After changing the certificate and the URL of my Report Server, I can connect remotely to the SSRS WebService or Web Portal but** I cannot connect from local**. In fact, I get a 401 error (Not authenticated).
When connecting remotely to https://myserver/ReportServer or https://myserver/Reports through my browser, I am prompted for credentials and after entering them correctly, I get the response from the server.
When I am locally on the server (through RD), I enter the same URL in a browser but it keeps asking for credentials repeatedly even though I enter them correctly. This happens with every browser type I use.
I am using Reporting Services Version 15.0.1102.1002 running on Windows Server 2019 Standard.
I have enabled trace logging through SSRS\ReportServer\bin\ReportingServicesService.exe.config and added more columns to the log through HttpTraceSwitches entry.
When connecting locally to ReportServer through the browser, I get the following log:
#Fields: date time c-ip sc-status cs-username s-ip s-port s-host cs-method cs-uri-stem cs-uri-query
01/15/2023 07:43:27 "server ip" 401 - "server ip" 47873 "server url" GET /ReportServer
01/15/2023 07:43:27 "server ip" 401 - "server ip" 47873 "server url" GET /ReportServer
01/15/2023 07:43:38 "server ip" 401 - "server ip" 47873 "server url" GET /ReportServer
01/15/2023 07:43:38 "server ip" 401 - "server ip" 47873 "server url" GET /ReportServer
Note the 11 second difference between the first two and last two log entries, the latter two are the ones after I submit my credentials. As you can see, the user name is empty (-)
I get a 401 (Not autheticated) error.
The log now when connecting remotely:
#Fields: date time c-ip sc-status cs-username s-ip s-port s-host cs-method cs-uri-stem cs-uri-query
01/15/2023 07:47:22 "remote ip" 401 - "server ip" 47873 "server url" GET /ReportServer
01/15/2023 07:47:28 "remote ip" 401 - "server ip" 47873 "server url" GET /ReportServer
01/15/2023 07:47:28 "remote ip" 401 - "server ip" 47873 "server url" GET /ReportServer
01/15/2023 07:47:28 "remote ip" 200 "user" "server ip" 47873 "server url" GET /ReportServer
In the last log entry, user name appears correctly.
It looks like when I'm connected locally, credentials passed from the browser never reach Report Server or it discards them.
My application that runs on the same server and uses the SSRS web service, gets the same error:
The remote server returned an error: (401) Unauthorized.
I managed to find a solution:
After entering credentials but not entering in the Report portal, I went to the EventViewer -> System and there was this entry:
Log Name: System
Source: LsaSrv
Date: 1/16/2023 11:40:13 AM
Event ID: 6037
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: ******************
Description:
The program RSPortal.exe, with the assigned process ID 1228, could not authenticate locally by using the target name HTTP/**********. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.
Try a different target name.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="LsaSrv" Guid="{199fe037-2b82-40a9-82ac-e1d46c792b99}" EventSourceName="LsaSrv" />
<EventID Qualifiers="0">6037</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2023-01-16T09:40:13.832795000Z" />
<EventRecordID>237591</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>hfri.grnet.gr</Computer>
<Security />
</System>
<EventData>
<Data>1228</Data>
<Data>RSPortal.exe</Data>
<Data>HTTP/***********</Data>
</EventData>
</Event>
As the message denotes, "The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.". To bypass this, I've added a HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\DisableLoopbackCheck setting in registry set to 1.
This solution is proposed by:
https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/accessing-server-locally-with-fqdn-cname-alias-denied
"Error message when you try to access a server locally by using its FQDN or its CNAME alias"
Related
We have a GITLAB setup and
We want to send the output of a error file as a attachment and giving a proper message including in the body as a mail notification to the recipients using BLAT as a service. Using below code
blat -subject "IP is not pingable" -body "please check the attachment for the error logs" -attach C:\Temp\error.txt -to santoshkumar.angadi#yahoo.com
We want to send this from the GITLAB. But I am getting BLAT error log as :
Error: Not a socket for a SMTP server. How to achieve this
Specify an SMTP server with the -server <address>
See http://www.blat.net/syntax/server.html
Make sure it's one that blat can connect to.
As http://www.blat.net/?docs/readme.txt says: To use Blat you must have access to a SMTP server via TCP-IP
In ejabberd 18.01-2, installed in lxc container Ubuntu 18.04 Bionic LTS using apt, I'm trying to setup mod_http_upload.
In the section listen, I have
listen:
-
port: 5444
module: ejabberd_http
tls: true
request_handlers:
"/upload": mod_http_upload
In the configuration file, commented port was 5444, however, in the current documentation, it is 5443, so I am not sure which one is right.
In the modules section, I have
modules:
mod_http_upload:
host: "upload.ejabberd.forumanalogue.fr"
max_size: infinity
thumbnail: true
put_url: "https://ejabberd.forumanalogue.fr:5444/upload"
docroot: "/ejabberd/upload"
When I start the service, I can see an odd message in the logs
2019-11-11 21:02:35.287 [warning] <0.367.0>#ejabberd_pkix:handle_call:255 No certificate found matching 'upload.ejabberd.forumanalogue.fr': strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let's Encrypt (www.letsencrypt.org)
It is strange because I have a signed wildcard certificate.
certfiles:
- "/etc/letsencrypt/live/forumanalogue.fr/*.pem"
I can see the service with my client (Gajim) but when I try to send a file to another local account, I receive an error Access denied by service policy, see the complete log:
<iq xml:lang='en' to='foo#forumanalogue.fr/gajim.HCLJ4BZI' from='upload.ejabberd.forumanalogue.fr' type='error' id='1dd35274-90e9-4b3b-9608-0fab59afe34e'>
<request xmlns='urn:xmpp:http:upload'>
<filename>a.out</filename>
<size>27232</size>
<content-type>application/octet-stream</content-type>
</request>
<error code='403' type='auth'>
<forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<text xml:lang='en' xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Access denied by service policy</text>
</error>
</iq>
I had to enable debug logging in order to see something. It is quite verbose, but I think that the relevant part, which is non redundant with the client message, is
2019-11-11 20:53:08.329 [debug] <0.501.0>#mod_http_upload:process_slot_request:544 Denying HTTP upload slot request from foo#forumanalogue.fr/gajim.HCLJ4BZI
Thank you for your help.
I tried with ejabberd 18.01, a configuration similar to yours, and it works for me.
Looking at the source code, that "process_slot_request:544 " error means that the account attempting to use the upload feature is not allowed by the "local" Access rule in the vhost it sended it to. Probably it's a remote account. Remote to that upload service. In other words, the service upload.whatever can only be used by accounts like user12#whatever.
In your case, you are attempting to use upload.ejabberd.forumanalogue.fr from account foo#forumanalogue.fr, which is not local to that upload service.
Several ideas, I hope one of them suits your specific setup:
A) don't mess with vhosts. If it's forumanalogue.fr, keep it that everywhere
B) use #HOST# in host and put_url options
C) Or if you really want to mess with hosts, then add Access rights so accounts in that vhost are considered "local" to the upload service.
I'm currently trying to run a mastodon server I've installed everything correctly and I haven't gotten an error till now
I'm setting up my SMTP this is the info I've put in
SMTP server: smtp.mailgun.org
SMTP username: mastodon#notifications.example.com
SMTP password:
SMTP authentication: plain
SMTP OpenSSL verify mode: peer
Then when I try to send a test e-mail it throws this error
E-mail could not be sent with this configuration, try again.
SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
Ahh! So someone just pointed out on this thread (https://mastodon.social/#slackz/99772551531768277) that authentication SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE should be commented out in the config. The mastodon:setup rake task automatically adds them (gonna look into making a PR to change that), but if you:
comment out the two lines in .env.production with the above env variables
ensure all your mailgun account records are verified, that you can send email with a curl command they supply on their site
restart the mastodon processes:
sudo systemctl restart mastodon-*
Opened an issue about the behavior here:
https://github.com/tootsuite/mastodon/issues/6975
I'm using Worklight QA and I got an error trying to send mails using SendGrid.
The error was on the Send activation link for the user.
This is part of the error on celeryd.log
HTTPError: HTTP Error 429: UNKNOWN STATUS CODE
[2014-09-29 13:29:55,549: WARNING/Worker-3] Unable to reach Sentry log server: HTTP
Error 429: UNKNOWN STATUS CODE (url: https://app.getsentry.
com/api/13389/store/, body: Creation of this event was
denied due to rate limiting.)
[2014-09-29 13:29:55,555: ERROR/MainProcess] Failed to submit message: u'error:
[Errno 111] Connection refused'
[2014-09-29 13:29:55,556: WARNING/Worker-3] Failed to submit message: u'error:
[Errno 111] Connection refused'
[2014-09-29 13:29:55,558: ERROR/MainProcess] Task notifications.email.ActivationEmail
[88c97bed-812a-427f-98a1-9bc77ff38876] raised exception:
error(111, 'Connection refused')
I've configured local_settings.py with the SendGrid information, the SendGrid account is provisioned and ready to send mails.
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.sendgrid.net'
EMAIL_PORT = 587
EMAIL_HOST_USER = '******'
EMAIL_HOST_PASSWORD = '******'
EMAIL_USE_TLS = False
I've also tried to disable iptables on the server thinking on local firewall issue, but It was getting the same error.
I don't know if this rate limiting error from Sentry has something to do with it.
This could possibly be some kind of SMTP integration issue on your end. Not sure Sentry has anything to do with it.
Suggest changing EMAIL_USE_TLS to True and see if that works. It is possible that SendGrid is enforcing that.
I am getting below error while sending a mail from Email subscription in SSRS.
Below is the Configuration section:
<RSEmailDPConfiguration>
<SMTPServer>mysmtpserver addres</SMTPServer>
<SMTPServerPort>
</SMTPServerPort>
<SMTPAccountName>
</SMTPAccountName>
<SMTPConnectionTimeout>
</SMTPConnectionTimeout>
<SMTPServerPickupDirectory>
</SMTPServerPickupDirectory>
<SMTPUseSSL>
</SMTPUseSSL>
<SendUsing>2</SendUsing>
<SMTPAuthenticate>2
</SMTPAuthenticate>
<From>myid#domain.com</From>
<EmbeddedRenderFormats>
<RenderingExtension>MHTML</RenderingExtension>
</EmbeddedRenderFormats>
<PrivilegedUserRenderFormats>
</PrivilegedUserRenderFormats>
<ExcludedRenderFormats>
<RenderingExtension>HTMLOWC</RenderingExtension>
<RenderingExtension>NULL</RenderingExtension>
<RenderingExtension>RGDI</RenderingExtension>
</ExcludedRenderFormats>
<SendEmailToUserAlias>True</SendEmailToUserAlias>
<DefaultHostName>
</DefaultHostName>
<PermittedHosts>
</PermittedHosts>
</RSEmailDPConfiguration>
Error:
notification!WindowsService_0!1858!08/20/2013-05:48:02:: i INFO: Handling subscription f78a80f1-dd72-4215-b86a-96fa7391cfc0 to report ReportMenu, owner: mydomain\myid, delivery extension: Report Server Email.
library!WindowsService_0!1858!08/20/2013-05:48:02:: i INFO: RenderForNewSession('/ReportProject/ReportMenu')
library!WindowsService_0!1858!08/20/2013-05:48:04:: i INFO: Initializing EnableExecutionLogging to 'True' as specified in Server system properties.
emailextension!WindowsService_0!1858!08/20/2013-05:48:04:: e ERROR: Error sending email. Exception: System.Net.Mail.SmtpException: Mailbox unavailable. The server response was: 5.7.1 Client does not have permissions to send as this sender
at System.Net.Mail.DataStopCommand.CheckResponse(SmtpStatusCode statusCode, String serverResponse)
at System.Net.Mail.SmtpConnection.OnClose(Object sender, EventArgs args)
at System.Net.ClosableStream.Close()
at System.Net.Mail.MailWriter.Close()
at System.Net.Mail.SmtpClient.Send(MailMessage message)
at Microsoft.ReportingServices.EmailDeliveryProvider.EmailProvider.Deliver(Notification notification)
notification!WindowsService_0!1858!08/20/2013-05:48:04:: i INFO: Notification f06badda-98db-4aba-8a1f-26646430479b completed. Success: True, Status: Failure sending mail: Mailbox unavailable. The server response was: 5.7.1 Client does not have permissions to send as this sender, DeliveryExtension: Report Server Email, Report: ReportMenu, Attempt 0
Could someone help on this ?
As per the exception, the issue is coming from the SMTP server:
Status: Failure sending mail: Mailbox unavailable. The server response
was: 5.7.1 Client does not have permissions to send as this sender
Because you have SMTPAuthenticate set to 2 in the config, the SSRS service user will try and authenticate to the SMTP server. See Configure a Report Server for E-Mail Delivery for more details.
You need to resolve this issue - since SSRS is running under NT Service\ReportServer and trying to send the mail as <From>myid#domain.com</From> the SMTP server will not allow this, and hence the error.
As a test you can change the SSRS service user to myid#domain.com as a check to confirm this is the issue.
If so, you should investigate getting a domain user set up with a mailbox and running the SSRS service under that user.
Your other option is removing the Authentication option from the config (i.e. setting SMTPAuthenticate to 0) and allowing anonymous authentication to the SMTP server, though this might not be allowed in your environment.