Migrating security certificate from IIS 6.0 to IIS 7.0

Hi,

We have a security certificate configured in IIS 6.0 on our old server. We are migrating to a new server. How do I migrate the security certificate of our website from IIS 6.0 to IIS 7.0?

From serverfault rboorgapally

• You'll need to export the certificate to a pfx file (go through the certificate wizard, and export should be one of the options). Them import this certificate into IIS 7 on the Windows 2008 machine.

  From mrdenny

• The Certificates snap-in isn't in Administrative Tools like you may assume. From your Run prompt type "MMC" then add a snap-in for Certificates. You'll likely find your certificate under "Personal". Export that that and import it to IIS7. In IIS7 you can do the import at the top level of IIS. You don't need to use the Certificates snap-in.

  Dscoduc : Why not just use the IIS Management Console to export the certificate?

  Scott Forsyth - MVP : You can do that too. I tend to do it in the MMC snap-in directly, but IIS Manager can do an export well too. Both will accomplish the same for a simple export.
  From Scott Forsyth - MVP

• See http://www.sslshopper.com/move-or-copy-an-ssl-certificate-from-a-windows-server-to-another-windows-server.html

  From Robert

Enabling external accounts on Snow Leopard.

Hello , I have a mac running snow leopard and I would like to create an external account (i.e. one which resides on a usb drive and shows up on the login screen when the usb drive is inserted ) . I tried using /System/Library/CoreServices/ManagedClient.app/Contents/Resources//createmobileaccount but to no avail . My machine is not connected to os x server . Do you have any suggestions ?

From serverfault cavver

• I would create a normal account then move the home folder to the usb stick and change the home path.

  To change the home path, go to System Preferences -> Accounts -> (if the locker bottom left is close, click on it then enter your password) -> right click on the freshly created remote account -> Advanced options … -> Click on the button to choose the new home folder on the USB key.

  From Studer

How to benchmark openvpn server.

Ive successfully setup a tunnel between my home ubuntu desktop(Japan) and my remote server(UK) using openvpn. Ive set it so that i can have the server fetch pages for me hiding my desktop ip to bypass geo restrictions (tv, radio etc) whilst im abroad.

Sometimes the playback is very choppy and i want to pinpoint why. Is it my configs? is the location of the server? Is it just that the webpage being accessed is very busy at that time of day? Would switching the server location to london instead of maidenhead make a difference?

Im wondering how best to go about this? Any ideas? Tools tips etc? I am a server newb but not to stuff like programming so not afraid of console etc.

From serverfault adam

• I'd start with one of the available network benchmarks (google results).

  You can try one of the web-based ones, like Speedtest, too :)

  • Also, how fast is your connection?
  • How fast are the intervening connections?
  • Does the VPN sometimes route/connect across faster pipes than others?
  From warren

• I would check some things:

  • Bandwidth between the client and server.
  • Bandwidth between the server and the internet.
  • Latency between the client-server, client-internet (using the vpn), client-internet (not using the vpn). Compare.
  • When the connection slows down, you need to check which other traffic is using the server. Is this server also working as proxy/router to other clients?. iftop would be a useful tool.
  From HD

• most probably it's the network latency between the two ends of the tunnel; if you feel artistic, use some graphical tools (cacti, for example, if not plain rrdtool) to keep track of various issues - latency, traffic, etc

  James : Smokeping (http://oss.oetiker.ch/smokeping/) is great for visualizing latency. Written by the rrdtool author too!

  petre : forgot about this one ... it suits better for this particular situation, indeed
  From petre

Openvpn : Vista client and Linux Server. All internet traffic is not being directed through vpn

EDITED - Just added push "redirect-gateway def1"

push "dhcp-option DNS 10.254.1.1"

and it works fine for vista now.. not sure if it will mess it up for my linux client though. Can anyone explain the difference between the linux and windows client setup?

END EDIT

I got openvpn to work for my destop ubuntu and linux reomte server and am able to redirect all my internet traffic through the remote server thanks to this communities help in this post

However im now trying to do the same with my vista desktop acting as client. But when I use the client settings from my ubuntu client in vista with some small modifications it connects successcfully, pings fine but doesnt direct all tracffic. Are there some differences between windows and linux client configs?

here are my vista configs

client
dev tun
proto tcp
remote xxx.xxx.xx.xxx  1194
resolv-retry infinite
nobind
;user nobody
;group nogroup
persist-key
persist-tun
ca ca.crt
cert adamvista.crt
key adamvista.key
ns-cert-type server
cipher BF-CBC
comp-lzo

verb 3

heres the server conf

port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.254.1.0  255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3

ive noticed that some tutorials mention in the server configs to use

push "redirect-gateway local def1"
push "dhcp-option DNS 10.8.0.1"

whereas my server.conf for my linux server to linux client only had this int the linux sample i adopted

push "redirect-gateway"

Whats the difference here? is it windows / linux thing?

Can anyone help on these matters?

I also have a lot of tunnel adaptors when i do ipconfig. Perhaps they are creating a problem???? heres the output whilst im connected (excuse the japanese os printout )

Windows IP 構成

   ホスト名 . . . . . . . . . . . . : Adam-PC
   プライマリ DNS サフィックス . . . . . . . :
   ノード タイプ . . . . . . . . . . . . : ハイブリッド
   IP ルーティング有効 . . . . . . . . : いいえ
   WINS プロキシ有効 . . . . . . . . : いいえ

イーサネット アダプタ ローカル エリア接続 2:

   接続固有の DNS サフィックス . . . :
   説明. . . . . . . . . . . . . . . : TAP-Win32 Adapter V9
   物理アドレス. . . . . . . . . . . : 00-FF-D5-B0-0B-B7
   DHCP 有効 . . . . . . . . . . . . : はい
   自動構成有効. . . . . . . . . . . : はい
   リンクローカル IPv6 アドレス. . . . : fe80::9cc0:63ff:d412:e553%16(優先)
   IPv4 アドレス . . . . . . . . . . : 10.254.1.10(優先)
   サブネット マスク . . . . . . . . : 255.255.255.252
   リース取得. . . . . . . . . . . . : 22 September 2009 19:15:36
   リースの有効期限. . . . . . . . . : 22 September 2010 19:15:36
   デフォルト ゲートウェイ . . . . . :
   DHCP サーバー . . . . . . . . . . : 10.254.1.9
   DNS サーバー. . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over TCP/IP . . . . . . . : 有効

イーサネット アダプタ ローカル エリア接続:

   接続固有の DNS サフィックス . . . :
   説明. . . . . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
   物理アドレス. . . . . . . . . . . : 00-23-54-0D-37-61
   DHCP 有効 . . . . . . . . . . . . : はい
   自動構成有効. . . . . . . . . . . : はい
   リンクローカル IPv6 アドレス. . . . : fe80::ed4d:1531:62a3:ab2e%8(優先)
   IPv4 アドレス . . . . . . . . . . : 192.168.11.2(優先)
   サブネット マスク . . . . . . . . : 255.255.255.0
   リース取得. . . . . . . . . . . . : 22 September 2009 18:11:35
   リースの有効期限. . . . . . . . . : 24 September 2009 18:11:34
   デフォルト ゲートウェイ . . . . . : 192.168.11.1
   DHCP サーバー . . . . . . . . . . : 192.168.11.1
   DNS サーバー. . . . . . . . . . . : 192.168.11.1
   NetBIOS over TCP/IP . . . . . . . : 有効

Tunnel adapter ローカル エリア接続* 6:

   メディアの状態. . . . . . . . . . : メディアは接続されていません
   接続固有の DNS サフィックス . . . :
   説明. . . . . . . . . . . . . . . : Microsoft ISATAP Adapter
   物理アドレス. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP 有効 . . . . . . . . . . . . : いいえ
   自動構成有効. . . . . . . . . . . : はい

Tunnel adapter ローカル エリア接続* 7:

   接続固有の DNS サフィックス . . . :
   説明. . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   物理アドレス. . . . . . . . . . . : 02-00-54-55-4E-01
   DHCP 有効 . . . . . . . . . . . . : いいえ
   自動構成有効. . . . . . . . . . . : はい
   IPv6 アドレス . . . . . . . . . . . : 2001:0:cf2e:3096:c01:3e32:3f57:f4fd(優先)
   リンクローカル IPv6 アドレス. . . . : fe80::c01:3e32:3f57:f4fd%9(優先)
   デフォルト ゲートウェイ . . . . . : ::
   NetBIOS over TCP/IP . . . . . . . : 無効

Tunnel adapter ローカル エリア接続* 11:

   メディアの状態. . . . . . . . . . : メディアは接続されていません
   接続固有の DNS サフィックス . . . :
   説明. . . . . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   物理アドレス. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP 有効 . . . . . . . . . . . . : いいえ
   自動構成有効. . . . . . . . . . . : はい

From serverfault adam

• Translation through Google (Hope it's still correct):

  Windows IP Configuration

  Host Name............: Adam-PC 
  Primary DNS Suffix.......: 
  Node Type............: Hybrid 
  IP Routing Enabled........: No 
  WINS Proxy Enabled........: No
  

  Ethernet adapter Local Area Connection 2:

  Connection-specific DNS Suffix...: 
  Description...............: TAP-Win32 Adapter V9 
  Physical Address...........: 00-FF-D5-B0-0B-B7 
  DHCP Enabled............: Yes 
  Enable automatic configuration...........: Yes 
  Link-local IPv6 Address....: Fe80:: 9cc0: 63ff: d412: e553% 16
  

  (preferred) IPv4 Address..........: 10.254.1.10 (preferred) Subnet Mask........: 255.255.255.252 Obtaining a lease............: 22 September 2009 19:15:36 Expiration of the lease.........: 22 September 2010 19:15:36 Default Gateway.....: DHCP Server..........: 10.254.1.9 DNS server...........: Fec0: 0:0: ffff:: 1% 1 fec0: 0:0: ffff:: 2% 1 fec0: 0:0: ffff:: 3% 1 NetBIOS over TCP / IP.......: Enabled

  Ethernet adapter Local Area Connection:

  Connection-specific DNS Suffix...: 
  Description...............: Atheros AR8121/AR8113/AR8114 PCI-E
  

  Ethernet Controller Physical Address...........: 00-23-54-0D-37-61 DHCP Enabled............: Yes Enable automatic configuration...........: Yes Link-local IPv6 Address....: Fe80:: ed4d: 1531:62 a3: ab2e% 8 (Preferred) IPv4 Address..........: 192.168.11.2 (Preferred) Subnet Mask........: 255.255.255.0 Obtaining a lease............: 22 September 2009 18:11:35 Expiration of the lease.........: 24 September 2009 18:11:34 Default Gateway.....: 192.168.11.1 DHCP Server..........: 192.168.11.1 DNS server...........: 192.168.11.1 NetBIOS over TCP / IP.......: Enabled

  Tunnel adapter Local Area Connection * 6:

  State of the media..........: Media is not connected 
  Connection-specific DNS Suffix...: 
  Description...............: Microsoft ISATAP Adapter 
  Physical Address...........: 00-00-00-00-00-00-00-E0 
  DHCP Enabled............: No 
  Enable automatic configuration...........: Yes
  

  Tunnel adapter Local Area Connection * 7:

  Connection-specific DNS Suffix...: 
  Description...............: Teredo Tunneling Pseudo-Interface 
  Physical Address...........: 02-00-54-55-4E-01 
  DHCP Enabled............: No 
  Enable automatic configuration...........: Yes 
  IPv6 Address...........: 2001:0: cf2e: 3096: c01: 3e32: 3f57: f4fd
  

  (preferred) Link-local IPv6 Address....: Fe80:: c01: 3e32: 3f57: f4fd% 9 (Preferred) Default Gateway.....::: NetBIOS over TCP / IP.......: Disabled

  Tunnel adapter Local Area Connection * 11:

  State of the media..........: Media is not connected 
  Connection-specific DNS Suffix...: 
  Description...............: Microsoft ISATAP Adapter # 2 
  Physical Address...........: 00-00-00-00-00-00-00-E0 
  DHCP Enabled............: No 
  Enable automatic configuration...........: Yes
  

  adam : wow never thought about using google for that. Nice one!
  From Workshop Alex

• In the linux server you're using "redirect-gateway", it means that the default gateway of the clients has been overriding and is pointing to the VPN. Try using "redirect gateway" and check the results of:

  route -n (linux client)
  route print (windows client)
  

  And compare the default routes for both clients. I think that in Windows there is a conflict between routes and that's why using "redirect-gateway local def1" works, because this command doesn't remove the default gateway instead it routes all the traffic through the VPN with 0.0.0.0/1 and 128.0.0.0/1 routes. Check the "route print" results after using "redirect-gateway local def1" to see the differences. Linux clients must not have problems with this config.

  adam : Will try this out. Actually i made a typo above. There should be no "local" in the redirect gateway command. But ill give this a shot to see if it helps me understand further whats going on under the hood.
  From HD

Find's -true option: what for?

GNU find (and others?) has a -true test along with the normal -name, -mode, -user and so on. From the man page:

-true Always true.

Every time I see the man page I notice this and wonder when it'd be useful. So, give me some examples of when it's useful :~)

From serverfault markdrayton

• When you want to list all files in find format to pipe into another program ?

  I guess it must be more efficient than using -name "*" or something similar.

  Dennis Williamson : `find` with no arguments at all does that.

  Julien Tartarin : Sure, but it's more explicit and has the same syntax with `-true`

  Dennis Williamson : How so?
  From Julien Tartarin

• Might useful for debuging when you are ANDing or ORing statements. So if you have a long command with a complex chain of arguments with lots of AND / OR between the statements, and something that isn't working like you expect, you could replace parts of it with -true to check your logic.

  However, I am not sure if this is why it is there, but seems like a legitimate use.

  From Kyle Brandt

• Consider find -delete -o -true -print. It's not too useful, but it's a pointer that you can think of -true or -false as means to override an in-expression result of some command with side effects.

  From diunko

postgres stats and opennms

What is the best (or easiest?) to monitor postgres 8.4 stats in OpenNMS 1.76?

SNMP? How?

From serverfault robbyt

• A quick google on "postgresql snmp" returned the following, which should allow you to monitor the database that OpenNMS is using from itself:

  • http://www.postgresql.org/about/press/features83 links to http://pgsnmpd.projects.postgresql.org/ for SNMP

  Hopefully monitoring itself doesn't create a feedback loop :)

  From warren

SBS2003 R2 - certificates

I get a log error OAL GENERATOR 9323.

Seems some users have invalid certificates, however, when opening the tab in the user properties under the Global Adress lists preview option. Active directory reports that it cannot op the certificate archive.

ERROR --- Source: MSExchangeSA Category: OAL Generator Event-id: 9323

Entry '###### ######- Search & Co Groep' has invalid or expired e-mail certificates. These certificates will not be included in the offline address list for '\Global Address List'.
- Default Offline Address List

How can I resolve this when I cannot delete the certs? Anyone? :)

From serverfault Sniek NL

• Cant you just renew the certificates? in the CA on the server, just select the certificate assigned and choose renew?

  No CA? Here's one who seemed to be able to resolv the problem. http://www.jasonslater.co.uk/2009/08/18/dealing-with-exchange-server-2007-oal-generator-events-9320-9323-9325-and-9327/

  Sniek NL : Thanks! I've googled and googled for it. But without success. I knew I had to remove the certificates, however non where shown! +1

  MrTimpi : Did it solve anything or are you still having the issue?
  From MrTimpi