Windows 2008: Disable password complexity requirement

Posted on by Randy

Method 1

In Windows Server 2008, there is an option in Local Security Policy. Click on Start and then Administrative Tools and then click on Local Security Policy. In Local Security Policy, click on Account Policies and then click on Password Policy. Under Password Policy, double click on “Password must meet complexity requirements” and then select the Disabled option. Then click on Apply and then click on OK. Then close the Local Security Policy and then close the Administrative Tools window.

Method 2

You can use the Group Policy Editor to disable password complexity. Click on Start and then click on Run. In the Run dialog box, type gpedit.msc and hit Enter or click on OK. Then click on Computer Configuration and then Windows Settings and then Security Settings and then Account Policies and then click on Password Policy. Under Password Policy, double click on “Password must meet complexity requirements” and then select the Disabled option. Then click on Apply and then click on OK. Then close the Local Group Policy Editor.

Copy one disk to another using Linux and DD

Posted on by Randy

The following will copy two disks, partition table and all, with forensic quality, and pad the destination disk with zeroes if any data is unreadable on the source disk. Be sure you’ve identified which disk is which using combinations of dmesg and ‘fdisk -l’. The destination disk must also be equal or greater in size.

sudo dd bs=512 if=/dev/sda of=/dev/sdb conv=noerror,sync

bs=512   = Block size 512 bytes
if=/dev/sda   = Source disk /dev/sda (found in dmesg and verified with fdisk -l)
of=/dev/sdb   = Target disk /dev/sdb (found in dmesg and verified with fdisk -l)
conv=noerror,sync   = Ignore errors, pad missing data with zeroes

Grab some coffee or take a drive, as the source disk and overall copy process can be VERY slow if it has medium errors.

Be careful, you will INSTANTLY and completely wipe out the destination disk, partitions and all, so build your command line carefully.

Windows: Ignore errors with Xcopy and RoboCopy

Posted on by Randy

To copy entire directory structures as quickly as possible and ignore all disk errors (useful in data recovery) either of the following commands should work with robocopy being the quickest (if you’ve got Vista/7 or XP with the XP Resource Kit installed). Both commands use source -> destination path order.

xcopy /C/H/R/S/Y c:\ d:\

/C = Continues copying even if errors occur
/H = Copies hidden and system files also
/R = Overwrites read-only files
/S = Copies directories and subdirectories
/Y = Overwrites existing files without asking
robocopy c:\ d:\ /MIR /R:0 /W:0

/MIR = Mirror entire directory structure (can use /E instead)
/R:0 = 0 retries for read/write failures
/W:0 = 0 seconds between retries

Linux: Shutdown/Poweroff command

Posted on by Randy

The other day I was surprised to find the ‘shutdown -h now’ command on the Redhat/Centos rescue CD doesn’t work. I’ve since discovered a few other ways to get a Linux OS to power off, each should accomplish the same thing – gracefully power down.

  shutdown -h now
  halt
  poweroff
  init 0

Cpanel: Install mod_geoip for PHP

Posted on by Randy

First, install the Maxmind GeoIP database.

mkdir /usr/local/share/GeoIP
cd /usr/local/share/GeoIP
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gzip -d GeoIP.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gzip -d GeoLiteCity.dat.gz
wget http://twiki.cpanel.net/twiki/pub/EasyApache3/CustomMods/custom_opt_mod-mod_geoip.tar.gz
tar -C /var/cpanel/easy/apache/custom_opt_mods -xzf custom_opt_mod-mod_geoip.tar.gz

Then, recompile Apache and PHP.

/scripts/easyapache

Cpanel: Clear out catch-all and default email

Posted on by Randy

Cpanel creates a default address inbox for each domain consisting of the Cpanel user’s primary username. This address is not used for normal email, rather as a catch-all (if enabled) or a sink-hole for delivery failures or auto-generated mail from scripts. It is fairly safe to regularly empty out these mailboxes, and it will free up significant space for some domains:

find /home/*/mail/new/ -type f -print0 | xargs -0 rm

Linux: Sort disk usage with awk

Posted on by Randy

Sort the output of ‘du’ in human readable format (similar to the -h switch).

du -k | sort -nr | awk '
     BEGIN {
        split("KB,MB,GB,TB", Units, ",");
     }
     {
        u = 1;
        while ($1 >= 1024) {
           $1 = $1 / 1024;
           u += 1
        }
        $1 = sprintf("%.1f %s", $1, Units[u]);
        print $0;
     }
    ' > du_sorted.txt

Asterisk: Call rejected, CallToken Support required.

Posted on by Randy

When connected with peers running older versions of Asterisk, the following error might come up and inbound calls from the peer are rejected:

ERROR[xxxxx] chan_iax2.c: Call rejected, CallToken Support required. If unexpected, resolve by placing address x.x.x.x in the calltokenoptional list or setting user guest requirecalltoken=no

To resolve this, place the following in iax_custom.conf and reload Asterisk:

calltokenoptional=0.0.0.0/0.0.0.0;

Cpanel: Undefined subroutine &Compress::Zlib::gzopen

Posted on by Randy

On a particular Cpanel box I occasionally receive the following when attempting to install or update any Perl module — whether initiated by myself or by Cpanel:

Undefined subroutine &Compress::Zlib::gzopen

The fix is to remove all traces of Compress:Zlib with the following command:

rm -rf `find /usr/lib/perl5/ | grep Compress | grep Zlib`

When this happens, it’s likely the Perl modules have become out of sync, so after running the previous command be sure to update everything:

/scripts/checkperlmodules --full

Fixing RTL8111/8168B kernel module on Debian/Ubuntu

Posted on by Randy

For many years, issues with the r8169 module have plagued Debian and related Linux distributions such as Ubuntu.

You’ll see lots of ifconfig errors and stuff like this on desktop mainboards with a Realtek NIC:

Oct 29 07:40:32 c1100d335 kernel: [1996163.743022] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 07:40:32 c1100d335 kernel: [1996163.777667] r8169: eth0: link up
Oct 29 08:17:38 c1100d335 kernel: [1998515.536001] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 08:17:38 c1100d335 kernel: [1998515.554022] r8169: eth0: link up
Oct 29 08:38:50 c1100d335 kernel: [1999866.799565] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 08:38:50 c1100d335 kernel: [1999866.817750] r8169: eth0: link up
Oct 29 09:12:56 c1100d335 kernel: [2002018.492904] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 09:12:56 c1100d335 kernel: [2002018.508900] r8169: eth0: link up
Oct 29 09:56:20 c1100d335 kernel: [2004766.751497] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 09:56:20 c1100d335 kernel: [2004766.771105] r8169: eth0: link up
Oct 29 10:19:38 c1100d335 kernel: [2006244.296991] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 10:19:38 c1100d335 kernel: [2006244.319198] r8169: eth0: link up
Oct 29 10:41:02 c1100d335 kernel: [2007610.618895] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 10:41:02 c1100d335 kernel: [2007610.636753] r8169: eth0: link up
Oct 29 10:53:38 c1100d335 kernel: [2008416.126505] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 10:53:38 c1100d335 kernel: [2008416.228687] r8169: eth0: link up

Or if you’re lucky, you get this:

Oct 29 15:21:29 mirror kernel: [20796.791066] NETDEV WATCHDOG: eth0: transmit timed out
Oct 29 15:21:29 mirror kernel: [20796.791109] ------------[ cut here ]------------
Oct 29 15:21:29 mirror kernel: [20796.791133] WARNING: at net/sched/sch_generic.c:222 dev_watchdog+0xa6/0xfb()
Oct 29 15:21:29 mirror kernel: [20796.791159] Modules linked in: nf_conntrack_ipv4 xt_tcpudp xt_conntrack iptable_mangle nf_conntrack_ftp ipt_REJECT ipt_LOG xt_limit xt_multiport xt_state nf_conntrack iptable_filter ip_tables x_tables ipv6 loop parport_pc parport i2c_i801 i2c_core psmouse button snd_hda_intel serio_raw snd_pcm snd_timer snd soundcore snd_page_alloc rng_core pcspkr intel_agp evdev ext3 jbd mbcache sd_mod piix ide_pci_generic ide_core usbhid hid ff_memless ata_generic ata_piix libata scsi_mod dock uhci_hcd ehci_hcd r8169 thermal processor fan thermal_sys [last unloaded: scsi_wait_scan]
Oct 29 15:21:29 mirror kernel: [20796.791457] Pid: 0, comm: swapper Not tainted 2.6.26-2-amd64 #1
Oct 29 15:21:29 mirror kernel: [20796.791482]
Oct 29 15:21:29 mirror kernel: [20796.791484] Call Trace:
Oct 29 15:21:29 mirror kernel: [20796.791517]  <IRQ>  [<ffffffff80234958>] warn_on_slowpath+0x51/0x7a
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff803cc972>] dev_watchdog+0x0/0xfb
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff802353f3>] printk+0x4e/0x56
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff80212507>] read_tsc+0x9/0x20
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8023cf15>] lock_timer_base+0x26/0x4b
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8023d0a4>] __mod_timer+0xbd/0xcc
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff80243847>] queue_delayed_work_on+0xb8/0xc8
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff803cc972>] dev_watchdog+0x0/0xfb
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff803cca18>] dev_watchdog+0xa6/0xfb
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff803cc972>] dev_watchdog+0x0/0xfb
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8023c9d5>] run_timer_softirq+0x16a/0x1e2
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff802393a1>] __do_softirq+0x5c/0xd1
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8020d2dc>] call_softirq+0x1c/0x28
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8020f3e8>] do_softirq+0x3c/0x81
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff802392ff>] irq_exit+0x3f/0x85
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8021aaab>] smp_apic_timer_interrupt+0x8c/0xa4
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff80212b57>] mwait_idle+0x0/0x4d
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8020cd02>] apic_timer_interrupt+0x72/0x80
Oct 29 15:21:29 mirror kernel: [20796.795054]  <EOI>  [<ffffffff80212b98>] mwait_idle+0x41/0x4d
Oct 29 15:21:29 mirror kernel: [20796.795054]  [<ffffffff8020ad04>] cpu_idle+0x8e/0xb8
Oct 29 15:21:29 mirror kernel: [20796.795054]
Oct 29 15:21:29 mirror kernel: [20796.795054] ---[ end trace 90f2af131b1794c6 ]---
Oct 29 15:21:29 mirror kernel: [20796.811063] r8169: eth0: link up

If you’re REALLY lucky (or leave the machine powered up for a few weeks), you might see this followed by a complete lock-up:

Oct 28 09:40:35 mirror kernel: [1800333.162704] NETDEV WATCHDOG: eth0: transmit timed out
Oct 28 09:41:40 mirror kernel: [1800397.679803] Modules linked in: nf_conntrack_ipv4 xt_tcpudp xt_conntrack iptable_mangle nf_conntrack_ftp ipt_REJECT ipt_LOG xt_limit xt_multiport xt_state nf_conntrack iptable_filter ip_tables x_tables i
pv6 loop parport_pc parport button snd_hda_intel pcspkr rng_core snd_pcm snd_timer snd soundcore snd_page_alloc psmouse i2c_i801 serio_raw i2c_core intel_agp evdev ext3 jbd mbcache usbhid hid ff_memless sd_mod piix ide_pci_generic ide_cor
e r8169 ata_generic ata_piix libata scsi_mod ehci_hcd dock uhci_hcd thermal processor fan thermal_sys [last unloaded: scsi_wait_scan]
Oct 28 09:41:40 mirror kernel: [1800397.679803] CPU 2:
Oct 28 09:41:40 mirror kernel: [1800397.679803] Modules linked in: nf_conntrack_ipv4 xt_tcpudp xt_conntrack iptable_mangle nf_conntrack_ftp ipt_REJECT ipt_LOG xt_limit xt_multiport xt_state nf_conntrack iptable_filter ip_tables x_tables i
pv6 loop parport_pc parport button snd_hda_intel pcspkr rng_core snd_pcm snd_timer snd soundcore snd_page_alloc psmouse i2c_i801 serio_raw i2c_core intel_agp evdev ext3 jbd mbcache usbhid hid ff_memless sd_mod piix ide_pci_generic ide_cor
e r8169 ata_generic ata_piix libata scsi_mod ehci_hcd dock uhci_hcd thermal processor fan thermal_sys [last unloaded: scsi_wait_scan]
Oct 28 09:41:40 mirror kernel: [1800397.679803] Pid: 17, comm: events/2 Tainted: G        W 2.6.26-2-amd64 #1
Oct 28 09:41:40 mirror kernel: [1800397.679803] RIP: 0010:[<ffffffff8042a52a>]  [<ffffffff8042a52a>] _spin_lock+0x10/0x15
Oct 28 09:41:40 mirror kernel: [1800397.679803] RSP: 0018:ffff81007f3f7ec8  EFLAGS: 00000287
Oct 28 09:41:40 mirror kernel: [1800397.679803] RAX: 000000000000100f RBX: 0000000000000100 RCX: ffffffff803f1263
Oct 28 09:41:40 mirror kernel: [1800397.679803] RDX: ffff8100379803e8 RSI: 0000000000000011 RDI: ffff81001a483080
Oct 28 09:41:40 mirror kernel: [1800397.679803] RBP: ffff81007f3f7e40 R08: ffff81001a4833e0 R09: 0000000000000000
Oct 28 09:41:40 mirror kernel: [1800397.679803] R10: ffff810080a4e000 R11: ffffffff8021a857 R12: ffffffff8020cd02
Oct 28 09:41:40 mirror kernel: [1800397.679803] R13: ffff81007f3f7e40 R14: ffff81001a483040 R15: ffff81001a483040
Oct 28 09:41:40 mirror kernel: [1800397.679803] FS:  0000000000000000(0000) GS:ffff81007f378240(0000) knlGS:0000000000000000
Oct 28 09:41:40 mirror kernel: [1800397.679803] CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
Oct 28 09:41:40 mirror kernel: [1800397.679803] CR2: 00007f1cbc2c2f20 CR3: 0000000000201000 CR4: 00000000000006e0
Oct 28 09:41:40 mirror kernel: [1800397.679803] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Oct 28 09:41:40 mirror kernel: [1800397.679803] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Oct 28 09:41:40 mirror kernel: [1800397.679803]
Oct 28 09:41:40 mirror kernel: [1800397.679803] Call Trace:
Oct 28 09:41:40 mirror kernel: [1800397.679803]  <IRQ>  [<ffffffff803f1275>] ? tcp_delack_timer+0x12/0x1eb
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803f1263>] ? tcp_delack_timer+0x0/0x1eb
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8023c9d5>] ? run_timer_softirq+0x16a/0x1e2
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff802393a1>] ? __do_softirq+0x5c/0xd1
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8020d2dc>] ? call_softirq+0x1c/0x28
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8020f3e8>] ? do_softirq+0x3c/0x81
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff802392ff>] ? irq_exit+0x3f/0x85
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8021aaab>] ? smp_apic_timer_interrupt+0x8c/0xa4
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8020cd02>] ? apic_timer_interrupt+0x72/0x80
Oct 28 09:41:40 mirror kernel: [1800397.679803]  <EOI>  [<ffffffffa027835c>] ? :nf_conntrack:nf_conntrack_in+0x2/0x4fe
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803d4d74>] ? nf_iterate+0x41/0x7d
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803dcac8>] ? dst_output+0x0/0xb
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803d4e0d>] ? nf_hook_slow+0x5d/0xbe
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803dcac8>] ? dst_output+0x0/0xb
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803dde05>] ? __ip_local_out+0x9b/0x9d
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803dde10>] ? ip_local_out+0x9/0x1f
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803de9ce>] ? ip_queue_xmit+0x29f/0x2f2
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803ee700>] ? tcp_transmit_skb+0x731/0x76e
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803b66bc>] ? __alloc_skb+0x7f/0x12d
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803ece9b>] ? tcp_rcv_state_process+0x9f8/0xa2a
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803f31b7>] ? tcp_v4_do_rcv+0x42b/0x49d
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffffa02a942d>] ? :nf_conntrack_ipv4:ipv4_confirm+0xd1/0xdd
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803d4d74>] ? nf_iterate+0x41/0x7d
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803e16e7>] ? __inet_lookup_established+0xf1/0x192
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803f518f>] ? tcp_v4_rcv+0x693/0x6e4
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803da7ca>] ? ip_local_deliver_finish+0x120/0x1dd
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803da687>] ? ip_rcv_finish+0x32f/0x352
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff803daba4>] ? ip_rcv+0x22e/0x273
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffffa009a91c>] ? :r8169:rtl8169_rx_interrupt+0x4fa/0x511
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffffa009ca7e>] ? :r8169:rtl8169_reset_task+0x41/0xea
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffffa009ca3d>] ? :r8169:rtl8169_reset_task+0x0/0xea
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff802430a4>] ? run_workqueue+0x82/0x111
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff80243971>] ? worker_thread+0xd5/0xe0
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff802461a5>] ? autoremove_wake_function+0x0/0x2e
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8024389c>] ? worker_thread+0x0/0xe0
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8024607f>] ? kthread+0x47/0x74
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff802300ed>] ? schedule_tail+0x27/0x5c
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8020cf38>] ? child_rip+0xa/0x12
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff80246038>] ? kthread+0x0/0x74
Oct 28 09:41:40 mirror kernel: [1800397.679803]  [<ffffffff8020cf2e>] ? child_rip+0x0/0x12
Oct 28 09:41:40 mirror kernel: [1800397.679803]

Luckily, there is hope. You can blacklist the in-kernel driver and install a vendor-supplied module.

cd /usr/src
wget http://djlab.com/stuff/r8168-8.032.00.tar.bz2
tar jxvf r8168-8.032.00.tar.bz2
cd r8168-8.032.00
make clean modules
make install
depmod -a
echo "blacklist r8169" >> /etc/modprobe.d/blacklist-network.conf
update-initramfs -u

Then, reboot the box and check which driver you’re using with ‘ethtool -i eth0’. It should now be r8168 instead of r8169:

driver: r8168
version: 8.032.00-NAPI
firmware-version:
bus-info: 0000:01:00.0

Update – 2/22/2011

I’m re-posting Daniel’s automation with DKMS. These are cut-and-paste-ready code-blocks.

Make sure dkms and gcc are installed:

apt-get install dkms gcc

Create the dkms.conf:

cat <<EOF > /usr/src/r8168-8.032.00/dkms.conf
PACKAGE_NAME=r8168
PACKAGE_VERSION=8.032.00
MAKE[0]="'make'"
BUILT_MODULE_NAME[0]=r8168
BUILT_MODULE_LOCATION[0]="src/"
DEST_MODULE_LOCATION[0]="/kernel/updates/dkms"
AUTOINSTALL="YES"
EOF

Then run:

dkms add -m r8168 -v 8.032.00
dkms build -m r8168 -v 8.032.00
dkms install -m r8168 -v 8.032.00

Done! Now it will automatically be compiled and installed for new kernels.