Posts

Showing posts from June, 2018

Latest Post

Fluentd error: Unable to push logs to [elasticsearch]

After application deployments, Kibana stopped showing logs exactly after 7 days. The error "Fluentd error: Unable to push logs to [elasticsearch]" was shown in the fluentd logs. The initial response was to increase the buffer limits for fluentd as follows:

chunk_limit_size 10Mqueue_limit_length 256
The behavior occurred again after two weeks, which led to the same error. On closer investigation, the error was preceded by the statement "Failed to write to the buffer." This led me to inspect the fluentd configuration again and found the following code in the buffer part which caused the fluentd buffers to be filled as per the official documentation on Fluentd :
overflow_action blockThe fix for this overflow_action is to change from block to drop_oldest_chunk, allowing the fluentd logs to flow seamlessly to the elastic search by dropping the oldest logs in the buffer.
  <buffer> @type file path /var/log/fluentd-buffers/kubernetes.system.buffer flush_mode inter…

Renewal of ADFS signing certificate affects third party services like Oracle cloud and Service-Now

Recently we experienced an outage with third party services like Oracle cloud and Service-Now which were integrated with ADFS.


ADFS creates a new signing certificate and makes it primary 20 days and 15 days respectively before the expiry of the current certificate. After this, the 3rd party services are unable to communicate with ADFS for SSO purposes.

The new federated xml will have information of both the primary and secondary certificates during this period. We will need to edit this XML before uploading to the 3rd party services using respective global administrator accounts.

Look for the following piece of code as show below:

<KeyDescriptor use="signing">             <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">                 <X509Data>                     <X509Certificate>****</X509Certificate>                 </X509Data>             </KeyInfo>         </KeyDescriptor>
You will find two instances of th…

Publishing SCOM certificate for workgroup computer

1. Create the certificate request as below:

 a. Create request.inf with the following configuration:

  [NewRequest]   Subject="CN=<Servername>"   Exportable=TRUE   KeyLength=1024   KeySpec=1   KeyUsage=0xf0   MachineKeySet=TRUE   [EnhancedKeyUsageExtension]   OID=1.3.6.1.5.5.7.3.1   OID=1.3.6.1.5.5.7.3.2
 b. Run the following command to create the request from the request.inf created above:

certreq -new -f RequestConfig.inf BinaryRequest.req

2. Submit the request to the CA (Standalone or Enterprise) and export the certificate as pfx.

3. In the Workgroup computer, run the following commands:

MOMCertImport.exe /RemoveMOMCertImport.exe C:\<certificate name>.pfx /Password <Password>