Adventures in System Administration

Month: October 2024

MariaDB root Authentication

MariaDB 10.4 implemented a lot of changes to how security is done. Much of this is invisible to most users with the exception of root. The root user is now able to use socket authentication through the unix_socket plugin. It means that if you are logged in to a Linux system as root, you can log on to the MariaDB server without using a password. Note in the example below, the -p option (for “password”) is not used yet the log on is successful.

[root@linuxputer ~]# mysql -u root
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 408
Server version: 10.11.9-MariaDB-log MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

And it’s not just that you don’t need to enter a password. Even if a password is provided, it is completely ignored. In this example, a password – which is invalid – is provided, yet the log on is successful.

Windows Server 2022 SMTP Relay List Bug

It appears a bug was added the IIS SMTP Server in Windows Server 2022. After installing the SMTP Server feature, you are not able to open the properties window in Internet Information Services (IIS) 6.0 Manager with MMC (Microsoft Management Console) displaying an error.

This is because the setting for RelayIpList in MetaBase.xml is incorrect . Since the SMTP Server hasn’t been significantly changed since Windows Server 2003 – it runs in IIS 6.0 Compatibility Mode after all – how this bug got introduced is a mystery. And Microsoft has taken no steps to fix it. Fortunately, this problem is easily corrected.

DCOM Permission Errors

I occasionally encounter errors when trying to install a software package on Windows with the less than helpful message that the Windows Installer Service could not be accessed.

A typical search will return lots of results about reinstalling the MSI Installer service, changing registry entries, and otherwise tinkering with low-level Windows components, but the problem is actually much simpler. The user trying to run the MSI Installer has been denied rights to run it.

The MSI Installer – the Windows Installer service – is a COM (Component Object Model) component. Windows uses a large number of COM comments for the operating system. Like files, users are granted permissions to access and run COM comments. This normally is not an issue. At least it wasn’t until Windows 10/Windows Server 2016. But a bug appears to have crept into Windows that will randomly revoke a user’s permission to run one or more COM objects, the MSI Installer being one of them. Antivirus programs seems to aggravate this, but I’ve encountered the problem on systems with only Windows (or Microsoft) Defender Antivirus.

Large Send Offload and Network Performance

An issue that I’ve encountered fairly often are complaints of slow network performance, especially when transferring large files. Although there are many issues that can affect network throughput, the most common issue is related to Large Send Offload.

Large Send Offload (also known as Large Segmentation Offload, and LSO for short) is a feature that allows the operating system TCP\IP network stack to build a large TCP message of up to 64KB in length before sending to the Ethernet adapter. Then the hardware on the Ethernet adapter — what I’ll call the LSO engine — segments it into smaller data packets (known as “frames” in Ethernet terminology) that can be sent over the wire. This is up to 1500 bytes for standard Ethernet frames and up to 9000 bytes for jumbo Ethernet frames. (The actual sizes are bit larger to accommodate the overhead – header and frame check sequence – in the packet). This is designed to free up the CPU on the server from having to handle segmenting large TCP messages into smaller packets required by the frame size. Sounds like a good deal. What could possibly go wrong?

Windows Server 2012 Update Failure – 0x80072EFE

I recently built a Windows Server 2012 virtual machine to do some compatibility testing for a PowerShell script I was working on. I wanted PowerShell 3.0 to be the minimum version required for the script so it could be used with older versions of Windows. Since PowerShell is included as an operating system component, I needed an older version of Windows to use PowerShell 3.0.  Windows Server 2012 fit the bill.

After getting Windows Server 2012 installed, trying to check for updates returned error 0x80072EFE. Microsoft had updated distribution of updates, and the Windows Update Client installed with Windows Server 2012 is out of date. You must download and install the KB2937636 update. After a reboot, the Windows Update Client will install an additional update and then it will be able to search for and install updates.

Copyright © 2024 Charles Rutledge

Powered by WordPress & Theme by Anders Norén