The Centauri Files – Adventures in System Administration

Listing IP Address on Windows

On May 13, 2026

There are times I need to get the list of the IP addresses – usually just IPv4 addresses since use of IPv6 addresses is still not widespread yet – on a Windows server. There are various ways to do this. One of the simplest is to use ipconfig. This is a command-line utility that has been a part of Windows since the early days. Without any options, it returns the IP addresses and subnet masks for every network adapter.

Note the link-local IPv6 address includes a scope id (% followed by the network adapter id). Because link-local addresses are not guaranteed to be globally unique, the scope id is used to identify the network adapter used for the address. This is important on systems with multiple network adapters.

MySQL Configuration Files

By centauricw

On January 16, 2026

In Linux, MySQL/MariaDB

Since I recently posted MariaDB client and sever options files, it’s only fitting that I post options files for MySQL. Since MariaDB and MySQL have diverged since version 5 when MariaDB was a drop-in replacement for MySQL, options files can no longer be shared between the two without modification.

MySQL has many options for both the client and server than can be adjusted (or tuned) to provide better performance. For most, the default settings are fine and never need to be adjusted. A few, however, should be adjusted for optimal performance. This is particular true for the InnoDB storage engine. The option innodb_buffer_pool_size, which sets the size of the in-memory buffer pool, is probably the most important option to boost performance. It can be set up to 80% of the total memory on the server, but the default is very inadequate 128 MB.

Another option is max_allowed_packet which is used by both client and the server. This sets the maximum size for a data packet or generated/intermediate string. It must be large enough to hold the largest record or BLOB. The client default is a very anemic 16 MB. The server default is better but only 64 MB.

MariaDB Configuration Files

By centauricw

On January 13, 2026

In Linux, MySQL/MariaDB

MariaDB has many options for both the client and server than can be adjusted (or tuned) to provide better performance. For most, the default settings are fine and never need to be adjusted. A few, however, should be adjusted for optimal performance. This is particular true for the InnoDB storage engine. The option innodb_buffer_pool_size, which sets the size of the in-memory buffer pool, is probably the most important option to boost performance. It can be set up to 80% of the total memory on the server, but the default is very inadequate 128 MB.

Another option is max_allowed_packet which is used by both client and the server. This sets the maximum size for a data packet or generated/intermediate string. It must be large enough to hold the largest record or BLOB. The client default is not too shabby at 1 GB, but the server default is an anemic 16 MB.

The MariaDB packages for Debian and Red Hat based distributions do install options files (also known as defaults files) for both the client and server, but they are largely placeholders, setting very few or no options. And they have no comments about any of the options. This makes it difficult to know which options should be adjusted for best performance. The options are documented on the MariaDB Documentation site, but this means wading through a long list of options trying to find the ones of interest.

Backing Up MySQL and MariaDB Databases

By centauricw

On January 11, 2026

In Linux, MySQL/MariaDB

Having regular backups of MySQL and MariaDB databases is vitally important to ensure that data can be recovered in the event of corruption (which could be caused by a system failure or malicious software such as ransomware) or human error (such as when a user accidentally deletes a row, table, or entire database). MySQL and MariaDB provide a utility program to back up the databases – namely mysqldump (which is mariadb-dump for MariaDB 1.5 and higher) – but neither provides a program or script that allows backups to be easily automated. Aptum Technologies (my employer) provides a script allowing customers to back up the databases from a cron job. The original was a very basic script which didn’t have much flexibility. Using this as foundation, I rewrote the backup script and enhanced it over the years to improve its functionality and add features.

The script – backup-mysql – uses mysqldump to create a logical backup of each database. Each database is backed up to a separate file and then compressed using gzip (or pigz on systems with two or more processors). The database backup files are then archived to a tar file. This archive file is not compressed since the individual database backup files are already compressed. And a log file is created with information about the backup operation. Any errors that occur are recorded in the log file.

Disabling ISAPI Filters When Not Allowed By IIS Manager

By centauricw

On December 21, 2025

In IIS (Internet Information Services), Windows

A client recently had problems with an IIS website. The website was serving only static image files. No dynamic pages created by a rendering engine. But all requests for this website were returning a 500 Server Error. I traced the problem to an ISAPI filter installed by ColdFusion. (Yes, ColdFusion is still a thing.)

ColdFusion is a Java application and uses Apache Tomcat to render its web pages. To interface with IIS, it installs an ISAPI filter to proxy requests from IIS to ColdFusion’s Tomcat engine. The IIS sites for the ColdFusion pages were working fine, but the site for the static image files was reporting an error that it could not load the ColdFusion ISAPI filter. This caused Windows to shut down the IIS worker processes and return a 500 Server Error. The cause was likely a configuration error for the ColdFusion Tomcat Connector. Since the website didn’t need to use ColdFusion, the client’s preferred to simply remove the Tomcat ISAPI filter for the site. However, IIS Manager was not allowing the filter to be removed.

To understand why the ISAPI filer could not be removed requires digging into the structure of the IIS configuration.

SQL Server – Secure By Default

By centauricw

On October 10, 2025

In Microsoft SQL Server

Enhancements to SQL Server Network Connection Security Through Breaking Changes

With the introduction of SQL Server 2022, Microsoft began a new initiative known as secure by default. This initiative is in response to vulnerabilities in the Tabular Data Stream (TDS) protocol – the protocol used for data communication between a client and SQL Server – discovered by Summit Security Group which allowed a man-in-the-middle attack. As more SQL Server workloads are moved to public clouds like Azure, connections over the Internet will be become more common. Microsoft has therefore taken steps to secure the network connection between the client and SQL Server

Changes to implement secure by default revolve around encryption. Use of encryption for the connection has long been optional and the default was not to use encryption. Secure by default now requires client drivers to use encryption unless explicitly disabled, and this is a breaking change that can cause connections using default settings to fail. It’s not the use of encryption itself that is the problem. Rather it’s because the certificate used by SQL Server to encrypt the connection is validated to ensure it’s a trusted certificate. A trusted certificate is one that is issued by a trusted certificate authority. When SQL Server uses a self-signed certificate – which, by definition, is not a trusted certificate – the validation fails and the connection is not allowed.

Listing and Moving Active Directory FSMO Roles

By centauricw

On January 3, 2025

In Active Directory, PowerShell, Windows

FSMO is an Active Directory term that stands for Flexible Single Master Operation. Although Active Directory uses a multi-master enabled database, which provides the flexibility of allowing changes to occur on any domain controller, certain operation requires a single-master model where only one domain controller is allowed to process updates to prevent conflicting updates.

Domain Administrator Cannot Open Ethernet Adapter Settings

By centauricw

On November 22, 2024

In Windows

Creating a new Active Directory forest and domain on Windows Server 2019 recently, I found the domain administrator could not open Network Connections. This happened when right-clicking on the Network icon on the Task Bar to open Network & Internet Settings, selecting Ethernet, and clicking on “Change adapter options”.

This only occurs when trying to open Network Connections through Windows Settings. There are no problems opening Network Connections through Control Panel or directly by running ncpa.cpl. And it only affects the domain administrator. Other users do not experience this problem. But the domain administrator has this problem on any computer in the domain.

MariaDB root Authentication

By centauricw

On October 19, 2024

In MySQL/MariaDB

MariaDB 10.4 implemented a lot of changes to how security is done. Much of this is invisible to most users with the exception of root. The root user is now able to use socket authentication through the unix_socket plugin. It means that if you are logged in to a Linux system as root, you can log on to the MariaDB server without using a password. Note in the example below, the -p option (for “password”) is not used yet the log on is successful.

[root@linuxputer ~]# mysql -u root
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 408
Server version: 10.11.9-MariaDB-log MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

And it’s not just that you don’t need to enter a password. Even if a password is provided, it is completely ignored. In this example, a password – which is invalid – is provided, yet the log on is successful.

Windows Server 2022 SMTP Relay List Bug

By centauricw

On October 19, 2024

In IIS (Internet Information Services), Windows

It appears a bug was added the IIS SMTP Server in Windows Server 2022. After installing the SMTP Server feature, you are not able to open the properties window in Internet Information Services (IIS) 6.0 Manager with MMC (Microsoft Management Console) displaying an error.

This is because the setting for RelayIpList in MetaBase.xml is incorrect . Since the SMTP Server hasn’t been significantly changed since Windows Server 2003 – it runs in IIS 6.0 Compatibility Mode after all – how this bug got introduced is a mystery. And Microsoft has taken no steps to fix it. Fortunately, this problem is easily corrected.