We recently started using HAProxy to load balance between two application servers for both HTTP and HTTPS traffic. It was really easy to get working, has worked great so far and we’re really pleased with it. The only issue we had was with our login cookies, which are set via FormsAuth, as when logging in our visitors use HTTPS and might get a different server to the one they were ‘stuck’ to with HTTP which uses a cookie to ensure the same server. HAProxy can’t read a cookie from an SSL stream as the connection isn’t terminated at the proxy, it is still terminated at the web application server (you can end HTTPS connections at the proxy by installing a webserver on it as well though). For us this was an easy fix however.
From the Microsoft article on FormsAuth:
If you deploy your application in a Web farm, you must ensure that the configuration files on each server share the same value for validationKey and decryptionKey, which are used for hashing and decryption respectively. This is required because you cannot guarantee which server will handle successive requests.
With manually generated key values, the <machineKey> settings should be similar to the following example.
If you want to isolate your application from other applications on the same server, place the <machineKey> in the Web.config file for each application on each server in the farm. Ensure that you use separate key values for each application, but duplicate each application’s keys across all servers in the farm.
To generate a Machine Key, simply go to this handy webpage and generate a new key. You can then either add it just after the <system.web> element to your application’s local web.config or to the root web.config which will be in your .Net installation folder (something like C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config).
After you have done this on all your servers, you can check them all by going into IIS and selecting Machine Key where you can see if each server is using the correct keys.
However, after doing this it still wasn’t working for us. After a little digging about we realised we hadn’t installed any Windows Updates on the new server. I think it was specifically this one that was stopping it working, but after a full update and a reboot it all worked just fine.
I upgraded to Mountain Lion yesterday, as I like to torture myself a little from time to time and see what an OS upgrade will break this time. I’ve only two things that didn’t work, Mailplane and Parallels. Mailplane needed to be upgraded to either version 2.x preview or to the Mailplane 3 beta.
Parallels also had an upgrade with support for Mountain Lion and installing that got it working.
I have two 24” monitors on my Mac and I run Parallels full screen on my 2nd monitor. On the new version with OS X Mountain Lion, when I click inside the VM, apps on my main display start flickering like crazy. There is a forum post on it here, but basically the fix for now is to disable 3d acceleration on your VM.
I’ll be the first to admit I’m a bit of a beer snob. I don’t like canned beer and will do a lot to avoid it. It has a metallic taste that I don’t like and I much prefer bottles. I know draft beer comes in large aluminium barrels, but it doesn’t seem to affect the taste in anything like the same way as 500ml cans do.
Then I came across this…
At first I quite liked the can bottle, as it’s aesthetically appealing, I much prefer the mouthpiece on a bottle to a can, so I thought, ok, maybe this’ll be alright as I do really like the actual receptacle. Then I drank it. No Heineken, no, just no. It tastes exactly the same as canned beer but costs the same as a bottle. Oh well.
I’m currently waiting for a parcel to be delivered which is my new Olympus OM-D E-M5 that is coming from the US. I received a spam message that took me in for a minute, as I thought it was related to the camera.
Our company’s courier couldn’t make the delivery of parcel.
Status deny:Fee isn’t paid.
LOCATION OF YOUR PARCEL:Irving
STATUS: sort order
SERVICE: One-day Shipping
NUMBER OF YOUR ITEM:U413001201NU
The label of your parcel is enclosed to the letter.
You should print the label and show it in the nearest post office to get a parcel.
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $5.94 for each day of keeping over limited time.
You can find the information about the procedure and conditions of parcels keeping in the nearest office.
Royal Mail Logistics Services.
First thing I did was to check the headers of the message (below). I noticed that it got an SPF pass, which I first thought a bit strange as the email was showing as being from firstname.lastname@example.org, then I noticed it was actually “email@example.com via s2.ingenihost.com”, so the SPF pass was for the domain ingenihost.com.
Received: by 10.194.54.37 with SMTP id g5csp160341wjp;
Fri, 29 Jun 2012 15:10:46 -0700 (PDT)
Received: by 10.224.72.138 with SMTP id m10mr7310631qaj.5.1341007846024;
Fri, 29 Jun 2012 15:10:46 -0700 (PDT)
Received: from s2.ingenihost.com (s2.ingenihost.com. [188.8.131.52])
by mx.google.com with ESMTPS id d3si6031089qao.0.2012.06.29.15.10.45
Fri, 29 Jun 2012 15:10:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of firstname.lastname@example.org designates 184.108.40.206 as permitted sender) client-ip=220.127.116.11;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of email@example.com designates 18.104.22.168 as permitted sender) firstname.lastname@example.org
Received: from colourfu by s2.ingenihost.com with local (Exim 4.69)
for ; Fri, 29 Jun 2012 18:10:44 -0400
Subject: Delivery information contains at the postal label
From: "Royal Mail CS"
Reply-To: "Royal Mail CS"
Date: Fri, 29 Jun 2012 18:10:44 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - s2.ingenihost.com
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [543 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - s2.ingenihost.com
X-Source-Args: /usr/bin/php /home/colourfu/public_html/.c007.php
They actually screwed up the attachment, as the file didn’t have a name (filename=”“), so Gmail called it noname. I downloaded it and gave it a .zip extension, unzipped it and found a 44KB file called Label_Royal_Mail_Express_Services_UK4784256.exe. Out of interest I scanned it on Virus Total and found it contained a virus that Kaspersky calls Trojan-Dropper.Win32.Dapato.bkqg. Results for the scan are here.
So definitely not my new camera then. Reported it as spam in Gmail and on SpamCop so hopefully the senders IP gets blacklisted pretty soon.
I’ve seen error 2147943785 a couple of times and it’s always been due to the user that is set to run the scheduled task not having the Log On As Batch Job assignment.
Start Menu > Administrative Tools > Local Security Policy > Local Policies > User Rights Assignment > Log On As Batch Job
Add the user that is set to run the scheduled task and try to run it again.