Category: sysadmin

System Administration

How to Show Unattached Devices in Windows Device Manager

As I was searching again for this (I once knew it, but I keep forgetting it), I will simply write it down here: if you want to see all the unattached devices in the device manager, you have to set the environment variable devmgr_show_nonpresent_devices to value 1. If you then start the device manager, you have to also check “Show hidden devices“.

This is documented in Microsoft KB315539.

phpMyAdmin with mod_fcgid

I am currently migrating my server configuration away from mod_php towards mod_fcgid (the successor of mod_fastcgi), as this allows me to use different users for executing scripts in different directories. I use this to have every hosted virtual domain using its own system user. This should (in theory) prevent one buggy application to take over all other hosted domains as well.

I though faced one problem: I could not get phpMyAdmin working and this was a requirement of one of my clients. phpMyAdmin kept popping up the authentication dialog over and over again when using HTTP Basic Authentication.

After searching some time, I noticed that, when using PHP in CGI mode, the authentication data is not passed over to the script by default. A FAQ entry of phpMyAdmin brought the solution to this issue: a ReWrite Rule was needed for the directory containing phpMyAdmin:

RewriteEngine On
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]

Suddenly phpMyAdmin worked 😉

Terminal-Server NX 2.0 “Free-Forever” Released

NoMachine has announced the release of version 2.0 of thei terminal-server product NX, codenamed “Free-Forever”.

They have released more of their products under GPL and provide now a restricted version under the codename “NX Desktop Server free-forever”:

NoMachine provides a free-for-download and free-forever NX Desktop Server which allows 2 user sessions providing access to any desktop or any network type.

The 2-user sessions should be quite sufficient for many purposes.

[Source: Golem.de]

WinXP: How to Deactivate the “Windows Genuine Advantage Tool”

To remove Microsoft’s new “Windows Genuine Advantage-Tool”, which in the current version will check the system’s license every day against a Microsoft database, simply remove the registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\WinLogon\Notify\WGALogon

Bugzilla: Upgrading MySQL Database from Latin1 to UTF8

IMPORTANT Update 2009-07-09: This information is already several years old! You should not use this information for modern versions of Bugzilla (3.2 and above), which will allow you to convert to UTF-8 using checksetup.pl.

In the present case, we have a Bugzilla database created with a charset of latin1. Unfortunately, now after updating MySQL to 4.1, error occured when trying to assign a new developer to a bug, indicating mismatch of collations (UTF-8 vs. Latin1). This is caused by the fact that there is now latin1-data stored in an UTF-8 table.

The following procedure can be used to upgrade the database to UTF-8, eliminating the problem:

  1. mysqldump -p --default_character-set=latin1 --skip-set-charset bugs > dump.sql
  2. mysql -p --execute="DROP DATABASE bugs; CREATE DATABASE bugs CHARACTER SET utf8 COLLATE utf8_general_ci;"
  3. mysql -p --default-character-set=utf8 bugs < dump.sql
  4. perl -pe 's/latin1_bin/utf8_general_ci/g; s/latin1/utf8/g' dump.sql > dump-utf8.sql
  5. mysql -p --default-character-set=utf8 bugs < dump-utf8.sql

You should of course always check if the Pearl-RegEx only replaced charset declarations and not some matches within the data.

Thanks to TextSnippets for the script.

OpenVPN and Tap-Win32-Adapter Problem

OpenVPN on Microsoft Windows has a problem with the TAP-Win32-Adapter driver used for the tunnel. The device needs to be deactivated/reactivated after a Windows restart before any connection can be established. In this article I present a very simple script and solution for automating this process.

Continue reading “OpenVPN and Tap-Win32-Adapter Problem”

Gentoo: MySQL and PHP Charset Problems

At the moment, Gentoo is experiencing several inconsistency and problems with character sets between MySQL and PHP. This is primarely based on MySQL-4.1 now updating from 4.0 without warning and user interaction which most of the times breaks existing extended characters as MySQL now stores every dump from former databases as UTF-8, which is still badly supported by PHP.

For many PHP web applications which experience problems with extended characters (like umlauts, accents, …), the following hack might help.

  1. Locate the file where the mysql database connection is opened.
  2. Add the following commands after opening the database connection:
    mysql_query('SET character_set_client=latin1');
    mysql_query('SET character_set_results=latin1');
    mysql_query('SET character_set_connection=latin1');

This will resume using latin1 instead of UTF-8 for the connection and the result set. For performance reasons, the data in the database should then be stored as latin1 as well.

According to messages in the Gentoo Forum, the developers have now released an ebuild for PHP (both 5.x and 4.4.2) that will regard character-set settings in my.cnf in a section especially for php (still in unstable). You should use the section [php-cli], [php-cgi] and/or [php-apache2handler]. Unfortunately I have not yet had time to test this out.

Out of /dev/random?

Ever happened to run out of random numbers?

Well, if you are using Apache together with mod_ssl you can easily run into the situation that after starting up Apache, requests to it will block up to several minutes or time out. This happenes, if Apache is configured to use /dev/random as a source for random numbers which are required in the initialisation of mod_ssl and similar, if you have to few entropy information left for the generation of more secure random numbers.
As suggested in a Gentoo Forums article, you can emerge the tool sys-apps/rng-tools, which provides you with rngd, a daemon collecting entropy from hardware random number generators and feeds /dev/random with this data.

If you happen (like me) to not having a hardware random number generator on your server’s mainbord, rngd will use /dev/urandom as a source of entropy and mix it with entropy collected from your system. While this will indeed result in a certain drop of “randomness” of /dev/random, it still has major advantages by reducing the startup time of apache to several seconds, as /dev/random will not block any more.

Don’t forget to add rngd to your server’s default runlevel (rc-update add rngd default).

Windows 2003 Server as NTP client

Our Windows 2003 Server refused to sync the clock via NTP. Main reason for this behaviour is the fact that as PDC it wants to change the NTP server’s clock as well, which is normally not permitted by the NTP server and the packet is discarded.

To change the preferred server of the Windows Time service (w32time), follow these steps:


w32tm /config /manualpeerlist:<server>,0x8 /syncfromflags:MANUAL

w32tm /config /update

net time /querysntp

w32tm /resync

(source: Meinberg Funkuhren – FAQ – Windows synchronisiert nicht mit NTP (German))

Apache: Force SSL for a Directory Using .htaccess and mod_rewrite

To force SSL on a given directory using .htaccess, use the following code. It requires mod_rewrite enabled in Apache. Adjust the path in the RewriteRule to match the full qualified URL of the HTTPS-domain.


RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]