Author Archives: InteractiveWebs

About InteractiveWebs

This blog is the combined blog work of the InteractiveWebs Dev Team. Together we work on a range of DotNetNuke (DNN) applications, modules, Silverlight, and Microsoft CRM Portal integration products. Our Business is website design and hosting, with a strong focus on DotNetNuke, Microsoft Dynamics CRM, Silverlight and iPhone iPad development.

WHM Cpanel sshd: /var/empty/sshd must be owned by root and not group or world-writable

 

Error: WHM Cpanel sshd: /var/empty/sshd must be owned by root and not group or world-writable is reported via email notifications.

Note: Our server is running Centos

 

Server cpanel2.interactivewebs.com
Primary IPAddress xxx.xxx.xxx.xxx
Service Name sshd
Service Status failed ⛔
Notification The service “sshd” appears to be down.
Service Check Method The system’s command to check or to restart this service failed.
Number of Restart Attempts 19
Service Check Raw Output (XID cg7fzv) The “sshd” service is down.

The subprocess “/usr/local/cpanel/scripts/restartsrv_sshd” reported error number 3 when it ended.

Startup Log Dec 07 02:34:37 xx.interactivewebs.com systemd[1]: Failed to start OpenSSH server daemon.
Dec 07 02:34:37 xx.interactivewebs.com systemd[1]: Unit sshd.service entered failed state.
Dec 07 02:34:37 xx.interactivewebs.com systemd[1]: sshd.service failed.
Log Messages Dec 7 02:34:37 cpanel2 sshd: /var/empty/sshd must be owned by root and not group or world-writable.
Memory Information
Used 1.12 GB
Available 14.01 GB
Installed 15.13 GB
Load Information 0.00 0.01 0.07
Uptime 1 hour, 30 minutes, and 42 seconds
IOStat Information avg-cpu: %user %nice %system %iowait %steal %idle 4.15 0.01 0.18 0.02 0.00 95.64 Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn sda 7.43 185.24 24.84 1007925 135152 dm-0 4.69 146.09 17.67 794896 96128 dm-1 0.02 0.41 0.00 2228 0 dm-2 2.62 33.66 6.80 183144 36976
Top Processes
PID Owner CPU% Memory % Command
5182 root 18.07 0.09 /usr/local/cpanel/scripts/restartsrv_cpanel_dovecot_solr
5080 root 5.88 0.17 tailwatchd – chkservd – cpanel-dovecot-solr check
5138 root 1.20 0.01 dovecot/auth -w
5167 root 0.72 0.00 [whostmgrd – ser]
5108 dovecot 0.68 0.02 dovecot/auth

 

The Fix

1. Login to WHM and click on terminal

Screenshot 2018 12 07 21 36 49

Type these 3 commands into there terminal window:

# chown root:root /var/empty/sshd 
# chmod 711 /var/empty/sshd 
# ls -ld /var/empty/sshd

 

2. Restart the ssh Daemon in WHM

WHM ssh

 

The Apple Developers Union

The Apple Developers Union

Recently a new group of App store developers has banded together to help push the cause of making the Apple App Store a little more developer friendly for people trying to make a living as Developers of applications for Mac’s and iPhones.

The website is called The Developers Union and has some listed goals and targets. Their about page states 

We believe that people who create great software should be able to make a living doing it. So we created The Developers Union to advocate for sustainability in the App Store.

Today, we are asking Apple to publicly commit — by the tenth anniversary of the App Store this July — to allowing free trials for all apps in the App Stores before July 2019. After that, we’ll start advocating for a more reasonable revenue cut and other community-driven, developer-friendly changes.

Here is why we joined.

1. The stated goal of offering free trials is something what has reared it’s head for the looming release of our next app. “NOTAM Reader”. The model we wish to operate under is not currently available where we can offer a free trial. So their first stated goal is something we are defiantly onboard with and hope they can influence Apple.

2. The possibility of reducing the 70/30% split that developers share with Apple is something we also support. Apple the entire ecosystem and for that we are always grateful of the opportunity to develop on such a popular and solid ecosystem. BUT. They are so hugely successful throughout the entire process that it is hard not to feel that the wealth distribution is a little out of kilter. This is not something we are militant about but certainly a review of this policy is something we feel is worthy of banding tougher. 

In the future we will review the groups stated goals and only remain part of the group while the stated goals are not self destructive and the process remains respectful for everyone involved.

DNN Event ID 1310 after moving website to new server Exception message: Unsecured Passwords Format Detected

IIS throwing Event ID 1310 Exception message: Unsecured Passwords Format Detected

1310

The Error Message

Exception information: Exception type: ConfigurationErrorsException Exception message: Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is: AspNetSqlMembershipProvider. The obsoleted password format is: Encrypted. For more information, see https://go.microsoft.com/fwlink/?linkid=834784.

Request information: Request URL: Request path: User host address: User: Is authenticated: False Authentication Type: Thread account name: IIS APPPOOL\DefaultAppPool

The Problem was actually simple and a “user error”

We tried to connect the website up to the wrong database. i.e. When we copied the database and moved it, we inadvertently copied the wrong database. This caused the above error due to the fact that the machinekey data in the web.config file was wrong for the database.

This caused the error 1310 to be thrown and the Application Pool associated with the new incorrectly setup site to stop.

The fix. 

Connect to the correct database!

Update

Further to this we encountered a really weird set of errors after this. Initially the error appears to be a connection issue. But then we started getting failings that would come an go.

Error logs showing plenty of Event ID 1310 but also in the DNN logs:

DotNetNuke.Services.Log.EventLog.DBLoggingProvider – System.Data.SqlClient.SqlException (0x80131904): Could not allocate space for object ‘dbo.EventLog’.’PK_EventLogMaster’ in database ‘bla’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

 

   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)

 

   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)

 

   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)

 

   at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()

 

   at System.Data.SqlClient.SqlDataReader.get_MetaData()

 

   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption)

 

   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)

 

   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)

 

   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)

 

   at System.Data.SqlClient.SqlCommand.ExecuteScalar()

 

   at PetaPoco.Database.ExecuteScalar[T](String sql, Object[] args)

 

   at DotNetNuke.Data.PetaPoco.PetaPocoHelper.ExecuteScalar[T](String connectionString, CommandType type, String sql, Object[] args)

 

   at DotNetNuke.Data.SqlDataProvider.ExecuteScalar[T](String procedureName, Object[] commandParameters)

 

   at DotNetNuke.Data.DataProvider.AddLog(String logGUID, String logTypeKey, Int32 logUserID, String logUserName, Int32 logPortalID, String logPortalName, DateTime logCreateDate, String logServerName, String logProperties, Int32 logConfigID, ExceptionInfo exception, Boolean notificationActive)

 

   at DotNetNuke.Services.Log.EventLog.DBLoggingProvider.WriteLog(LogQueueItem logQueueItem)

 

ClientConnectionId:e495809e-60d5-44f2-b883-fe81fbe1126f

 

Error Number:1105,State:2,Class:17

The Problem

The issue turned out to be that the database was a legacy database we received from another host. They had defined a database limit size in the SQL database it’s self. This caused the database to strop responding to DNN in a way we had never seen. After some time, the maintenance would drop the size of the database just below the limit and the DNN site would fire up. Until it reached the SQL database limit again.

Not likely to be a problem for many people, but something to check in the SQL dates settings.

The fix update

Increase or remove the size of the SQL database limit.

Adding Application Pool Identity in IIS to a Folder

 

Skip to end of metadata

 

Go to start of metadata

 

Whenever a new application pool is created, IIS creates a security identifier (SID) that represents the name of the application pool itself. For example, if you create an application pool with the name “Smartcrypt,” a security identifier with the name “Smartcrypt” is created in Windows. Resources can be secured by using this identity. However, the identity is not a real user account and will not show up as a user in the Windows User Management Console.

This can be configured by selecting a folder in Windows Explorer and adding the “Smartcrypt” identity to the folder’s Access Control List (ACL).

  1. Open Windows Explorer
  2. Select the directory the Smartcrypt Manager is installed under (eg: c:\web\mds)
  3. Right click the directory and select Properties
  4. Select the Security tab
  5. Click the Edit button and then Add button
  6. Click the Locations button and make sure that you select your computer.
  7. Enter IIS AppPool\<myappoolname> (eg: IIS AppPool\smartcrypt) in the Enter the object names to select: text box.
  8. Click the Check Names button and click OK.
  9. Check Modify under the Allow column, and click OK, and OK.

By doing this, the file or directory you selected will now also allow the Smartcrypt identity access.

 

You can do this via the command-line by using the ICACLS tool. The following example gives modify access to the Smartcrypt identity to the folder C:\web\mds and all contents.

ICACLS "C:\web\mds" /grant "IIS AppPool\Smartcrypt":M /t
 

Mac Clear DNS Cache

To clear the DNS cache on a Mac computer running the later version OSx

Open a Terminal window and paste in the following:

sudo dscacheutil -flushcache;sudo killall -HUP mDNSResponder; say cache flushed

Then hit enter.

You will be asked for the password you use to login as an admin.

LH Pilot Update 9.10.7

 

LH Pilot Update 9.10.7

– Updated the source for NOTAMS to fix the problem of FAA blocking regions via their website.
– Updated New EK Categories.
– Updated the colour coding for new categories.

This update addresses the latest released data from EK with new colour coding.

Also we were previously referencing NOTAM information from the FAA website. They have begun blocking IP addresses outside the USA. Subsequently we have referenced a new datasource and improved the formatting of the NOTAMS to be much easier to read.

Cpanel WordPress Site Error The uploaded file exceeds the upload_max_filesize directive in php.ini

Cpanel WordPress Site Error The uploaded file exceeds the upload_max_filesize directive in php.ini

While working with a Cpanel Website running WordPress, you attempt to upload a file and receive an error: 

“The uploaded file exceeds the upload_max_filesize directive in php.ini”

To fix for ALL Accounts in Cpanel

Login to the WHM Administration system. Note that this is usually the HOST provider that has access to this.

Softare >> MultiPHP INI Editor

Screenshot 2018 04 01 13 04 47

Then for the Different PHP Version in the Dropdown, selecting for example ea-php55  or ea-php56

Edit the post_max_size to something bigger that the default 8M

AND or

Edit the upload_max_filesize to something bigger than the default 2M

Screenshot 2018 04 01 13 07 43

To Fix for the Account you are working in.

Loged in as the Account holder,

Software MultiPHP INI Editor

Screenshot 2018 04 01 13 08 42

Select the location that you will apply this modification to. This should be the site or sub domain you are experiencing the problem with. (In our example we have the wordpress.projectcentre.com.au)

Edit the post_max_size to something bigger that the default 8M

AND or

Edit the upload_max_filesize to something bigger than the default 2M

Screenshot 2018 04 01 13 10 02

This applies to Cpanel April 2018 V68

alphassl the requested property value is empty Exception for HRESULT 0x80094004

alphassl the requested property value is empty Exception for HRESULT 0x80094004

Problem

When completing an Alphassl certificate install on IIS using the “Complete Certificate Request” you receive the error:

There was an error while performing this operation.

Details:

The requested property value is empty. (Exception from HRESULT: 0x80094004)

Exception for HRESULT 0x80094004

Now this is a Typical Microsoft Error in that it really only has meaning to the person who created the error. For us end users stuck in this weird Microsoft world, the error message is trying to tell us that the Certificate you pointed to for the “Complete Certificate Request function in IIS

IIS Complete Certificate Request

is pointing to a .CER file that is not valid as a certificate for import.

So at this point it is time to check what certificate you placed in the .CER file that you are trying to import.

Solution

In particular with Alphassl certificates, the process of completing a new certificate request is completed by email. The end of the process involves receiving an email with instructions on how to complete the process of import.

Screenshot 2018 03 14 13 12 32

Now if you are anything like me, and you think you know what you are doing having completed this process a few times. You tend to work fast and read instructions later (like an IKEA assembly job). And on several of my certificate install jobs I have made the same error. That being that I read to point 2 above. Click the link which if I read it is obviously to the Root Certificate Install. Then proceed to copy and paste the SHA-256 Certificate into the process and save is as a .cer file, then try to complete the process with that hash. 

Screenshot 2018 03 14 13 16 13

So basically this is all wrong. The certificate Hash is actually included in the bottom of the email received from Alphassl and that hash from the bottom fo the email is the correct hash to copy and paste to your IIS server and save as a .cer file. It is then this file that you use to complete the process with your IIS “Complete Certificate Request” function. Not the above Root certificate.

RTFM.

 

 

There was an error while performing this operation.

Details:

The requested property value is empty. (Exception from HRESULT: 0x80094004)

Outlook 365 Keeps Prompting for Password After August 2017

Outlook 365 Keeps Prompting for Password After August 2017

3db989da d0d4 4210 b5ff f9975e6687dc

In August 2017 Microsoft released another version of Outlook for Office 365 for PC that caused a major problem for people connecting to Exchange 2016 servers. This problems is all to do with the AutoDiscovery setup that Outlook uses. Microsoft appear to have set outlook to use their Office 365 servers as an initial point of setup configuration regardless of how you have configured AutoDiscovery.

The bottom line is that outlook keeps trying to authenticate agains office365 and not your own server. While this is a known issue, as of January 2018 it has not been fixed in the next version of Outlook.

The Fix

There are two fixes, and either one should work. We suggest Fix 1

Fix 1

First one involves setting a registry entry on the computer experiencing the issue. To fix this issue, create a text file and copy/paste this text below.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover]
"ExcludeExplicitO365Endpoint"=dword:00000001

Then save it, and rename it as ExcludeExplicitO365Endpoint.reg and run it (this will import the applicable registry key). ONLY DO THIS if you are using an Exchange On-Premise account, and not a Office365 or hosted exchange account.

Ref: https://www.stephenwagner.com/2018/01/14/cannot-create-exchange-2016-account-office-2016-due-repeated-password-prompts/#comment-284518

Fix 2

The solution I’ve found to work and the only one to stop this annoying popup of “enter your password”, is to downgrade to a lower version of office update.here is a script i wrote, in case you need to push this to several computers.

C:\Progr~1\Common Files\Microsoft Shared\officeClickToRun /update user updatetoversion=16.0.8326.2107 1>officec2rclient.exe

this will take your office 2016 to update 8326.2107 where this issue doesn’t happen.nothing will show up on the screen, but give it about 10 minutes and restart the computer. check the control panel/ add-remove programs and make sure office is on the new (or actually old…) version.

Here is a link to some helpful information in running this update: https://support.microsoft.com/en-us/help/2770432/how-to-revert-to-an-earlier-version-of-office-2013-or-office-2016-clic

Windows Server 2016 Download Maps Manager Delayed Start

Windows Server 2016 Download Maps Manager Delayed Start Red in Server Manager Dashboard

Its kind of annoying to find that after a fresh install of Windows 2016 Server you have a service that fails to behave correctly.

Download Maps Manager Delayed Start

When you click on the service, you will see something like this.

Screenshot 2017 08 02 22 40 27

Even if you attempt to force a start, it does not resolve this issue.

The good news is that this service is really not something you want anyway if you have a windows server doing actual server functions.

The Fix

The simple fix is to disable this service. The easy way to do this is to:

Open Windows Powershell

Windows 2016 Server Power Shell

Windows Powershell

Type this command:

Get-Service -Name MapsBroker | Set-Service -StartupType Disabled -Confirm:$false

Enter

Disable MapsBroker in Powershell

Problem is now fixed, and this annoying service is off and will not bother you again.