Clean RDP temporary licenses (Windows 2008 R2)

Posted on by Andy

RDP (Remote Desktop) temporary per client licenses will only be created the first time a client logs in. In general they have a 90 days validity period, after which, if no real certificate is issued, the client access is going to be denied. If you have no problem with re-creation of theses temporary certificates for your client and only use these, it's quite simply to renew every certificate for RDP.

Simply open the command-line (cmd) and do:

  • net stop "Remote Desktop Licensing"
  • del /Q c:\windows\system32\lserver\*
  • net start "Remote Desktop Licensing"

That should be it. All certificates are gone and a new database will be created as soon as the first user logs in. To empty your database on a regularly basis, just create a batch file and let it run every month.

Create a master zone in BIND9 (CentOS)

Posted on by Andy

After installing BIND with your package manager (yum) you need to edit the main configuration file. The following configuration was adopted to my needs but you should get the points. For more infos about the config switches you can look at the named manual pages.

edit /etc/named.conf and change following lines:

options {
    listen-on-v6 { none; };
    listen-on port 53 { 127.0.0.1; YOUR_LOCAL_IP; };
    allow-query { localhost; };
    allow-transfer { none; };
    recursion no;
}

add your zone information to the file:

zone "MYDOMAIN" {
    type master;
    file "MYDOMAIN.zone";
    allow-query { any; };
}

now create your zone file /var/named/MYDOMAIN.zone and add following lines:

$TTL 3h
@             IN SOA          ns.MYDOMAIN. root.MYDOMAIN. (
                                     MODIFICATION ; serial
                                     3h ; refresh
                                     1h ; retry
                                     1w ; expiry
                                     1d  ; minimum
)
MYDOMAIN.             IN MX          0 mail.MYDOMAIN.
MYDOMAIN.             IN TXT         "v=spf1 ip4:YOUR_PUBLIC_IP/32 mx ptr mx:mail.MYDOMAIN -all"
MYDOMAIN.             IN NS           ns.MYDOMAIN.
MYDOMAIN.             IN NS           SLAVE_DNS_SERVER
www.MYDOMAIN.      IN A             MYHOST_IP
ns.MYDOMAIN.         IN A             MYHOST_IP
mail.MYDOMAIN.       IN A             MYHOST_IP
HOST.MYDOMAIN.    IN A             MYHOST_IP

now, save the file and make sure it has the right permissions:

# chown root:named /var/name/MYDOMAIN.zone
# chmod 640 /var/name/MYDOMAIN.zone

then add a firewall rule if not alreaqdy done:

# iptables -A INPUT -m state –state NEW -p udp –dport 53 -j ACCEPT

and (re-)start the nameserver.

article based on this howto

No space left on device error (Apache)

Posted on by Andy

If you find in your apache error logs some lines with:

No space left on device. Couldn't create accept lock

and a normal service restart does not help it has likely something to do with Semaphores running out.

Try a service shutdown and check your apache semaphores afterwards with:
# ipcs | grep apache

Should there still be a lot of them you can delete them with following command:
# ipcs -s | grep apache | perl -e 'while (<STDIN>) { @a=split(/\s+/); print `ipcrm sem $a[1]`}'

Now start your apache normally and verify the logs if the problem has gone.