Category: Windows and Powershell

Encrypt your web.config file

Posted Oct.21, 2011 under IIS server, Servers, Windows and Powershell

Recently, I had a request from a customer, where he wanted to encrypt his web.config file ( wee, a part of it ). Since he didnt know how to do it by himself, he asked us to do it.

Basically, the procedure is very simple.

First, open IIS manager and find the web site you want to encrypt. Got it? Great, when you’re there, look at the site ID, write it somewhere.

 

Then, run command prompt ( as administrator ) and position yourself in the :

C:\Windows\Framework\v4.0.30319\

In case your application is running in .NET 2, position yourself in the V2.0.xxxx folder.

Type in the following command:

aspnet_regiis -pe “connectionStrings” ” -site “IDnumber”

What will this command do?

It will encrypt the connection string part of the web.config file, so it cannot be read in some text editor; ofcourse, your web server will still be able to read the connection string from the file, dont worry :)

BUT WHAT IF I HAVE A VIRTUAL DIRECTOY, AND I WANT TO ENCRYPT THAT web.config FILE?

No problem at all, just use this command:

aspnet_regiis -pe “connectionStrings” -app “/YOURVIRTUALFOLDER” -site “IDnumber”

Notice that I added a “-app “/YOURVIRTUALFOLDER” part to the command.

 

Thats all for today :D Stay smart and bright! :D Bye bye!

Tags: , , , , , , , ,
Leave a Comment

Automatic time update in Windows (sync with internet time a.k.a NTP server )

Posted Sep.02, 2011 under IIS server, Servers, WebSitePanel Fixes, Windows and Powershell

Few days ago, I had a strange issue where all of a sudden, the statistics on some of my web servers stopped working.

First thought was, nah, its some PEBKAC issue. Statistics was working great, and nothing in the configuration wasnt changed for months. The customer must have some outdated link, wrong password or something else.

 

The error my customers were getting is :

 

Microsoft.Web.Services3.ResponseProcessingException: WSE910: An error happened
during the processing of a response message, and you can find the error in the
inner exception. You can also find the response message in the Response
property. ---> Microsoft.Web.Services3.Security.SecurityFault: An error was
discovered processing the header ---> System.Exception: WSE065: Creation time of
the timestamp is in the future. This typically indicates lack of synchronization
between sender and receiver clocks. Make sure the clocks are synchronized or use
the timeToleranceInSeconds element in the microsoft.web.services3 configuration
section to adjust tolerance for lack of clock synchronization. --- End of inner

 

The part of the error that gave me a hint is:
Creation time of the timestamp is in the future. This typically indicates lack of synchronization between sender and receiver clocks.

 

Soooo…I login to my WebSitePanel server and check the time…it was 9:24 AM. I login to the web server that is giving the above mentioned error , also 9.24 AM.

First reaction…WTH!!?!?!?!?

I thought to myself: “Nah..I’ll try it anyway. Left click on the Clock, change time and date settings, Internet time, Change settings, and then click the “Update now”. All of a sudden, my statistics started to work. GREAT, that part is solved.

Now, lets try to find the reason for this behaviour, ofcourse, there are hundreds of articles on the web, and every single one of them is pretty much useless in my case :) .

My search was pointless, and quoting James May from Top Gear, I thought to myself:

“Oh cock!” :)

Well, atleast let me try to patch the thing up. My idea was to use our own ntp servers on all our windows machines ( instead of time.windows.com, or some other ntp server listed ). In order to achieve this, you must replicate these steps:

  1. Stop the W32Time service with : C:\>net stop w32time
  2. Configure the external NTP server by  typing : C:\> w32tm /config /syncfromflags:manual /manualpeerlist:”1stNTP.domain.com, 2ndNTPserver.domain.com”
  3. Then make your  PDC a reliable NTP server with  C:\>w32tm /config /reliable:yes
  4. Start the w32time service with : C:\>net start w32time
  5. You can check the NTP servers configuration by typing: C:\>w32tm /query /configuration

Next thing I decided to do was to autmate the time sync, since I didnt want to rely on Windows to do it.

Command for that is pretty simple : c:\w32tm /resync

In order to achieve that, I created a batch file with the above mentioned command, set it to run every day at 12:00 AM, and thats it. Never heard of time sync issues EVER again!

Bye, Alesandro

Tags: , , , , , , , , ,
2 Comments

SpamBots+bad application+SQL server = PROBLEMS!

Posted Oct.25, 2010 under Servers, Windows and Powershell

So…today I had a very interesting issue. All of a sudden Nagios went red with the message: CRITICAL : – total: 232.82 Gb – used: 212.67 Gb (91%) – free 20.15 Gb (9%) on one of our SQL server. I was like..”NO! It cannot be. I clearly remember that this machine had over 150 Gb of free space yesterday!”

I log in to the machine, and automatically go to the data folder of SQL server thinking that some customer has a HUGE! log file on his database; so, right click – Select All -> Properties… only 50 Gbs of data…hmm…not here!

At that moment I notice that the server isnt “jumpy” as usual, so I start Performance monitor and see that the Avg. Disk Queue is off the chart!  That definatelly isnt right…

Since that machine is using Windows 2003, theres no too good way to see what application is using so much disk I/O ( beside FileMon ) , I start the FileMon and se that the SQL service is writing HUGE amount of data to its ERRORLOG file.

By navigating to the folder, I see that the ERRORLOG file is over 120 Gb big so opening it in Notepad, Context or some other file was out of the question, since it would kill the machine completely.

So, lets turn to powershell once more. In order to be sure to not kill the machine, since its in production , I have moved the file to an empty machine to opened it there.

Powershell : cat errorlog +ENTER :) after that powershell started to list the entire content of the file, and it took about 15 mins until it reached the end. AMAZING

By examining the log, I notice ( it was hard to NOT notice it ) litterally millions of these entries:

Could not allocate space for object ‘dbo.tblComments’.'tblComments’ in database ‘DATABASEname’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

What happened here?

The site that was using that database is poorly written and was allowing everyone to post comments on the articles without any security check, so it soon reached the size limit set on the database.  By further digging on the issue, I saw that the bots are posting about 4-5 comments each second which comes to about 18000 comments/hour…multiply that by 15-16 hours it took to fill the error log to that size, we roughly come to 280000 comments…that’s A LOT of comments! :)

After disabling the site and sending the email to the customer, situation on the machine looks like this :

The big drop on the green line is the moment where I disabled the problematic web site.

Tags: , , , , , , ,
Leave a Comment

Cook!? Can you warm up my application? NO! I cannot!:D

Posted Oct.13, 2010 under IIS server, Servers, Windows and Powershell

In the beginning, some c/p from IIS site:

IIS Application Warm-Up for IIS 7.5 enables IT Professionals to improve the responsiveness of their Web sites by loading the Web applications before the first request arrives. By proactively loading and initializing all the dependencies such as database connections, compilation of ASP.NET code, and loading of modules, IT Professionals can ensure their Web sites are responsive at all times even if their Web sites use a custom request pipeline or if the Application Pool is recycled.

Now, ME!

At first glimse you can say : “WOW” this extension rocks!!! I dont have to wait for my application to compile! My site will load much much faster!

And, imagine, you would be completely RIGHT! This is a great extension, but ( yeah, there’s a but ), I would NEVER install this extension on a shared hosting server! Why you ask?

Biggest reason is the WASTE of resources!

By preloading some site that has 5-10 unique visitors/day ( yes there are sites like that ), you are efectively wasting resources on the server. Imagine what would happen if you had around 500-600 applications on the server, all preloaded? How much RAM would the machine need to have to keep all those applications preloaded? I guess the answer is : A LOT!

So, conclusion, when to use IIS Application Warm-Up?

Use it on your own machine! When you have a dedicated machine just for 1-2 websites.  You, and your users will benefit from preloaded applications. Everything will open more faster!

If you have a shared hosting machine, MY reccomendation is to NOT use the IIS Application Warm-Up extension!

Tags: , , , , , , ,
2 Comments

Using compression on IIS servers? Yes or no?

Posted Oct.08, 2010 under IIS server, Servers, Windows and Powershell

Well…in the very beginning, my answer is pretty much simple : yes AND no!  Why you ask?  Just keep reading…

Compression, regardless if its the compression of static or dynamic content is using CPU – that is a fact we can all agree upon.

Lets say compression is a tradeoff – CPU for bandwidth..use more cpu to “burn” less bandwidth.

The big question here is how to decide if you will benefit from turning on compression or not.

Most of us have “multi-purpose” servers which run various roles at the same time ( database server ( MYSQL , MSSQL, etc…) , mail server, web server, etc.. and all of those services are spending a certain amount of CPU time.

By turning on the compression, you will automatically “lose” some CPU time which could have been used for faster execution of some database queries i.e… Read More »

Tags: , , , , , , , , , ,
1 Comment