Teamviewer trouble, screen cannot be captured, fast user switching error message

Setting up Teamviewer for unattended access on Windows Server 2012 R2 but having trouble getting it work without first logging on to the server in some other way?

If you get the error “The screen cannot be captured at the moment. This is probably due to fast user switching or a disconnected/minimized Remote Desktop session.”, like in this picture:

chances are that you use a “User ID” instead of a “Server ID” when you connect with TeamViewer to the server. I’ve written on Superuser about this teamviewer problem. It took me some (unnecessary) time to figure out, so I hope this tip saves you some of your time.

[Solved] pfSense 2.1 nanobsd boot from USB automatically

I just configured pfSense 2.1 on a m-itx board that I will use as my main firewall at home.

I’m replacing my Cisco ASA with pfSense, because I only have a ASA license for 10 simultaneous hosts on the inside talking to the outside, which cause some strange errors from time to time.

The first time I came across this license limit, I was really puzzled and started reconfiguring DNS to try to resolve the problem. Glad I eventually looked at the firewall syslog…

Anyway. pfSense is really great, and configuration is a breeze. I made a bootable USB flash drive, and configured it in a few seconds. My problem was that after each reboot, it didn’t find the USB drive unless I chose boot menu option 3.

What I went looking for was a way to make the USB boot option 3 the default.

It turned out that the only thing that option does is introduce a delay in the boot sequence, so that the kernel/modules have time to probe the USB buses.

The solution was easy:

  • enter the Shell (choice 8 after pfSense has booted)
  • remount the root filesystem rw to be able to:
  • add /boot/loader.conf/local containing:
  • kern.cam.boot_delay=10000

 

windows “tail -F” is called “SMS trace”

“SMS trace”/”trace32.exe” or “tracer.exe” for the command-line version of “tail -f” to continually monitor a growing log file can be found in the Microsoft Systems Management Server toolkit, nowadays called System Center Configuration Manager Toolkit (SCCM 2012).

Yay! I think I prefer cygwin + tail -f 🙂

Windows assign user privileges SeTcbPrivilege, SeCreateTokenPrivilege, SeAssignPrimaryTokenPrivilege to cyg_server user for sshd

To set up sshd on cygwin:

  1. install cygwin including the openssh package
  2. create local (or domain?) user “cyg_server” and make it member of the “Administrators” group
  3. gpedit.msc
  • Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment
  • right click “Act as part of the operating system” -> Properties -> Add User or Group
  • right click “Create a token object” -> Properties -> Add User or Group
  • right click “Replace a process level token” -> Properties -> Add User or Group

Perform a “gpupdate” to sync the policy changes in the domain.

  1. start a bash (cygwin terminal) with Administrative privileges
  2. mkpasswd -l -d YOUR_DOMAIN > /etc/passwd #(skip -d YOUR_DOMAIN if not using a domain)
  3. mkgroup -l -d YOUR_DOMAIN > /etc/group #(skip -d YOUR_DOMAIN if not using a domain)
  4. ssh-host-config -y
  5. “cygrunsrv -S sshd” or “net start sshd”

Done! 🙂

 

X11 connection rejected because of wrong authentication – X11 forwarding suddenly fails

After ages of flawless X11 forwarding over SSH, today I started getting authentication errors and couldn’t even get a remote xterm to display locally over my ssh tunnel.

Weird!

I tried ssh -Y, ssh -X and changes in sshd_conf on the remote server and ssh_conf locally, even though I knew that nothing had changed except a few patches to unrelated software on the local machine. Of course that didn’t help.

I ran xauth on the remote server, no indication of any errors.

It turned out that the remote /home filesystem was out of space, and this prevented the ssh X11 forwarding from working properly. I write this as a note-to-self, as it could happen again…

Outlook hangs with new account with missing credentials

Yesterday, at work, I was adding a group mailbox that I believed that I had access to, to my outlook 2010 client. For some reason only Microsoft knows about, this forces a restart of the outlook client.

It turned out that I didn’t have the permissions required to this shared mailbox, and when I started outlook it kept asking for username and password for that mailbox.

When I clicked “cancel”, outlook stopped responding for a long time, so navigating to the menu where I could remove the account again took an eternity.

The quick way to remove the account from outlook is, surprisingly, to use the control panel. There is a “Mail” function there. It takes you to the same mail account management dialog as from whithin outlook, only difference being that because outlook is closed, it doesn’t try to open the mailboxes, so I could remove the shared mailbox until I got the permission for it today.

gentoo gnunet build fails with MHD_post_process linker error

gnunet ebuild (zugaina layman overlay) fails with linker errors about MHD_destroy_post_processor and MHD_post_process ?

Add to /etc/portage/package.use:

net-libs/libmicrohttpd  messages

emerge libmicrohttpd again, and then emerge gnunet.

Success!

(at least for me)

RHEL6 apache httpd virtual host the proper way

My recipie for name based virtual hosts in separate directories on RHEL:

We place all the virtual hosts under a new directory tree /var/www/vhosts:

# yum install httpd
# mkdir /var/www/vhosts
# semanage fcontext -a -t httpd_sys_content_t /var/www/vhosts
# restorecon -Rv /var/www/vhosts
# mkdir -p /var/www/vhosts/{site1,site2,site3}/{logs,htdocs}
# chown -R apache:apache /var/www/vhosts

I recommend using the FQDN of each site instead of the words “site1”, “site2”, in these examples.

Create the file /etc/httpd/conf.d/vhosts.conf with appropriate content such as:

NameVirtualHost *:80

<VirtualHost *:80>
  ServerName site1
  DocumentRoot /var/www/vhosts/site1/htdocs
  CustomLog "/var/www/vhosts/site1/logs/access.log" common
  ErrorLog "/var/www/vhosts/site1/logs/error.log"

  <Directory "/var/www/vhosts/site1/htdocs">
     Options None
     AllowOverride All
     Order Deny,Allow
     Allow from 127.0.0.1
  </Directory>
</VirtualHost>

<VirtualHost *:80>
  ServerName site2
  DocumentRoot /var/www/vhosts/site2/htdocs
  CustomLog "/var/www/vhosts/site2/logs/access.log" common
  ErrorLog "/var/www/vhosts/site2/logs/error.log"

  <Directory "/var/www/vhosts/site2/htdocs">
     Options None
     AllowOverride All
     Order Deny,Allow
     Allow from 127.0.0.1
  </Directory>
</VirtualHost>

and so on

(Dont forget to set the Directory permissions properly. Above is just an example!)

Then activate the goodness:

# apachectl restart

Why is this method good?

1. Creating the vhosts.conf in conf.d doesn’t modify any vendor-supplied files, which means that we won’t lose them if we reinstall the package.

2. Keeping each virtual host and its logs under its own directory tree makes maintenance a breeze and permissions can be separated to give developers access to specific vhosts only.