After installing Cyberghost VPN on a Windows 7 machine I was unable to launch the application. The following error was returned each time:
There is a problem with your Cyberghost VPN Installation. Should Cyberghost try to solve the problem automatically?

After choosing yes the application still failed to launch. I was able to resolve the issue by following these steps:

1. Open up Device Manager:
Start -> Control Panel -> System -> Device Manager

2. Scroll down to Network adapters and expand it.

3. Here I had three different “TAP-Win32 Adapter” instances each with a different V#. Right click each one and choose Uninstall.

4. Install OpenVPN which will install the appropriate TAP-Win32 driver. This can be downloaded here.

5. Now there will only be one instance of “TAP-Win32 Adapter” under Network Adapters and you should be able to launch Cyberghost without error.

First create a new Windows user which will have access to the directory. If this user already exists, skip to step #5.

1. Open Server Manager by clicking Start -> Administrative Tools -> Server Manager

2. Expand Configuration -> Local Users and Groups

3. Right click Users and select New User.

4. Enter the desired user name and password. Make sure to uncheck “User must change password at next logon” and check both options for “User cannot change password” and “Password never expires”.

5. Open IIS Manager by clicking Start -> Administrative Tools -> Internet Information Services (IIS) Manager

6. Expand the server name in IIS then Sites. Expand the site in question and select the directory you are looking to secure.

7. Double click “Authenticaton” under the IIS heading on the right. If you do not see this, make sure you “Features view” is selected at the bottom of IIS.

8. Right click “Anonymous Authentication” and choose Disable.

9. Right click on “Windows Authentication” and choose Enable.

By default the new user we created will be a member of the “Users” group and this group has access to the directory we are securing. However if you want to limit this access to a select user(s) instead of all users on your server, follow the extra steps below.

1. Right click the directory again on the left side of IIS and choose Edit Permissions.

2. Click the Security tab and then click Advanced.

3. Click Change Permissions

4. Select the Users group and choose Remove

5. Click Add -> Advanced -> Find Now to browse for the new user

6. Click OK until all dialogue boxes are closed

I needed to enable PAE across a large number of servers, some running Server 2003 and some on 2008. Luckily these were part of an Active Directory domain so scripting the update did not require login details for each individual server.

The following batch file will loop through “servers.txt” and enable PAE on each one. Make sure to create the “servers.txt” file with the list of IPs or hostnames one per line. This utilizes psexec so if you need to download this it can be found here.


FOR /F %%i IN (servers.txt) DO (
::Enable PAE on Server 2003:
psexec \\%%i bootcfg /raw "/pae" /A /ID 1
::Enable PAE on Server 2008:
psexec \\%%i Bcdedit /set PAE forceenable
)

If this needs to be enabled on a small number of servers it can be done by running the appropriate command above in a command prompt.

Server 2003:
bootcfg /raw “/pae” /A /ID 1

Server 2008:
Bcdedit /set PAE forceenable

By default IIS will listen for connections on port 80 for any IP bound to the server. This happens even if there are no host headers or bindings set for a specific IP. This can be a problem when trying to run multiple web servers on port 80.

To set IIS to listen on specific IPs follow the instructions below.

Windows Server 2003/IIS 6:

1. This requires the Server 2003 support tools. If this is not already installed it can be downloaded here.

2. Once installed open a command prompt and navigate to the support tools installation folder (default is C:\Program Files\Support Tools).
cd C:\Program Files\Support Tools

3. Stop http.
net stop http /y

4. Use this command to display the current list of IPs:
httpcfg query iplisten

5. By default it will listen on all IPs (0.0.0.0) so we can remove this.
httpcfg delete iplisten -i 0.0.0.0

6. Specify the IP(s) that IIS should listen on. Make sure to update 127.0.0.1 to the desired IP and run the command for each IP IIS should listen on.
httpcfg set iplisten -i 127.0.0.1

7. Start http and test out your sites.
net start http

Windows Server 2008/IIS 7:

1. Open a command prompt and type “netsh”.
netsh

2. Type “http”.
http

3. Enter the following command to display the current list of IPs to listen on. Note if no IPs are displayed like in the below image, IIS will listen on all IPs (default).
show iplisten

4. Use the command below to set IIS to listen on a specific IP. Make sure to replace 127.0.0.1 with the correct IP and run the command again for any additional addresses.
add iplisten ipaddress=127.0.0.1

5. In case you need to delete an IP from this list, use the following command.
delete iplisten ipaddress=127.0.0.1

6. Restart IIS to apply these changes.
iisreset

Sometimes when using a wildcard SSL or Unified Communications Certificate (UCC) it is necessary to add multiple https host headers for a single IP. Unfortunately the IIS 7 GUI does not allow you to set a host header on a https binding however this can be achieved using the “appcmd” command.

1. First bind the certificate to one site as normal by adding the https binding through the IIS GUI.

2. Open a command prompt and navigate to C:\Windows\System32\Inetsrv\ using the command below:

cd C:\Windows\System32\Inetsrv\

3. Enter the following command to manually set the binding bearing in mind the notes below:

appcmd set site /site.name:"SiteNameInIIS" /+bindings.[protocol='https',bindingInformation='IP.Add.re.ss:443:www.example.com']

Make sure to change the following values on the command above accordingly:

SiteNameInIIS: The site name exactly how it appears in IIS. For instance “example.com”.

IP.Add.re.ss: The IP used by the site.

www.example.com: The desired hostname. Note in most cases there will be one for www and non-www.

Example command:

appcmd set site /site.name:"example.com" /+bindings.[protocol='https',bindingInformation='1.2.3.4:443:www.example.com']

Running the appcmd command from a batch file:

To make this process easier you can use the batch file below. This will prompt you for the site name, IP, and host header value and then make the appropriate host header change.

Save the code as something like “addsslbinding.bat” and then call it from a command prompt by entering the name of the file (ie. “addsslbinding”).


@echo off
echo Enter site name in IIS:
set /p SiteName=
echo Enter IP address:
set /p IP=
echo Enter host header value (ie. www.domain.com):
set /p HostHeader=
C:\Windows\System32\Inetsrv\appcmd set site /site.name:"%SiteName%" /+bindings.[protocol='https',bindingInformation='%IP%:443:%HostHeader%']

Example:

By default 32 bit Windows installs will not be able to utilize more than 4GB of memory. However PAE (Physical Address Extension) can be enabled which allows the OS to see memory beyond 4GB. Note that each individual process is still limited to 4GB of memory, even if the OS can see more than that. The only solution to allow a single process to access more than 4GB is to upgrade to a 64 bit OS.

1. Click Start -> Control Panel -> System

2. Select the Advanced tab

3. Click Settings under “Startup and Recovery”

4. Click Edit

5. The boot.ini file will open in Notepad for editing. The last line of this file should look something like this:

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Standard" /noexecute=optout /fastdetect

Just add “/PAE” to the end of this line so it looks like the example below:

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Standard" /noexecute=optout /fastdetect /PAE

6. Save the file and click OK twice

7. Reboot the server to apply the change.

Even with PAE enabled the OS still has a memory limit. To see the limit for a specific Windows release please refer to:
Memory Limits for Windows Releases

In this example the server is running Server 2003 Standard which has an OS limit of 4GB so enabling PAE would not help. This was just done for demonstrative purposes.

For version 5.1.6 and above you can enable slow query logging without restarting the MySQL service. For versions before 5.1.6 a service restart will be needed. Note that slow query logging should not remain enabled for a long period of time, especially on production environments. This could result in poor performance and the log files can grow rather quickly.

Version 5.1.6 and above:


1. Enter the MySQL shell and run the following command:
set global slow_query_log = 'ON';

2. Enable any other desired options. Here are some common examples:

     Log details for queries expected to retrieve all rows instead of using an index:
     set global log_queries_not_using_indexes = 'ON'

     Set the path to the slow query log:
     set global slow_query_log_file ='/var/log/mysql/slow-query.log';

     Set the amount of time a query needs to run before being logged:
     set global long_query_time = '20';
     (default is 10 seconds)

3. Confirm the changes are active by entering the MySQL shell and running the following command:
show variables like '%slow%';

Versions below 5.1.6:


1. Edit the /etc/my.cnf file with your favorite text editor
vi /etc/my.cnf

2. Add the following line under the “[mysqld]” section. Feel free to update the path to the log file to whatever you want:
log-slow-queries=/var/log/mysql/slow-query.log

3. Enable additional options as needed. Here are the same commonly used examples from above:

     Set the amount of time a query needs to run before being logged:
     long_query_time=20
     (default is 10 seconds)

     Log details for queries expected to retrieve all rows instead of using an index:
     log-queries-not-using-indexes

4. Restart the MySQL service:
service mysqld restart

5. Confirm the change is active by entering the MySQL shell and running the following:
show variables like '%slow%';

This article will discuss installing and configuring Munin and Munin-node on the same server for server performance monitoring. It makes use of the EPEL repository which might not be needed depending on your system.

1. First see if yum lists any Munin related packages:
yum search munin

If this returns similar results to the image below, move on to step #3.

2. If no Munin packages are found we need to install the EPEL repository:
Install the EPEL Repository: RHEL and CentOS

3. Install the munin package:
yum install munin

4. Install the munin-node package:
yum install munin-node

5. Add both services to chkconfig so they start on system boot:

chkconfig munin on
chkconfig munin-node on

6. Confirm Munin is loading properly by navigating to your IP/munin. For instance:
http://192.168.1.1/munin/

Optional step: Install plugins

For this example we will be installing the Apache plugin which is commonly installed and provides further data on the Apache process.

1. Create a symbolik link for the Apache plugins which are located in /etc/share/munin/plugins:

ln -s /usr/share/munin/plugins/apache_* /etc/munin/plugins/

2. Enable server status reports for Apache by adding the following lines to your Apache configuration file (httpd.conf):

ExtendedStatus On

SetHandler server-status
Order Deny,Allow
Deny from all
Allow from 127.0.0.1

3. Restart the Apache and munin-node services:
service httpd restart && service munin-node restart

4. It may take a few minutes for Apache statistics to start being collected. Check back shortly to confirm Munin is now receiving data for Apache.

Extra Packages for Enterprise Linux (EPEL) is a community based project to provide commonly used Fedora packages to RHEL and CentOS. First find the appropriate rpm for your system. The list can be found on the EPEL section of Fedora’s site.

In the example below we will be installing the 32bit version of release 6-5:

sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm

After that any packages included in the EPEL repository will be available to install through yum.

Note: Since this is a third party repository, it can cause conflicts especially with other third party repositories such as RPMForge. Usually it is best to leave other third party repositories disabled and only use them with the –enablerepo switch in yum. Alternatively the yum-priorities package can be installed to set priorities for installed repositories.

While it’s possible to scan through logs to determine when the SQL service was last restarted, that is not always the quickest option. There is a simple query which will display the date and time of the last restart of the SQL service.

select min(login_time) from master..sysprocesses