The Centauri Files

Adventures in System Administration

Author: centauricw Page 1 of 2

MariaDB Configuration Files

By

On January 13, 2026

In Linux, MySQL/MariaDB

MariaDB has many options for both the client and server than can be adjusted (or tuned) to provide better performance. For most, the default settings are fine and never need to be adjusted. A few, however, should be adjusted for optimal performance. This is particular true for the InnoDB storage engine. The option innodb_buffer_pool_size, which sets the size of the in-memory buffer pool, is probably the most important option to boost performance. It can be set up to 80% of the total memory on the server, but the default is very inadequate 128 MB.

Another option is max_allowed_packet which is used by both client and the server. This sets the maximum size for a data packet or generated/intermediate string. It must be large enough to hold the largest record or BLOB. The client default is not too shabby at 1 GB, but the server default is an anemic 16 MB.

The MariaDB packages for Debian and Red Hat based distributions do install options files (also known as defaults files) for both the client and server, but they are largely placeholders, setting very few or no options. And they have no comments about any of the options. This makes it difficult to know which options should be adjusted for best performance. The options are documented on the MariaDB Documentation site, but this means wading through a long list of options trying to find the ones of interest.

Read More

Backing Up MySQL and MariaDB Databases

By

On January 11, 2026

In Linux, MySQL/MariaDB

Having regular backups of MySQL and MariaDB databases is vitally important to ensure that data can be recovered in the event of corruption (which could be caused by a system failure or malicious software such as ransomware) or human error (such as when a user accidentally deletes a row, table, or entire database). MySQL and MariaDB provide a utility program to back up the databases – namely mysqldump (which is mariadb-dump for MariaDB 1.5 and higher) – but neither provides a program or script that allows backups to be easily automated. Aptum Technologies (my employer) provides a script allowing customers to back up the databases from a cron job. The original was a very basic script which didn’t have much flexibility. Using this as foundation, I rewrote the backup script and enhanced it over the years to improve its functionality and add features.

The script – backup-mysql – uses mysqldump to create a logical backup of each database. Each database is backed up to a separate file and then compressed using gzip (or pigz on systems with two or more processors). The database backup files are then archived to a tar file. This archive file is not compressed since the individual database backup files are already compressed. And a log file is created with information about the backup operation. Any errors that occur are recorded in the log file.

Read More

Disabling ISAPI Filters When Not Allowed By IIS Manager

By

On December 21, 2025

In IIS (Internet Information Services), Windows

A client recently had problems with an IIS website. The website was serving only static image files. No dynamic pages created by a rendering engine. But all requests for this website were returning a 500 Server Error. I traced the problem to an ISAPI filter installed by ColdFusion. (Yes, ColdFusion is still a thing.)

ColdFusion is a Java application and uses Apache Tomcat to render its web pages. To interface with IIS, it installs an ISAPI filter to proxy requests from IIS to ColdFusion’s Tomcat engine. The IIS sites for the ColdFusion pages were working fine, but the site for the static image files was reporting an error that it could not load the ColdFusion ISAPI filter. This caused Windows to shut down the IIS worker processes and return a 500 Server Error. The cause was likely a configuration error for the ColdFusion Tomcat Connector. Since the website didn’t need to use ColdFusion, the client’s preferred to simply remove the Tomcat ISAPI filter for the site. However, IIS Manager was not allowing the filter to be removed.

To understand why the ISAPI filer could not be removed requires digging into the structure of the IIS configuration.

Read More

SQL Server – Secure By Default

By

On October 10, 2025

In Microsoft SQL Server

Enhancements to SQL Server Network Connection Security Through Breaking Changes

With the introduction of SQL Server 2022, Microsoft began a new initiative known as secure by default. This initiative is in response to vulnerabilities in the Tabular Data Stream (TDS) protocol – the protocol used for data communication between a client and SQL Server – discovered by Summit Security Group which allowed a man-in-the-middle attack. As more SQL Server workloads are moved to public clouds like Azure, connections over the Internet will be become more common. Microsoft has therefore taken steps to secure the network connection between the client and SQL Server

Changes to implement secure by default revolve around encryption. Use of encryption for the connection has long been optional and the default was not to use encryption. Secure by default now requires client drivers to use encryption unless explicitly disabled, and this is a breaking change that can cause connections using default settings to fail. It’s not the use of encryption itself that is the problem. Rather it’s because the certificate used by SQL Server to encrypt the connection is validated to ensure it’s a trusted certificate. A trusted certificate is one that is issued by a trusted certificate authority. When SQL Server uses a self-signed certificate – which, by definition, is not a trusted certificate – the validation fails and the connection is not allowed.

Read More

Listing and Moving Active Directory FSMO Roles

By

On January 3, 2025

In Active Directory, PowerShell, Windows

FSMO is an Active Directory term that stands for Flexible Single Master Operation. Although Active Directory uses a multi-master enabled database, which provides the flexibility of allowing changes to occur on any domain controller, certain operation requires a single-master model where only one domain controller is allowed to process updates to prevent conflicting updates.

Read More

Domain Administrator Cannot Open Ethernet Adapter Settings

By

On November 22, 2024

In Windows

Creating a new Active Directory forest and domain on Windows Server 2019 recently, I found the domain administrator could not open Network Connections. This happened when right-clicking on the Network icon on the Task Bar to open Network & Internet Settings, selecting Ethernet, and clicking on “Change adapter options”.

This only occurs when trying to open Network Connections through Windows Settings. There are no problems opening Network Connections through Control Panel or directly by running ncpa.cpl. And it only affects the domain administrator. Other users do not experience this problem. But the domain administrator has this problem on any computer in the domain.

Read More

MariaDB root Authentication

By

On October 19, 2024

In MySQL/MariaDB

MariaDB 10.4 implemented a lot of changes to how security is done. Much of this is invisible to most users with the exception of root. The root user is now able to use socket authentication through the unix_socket plugin. It means that if you are logged in to a Linux system as root, you can log on to the MariaDB server without using a password. Note in the example below, the -p option (for “password”) is not used yet the log on is successful.

[root@linuxputer ~]# mysql -u root
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 408
Server version: 10.11.9-MariaDB-log MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

And it’s not just that you don’t need to enter a password. Even if a password is provided, it is completely ignored. In this example, a password – which is invalid – is provided, yet the log on is successful.

Read More

Windows Server 2022 SMTP Relay List Bug

By

On October 19, 2024

In IIS (Internet Information Services), Windows

It appears a bug was added the IIS SMTP Server in Windows Server 2022. After installing the SMTP Server feature, you are not able to open the properties window in Internet Information Services (IIS) 6.0 Manager with MMC (Microsoft Management Console) displaying an error.

This is because the setting for RelayIpList in MetaBase.xml is incorrect . Since the SMTP Server hasn’t been significantly changed since Windows Server 2003 – it runs in IIS 6.0 Compatibility Mode after all – how this bug got introduced is a mystery. And Microsoft has taken no steps to fix it. Fortunately, this problem is easily corrected.

Read More

DCOM Permission Errors

By

On October 18, 2024

In PowerShell, Windows

I occasionally encounter errors when trying to install a software package on Windows with the less than helpful message that the Windows Installer Service could not be accessed.

A typical search will return lots of results about reinstalling the MSI Installer service, changing registry entries, and otherwise tinkering with low-level Windows components, but the problem is actually much simpler. The user trying to run the MSI Installer has been denied rights to run it.

The MSI Installer – the Windows Installer service – is a COM (Component Object Model) component. Windows uses a large number of COM comments for the operating system. Like files, users are granted permissions to access and run COM comments. This normally is not an issue. At least it wasn’t until Windows 10/Windows Server 2016. But a bug appears to have crept into Windows that will randomly revoke a user’s permission to run one or more COM objects, the MSI Installer being one of them. Antivirus programs seems to aggravate this, but I’ve encountered the problem on systems with only Windows (or Microsoft) Defender Antivirus.

Read More

Large Send Offload and Network Performance

By

On October 5, 2024

In Linux, Networking, Windows

An issue that I’ve encountered fairly often are complaints of slow network performance, especially when transferring large files. Although there are many issues that can affect network throughput, the most common issue is related to Large Send Offload.

Large Send Offload (also known as Large Segmentation Offload, and LSO for short) is a feature that allows the operating system TCP\IP network stack to build a large TCP message of up to 64KB in length before sending to the Ethernet adapter. Then the hardware on the Ethernet adapter — what I’ll call the LSO engine — segments it into smaller data packets (known as “frames” in Ethernet terminology) that can be sent over the wire. This is up to 1500 bytes for standard Ethernet frames and up to 9000 bytes for jumbo Ethernet frames. (The actual sizes are bit larger to accommodate the overhead – header and frame check sequence – in the packet). This is designed to free up the CPU on the server from having to handle segmenting large TCP messages into smaller packets required by the frame size. Sounds like a good deal. What could possibly go wrong?

Read More

Page 1 of 2

Next

Copyright © 2026 Charles Rutledge

Powered by WordPress & Theme by Anders Norén