Following on from a series of recent Windows Updates, a couple of our servers had a problem running Server Manager (“Server Manager has stopped working”) and SQL Management Studio (“Failed to Load penimc.dll”). The details of the Server Manager error were in the event log: Application: ServerManager.exe Framework Version: v4.0.30319 Description: The process was terminated […]
Octopus Deploy has a web portal that runs a self-hosted website on whatever port you specify. You can even have Octopus generate a self-signed certificate in order to use HTTPS when browsing the web portal… but if you connect other application that are strictly validating certificates, they won’t be too pleased with self-signed certificates. Purchasing […]
In an error log or HTTP log phising attack, a deliberately bad request is generated with a fake referer string. The hope is that the referer string will be displayed in your cool web-based log aggregation and monitoring service as a hyperlink – tempting operations teams to click on the link as it might explain […]
In older versions of Windows, you could set disconnected Remote Desktop Connections to timeout after a set period using the Remote Desktop Session Host Configuration. In Windows Server 2012, you may find that Remote Desktop Session Host Configuration is missing from your Administration Tools – but don’t despair as you can configure this using group […]
The following Log Parser Studio query will find common erroring URLs. You could adapt this to find common addresses for other status codes too. SELECT TOP 20 cs-uri-stem, COUNT(*) AS Total, MAX(time-taken) AS MaxTime, AVG(time-taken) AS AvgTime FROM ‘[LOGFILEPATH]’ WHERE date > SUB(TO_LOCALTIME(SYSTEM_TIMESTAMP()), TIMESTAMP(‘0000-01-02 00:00’, ‘yyyy-MM-dd HH:mm’)) AND sc-status = ‘500’ GROUP BY cs-uri-stem ORDER […]
If you are regularly updating your servers, you may notice that after re-starting the disk space is not actually given back (i.e. the temporary files downloaded for the update remain). This is because the files are typically still needed during the first re-start as the installation completes as part of this process. The simple fix […]
If you are getting suspicious traffic, it often comes from a range of IP addresses. The below queries get the count using the first three octets of an IP address, so for “192.168.0.1” it will return “192.168.0” and a count of all traffic for the 192.168.0.1/24 range (192.168.0.1 – 192.168.0.255). To get the first three […]
If you want to add my set of Log Parser Studio custom queries to your LPS library, follow these instructions… Note: if you want to merge these with your existing queries, just copy the inner nodes into your LPS library file – if you just want to use my custom set without searching through the […]
You may have seen how to find guilty IP addresses in my post Using Log Parser Studio to Find Guilty IP Addresses, but if you have enabled the logging of X-Forwarded-For IP addresses in IIS you may want to use this updated version, which gets the top offending IP addresses based on the X-Forwarded-For header: […]
If you are using a load balancer, the chances are your IIS Logs are full of entries with the IP address of your load balancer, rather than the IP address of your end user. Most load balancers will allow you to send the IP address in an alternate header, for example the X-Forwarded-For header. This […]