Tag Archives: Network

Server (for example: HTTP) has a large number of time_ Solutions to wait

To understand TCP several state of the students, we should all know, TCP active disconnected side will appear TIME_WAIT state, TIME_WAIT state will keep the MSL 2 time, this is mainly used to prevent, take the initiative to open a party sent to the LAST lost a FIN ACK, lead to passive passive close one LAST – ACK timer timeout retransmission FIN, avoid the TCP state of chaos. However, in the case of high server concurrency, this default mechanism may cause the server to maintain a large amount of TIME_WAIT state, resulting in a large waste of resources, which may affect subsequent connection and request processing. To solve this phenomenon, we can modify the configuration of the server. Here we take the configuration of a Linux server on Aliyun as an example.
[root@izbp1dnvbin1s4fqqr8izfz ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
fs.file-max = 1000000
net.core.somaxconn = 2048
net.core.rmem_default = 16777216
net.core.wmem_default = 16777216
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 4096 16777216
net.ipv4.tcp_wmem = 4096 4096 16777216
net.ipv4.tcp_mem = 786432 2097152 3145728
net.ipv4.tcp_max_syn_backlog = 16384
net.core.netdev_max_backlog = 20000
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_orphans = 131072
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_max_tw_buckets = 40000
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
Net. Ipv4.com.lo. Arp_announce =2
net. Ipv4.com.conf.all. Arp_announce =2
net Net ipv4.tcp_fin_TIMEOUT (FIN timeout), net ipv4.tcp_TW_reuse (time_wait state socket reuse to allow socket to be used for a new TCP connection, default 0, Net ipv4.tcp_tw_recycle(fast recovery of time-wait sockets in TCP connections, default is 0, close), and then use the /sbin/ sysctL-p command to make the configuration work.

BUG: Bad page map in process XXX pte:800000036fae6227 pmd:35be8c067

First of all, given the kernel printing information, the serial port will have some, dmesg will see a little bit more.

BUG: Bad page map in process XXX pte:800000036fae6227 pmd:35be8c067
addr:00007f3fa75c0000 vm_flags:00200070 anon_vma:(null) mapping:(null) index:7f3fa75c0
Pid: 1312, comm: XXX Not tainted 2.6.32.27 #1
Call Trace:
 [<ffffffff815a3570>] print_bad_pte+0x1e2/0x1fb
 [<ffffffff811063ee>] vm_normal_page+0x6e/0x80
 [<ffffffff81107117>] unmap_vmas+0x5b7/0x9f0
 [<ffffffff8106edba>] ?dequeue_signal+0xda/0x170
 [<ffffffff8110cb5c>] unmap_region+0xcc/0x170
 [<ffffffff8110e405>] do_munmap+0x305/0x3a0
 [<ffffffff8110f183>] sys_munmap+0x53/0x80
 [<ffffffff8100c082>] system_call_fastpath+0x16/0x1b
Disabling lock debugging due to kernel taint

Don’t worry about the kernel version number on the stack, because switching to a 3.16.44 kernel will also cause this problem.
The stack seemed to provide a lot of information, but not much help in locating the problem, and at one point led in the wrong direction.
Stack analysis: this stack is obviously a system call, the interface function of the system call is munmap(), in the program code search, only find a few, the analysis of the code seems to see nothing wrong. So in the process to hang up the point, since the stack each time appears in the business thread, so all the business threads in munmap() hang the breakpoint: break munmap thread idx, and then break munmap thread idy… Not every time a breakpoint is triggered, the stack will be triggered several times before it occurs. This phenomenon began to suspect that the kernel memory problem. Until a display *(0x00007f3fa75c0000) is set, each time the munmap() breakpoint is triggered, an attempt is made to read the value of *(0x00007f3fa75c0000). After an interrupt is triggered, The stack above is printed directly (without setting display, continue and munmap() triggers printing), which is more certain that there is a kernel memory problem.
In the first believe the kernel, doubt their own mentality, the first location of the driver problem, the first thought is netmap driver. View process XXX memory map: cat /proc/1312/maps

...
7f4020021000 default
7f40275c0000 default file=/dev/Vnetmap
7f40a8000000 default anon=3 dirty=3 N0=3
7f40a8021000 default
...

Any surprise to find that 0x7f40275c0000-0x00007f3fa75c0000 = 0x80000000, which is netmap minus the mapping address of the problem (that’s the one on the top display) is equal to 2G. Every time. One face muddleheaded, think of this matter what mechanism caused by the kernel, then walked to read the kernel memory management code, focused on the mmap() system call flow. I’ll probably think about it first. mmap() system call flow is simple as follows:

do_mmap_pgoff
   |
   |--get_unmapped_area
   |--...
   |--mmap_region
        |
        |--find_vma_repare
        |--...
        |--file->f_op->mmap
        |--...

The above file - & gt; f_op-> Mmap is specific to the file function, also note the above device file /dev/Vnetmap when the user program opens it and puts its file descriptor fd to mmap() then it can be tuned to Vnetmap custom file-> f_op-> Mmap . He is in the Vnetmap driver implementation, the problem is here.
Analysis: The running environment is 64-bit X86 platform. Vnetmap is the driver module, running in kernel state, it maps the memory applied in the kernel bit by bit to the user virtual address space. It USES a variable of type int as the cumulative count of the virtual address offset, after the offset exceeds 2G, int has a sign flip and becomes negative, and the offset becomes -2g , which seems to be associated with the above.
Understand: (this part didn't source, pure analysis is only for convince yourself that it is not much time, but also does other, have the time to analyze) beyond 2 g memory of kernel space, actual associated with a page table (error), but not visible in the area of the page (eara), errors associated with user mode space is redistributed, find a page table is associated with the page frame, print the above error.

Contact: [email protected]

Infragistics.NetAdvantage . 2006.vol2 error 1609 solution

Description:
error 1609,an error occurred while applying security settings.
aspnet is not a valid user or group.this could be a problem with the package,or a problem connecting to a domain controller on the network.check your network connection and click retry,or cancel to end the install.
Error 1609
error applying security Settings. The user is not a valid user or group. This could be due to a problem with the package or a problem connecting to a domain controller on the network.
Simply put, the ASPNET user does not exist or the domain in which the user resides has a problem. If the user doesn’t exist, create a user named ASPNET, or if it does, it could be a domain problem.
I encountered a situation where the user already existed. Solution: In “My Computer” right-click “Administration”, disable, enable, and add ASPNET users to the list owned by Administrator. The installation passes.  

Event ID 407, 408 – when NAT is used as a DNS server

QUESTION NO: 211

You are the administrator of TestKing’s network, which consists of a single Windows 2000 Domain. The

relevant portion of its configuration is shown in the exhibit.

You configure a Windows 2000 Server computer named NAT1 as the DNS server for the domain. You

install Routing and Remote Access on NAT1. You configure NAT1 to provide network address

translation services for client computers to access the Internet.

Users now report that they cannot log on to the domain or access network resources. On investigation,

you discover that you cannot query NAT1 for name resolution. In the application event log on NAT1, you

find the following event messages:

Event ID: 407

Source: DNS

Description: DNS server could not bind a datagram (UDP) socket to

192.168.0.1. The data is the error.

Event ID: 408

Source: DNS

Description: DNS server could not open socket for address 192.168.0.1.

Verify that this is a valid IP address on this machine.

How should you correct this problem?

A. Disable the DNS proxy functionality on NAT1

B. Enable the DNS proxy functionality on NAT1

C. Reconfigure the DNS server service not to listen on the internal address of NAT1.

D. Reconfigure the DNS server service not to listen on the external address of NAT1.

Answer: C

Explanation: This problem can occur when you have a NAT server that also is used as a DNS server. NAT has

a DNS Proxy setting that enables DHCP clients to direct DNS queries to the NAT server. The client DNS

queries are then forwarded to the NAT server’s configured DNS server. The DNS Proxy and the DNS Server

service cannot coexist on the same host, if the host is using the same interface and IP address with the default

settings.

There are three methods to overcome this problem:

1. Reconfigure the DNS server service not to listen on the internal address. This is the solution in this scenario.

2. Install NAT and DNS on different servers. We cannot change this configuration here since this option is not

listed.

3. Use the DHCP server Service in NAT, NOT the DHCP Allocator and DNS Proxy.

Reference: JSI Tip 3284, Your DNS Event Log reports Event Ids 407 and 408

Incorrect Answers:

A: We could disable both the DNS proxy functionality and the DHCP allocator.

B: The DNS proxy function on the NAT server is partly to blame. Enabling it will not help.

D: We must configure the DNS server not to listen to the internal address, not the external address.

Error installing network file system: Mount error 20 = not a directory

After upgrading to Fedora 9, I found it impossible to mount the Samba Shared file system as before.

when I use the following command:

$mount-t cifs //192.168.1.2/ Samba/MNT/Samba-o Username =test,password=test

mount samba share file gets the following error:

mount error 20 = Not a directory

Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

a Google search revealed that the problem could be due to the cifs file system not being compatible with older samba Shared servers, so either upgrading the samba server program or restricting the cifs would be required to fix the problem. According to the online advice, you can use:

$echo 0 > /proc/fs/cifs/LinuxExtensionsEnabled

modifies the cifs option to disable cifs extensions, and then mount is no problem.

but it was a bit cumbersome to do this every time I restarted, so I changed my system startup script so that I could put these mounts into my fstab and let the system mount automatically every time it was started. The methods are as follows:

modify /etc/init.d/netfs to add a line like the + sign in start as follows:

Case “$1” in the start)

+/sbin/modprobe cifs & amp; & echo 0 > /proc/fs/cifs/LinuxExtensionsEnabled

first execute “/sbin/modprobecifs” to load the cifs module, otherwise the file we want to modify LinuxExtensionsEnabled may not exist yet, and the modification will fail. Since rc*.d/S**netfs at different boot levels are linked to /etc/init.d/netfs, this change takes effect for all boot levels. Of course, if your system is not such a link, it is the same to modify the corresponding file.

there will be no problem installing the samba Shared file system after the restart.

Event id = 4321 error on server

Source: NTEBT
E ID:4321
 
The name “the CCDI: 1 d” cannot be registered to the IP address 10.64.50.8 interface. A machine with an IP address of 10.64.50.1 does not allow this name to be used by this machine.
For more information, please refer to the help and support center at http://go.microsoft.com/fwlink/events.asp.
 
Solution 1: Error reporting: NetBT4321 Processing method: NBtstat -a IP find the same name of the user and group, rename. Solution 2: Fix: Network connection →TCP/IP→WINS→ disable NetBIOS
 
or
Msconfig
and then turn off the TCP/IP NETBIOS help in the service entry

Error 711: Cannot load Remote Access Service Connection Manager.

When you try to create a new network Connection, you may receive the following Error message:
Error 711: Cannot load Remote Access Service Connection Manager.
The Routing and Remote Access service terminated with service-specific error 711 (0x2C7)
Incoming Connections depend on the Routing and Remote Access service which was unable to start.For more information, check the system event log.
The first method:
 
Please take a look at your following services:
Service name: EventLog Display name: Windows Event Log Boot type: Auto
Service Name :TapiSrv Display name: Telephony Startup Type: Manual
Secure Socket Tunneling Protocol Service Startup Type: Manual
Service name :Netman Display name: Network Connections Startup Type: Manual
Service Name: NSI Display name: Network Store Inte*** CE Service Startup Type: Automatic
Service name :RasMan Display name: Remote Access Connection Manager Startup Type: Manual

error :711 friends, I think your service Settings should be on the first service I listed
First service description: This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It displays events in BOTH XML and plain text formats. Stopping the service may compromise the security and reliability of the system.
Disabling the first Service will cause the SstpSvc to display the name: Secure Socket Tunneling Protocol Service which stops automatically after startup
And the service name :RasMan shows the name: Remote Access Connection Manager and the service needs to rely on it,
 
 

the second method:

this problem is easy to solve! At the command line run as administrator. Type Netsh WinSock Reset Enter and restart
 
 

the third method:

find C:/Windows/System32/LogFiles/WMI this folder, as long as this folder administrator title and then restart! Use rubik’s cube in the system Settings right menu management inside the new “access to administrator rights” function, and then you can click the right mouse button on the folder above, the administrator to obtain the ownership can be solved.
 

the fourth way :(this method did not try, it must work, but do not want to shut down every time to execute, feel like trying to steal the bell.

see by the members asked — — — — — — — the C:/Windows/System32/LogFiles/WMI right to this folder.
after restart, can be normal broadband connection. Then restart is such a problem, had to go to get the administrator rights of that file again, so after the restart can be on
The old restart is really very annoying, tell you a soil method, although soil, but it is really convenient, do not have to always take permission, restart. It’s the same thing, just write a script and have it run automatically when it’s turned off. Method is as follows:
1, to save the code below. Bat format (name myself to marry a good, I set it to 711. The bat) where is not easy to remove, code for @ ECHO OFF
takeown/f “C:/Windows/System32/LogFiles/WMI” y/r/d & amp; & icacls “C:/Windows/System32/LogFiles/WMI” /grant administrators:F /t
Encourage people to do it themselves, to enrich their food and clothing. The lazy ones or the ones that won’t save can be downloaded for a few bucks and the attachments below are already written

2, click “start” and “run”, in the run command box input “gpedit.msc”, open the group policy window pane on the left side of the console tree, in turn, a “computer configuration” “Windows Settings” “script startup/shutdown” node as shown in figure, double-click the details pane on the right side of the “shutdown” project, in the “shutdown properties” dialog box, click on the “add” button, will 711. Add bat for the new computer shutdown scripts set up complete, exit the group policy window, restart the computer
 
 
Fifth:
After the completion of the installation of Windows7, found that the dial-up connection can not be set up, either 711 error, 1068 dependent service can not start, or 691 error, and so on, it can be said that the error messages are varied!
There is no way, had to install back to WindowsXP, and then search the Internet for reasons, only to find that there are many friends appear the same error, after the search and analysis of the online information, as well as download ready to use the software, again installed back to Windows7.
Try to use the information on the Internet to solve the problem, make late at night, found still wrong, unable to restart to see first, no sleep, ready to install WindowsXp again the next day, a restart, surprise, to be able to connect to the Internet, web pages can be opened normally, success!
It’s two o ‘clock in the night. I’m going to bed

through several hours of groping, successfully dial-up Internet!
now put possible solutions, write out to share, may not be able to solve all the friends of the problem, but can try!
1,
install Windows7, then open control panel open network and Internet open view network status and tasks, select set up new connection or network, according to your network type set up the connection, set up the same method as WindowsXp.
 

“computer — management — services and applications — services”, go to the “Remote Access Connection Manager”, and check whether the “boot type” is “automatic”, if not, change to “automatic”. Similarly, find “Internet Connection Sharing (ICS)” and set it to “Auto.” Download ratio
Three,

find “c:/Windows/system32/logfiles” this folder and open.
Select and right-click the “WMI” folder. Select Get Administrator Privileges.

restart the computer!

5,
click on the lower right corner “”,

click the “broadband connection” and “” buttons. Icon “” becomes” “, OK!
open the network and share center, use the netcom broadband conversion tool to convert the user name, copy and paste, enter the password is ok. It’s ok to change the computer name. Right – click computer. Click properties. Click on advanced System Settings. Click computer name again. Click Change. Reset the top computer name in English or letters. Restart your computer. Log in and reconnect.
 
 
 

above five (except for the fourth) can not completely solve the “711 problem”, not necessarily which restart after the error.

here to do a survey, after all, recently there are many friends with this problem, everyone say
Because of what reason does oneself appear this problem?Is this the new system?Or after changing something?)
Is there a radical solution??(except for reinstall and system restore)
Hope to be able to solve this problem thoroughly through this post for the friends who are worried about this problem!

Error 1606 could not access network location% SystemDrive% / inetpub / wwwroot /

Prompt for title error when uninstalling or reinstalling Infragistics NetAdvantage
Under Windows 7
1. Open registry Regedit
2, find the HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/InetStp PathWWWRoot
64-bit operating system: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\InetStp\PathWWWRoot
% SystemDrive %/inetpub/below/= = “C: \ inetpub \ below
 

 
 
 
 

SQL 2005 remote connection error (provider: SQL network interface, error: 28 – the server does not support the requested protocol

Solution: On the server side: Open SQL2005 SQL Server Management Studio program
(1) to connect to the database,
(2) trying to choose the registered under the menu Server
if there are no things out of the window, to update the local Server database engine right click on the select register
(3) on the local hope remote access database, right click on the select SQL Server configuration manager
(4) in the window, Select SQL Server 2005 network configuration in the left tree, select the appropriate database in the sub-set,
(5) and right click on TCP/IP in the right protocol to enable it
I followed this method to do first, and then found that it was still unable to connect to the server, finally use the following method to solve: start — “program –” Microsoft SQL Server 2005–& GT; SQL Server 2005 Peripheral Application Configurator select “Peripheral Application Configurator for Services and Connections” in this SQL server instance select Database Engine -& GT; For remote connections, select both TCP/IP and Named Pipes in the box on the right for local and remote connections

Explain MySQL replication error 1032 & 1205

Most of the businesses using MySQL involve Replication, and master-slave mechanisms are often used for reading and writing separation,HA, hot backup, or incremental Replication.
However, in many cases, 1032 and 1205 errors are reported
1032 in the first place.
Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND;
The root cause of the 1032 error was inconsistency in the master-slave database data, resulting in the synchronization operation not being performed on the slave library.
There are two kinds of situations I have encountered so far:
For Replication, I used master –binlog-do-db=db_name or slave — Replicate_do_db =db_name.
If two libraries pubs and test, ignore the test, the results have a SQL in the master test library implementation: insert into pubs. Tname values (XXXXX);
Then, depending on the configuration of the service, a 1032 error is raised if the master executes successfully and the master does not
2 TRIGGER and PROCEDURE version problem. If the master-slave version is inconsistent, for example, five pieces of data are written after the execution of a PROCEDURE on the master-slave version, while only one line of data is written after the execution of a PROCEDURE on the master-slave version, then a 1032 error is bound to occur

Solutions:
1. It doesn’t use –binlog-do-db and — Replicate_do_DB =db_name
Change from top — Replicate_wild_do_table =db_name.%
2 Ensure that the master-slave TRIGGER and PROCEDURE versions are consistent

Say again 1205:
This error is easy to understand. Typically, the primary operation connection is autocommit, and as a result, the runtime fails and an error is reported when synchronizing from the library.
Two ways to do it:
Set my.cnF Innodb_rollback_on_TIMEOUT =1 on the primary, rollback for timeout
2. Ignore 1052. My. CNF — slave-skipping-errors =1205 from above

1205 occurs on the main library, often because of lock timeouts. For example, using a transaction on a table results in one transaction not committing late, another transaction waiting for the previous transaction to commit, lock wait timeout, and the latter transaction hanging. A 1205 error occurred on the main library. The most common is when a table has a self-growing ID, and an INSERT initiated transaction is delayed for several reasons, so that subsequent transactions wait for the previous INSERT operation to commit when performing the insert operation on the table. These all require DBAs and R& D Cooperate to complete. The service performance is low CPU utilization, but load is unusually high. If you look innoDB status, you can catch lock conflicts randomly.

[ERROR] ERROR reading packet from Server: Lost Connection to MySQL Server during Query (server_errno=2013)
In general, three situations will lead to 2013 errors
1 Reverse parsing
2 Max_allowed_packet is inconsistent
3. Network Problems

The solution
1 Skip-name-resolve is forbidden to reverse resolve
Configure master slave max_allowed_packet with the same value
3 Adjust the value of net_write_TIMEOUT

A friend of mine reported a mistake in 2013 when I was writing notes. None of the three schemes mentioned above worked, and Lost Connection to MySQL Server appeared very timely. Finally, I found out that the network agent controlled the connection for more than 30 minutes and automatically hung up…

Typical error log for IPSec ACL mismatch

IPSec ACL is what we usually call VPN traffic of interest. In real life, problems caused by this ACL configuration error are very common. The typical error is “QM FSM error”, which can be checked by running “Debug Crypto isakmp” on PIX/ASA.

May 15 09:17:11 [IKEv1]: Group = X.X.X.X, IP = X.X.X.X,
QM FSM error (P2 struct & 0x41f7f80, mess id 0x4d3d6016)!

May 15 09:17:11 [IKEv1]: Group = X.X.X.X, IP = X.X.X.X, construct_ipsec_delete(): No SPI to identify Phase 2 SA!

May 15 09:17:11 [IKEv1]: Group = X.X.X.X, IP = X.X.X.X, Removing peer from correlator table failed, no match!

Cisco’s website explains the error log:

QM FSM Error

The IPsec L2L VPN tunnel does not come up on The PIX Firewall or ASA, and The QM FSM error message proves ambiguous. One possible reason is The proxy identities, such as interesting traffic, Access Control List (ACL) or crypto ACL, do not match on both the ends. Check the configuration on both the devices, and make sure that the crypto ACLs match.

This article explains the whole process of IKE and IPsec in detail:
http://jackiechen.blog.51cto.com/196075/158222

This article from “facing the sea, spring flowers” blog, declined to reprint!

SQL Server 2005, unable to log in, forget sa password, 15405 error!


can not be connected to./SQLEXPRESS.
Additional information:
user ‘sa’ login failed. This user is not associated with a trusted SQL Server connection. (18452), Microsoft SQL Server Error:)
— — — — — — — — — — — — — — — — — —
it’s mapping times wrong:
failed to create for user “sa”. (Microsoft) is essentially) express. The smo)
Additional information:
perform Transact_SQL statements or abnormal happened when the batch. (Microsoft) is essentially) express. ConnectionInfo)
unable to use special groups’ sa ‘. The (15405), Microsoft SQL Server Error:

2, the concrete solving steps:

the first step: open the SQL2005 with administrator login first, then right-click the selected attributes in the service name & gt; Security & gt; The login mode option on the right has been changed to authentication OK!

step 2: select safety (expand)> Login name & gt; Double-click the sa> Password change the password you need to confirm! Then turn off SQL2005 or disconnect.

. Step 3: start > Application & gt; Choose SQL2005 & gt; Configuration tool & GT; Open the configuration manager> Expand SQL Server2005 network configuration
note: select MSSQLSERVER if SQMEXPRESS
> TCP/IP options & gt; Enable and right click > Property & gt; Ip address TAB & GT; Change all disabled options to enabled & GT; Then restart the SQL2005 service!