https can not establish a private connection - https

guys, I need your help. Here is the problem I face now:
I have a Dell XPS laptop and install windows 10 and Linux Mint 18 on it. To keep the clock consistent with my time zone, I have used the following command in Linux:
timedatectl set-local-rtc 1 --adjust-system-clock
The problem now is, in windows 10, I can only connect to Gooogle or gmail during the beginning of the reboot. After long time, or after a suspension of windows 10, I can not connect to Google service anymore. It will report "can not estabish private connection". I can connect to other website normally. The same problem also exist for my dropbox. It will report "can not establish a secured connection".
I have checked the certificate of https for Google services, it seems that the browser locates to a wrong certificate when the connection is failed.
The problem disappear if I use a VPN connection.
I guess the problem is related to clock setting in my windows system, but I don't know how to solve it.
any suggestion is appreciated.

Solved.
The problem is that I use manual DNS settings, so the time in my computer and the server is not consistent. Just need to convert to auto DNS.
Sorry for the interrupt.

Related

Unable to RDP into windows?

I have a windows 16 machine on AWS. I installed Cygwin on it so that I can connect it as a jenkins slave. But once I connected it as a slave, I am NOT able to MSTSC/RDP into the machine. I can still access the machine via ssh/cygwin.
( I repeated the process several times and ended up losing rdp connectivity everytime )
This is what is actually happening now :
The EventLogs on machine are saying that logoff instructions are being initiated by the RDP client.
RDP client is saying "The disconnection was initiated by the user logging off their session on the server"
Visually, if seems like the remote connection was setup for a split second. Then it vanishes.
So, I believe that somehow my Administrator account is not able to maintain the session. It's getting disconnected as soon as it connects.
Can you suggest me which settings should I debug into ? I am able to extract a few details from my machine using ssh, but I can't explore all the settings.
If you are familiar with this behaviour please suggest me what settings might be reponsible for this.
Addition info:
If I restart my ec2 , it will never come back because a status check starts failing
I am able to telnet to 3389 port. So I guess, firewall rules are not an issue.
I have tried various RDP clients, on MAC as well as on Windows.
I found this in event log (ProviderName: Microsoft-Windows-RemoteDesktopServices-RdpCoreTS) on my remote windows machine:
5/10/2019 3:13:44 PM 103 Information The disconnect reason is 12
.
.
.
5/10/2019 3:13:43 PM 228 Warning Disconnect trace:CUMRDPConnection Disconnect trace:'calling spGfxPlugin->PreDisconnect()' in CUMRDPConnection::PreDisconnect at 4477 err=[0xc], Error code:0xC
It turns out the my problem was occuring due to some cleanup utility deleting up the system files required for mstsc.
Everything started working fine after I switched off the cleanup utility.
Thanks for the help though.

Safari refuses SSL connection to one server

I've got an intranet site setup which uses an SSL cert with a self-signed CA. On one of my Macs, Safari refuses to connect, with the "Safari can't open the page .. because Safari can't establish a secure connection to the server .." The Mac is running 10.11 (El Capitan) with the latest patch.
Chrome and Firefox are both able to connect to that server.
Safari is willing to connect to it if I use the IP address instead of the
DNS name.
In the logs I see com.apple.WebKit.Networking[3382]:
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
Another Mac on the LAN is happy to connect to the machine by its DNS name
I suspect there's something wrong in the keychain, but I can't find any certs nor revocations for anything related to either the DNS name of the machine, or its CA.
Any suggestions how to debug this are very welcome. The other StackOverflow articles seem unrelated to my issue.
My solution to this issue was to revert my Apache Configuration SSL Cipher Suite back to the default setting in WHM. Hopefully this may be of help.
I recently ran into a similar issue with an iOS device on an intranet. I installed the self-signed root and issuing certificates on the phone, but continued to receive the message. After a lot of trial and error, I found that manually changing the DNS setting (tapping the 'i' icon next to the active wifi connection in the wifi settings) to Google's public DNS ("8.8.8.8") solved the problem.

Postgres ODBC: connection "actively refused"

I'm using SSH tunneling to connect from a Windows 7 machine to a remote Postgres database.
The tunnel works fine when I use pgAdmin to connect to the remote database. However, I haven't managed to set up an ODBC DSN to connect to the remote database.
I'm creating a System DSN with the same server address/username/password/port/ssl mode as pgAdmin but when I click "Test" I get: "Could not connect to server; No connection could be made because the target machine actively refused it."
Any ideas on where to start debugging? I've ruled out Windows Firewall and remote server configuration, since I can connect with the exact same information in pgAdmin.
Edit
The problem resolved itself after reinstalling Windows.
When debugging this the first thing to do is to start testing the PostgreSQL server with the psql command line utility. This avoids issues of drivers etc to see what is actually going on. Generally speaking my troubleshooting process is:
Can I ping the server?
Can I connect with psql?
When I test my connection via the control panel, does it work?
Now, assuming the problem is on #2, the first thing I would do is try disabling firewalls on both sides (they can be brought up and tuned after trying with both down). This rules out misbehaving firewalls and if it shows this to be a problem then you have the answer on where to troubleshoot.
In my experience Windows firewall can cause all manner of problems. I have even seen it block web pages halfway through the web page. I don't think you can rule out Windows Firewall based on the information you have provided.
If this happens again, the first things to do include disabling both any antivirus software and firewalls.
The other possibility would be a bad ODBC config (maybe port 5423 instead of 5432) or a badly installed DLL of some sort. The latter may be fixed (or not) using sfc /scannow or reinstalling the odbc driver, or other actions.

Is an SSH tunnel through Citrix Client possible?

I know it is not strictly a programmer question, on the other hand, I would really like to be able to do a simple svn up on the production servers, which would save us a lot of hassle.
Or production servers are within a corporate network, and access is only allowed through a gateway server. From that we can access the actual servers via Remote Desktop. Because of this maintenance unfriendly setup we use a sftp server to get our files to the production server (where the ftp server alwys resets last modified date), so it is complicated to determine which files have changed.
So if it would be possible to setup a ssh tunnel from the actual server through the citrix connection, it would ease the whole update process.
(On further option which I consider is to use bazaar to push our updates to the sftp server and then pull the updates from there, but unfortunately there is no working svn plugin for bazaar available [on windows])
Okay, not wanting this to remain unsolved, I posted the following on the usenet in alt.os.citrix:
G'day everyone
Someone asked me this question. I haven't a clue. Any ideas?
"the connection I have is PC -> Citrix Access Gateway -> actual Server. My question is, if it is possible to establish a ssh connection from my PC to the actual Server."
The response I got from a Catherine Jefferson was:
Should be. I do this all the time using an Access Gateway VPN, then ssh to servers inside the company LAN.
What version of the Access Gateway is this user running? I work for Citrix, might be able to get a more specific answer for him or her.
So may I suggest you hook into alt.os.citrix (probably via Google Groups if you don't have an NNTP tool) and buy into the conversation.
--Bruce
I do this a lot. The tunnel is like:
ssh -nvCXAN -L 1494:10.0.2.39:1494 www.starshipping.com &
Then, you need an ICA file that points to localhost.
[WFClient]
Version=2
[ApplicationServers]
Connection To Citrix Server=
[Connection To Citrix Server]
WinStationDriver=ICA 3.0
TransportDriver=TCP/IP
ClientAudio=Off
DesiredColor=8
Username=yourusername
Domain=yourdomain
Password=xxxxxxxxx ; has to be encrypted. I pulled from another ICA file generated internally
ScreenPercent=97
TWIMode=OFF
Address=localhost
This all worked very fine on OSX until Citrix gave out a new version of the Citrix client which is now called the Citrix Online Plugin. Haven't been able to get it to work since then. Meanwhile, our VPN has been working fine, so haven't worried too much about it.
Citrix over SSH, How to Create a Key Pair for SSH Authentication Using PuTTYgen, Terminals. It seems that the answers are "out there" but not readily found. That was just five minutes in Google. HTH.

Cannot Access http://<tfs-server>:8080

I've installed TFS 2008, but I can't seem to access the server. When I try to connect to it in Visual Studio, I can't. If I try by browser on a remote PC, I get a generic page cannot be displayed. On the server, I get a 403. Nothing was touched in IIS and the service is running as a Network Service. Any ideas?
try:
http://localhost:8080/Services/V1.0/ServerStatus.asmx. This will tell you if TFS is up and running. If you are getting anything else you need to look into IIS issues.
I wrote a blog post on diagnosing these types of TFS connections.
http://blogs.msdn.com/granth/archive/2008/06/26/troubleshooting-connections-to-tfs.aspx
The very first thing I do is confirm that it works for a known-good configuration – usually my workstation.
Providing that works and the server appears to be functioning, the next thing I do is ask the user to call the CheckAuthentication web service using Internet Explorer.
The URL for this is: http://TFSSERVER:8080/services/v1.0/ServerStatus.asmx?op=CheckAuthentication
By doing this check, I am doing four things:
Eliminating Team Explorer from the picture
Eliminating the .NET networking stack from the picture
Ensuring that Windows Authentication is working correctly (that’s why I say IE)
Ensuring that proxy settings are set correctly
In most cases I’ve seen, the TFS connection issues are because the proxy settings have changed or are incorrect. Because .NET and Visual Studio use the proxy settings from Internet Explorer, it’s important to have them set correctly.
In rare cases it’s beyond this. That’s when I start looking at things like:
Can you resolve the server name?
Can you connect using the IP address?
Are there HOSTS file entries? (see: c:\windows\system32\drivers\etc\hosts)
Can you ping the server?
Can you telnet to port 8080?
Does the user actually have access? Run TfsSecurity.exe /server:servername /im n:DOMAIN\User to check their group memberships
Have you changed your domain password lately? In some cases they’ll need to logoff the workstation and log back on again to get a new security token.
Is the computer's domain certificate valid? update the certificate: gpupdate /force
Hope this helps.
Turns out the time and date on my computer was not "close enough" to the time and date on the tfs server. Changed my system clock setting and problem went away.
What happens if you send a simple HTTP request to the server directly?
ie:
telnet 8080 [enter]
GET / HTTP/1.1[enter]
[enter]
[enter]
That might give a hint about whether IIS is actually serving anything. If you can do that on the server, what about from a different machine? If the results are different a good guess is there are some security/firewall issues somewhere. HTH a little.
I went through everything on a similar problem.
I logged onto my tfs server and connected directly there.
I also used a TFS admin tool I downloaded some time ago from Microsoft, and made sure I was in all the right groups and projects.
I then went back to the client PC with the problem, tried the services/1.0/serverstatus.asmx?op=CheckAuthentication Url again, and it worked this time.
AFter that full service was restored to my PC.
So I don't have the exact answer, but I would go through the checklists presented by Grant Holliday in his answer.
Add this to the cases for future users, as i had this issue on server 2016...
if your firewall allow only Domain and Private Network, it may not work on client. make sure you give public permission, if server network is set to public...
The error you may face:
ERR_CONNECTION_TIMED_OUT
for
http://fserver:8080/tfs

Resources