS name associated with it.
First IP/DNS: load-int-01, with IP 10.0.10.10
Second IP/DNS: load-intv, with IP 10.0.10.20
Queue Path Formats Used:
FormatName:DIRECT=OS:load-int-01\private$\MyQueue → Works Fine
FormatName:DIRECT=OS:load-intv\private$\MyQueue → Returns the error…
The queue does not exist or you do not have sufficient permissions to perform this operation
We have also tried using the IP addresses instead, and both sets of IPs work fine.
FormatName:DIRECT=TCP:10.0.10.10\private$\MyQueue → Works Fine
FormatName:DIRECT=TCP:10.0.10.20\private$\MyQueue → Works Fine
We just got off the phone with Microsoft. This is a limitation of MSMQ. You can not receive on queues with a DNS name different than the server NETBIOS name. You can SEND to queues with an alternate DNS name provided you use the two registry keys mentioned above, OptionalNames and IgnoreOSNameValidation.
Back to virtual ip's for us, or we might keep the virtual name for the sending connection strings (with the reg settings) and use .\ for the receiving servername...that works.
Thanks for the help.
From:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;899611
By default, Message Queuing verifies the message that it receives to determine whether the message is intended for the local computer. If the message is not intended for the local computer, the message is rejected.
So follow the section on "IgnoreOSNameValidation" in this article and I hope it will help.
Very frustrating. I'm trying to migrate some MSMQ targets (web services) and I guess I will have to configure them to use virtual IPs, and migrate the virtual IPs, since migrating the NetBIOS name will be a mission.
MSMQ should be re-christened MSMQ-1982, since it appears to predate the invention of a cunning and useful abstraction layer called "DNS" in 1983.
I had the same issue and got it working. The trick for me was after setting the IgnoreOSNameValidation registry key, you have to restart the Message Queuing service.
I know this is an old post, but it comes up in Google when searching for a solution to this issue.
This did work for me:
FormatName:DIRECT=TCP:HOST.TLD\PRIVATE$\MyQueue
Note that uses TCP instead of OS. This is the relevant documentation:
Non-transactional messaging by using Direct=TCP This configuration
functions without any particular configuration changes.
Related
Could deploy Bosh and small footprint tanzu application service(tas) in Azure, without using the domains.All Vms are running.Can i access the ccapi and apps manager with the IP address instead of the api.SYSTEMDOMAIN?
The short answer is no. You really, really want to have DNS set up properly.
Here's the long answer that is more nuanced.
All requests to your foundation go through the Gorouter. Gorouter will take the incoming request, look at the Host header and use that to determine where to send the request. This happens the same for system services like CAPI and UAA as it does for apps you deploy to the foundation.
DNS is a requirement because of the Host header. A browser trying to access CAPI or an application on your foundation is going to set the Host header based on the DNS entry you type into your browser's address bar. The cf CLI is going to do the same thing.
There are some ways to work around this:
If you are strictly using a client like curl where you can set the Host header to arbitrary values. In that way, you could set the host header to api.system_domain and at the same time connect to the IP address of your foundation. That's not a very elegant way to use CF though.
You can manually set entries in your /etc/hosts` (or similar on Windows). This is basically a way to override DNS resolution and supply your own custom IP.
You would need to do this for uaa.system_domain, login.system_domain, api.system_domain and any host names you want to use for apps deployed to your foundation, like my-super-cool-app.apps_domain. These should all point to the IP of the load balancer that's in front of your pool of Gorouters.
If you add enough entries into /etc/hosts you can make the cf CLI work. I have done this on occasion to bypass the load balancer layer for troubleshooting purposes.
Where this won't work is on systems where you can't edit /etc/hosts, like customers or external users of software running on your foundation or if you're trying to deploy apps on your foundation that talk to each other using routes on CF (because you can't edit /etc/hosts in the container). Like if you have app-a.apps_domain and app-b.apps_domain and app-a needs to talk to app-b. That won't work because you have no DNS resolution for apps_domain.
You can probably make app-to-app communication work if you are able to use container-to-container networking and the apps.internal domain though. The resolution for that domain is provided by Bosh DNS. You have to be aware of this difference though when deploying your apps and map routes on the apps.internal domain, as well as setting network policy to allow traffic to flow between the two.
Anyway, there might be other hiccups. This is just off the top of my head. You can see it's a lot better if you can set up DNS.
The most easy way to achieve a portable solution is a service like xip.io that will work out of the box. I have setup and run a lot of PoCs that way, when wildcard DNS was something that enterprise IT was still oblivious about.
It works like this (excerpt from their site):
What is xip.io?
xip.io is a magic domain name that provides wildcard DNS
for any IP address. Say your LAN IP address is 10.0.0.1.
Using xip.io,
10.0.0.1.xip.io resolves to 10.0.0.1
www.10.0.0.1.xip.io resolves to 10.0.0.1
mysite.10.0.0.1.xip.io resolves to 10.0.0.1
foo.bar.10.0.0.1.xip.io resolves to 10.0.0.1
...and so on. You can use these domains to access virtual
hosts on your development web server from devices on your
local network, like iPads, iPhones, and other computers.
No configuration required!
I have a older server with SMTP configured and I've bought a faster server.
I want to make this new server the targeted domain and the older server a SMTP server.
But I want the domain to target both servers depending on the port beeing used.
How can I do that?
Who will do this is "NAT" (Network Address Translation).
How do you receive your internet?
In general we use:
Internet -> Modem -> Firewall -> Servers
If your scenery is like that, your configuration must be made on firewall.
Deppending you firewall solution this configuration can be called "publish rule" or "nat rule".
If you're using Azure it's simple, you just need to create a Load balance to do it.
As you have 2 server you need another element to receive the traffic and forward.
To it works, all users must use LoadBalance IP (You need to adjust your DNS record).
You need to configure the LoadBalance to forward the traffic to apropriate server based on port requested.
Official documentation can help you: https://learn.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-port-forwarding-portal
Take care about MX change, maybe not necessary:
All domains must have at least 1 MX record, it's who will manager email requests.
If you split your mail server just for a webmail porpose for example, maybe not necessary change the MX record.
If you prefere, share here your complet situation and we'll try to help with more precision.
I've done some more resarch and I've found that in the DNS server I could create a MX registry targeting the other server, is that right?
https://support.google.com/a/answer/48090
I deployed my .NET CORE solution in AZURE environment (PAAS).I used following code snippet there to get client's ip address
dtoItem.LogIP = HttpContext.Connection.RemoteIpAddress.ToString();
I used standard .net core libraries and did necessary changes into Startup.cs as well
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
RequireHeaderSymmetry = false,
});
I believe I have implemented everything in correct manner. But still I haven't got accurate client IP address. I am always getting client's public IP instead of his private IP. Since this can be repeated (Same office 2 users have same public IP) I need client's private IP instead of his public IP.
Is it possible to get private IP address in PAAS solution. If it is not possible, is there a way to track client's PC information. (Such as IP Address, MAC address).
Is it possible to get private IP address in PAAS solution?
No it is not possible as shared in this SO post and this answer address this about MACAddress
On the client side javascript, there is no API exposed to get the IPAddress(obviously due to security consideration) .Then you can get the IPAddress on the server side but typically if you are accessing internet from your company,it would go through the corporate proxy and the Ipaddress seen by the server will never be the actual client IP but the proxy server's address. So this is limited on the server side as server only sees the proxy (public IP address).
If it is not possible, is there a way to track client's PC information. (Such as IP Address, MAC address) ?
What you can reliably track is the user agent. Breaking the user agent down, we get the some information about browser ,OS versions. But user agent can easily be spoofed with some browser extension .
If you are looking for browser finger printing or tracking ,have a
look at Panopticlick which shows some more information like
fonts > installed, screen resolution,plugins installed etc to track
any client. fingerprintjs2 javascript library helps to track
using 26 parameters as of today
There is no straight forward answer to this. The thread shared by Rob has some great insights. However, one needs to understand that a lot can happen to the request before it reaches the server. The intermediary networking devices can manipulate the TCP headers so it may not reflect the correct IP Address that you need.
From a solution perspective, this might be perfectly possible, if you develop your own client and log this information somewhere so that you can track it. Otherwise there is no reliable way to get this information.
Perhaps someone has some help? I am running dnsmasq on Ubuntu 12.04 LTS. This server's address is 192.168.15.3. My gateway's DNS is 192.168.1.254, that takes me out to the Internet. I also have a special-purpose DNS at 192.168.15.2. So I wanted to give those 3 name servers to DHCP clients. This is my dnsmasq.conf server= section:
server=/localnet/192.168.15.3
server=/localnet/192.168.15.2
server=/15.168.192.in-addr.arpa/192.168.1.254
However, when I look at the DHCP allocation on a client, I see only 192.168.15.3 as the sole DNS server. Clients cannot access the Internet (the NIC on .3 is configured correctly and can access the Internet from its console login).
Granted, the first server= line is probably not necessary, but I added it thinking it may help, didn't.
What am I doing wrong? Thanks for your help!
OK, after MUCH experimentation, I found I had to push the option manually. In the dnsmasq.conf file, I added the following line:
dhcp-option=6,
like so:
dhcp-option=6,192.168.15.3,192.168.15.2,192.168.1.254
This served the correct list of name servers to DHCP clients.
The server lines are configuration for dnsmasq's own DNS server, about where it should forward DNS requersts that it receives in order to be able to resolve (and cache) them.
Only the dhcp-options are part of the DHCP configuration that get passed to DHCP clients - so, the accepted anser is correct, but I wanted to share why.
I have a windows 2003 server which is running the IIS(6.0) virtual SMTP server. I have written a event sink for this server to parse and pop incoming e-mails. I'm trying to get the server to accept incoming domains with a wild card. So *.something.com would be accepted by this server.
If I use an alias domain, it wont allow me to use a wild card. If I use a remote domain, I can use a wild card but I have to turn relaying on (which I don't want to do) and it attempts to send itself a message on top of that. If relaying is turned on, i get a error response 5.3.5.
With all that said, I'm looking for a way to configure my server to accept alias domains with wild cards.
I found no configuration that allowed me to do this. My solution is ugly, but it works. I kept the relay and only Allowed the server to relay to itself. I also changed the Imessage.envelopeField.MessageStatus to abort on successful read so that it wouldn't be processed by anything other then my sink (thus, not being routed to a "new" destination).
On windows 2003, to have accesses to the Imessage class you need to import cdo.dll.