I can get here, but no one at work using our proxy can seem to get to MSDN.
Our Network Administrator has no clue. He said if I could figure it out, he'd fix it. He thinks it is because the ISA Server is too old to understand Microsoft's newer HTML technology.
This is normally a DNS problem.
If it is just this site, it may be that the address to MSDN is registered incorrectly in a HOSTS file or the internal DNS.
For other possibilities see: http://forums.isaserver.org/m_2002006838/mpage_1/key_/tm.htm#2002006915
Are there any errors in the ISA logs? ISA should be able to handle these websites.
Related
Unable to do the windows update through batch patch. When I tried to check for available updates, some instances are showing the error message as “Error 1601: Failed to retrieve WMI info. The RPC server is unavailable".
I have tried the below troubleshooting steps for those instances which are showing error.
1. Windows Firewall – opened ports 135 and 445
2. Checked the RPC service to see if it is running and set to automatic
3. If the instance is stopped, we have left it alone
Followed this KB https://batchpatch.com/troubleshooting-common-errors-in-batchpatch no luck. Anyone who has experience or idea what is wrong please guide me.
It's peculiar that you would post on stackoverflow rather than contacting BatchPatch support directly (https://batchpatch.com/contact) or posting on the support forum (https://batchpatch.com/forum).
The page that you linked (batchpatch.com/troubleshooting-common-errors-in-batchpatch) contains additional links for troubleshooting the 'RPC server is unavailable' error. It specifically points to these two links:
batchpatch.com/using-batchpatch-with-windows-firewall
batchpatch.com/batchpatch-ports
It is not sufficient to just open 135 and 445 in the Windows Firewall. You must open 'File and Printer sharing' and 'Windows Management Instrumentation (WMI).' In your case, probably the error is occurring because you did not open 'Windows Management Instrumentation (WMI).'
The above link also further explains:
In order for WMI to work properly… The target computer must be able to
receive and process RPC (Remote Procedure Call) requests. Both the WMI
and RPC services must be running on the target computer. If you’re
using Windows Firewall on the target computer, then please follow the
instructions on this page to configure it properly: Using BatchPatch
with Windows Firewall
(batchpatch.com/using-batchpatch-with-windows-firewall).
If you are using a hardware firewall, the configuration for WMI can
potentially be a bit trickier, depending on the particular firewall
device. WMI connections, by default, are not established on a
static/fixed port. Instead WMI uses dynamic port configuration for its
connections, which means that the actual ports used for a given
connection are established on-the-fly at the time of connection. Each
connection will end up using different ports. In the context of a
classic hardware firewall, this used to be a problem because hardware
firewalls would typically require any open ports to be configured
manually. An enterprise firewall administrator could never know in
advance which ports would need to be opened. However, fortunately many
modern firewalls now implement DCE/RPC, which solves this problem and
allows the use of dynamic ports for WMI/RPC. If you have a network
level hardware firewall in place between the BatchPatch computer and
the target computers, you’ll need to configure it to allow DCE/RPC, so
that it can open the necessary ports, on-the-fly, for each WMI
connection. More info on DCE/RPC can be found at the following two
links:
en.wikipedia.org/wiki/DCE/RPC
wiki.wireshark.org/DCE/RPC
Sorry if this is not really relevant to stack overflow but I'm sure someone will know the answer.
I have a Mac at home and want the IP address of that network to be sent to a page on my website.
I have port forwarded a program on my Mac and want to access it when I am out and about. I've tried dynamic DNS and have had no luck due to my routers lack of editable settings.
I would really appreciate it if someone knew of a way that I could find out the public IP address of my home network remotely by having it updating on my website, or if this is not possible a service which offers this ability.
Obviously it would be great if this was a free service/ program.
Thanks in advance,
Ed.
just create a bash script that sends to your website. you must be something know about API for your website.
for try this also http://www.noip.com/download?page=mac
You could try http://noip.com.
I think they have a mac tool to do this.
Okay, so we implement Recaptcha in production. We get errors because it can't reach the IP address it needs to use the service. We open a port for the IP address to reach Google. No problem. We do that and configure that IP address explicitly to work. It works great. Then, the next day, we start getting errors again because Recaptcha is using a different IP address. I can allow requests from that IP address, too, but now I'm unsettled. Where are these addresses coming from? How do I configure this to work reliably?
Recatpcha from Google can use any Google IP address and there are lots of them.
Ran this from Windows:
_netblocks.google.com text =
nslookup -type=TXT _netblocks.google.com
"v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
That's all the network Google uses currently. These can change so check them often.
Google suggest allowing port 80 to all IPs outbound, this highly insecure. They recommend going through a proxy server but again that is highly insecure if your web server is an DMZ. Proxy aware trojans do exist. All that need to be done is exploit a vulnerability to execute arbitrary code and you can create reverse connection on port 80 through a proxy server to download the payload. Then it is trivial to escalate privileges and own the box. I don't mean just Windows servers but Linux as well. I've done it in lab environment on security was on. It's really easy to do.
This is the Google website I got this from:
http://code.google.com/p/recaptcha/wiki/FirewallsAndRecaptcha
I wanted to append to this answer with more recent information. The documentation that Chris is pointing to does not include all of the TXT records necessary to dig (thanks Google):
_netblocks2.google.com (IPv6 subnets)
_netblocks3.google.com (Additional IPv4 subnets)
In my particular case, the _netblocks3 entry contained 2 large /19's that made my initial rule ineffective
(I found additional references here: https://support.google.com/a/answer/60764?hl=en)
Perhaps you should be using a hostname rather than IP
I have a slackware server on LAN with dnsmasq, dhcp etc.
There is also one windows vista computer connected to the network.
I want to block a specific file from one website on the entire LAN or if it's not possible just for one computer.
I thought it could be done with dnsmasq, but it blocks the entire website.
I searched for solutions, but i only found that i can add "127.0.0.1 example.com" in host file somewere in system32 which is not too helpful.
About blocking for one computer. The browser is Firefox, but i don't want to install any addons.
I'd be grateful for any advice on what I should look for or any simple script to write for that.
The only way I can think of doing this is to require that the clients access the Internet through a proxy server, such as squid, that supports the ability to block specific pages.
I am trying to develop one application which can block all urls using win32 api on windows desktop application.
So is there any api or any procedure doing programmatically so that i can block all urls?
It's impossible to block just URLs. If you want to make sure no one can access the internet the only way to do this would be to unplug the ethernet cable. (Or whatever is giving you connectivity) Here's why:
Blocking all DNS resolution won't stop someone from accessing http://206.132.84.265/
Blocking port 80 and 443 won't stop someone from accessing a web site hosted on a non-standard port.
Denying access to IE and installation of any other software won't stop someone from downloading a browser that doesn't require to be installed (Like a text browser) and putting it on a thumb drive.
Buying an expensive firewall that blocks HTTP traffic won't be able to stop SSL operating on a non-standard port.
Believe me, back in highschool I worked in a warehouse with a scanner gun and figured out how I could check my email with it (with a little help from my computer at home) since an internet gateway was on the same network.
If you want to block people from surfing the web, disconnect the internet.
I suppose you can do it using the Windows Firewall API
http://msdn.microsoft.com/en-us/library/Aa366453.aspx
You can do this using Windows Firewall Protocol. This is an API provided by Microsoft.
For Vista it's straight-forward, but for XP you need to do some work around, as examples are not available for that.