Jump to content

Richard Fincher

Members
  • Content Count

    108
  • Joined

  • Last visited

  • Days Won

    1

Richard Fincher last won the day on July 29 2014

Richard Fincher had the most liked content!

Community Reputation

2 Neutral

About Richard Fincher

  • Rank
    Managing Director of Room101 Ltd

Profile Information

  • Industry
    Datacentre Hosting
  • Gender
    Male
  • Location
    London, UK
  • Interests
    Hosting, Business Process Management Systems

Contact Methods

  • Website URL
    http://www.room101.co.uk/

Recent Profile Visitors

2,534 profile views
  1. I'm just trying out FMS17 on a virgin Windows Server Essentials 2016 install, which I do not plan to use for any other task except hosting FMS17. I'm looking to switch off or block all ports and services which aren't needed for Filemaker Server. The ones I'm planning to open for FMS are 80, 443, 5003, 16000. The other ones which seem to be open separately from FMS are : PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3389/tcp open ms-wbt-server I'll be placing IP restrictions on 3389 (for my RDP), regarding switching off the rest, it occurred to me that parts of the OS may need to use some of these services to do what they need to do (e.g. allow administrator to login to windows?) Will be using a firewall external to windows itself, rather than the Microsoft firewall.
  2. Richard Fincher

    Intermediate Certificate Installation Woes

    I have arrived at a temporary solution, which was, appending the intermediate certificate to the "root.pem" file using vi, which is in the CStore directory. It is reset when the server is rebooted, but I can live with that for now.
  3. Richard Fincher

    Intermediate Certificate Installation Woes

    Yes, this is just a renewal of an existing certificate. (Thawte) although I do remember it not being a picnic last year also. thawte are now Symantec / DigiCert, so there may have been a change of intermediate certificate, but I didn't use last years one, I am trying to import the one I was sent this year. Perhaps they sent me the wrong one? The SHA1 definitely rings a bell, will read some more about that. also, my command line OpenSSL tests show that no Intermediate cert is being exchanged via https on ports 443 and 16000 by FMS at all, it's not that it's sending the wrong one, it's just sending the issued cert on its own.
  4. Richard Fincher

    Intermediate Certificate Installation Woes

    Agreed. I tried in both orders. No joy. One way it accepts the submission but doesn't serve it via https. The other it doesn't accept. Suspect it's only accepting the first one and ignoring anything after that.
  5. Richard Fincher

    Intermediate Certificate Installation Woes

    Thanks, but even starting the whole box doesn't help. i think I'm not using the right syntax to import the intermediate cert. not sure if I'm even supposed to be concatenating it with the issued certificate or importing them separately, as FMS14 makes no reference to intermediate certificates. If I didn't know better, I'd suspect it couldn't import them at all (but I did it last year)
  6. My production Filemaker Server 14 running on Mac OS X 10.11 El Capitan (Not Mac OS X Server) has been running fine for a year since I last installed the Thawte SSL Certificate. After renewing the certifate this year, I've tried various different methods of importing the new certificate, which came with an intermediate certificate, but I can't seem to get the intermediate certificate installed. I've been mostly using something like: sudo fmsadmin certificate import --keyfile /Users/richardfincher/Desktop/GBROOMX36-4X/private.key /Users/richardfincher//Desktop/GBROOMX36-4X/ssl_certificate.crt   I've also tried importing it through the web control panel. It was necessary to remove the old private key thus.: sudo rm /Library/FileMaker\ Server/CStore/serverKey.pem After it is (apparently) installed, I usually restart with : sudo fmsadmin restart adminserver although a few times I have rebooted the server (not a VM) Any thoughts welcome.... Oh, one thing is, a year ago it might have been still onMac OS X 10.8.5 Mountain Lion, which was the previous OS before I upgraded it.
  7. My production Filemaker Server 14 running on Mac OS X 10.11 El Capitan (Not Mac OS X Server) has been running fine for a year since I last installed the Thawte SSL Certificate. After renewing the certifate this year, I've tried various different methods of importing the new certificate, which came with an intermediate certificate, but I can't seem to get the intermediate certificate installed. I've been mostly using something like: sudo fmsadmin certificate import --keyfile /Users/richardfincher/Desktop/GBROOMX36-4X/private.key /Users/richardfincher//Desktop/GBROOMX36-4X/ssl_certificate.crt I've also tried importing it through the web control panel. It was necessary to remove the old private key thus.: sudo rm /Library/FileMaker\ Server/CStore/serverKey.pem After it is (apparently) installed, I usually restart with : sudo fmsadmin restart adminserver although a few times I have rebooted the server (not a VM) Any thoughts welcome.... Oh, one thing is, a year ago it might have been still on Mac OS X 10.8.5 Mountain Lion, which was the previous OS before I upgraded it.
  8. Richard Fincher

    Filemaker Server 13 -> 14 upgrade, Java

    Thanks for this. Its behind a ASA Firewall, the admin ports IP restricted (16000)
  9. Hi all, I recently upgraded my Filemaker Server 13 to Filemaker Server 14. To get the new version to install, I had to downgrade my Java8 from u113 to u67 (separately installing the old Java version, not allowing the FMS installer to install Java itself). I also had to fiddle around to make sure it was running the httpd which comes with FMS and not the one bundled with Mac OS X El Capitan. My question is, am I now save to upgrade Java back to the latest version. I'm not anticipating needing to install FMS14 anytime soon, but does the "Deployment" part of FMS use Java, and if so, is it similar fussy about which version?
  10. Richard Fincher

    FMS15 Mac OS X virtual machines

    FileMaker Inc's new licensing seems to favour multiple VMs running separate server licenses. per VM. I've tried FMS (actually 13.0.9 so far) in a 4GB VM with 2 cores and it seems to cope with moderate load OK. But I guess the real test is if you have multiple similar VMs competing for host-node resources. Using Parallels Desktop at the moment (as that's what I know), but also considering VMWare Fusion, and regular VMWare installed bare-metal hypervisor without any Mac OS X on the host. Anyone else tried anything like this?
  11. Richard Fincher

    Beware Mac Mini

    Agree with the comment about unfiltered daemon ports in datacentres. Our Mac servers are behind PIX firewalls with only port 5003 open to the world.
  12. I've been inserting small bits of data from Filemaker Pro into other systems we've written for some time using "OpenURL". However, this approach works, but leaves you with a browser window open, and isn't able to see what the other system returns. So moving to the "Insert from URL" script step instead. This seems to work fine when the "Insert from URL" is the only step in a script, but it doesn't complete satisfactorily when "Insert from URL" is one of multiple script steps. What could be happening? My first thought was that perhaps the script step isn't given enough time to complete, but now I'm not sure that's the answer.
  13. Richard Fincher

    Two X-Serves, but which is which?

    We don't have any experience with securing and maintaining Windows servers. A long time ago, there was Filemaker Server for Linux, but it was dropped from the product lineup.
  14. Richard Fincher

    Two X-Serves, but which is which?

    Regarding virtualisation, we use both KVM and OpenVZ on our Linux boxes, and many of the VMs have their storage on our SAN. We also use Parallels Desktop to host a FileMaker Pro 11 virtual machine for one customer who won't upgrade. at present, Apple's EULA for Mac OS X doesn't permit it to be virtualised other than on Apple Hardware. We are expecting this to change within 2 or 3 years.
  15. Richard Fincher

    Two X-Serves, but which is which?

    Yes, we do routinely retire our Linux boxed after 3-5 years, even if there's nothing wrong with them. But with the Filemaker Server setup, I wanted to run Mac OS X Mountain Lion, which the latest Macs don't run, and the aforementioned redundancy factor for PSUs and HDDs had to be weighed in the balance with the negatives connected with EOL equipment. I've seen a rack mount kit for the cylindrical Mac Pro and its massive (accommodates two Mac Pros though). Form factor was also relevant, as space in our datacentre is limited and at a premium. Our SAN does do iSCSI, but at the moment it is being used with NFS. but I've had trouble putting the /Library/Filemaker Server directory on anything but the boot drive.
×

Important Information

By using this site, you agree to our Terms of Use.