bookmark

27 Articles

Cannot connect with MySQL Workbench but can connect from shell with mysql command line client

Taken from https://askubuntu.com/questions/773446/unable-to-connect-via-mysql-workbench-to-localhost-in-ubuntu-16-04-passwordless/781136#781136 for my own reference:

 

The issue is likely due to socket authentication being enabled for the root user by default when no password is set, during the upgrade to 16.04. This important caveat is documented in the 16.04 release notes:

Password behaviour when the MySQL root password is empty has changed. Packaging now enables socket authentication when the MySQL root password is empty. This means that a non-root user can’t log in as the MySQL root user with an empty password.

For whatever reason, the MySQL Workbench that came with 16.04 doesn’t work out of the box with MySQL server, at least for me. I tried using “Local Socket/Pipe” to connect in a number of different ways but to no avail.

The solution is to revert back to native password authentication. You can do this by logging in to MySQL using socket authentication by doing:

sudo mysql -u root

Once logged in:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

which will revert back to the native (old default) password authentication. If you’ve attempted some other method to fix the issue, you’ll want to make sure the “plugin” field in mysql.user is set to “auth_token”, which may require using mysqld_safe to log in to MySQL in the event you’ve been tinketing with things, like I did.

Credit to Miguel Nieto’s blog post for this solution.

Bookmark: Running EXE Over UNC

https://social.technet.microsoft.com/Forums/windows/en-US/70b2dd7e-833c-4240-92e0-9b865e917307/trusted-sites-and-internet-zone-security-level-gpo-is-not-applying-in-windows-server-2008-r2?forum=winserverGP

Apparently, on server2008, despite a domain-wide GPO was applied dictating the trusted sites zone, it seemed to be NOT applied to server2008 !

More specifically, you can see in Internet Options, tab Security, a yellow info line stating that “Some settings are managed by your system administrator”, but when checking the list with Trusted sites, this turns out to be empty !

The exact GPO setting I’m referring to:
Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page :
Site to Zone Assignment List     ENABLED
With (example):
http://*.myowncompany.com     2
http://*.microsoft.com                2

Despite this setting, when checking in IE on any Server2008, the list of sites in Trusted Zone is EMPTY !!

This is caused by the fact that by default Internet Explorer Enhanced Security Configuration  (IE ESC) is ENABLED for both users and administrators !

You can disable it for administrators:
Start > Administrative Tools > Server Manager
under Security Information, click Configure IE ESC

Under Administrators : click Off.
Now, after closing and reopening IE, you will find the list with Trusted Sites in place !

 

The correct step is this way: User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page

“Site to Zone Assignment List” , click “Enable” and edit the list.

Add the site and the number two for Trusted Site. (1 = Intranet, 2 = trusted sites, 3 = Internet Zone and 4 = Restricted Site Zone.

To have a list like that (2 is for trusted site)

*.hotmail.com 2

*.outlook.com 2

*.bing.com 2

The PRO of that method:

– It standardizes all domain-joined computers as they will use the same list for everyone.

– It blocks users from entering new trusted sites. Though this can be a con for small offices or for Power Users wanting more autonomy.

The CON of this method:

– It block user for entering new trusted sites. This can be considered a PRO in big offices, as the list is standardized by the IT’s team.

https://blogs.msdn.microsoft.com/microsoft_press/2014/04/14/from-the-mvps-setting-internet-explorer-trusted-site-settings-via-group-policy-object-in-windows-server-2012-r2/

 

Go to Group Policy and then expand:

 

Local Computer Policy / User Configuration / Administrative Templates / Windows Components / Attachment Manager

 

2.     On the right pane, double click Inclusion list for low file types.

3.     Click Enable.

4.     Include the file types such as .exe;.bat;.reg;.vbs in the Options box.

5.     Click OK.

 

Hope this helps.

 

Regards,

Linda

https://social.technet.microsoft.com/Forums/windows/en-US/5277371b-dea2-4a2b-802a-bbdc639f627f/disable-open-file-security-warning-unknown-publisher?forum=w7itprogeneral

 

Bookmark: Wildcards in IIS 7 on Server 2008

https://blogs.msdn.microsoft.com/benjaminperkins/2013/02/01/adding-a-hostname-to-your-ssl-certificate-binding-on-port-443/

In particular a reader comment about setting the host name:

That * doesn’t mean that is wild card certificate necessarily.

In IIS7 (on Windows 2008 R2), I saw missing hostname under ‘Edit Site Binding’ [your first screenshot]. That was the first SSL 443 website on that IIS server. The website was dynamicsSharePoint.domain.com and I used internal certificate server to issue the certificate for that internal Dev / Test site.

  1. I resolved the missing Hostname by opening the MMC console on the server and adding Certificate MMC for Computer
  2. Expand Personal node under Certificates (Local Computer) on server
  3. Right click on the certificate in the list and choose properties
  4. Under General tab, change the ‘Friendly Name’ from dynamicsSharePoint.domain.com to *.domain.com and click OK
  5. Go to IIS Binding for the website and you should be able to add Hostname and pick the *.domain.com certificate.
  6. Verify the website and you will see certificate in browser with the FQDN / dynamicsSharePoint.domain.com