"General Warning: ipsecurity"

Similar Messages

• General Warning! [Ralink chipset + Windows 7 64bit + 4GB RAM = driver crash]

  I just wanted to put a general warning out there.
  There seems to be a pretty big problem with Ralink drivers right now, even ones automatically downloaded from Windows Update for at least 3 Ralink Chipset groups.
  The problem:
  There's some kind of messup when certain environments are the same. Windows 7 64 bit and over 3GB of RAM and a Ralink Wireless card/usb device. Once these variables are the same, most ralink wireless drivers will crash. The crash is very sneaky, it simply looks like your wireless connection has been switched to limited, however the wireless system can't and won't recover. You can try to disconnect or connect to another wireless system, but this doesn't work. You also won't be able to shut down or restart your machine, even after log off. If you do try and let the computer wait it out, eventually it will blue screen and reboot after a very long time. 
  This happens when the system transfers a significant amount of data or sometimes at a certain speed. For me it happened whenever I xfered a certain amount of data or once the card hit 5 MB speeds. But it varies with driver version and system. Sometimes it seemed random and just happened while surfing.
  I have 2 usb devices with the ralink chipset and I've been able to reproduce the crashes everytime on several machines. The ONLY machine that does not mess up is a laptop with 2GB of RAM.
  I decided to make this general warning, because I imagine some people are blaming their routers for the problem. I've read several posts on here where people have these symptoms and assume that it's their router.
  The only fix/workaround right now is to remove some RAM, which of course isn't entirely convenient. I've contacted Ralink about it and heard nothing back, so I don't know if they've identified it as a problem or not yet. The other option is to get a usb device or card with another chipset brand....I purchased a usb device with the atheros chipset (the only cheap alternative to ralink, all the others are slightly more expensive) and that usb device worked PERFECTLY.
  If you are using a pci card or usb device with a Ralink chipset and the computer specs I've mentioned and it actually WORKS, I'd love to hear from you right here. Remember, it has to be a Windows 7 64 bit system and 4GB or more of RAM. Make sure the system is 4GB and not 3.x because of an onboard GPU. The problem MAY happen on Vista as well, but I haven't tested it...all my systems are running 7.

  Affected driver as of 10/31/2009
  09/25/2009
  2K/XP:1.4.7.0
  Vista:2.3.7.0
  Win7:3.0.7.0 [This is the only driver I've tested for Windows 7]
  for chipset:
  USB (RT2870 /RT2770 /RT307X /RT2070 /RT3572)
  Message Edited by neoprimal on 10-30-2009 09:27 PM

• General Warning: could not get server configuration in ldap, using cached c

  Guys,
  desperately need some help here. I have an installation consisting of 4 mtas that speak to an ldap. I'm currently in the process of adding 2 more. I've added the fifth and there has been no problem whatsoever. I'm now trying to add the sixth. I install the software. There are no error messages as the software installs. It's able to see both the configuration and the user directories. Once this is finished I immediately go and run start-msg and for each component I get the message :
  "General Warning: could not get server configuration in ldap, using cached configuration information".
  I've tried pinging and tracerouting my ldap server with no problem, I can telnet/ssh to it. My server configuration is almost eaxctly the same as the fifth server. I make no other changes after the installation scripts finishes, yet it can't talk to the ldap.
  I running IMS5.2p1 on a Solaris 8 SPARC server.
  Thanks
  Ali

  That error message only comes up when the server can't get to the config ldap server on startup. There's no other time when you see this.
  There is either a mis-configuration of your server, or of your ldap, or you just can't get there from here.
  Why are you installing 5.2p1, now? 5.2p2 has been out for over a year. ..
  6.0 has been out for well over a year, and 6.2 has been out for many months, now. I hate to see you installing old software, when new is available.

• General Warning Message while creating po

  Hi Gurus,
  Good Morning.
  I want to pop-up a warning message while creating all types of PO saying that "Contact Person & Email ID text should be filled "
  This message should be applicable to all PO .
  How to create a message and assign in PO ?
  Thanks & Regards,
  Vikas

  Hi Archit,
  Thanks for your reply.
  How to create a new Text No. & Message Text ? or if i want to use any existing text no & Message Text how can I change the Text Description ?
  Thanks & Regards,
  Vikas

• General Warning to those in Singapore - Stay away ...

  Ok. Expat working out here in Singapore.
  Walked into a telco on the weekend. Fell in love with the Lumia 900. Planned on getting the 920. Now I am not so sure.
  If anyone works for Nokia and can reach their executives/leadership, let them know that NO telecommunications company here supports the Lumia 900 in 4G/LTE mode. Only 3G/3.5G.
  When I asked what they support, the usual suspects comes out, HTC, Samsung S3 and even the yet to be released Apple iPhone 5 (release date in Singapore next Friday).
  There are 3 major telco's here; Singtel, M1 and Starhub. Zero, Nada, Zilch support for Lumia (any version) in 4G/LTE. I rang each of them in turn.
  If you're in Singapore, seeing this might change your mindset on buying Nokia.
  If you're a Nokia employee/shareholder, Nokia needs to change the mindset of telecommunication/carriers or they might as well just give up now.
  Solved!
  Go to Solution.

  Maybe you need to be a bit more careful before publishing such broad statements. The Nokia 900 LTE version was released exclusively in the US on AT&T. However if you check the Lumia 920 and 820 datasheets, you will see the following:
  Operating Frequency Bands
  GSM 850
  GSM 900
  GSM 1800
  GSM 1900
  WCDMA Band V (850)
  WCDMA Band VIII (900)
  WCDMA Band II (1900)
  WCDMA Band I (2100)
  LTE 800
  LTE 900
  LTE 1800
  LTE 2100
  LTE 2600
  From the Singtel 4G FAQ:
  What is the 4G technology which SingTel is using?
  SingTel is currently running 4G on LTE 1800/2600.
  Based on this article - http://www.techgoondu.com/2012/09/06/m1-to-roll-out-singapores-first-nationwide-4g-network-on-sept-1... :
  "In Singapore, users will be able to easily switch from one telco to the next. Since all three telcos here are running their LTE networks on 1,800MHz and 2,600MHz frequencies, users will be able to keep their LTE phones and just slide in a new SIM card from their new telco."
  Therefore both the Lumia 920 and 820 will work perfectly fine on ALL 3 major telcos which you mentioned.

• Surgeon General Warning to T60p: Smoking Is Bad For Your Health!

  I currently have a T60p (with Flexview , but last weekend I was sitting on the couch with it on my lap working away and all of a sudden it started smoking and that nasty plastic/electronic burning smell filled the room //! I immediately unplugged it and took the battery out; I was not sure what to do at that point. I booted it with no batttery in it and it booted fine, but the HD activity light now remains solid (lit). I tried putting the battery in one more time and it started smoking again, and I have not tried to put my existing battery (or any other battery) since then. The battery is a 9-cell battery that was a replacement for my original "recalled" battery (less than a year old). I'm not sure what to do with it at this point. I removed keyboard, palmrest, etc. and could not find any physical damage or burning, so maybe the smoke was coming from the battery? I don't know.  Either way it is a serious safety concern.
  I should also note that the day this happened, the battery would not charge when plugged into ac.  Vista stated something like 'plugged In, Not Charging'.  I rarely use my notebook without AC power. I use a docking station at work and plug it in when I'm using it at home. When the issue occured, I was using it on battery at my relatives house because I wasn't near a convenient outlet. The battery was working fine, but it got down to 6% and still would not charge when plugged in.
  Thanks in advance for your input.
  Message Edited by jodymr on 04-26-2008 07:42 PM
  Message Edited by jodymr on 04-26-2008 07:43 PM
  W510 - Current
  T61p - Retired
  T60p - Retired
  T41p - Retired
  A20p - Retired

  Thanks for your reply.  As I stated previously, my machine boots up fine without the battery (with the exception of the HD light remaining solid).  I have been using ThinkPads since the late 90's and also manage a computer department that currently has about 20 ThinkPads of various models "out in the field" (A20p all the way to T61p). I am quite familiar with ThinkPads and have repaired them, swapped parts out etc. for years. However, I have never had nor am I familiar with dealing with a power problem of this nature which is why I'm seeking advice on these forums.
  The only reason I add this is to point out that I am not a "newbie" or "non-technical" type.
  I've been on the phone with Lenovo much of this morning regarding this issue (and getting quite frustrated ). All I've gotten so far is basically "It's not under warranty so send it in and we'll fix it for somewhere between $175 and $575". On one hand they are right, but on the other hand this is a serious safety issue that should not occur regardless of whether it is in or out of warranty.  Look at safety issues with cars and other consumer products for example.
  And just for the record, I would consider a battery blowing up in my lap a bit more messy than a delay in shipment, etc. 
  Message Edited by jodymr on 04-28-2008 09:41 AM
  Message Edited by jodymr on 04-28-2008 09:41 AM
  Message Edited by jodymr on 04-28-2008 09:42 AM
  Message Edited by jodymr on 04-28-2008 09:43 AM
  W510 - Current
  T61p - Retired
  T60p - Retired
  T41p - Retired
  A20p - Retired

• Warning -- Release Preview + T60p = Fail

  General warning to those thinking about trying Windows 8, release preview, on a T60p. Not sure what they did with release preview, but it's simply awful. It doesn't recognize nearly any of the drivers for T60p hardware -- most notably the display adapter for the ATi FireGL V5250. Not only is the display resolution atrocious, but it's very, very slow: the mouse skips across the screen as if moving the mouse is a difficult task.
  It should be noted that I installed the release preview onto my installation of Windows 8 "consumer preview" which I had previously installed months before. The earlier Windows 8 consumer preview actually worked quite well on the T60p, recognized the Windows 7 drivers I had for my hardware, and even permitted me to use all of my old programs that I was using in Windows 7.
  After installing release preview onto my consumer preview, I simply could no longer use my system. After about a day of trying to troubleshoot all the driver problems, I decided to install Ubuntu 12.04, which began working flawlessly (driver-wise). However, because of some compatibility issues at work, my T60p is now back to running Windows XP.
  ThinkPad T60p Core 2 Duo, 2GB RAM, 1x100GB HDD
  ThinkStation S20 Xeon-W3670, 12GB RAM, 1x500GB HDD, 1x1TB HDD
  Solved!
  Go to Solution.

  It seems that some people are getting the Vista driver to work with the Windows 8 preview.
  Lenovo won't provide support for Windows 8 until it's official release.
  (from microsoft.com)
  Did you find a post awesome? A great response? Kudo them!
  Did the post you read answer your question? Did someone help you figure out your problem? Hit Solution Provided and give that person a 'thank you' for helping you out!

• Online Archive Warning Alerts not being sent to Users

  We have exchange 2010 SP3 Rollup 7 and we utilized Online Archive of Mailbox. Each user has 2 GB of Archive Quota and 1.5 GB of Archive Warning Quota. Users don't receive any warning alert if they exceeds Archive Warning Quota. I suspect this is default
  behavior in Exchange 2010.
  Is there any change in this behavior in Exchange 2013 ?
  Regards, Sourabh Kumar Jha | Please mark it as an answer if it solves your problem or vote as helpful if you like it. |

  Does user receive warning message via OWA?
  Ans. - No
  How do you set the Archive Quota and Warning Quota?
  Ans. - It's
  the same way you have mentioned, We have archivequota of 2 GB and ArchiveWarningQuota of 1.8 GB.
  Generally, Warning Quota Alert works well, I find a blog on mailbox quota trouleshooting for your reference, hope it is helpful.
  Ans. - Have you seen any archive warning quota email, I don't find any sample email
  or reference for the same. Could you try to reproduce if you have any testing environment.
  Mailbox Quota in Outlook 2010 - general information and troubleshooting
  tips
  Ans. - Information
  in outlook shows correct, I'm concerned because user's do not receive alert when they exceed their archive warning quota.
  Regards, Sourabh Kumar Jha | Please mark it as an answer if it solves your problem or vote as helpful if you like it. |

• CO41 : no warning if material haven't bom

  Dear.
  When I convert a planner order in a production order the system donu2019t send any warning if the
  Material havenu2019t any bom.
  How can I solve this problem ?
  Thanks.

  I think you'd have implement an ABAP enhancement (PPCO0007 or PPCO0018) because it's not giving any warning message if no components exist in a BOM or BOM is itself is invalid while converting a manually created planned order to production order through CO40, I wouldn't expect CO41 to generate warning message because generally warning messages are ignored during most mass processing transaction codes (that would be a problem if there are 1000 orders and 800 of them have some kind of warning message then user has to click through every message, but at least I would expect it to save the warnings in the log, which it's not doing either).

• Any Way to Test IDLE

  Sun Java(tm) System Messaging Server 7u2-7.04 64bit (built Jul 2 2009)
  I configured IDLE according to these instructions:
  http://wikis.sun.com/display/CommSuite/Configuring+IMAP+IDLE
  (except for setting an environment variable to restrict access),
  see it advertised when I telnet to the IMAP port, mail seems to arrive quickly in my configured Thunderbird client (which supports IDLE), but:
  Is there any way to know it is working as it should (e.g. connection logs), and is configured correctly?
  Thanks,
  s7
  P.S. I do see this in the imap logs - which looks like IDLE stuff working? Any way to turn this logging up?
  Is local.store.deadlockaggressive IDLE related?
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10609]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) shutting down
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10614]: ENS Information: Closing session. Events in/out: 1/0. KB in/out: 1/1. Subscriptions max/total: 1/1.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10611]: ENS Information: Closing session. Events in/out: 1/0. KB in/out: 1/1. Subscriptions max/total: 1/1.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10612]: ENS Information: Closing session. Events in/out: 1/0. KB in/out: 1/1. Subscriptions max/total: 1/1.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10609]: ENS Information: Closing session. Events in/out: 1/0. KB in/out: 1/1. Subscriptions max/total: 1/1.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10613]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) shutting down
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10610]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) shutting down
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10608]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) shutting down
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10613]: ENS Information: Closing session. Events in/out: 1/0. KB in/out: 1/1. Subscriptions max/total: 1/1.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10608]: ENS Information: Closing session. Events in/out: 1/0. KB in/out: 1/1. Subscriptions max/total: 1/1.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10614]: ENS Information: Closing session. Events in/out: 0/0. KB in/out: 1/1. Subscriptions max/total: 0/0.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10611]: ENS Information: Closing session. Events in/out: 0/0. KB in/out: 1/1. Subscriptions max/total: 0/0.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10612]: ENS Information: Closing session. Events in/out: 0/0. KB in/out: 1/1. Subscriptions max/total: 0/0.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10609]: ENS Information: Closing session. Events in/out: 0/0. KB in/out: 1/1. Subscriptions max/total: 0/0.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10607]: Account Notice: close [123.456.100.12:54558] tst140 2009/8/12 18:25:46 0:12:07 536 3985 1
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10610]: ENS Information: Closing session. Events in/out: 1/0. KB in/out: 1/1. Subscriptions max/total: 1/1.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10610]: ENS Information: Closing session. Events in/out: 0/0. KB in/out: 1/1. Subscriptions max/total: 0/0.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10613]: ENS Information: Closing session. Events in/out: 0/0. KB in/out: 1/1. Subscriptions max/total: 0/0.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10608]: ENS Information: Closing session. Events in/out: 0/0. KB in/out: 1/1. Subscriptions max/total: 0/0.
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10607]: General Debug: GDispCx graceful shutdown timed out
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10607]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) shutting down
  [12/Aug/2009:18:37:53 -0400] t0 imapd[10607]: ENS Information: Closing session. Events in/out: 2/0. KB in/out: 1/1. Subscriptions max/total: 2/4.
  [12/Aug/2009:18:37:54 -0400] t0 imapd[10607]: ENS Information: Closing session. Events in/out: 0/3. KB in/out: 1/1. Subscriptions max/total: 0/0.
  [12/Aug/2009:18:38:34 -0400] t0 imapd[29936]: Store Debug: local.store.deadlockaggressive is set to 10
  [12/Aug/2009:18:38:34 -0400] t0 imapd[29936]: General Notice: iBiff plugin loaded
  [12/Aug/2009:18:38:34 -0400] t0 imapd[29937]: Store Debug: local.store.deadlockaggressive is set to 10
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29938]: Store Debug: local.store.deadlockaggressive is set to 10
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29936]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) starting up
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29936]: General Debug: Connected to ENS server
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29937]: General Notice: iBiff plugin loaded
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29937]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) starting up
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29937]: General Debug: Connected to ENS server
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29938]: General Notice: iBiff plugin loaded
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29938]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) starting up
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29938]: General Debug: Connected to ENS server
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29940]: Store Debug: local.store.deadlockaggressive is set to 10
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29935]: Store Debug: local.store.deadlockaggressive is set to 10
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29939]: Store Debug: local.store.deadlockaggressive is set to 10
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29942]: Store Debug: local.store.deadlockaggressive is set to 10
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29940]: General Notice: iBiff plugin loaded
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29940]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) starting up
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29941]: Store Debug: local.store.deadlockaggressive is set to 10
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29935]: General Notice: iBiff plugin loaded
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29935]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) starting up
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29939]: General Notice: iBiff plugin loaded
  [12/Aug/2009:18:38:35 -0400] t0 imapd[29935]: General Debug: Connected to ENS server
  [12/Aug/2009:18:38:36 -0400] t0 imapd[29940]: General Debug: Connected to ENS server
  [12/Aug/2009:18:38:36 -0400] t0 imapd[29942]: General Notice: iBiff plugin loaded
  [12/Aug/2009:18:38:36 -0400] t0 imapd[29942]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) starting up
  [12/Aug/2009:18:38:36 -0400] t0 imapd[29939]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) starting up
  [12/Aug/2009:18:38:36 -0400] t0 imapd[29939]: General Debug: Connected to ENS server
  [12/Aug/2009:18:38:36 -0400] t0 imapd[29941]: General Notice: iBiff plugin loaded
  [12/Aug/2009:18:38:36 -0400] t0 imapd[29941]: General Warning: Sun Java(tm) System Messaging Server IMAP4 7u2-7.04 64bit (built Jul  2 2009) starting up
  [12/Aug/2009:18:38:36 -0400] t0 imapd[29942]: General Debug: Connected to ENS server
  [12/Aug/2009:18:38:36 -0400] t0 imapd[29941]: General Debug: Connected to ENS server

  starman7 wrote:
  is there any way to know it is working as it should and configured correctly?The functional test is straight-forward enough e.g.
  [root@mailserver sbin]# telnet mailserver 143
  Trying 129.158.87.170...
  Connected to mailserver.aus.sun.com (129.158.87.170).
  Escape character is '^]'.
  * OK [CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS CHILDREN BINARY UNSELECT SORT CATENATE URLAUTH LANGUAGE ESEARCH ESORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ENABLE CONTEXT=SEARCH CONTEXT=SORT WITHIN SASL-IR SEARCHRES XSENDER X-NETSCAPE XSERVERINFO X-SUN-SORT ANNOTATE-EXPERIMENT-1 X-UNAUTHENTICATE X-SUN-IMAP X-ANNOTATEMORE XUM1 STARTTLS IDLE AUTH=PLAIN] mailserver.aus.sun.com IMAP4 service (Sun Java(tm) System Messaging Server 7.3-0.01 32bit (built Jul 29 2009))
  A01 login shjorth password
  A01 OK User logged in
  A02 select INBOX
  * FLAGS (\Answered \Flagged \Draft \Deleted \Seen NonJunk)
  * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen NonJunk \*)]
  * 9 EXISTS
  * 0 RECENT
  * OK [UNSEEN 7]
  * OK [UIDVALIDITY 1249853070]
  * OK [UIDNEXT 11]
  A02 OK [READ-WRITE] Completed
  A03 idle
  + idling
  <sent email to account>
  * 10 EXISTS
  * 1 RECENTRegards,
  Shane.

• Snap crackle pop issue....fixed - audigy 2 plat/

  My first post, Hope the title doesn't mislead/anger anyone, but i truly believe these solutions
  are uni'versal and can be applied with just about everyone.
  My card is almost 5 years old now or so... I've seen the frustration on this board about this
  nasty issue.... i felt SO bad for some of you guys that i just had to sign up and share my
  knowledge (or lack of!) for the multiple, possible 'fixes' to this. its not entirely CREATIVE's
  fault and there is ways to fix it, you just need a bit of Patience and the willingness to learn
  a bit more about your hardware if you arent too savy with tweaking it. this might of all been
  said before, but i really hope this helps some of you.
  Lets get the blahblahblah's outta the way just to be safe, shall we? Obviously, make sure your
  card isn't sharing an IRQ with a cd/dvd device, or any kind of hardware that transfers a lot of
  data constantly or uses a lot of power like a hard-dri've, maybe even certain gpu's. In my case,
  my bottom PCI-slot (3/3) only shares an irq with a USB port and as corny as it sounds it did
  improve the issue (i disabled that USB, but that isn't necessary its overkill/fail-safe
  precaution, probably doesn't even help at all, paranoia setting). download Si-Software Sandra to
  see exactly what belongs to where and what irq is being shared with what. Also before i forget,
  clean out your dri'ves with bleach/acid/napalm with a program such as Drivercleaner, just to be
  safe, right?
  If you have anything on your Motherboard that's VIA/raid related, its imperati've you upgrade the
  drivers for it, it could very well be your single solution, for example the latest via_hyperion
  pro_v5a.zip did it for me and my particular setup just recently after a small hardware upgrade.
  this fixed the MAJORITY of the pops in several different machines with these motherboards as well
  i might add. Also make sure the Cable is newer than 2 years old, dirty worn cables can
  cripple/weird out any piece of hardware, that goes for HD's, CD roms, ...anything that uses
  IDE/serial cables etc. lots of people toss their dvd/cd roms out thinking they've used its
  life-span, when a brand new ide cable is all it really needed. but... this VIA/raid driver
  problem seems to be a pretty common fix in my experiences.
  Gamers who suffer from "sudden" or "random" pops here and there while gaming......... with time
  will notice this occurs usually when the HD is seeking a lot of info and is under a decent amount
  of stress, OBLIVION is a good example of the HD being as important as ram/cpu/gpu IMO. that's
  why....... "it seems to do it more (pops/cracks) with certain games than others". ACOUSTIC
  MANAGEMENT is Often to blame for this in My opinion, and some maxtor dri'ves come with this
  enabled from the factory (why, why why?!! ...die die die!!!). Imagine setting the In-game HD
  cache setting Tweak for obilivion enabled to , + Acoustic managementenabled....it turns
  preformance into a bloody mess, and will (possibly, most likely?) crack annoyingly often whenever
  a new area is being loaded and sufficient data is being called, not to mention make a less
  experienced gamer think his machine is completely screwed for no reason. Acousitc Mangemtn
  enabled on a hard-dri've can be suicidal for certain games and will almost guarantee preformance
  issues, cracks, burns, bruises, broken bones, stab wounds.....and most likely the lovely POPS...
  the nasty loud firecracker ones...it can be so bad to the point where many of us will not even
  play anymore out of frustration, especially for you audiophiles... leaving us angry and desperate
  for a fix. Acoustic management CRIPPLES performance and destroys seek-time, that i AM sure of,
  so fix it anyway for your own good, unless you don't care for performance. Please, get rid of
  this nasty, possibly/commonly built in feature that turns a 7200rpm dri've into a 5400rpm (ouch),
  make SURE this is disabled for you maxtor/seagate HD owners who play games or just want better
  performance period. You'll have to google those instructions, I wouldnt dare say more.
  On a separate machine, "tad in" and "cd audio" had to be muted to stop a lot of it, as well as EAX
  effects (i know you love eax, but its worth the sacrifice) slider turned DOWN to 0% even when disabled.
  this may not be necessary for everyone, but a lot of us suffer from those soft "echoey crackles"
  and its a quick fix. im sure you've all read this "solution" 5 billion times, but it doesnt hurt
  to put it out there. that, or dxdiag or control panel audio properties the slider to Standard acceleration, better to lose eax IMO.
  there is no support or guarantee with this patch, and it supposedly doesn't support/work properly
  with XP Servicepack 2, however this worked on my dads machine and a friends' as well. GOOGLE
  "down vlatency", (not "download" vlatency) and click on the "georgebreese.com" link and try his
  vlatency_v020_beta2.exe. this simply overrides some BIOS settings that many of us cant access
  easily or at all, and boosts IDE latency and on a lot of different PC setups and gives more
  juice to the PCI bus by editing how much the CPU will control the pci bus for, or something like
  that. point is, its a redbull for your PC's pci related bandwidth/juice management and it cant
  hurt to try (lets hope not j/k).
  i don't recommend messing with IRQ assignments in bios or pci latency utilities unless you really
  know what you're doing and consider yourself a power user, just a personal opinion, 32 is fine
  and a lot of people end up regretting messing with these settings.
  there is also the "turbo off" setting (think there's a "patch" for that registry setting too),
  but i seriously doubt it will resolve a users problem who suffers Heavily from this syndrome, but
  i guess you could try it.
  Last but not least, another "ghetto" fix that could improve your issue is killing your CMSS
  feature. i have no idea why that setting always acts up (at least for my machine it does) and
  causes rice crispies to go off.
  Its 2am on a Friday, I've been writing for a while, and i really don't know if i was clear enough
  with what i said, but no way im going back to read/correct cause ill be here forever. if you've all tried this before with no luck, sorry. i'm just trying to help if
  i can, and if 2 single words out of this post can even spark an idea to help fix somebodies rig, its worth it, right?
  Remember to never trust anyone with anything (especially advice) or put your hopes and dreams
  into a randomer's advice (such as mine!), keep in mind I'm just an average guy with no
  qualifications or credentials that could be wrong about EVERY single thing i just said, i could
  be completely out of my mind for all we know, listening to me could very well make your PC
  explode and set your house on fire....be warned!! haha that's my surgeon generals warning for ya. GOOD NIGHT and good luck!

  Here's the link to the download:
  http://www.apple.com/support/downloads/audioupdate2007001.html
  Mac Pro 3.0   Mac OS X (10.4.10)   4GB RAM

• System encryption using LUKS and GPG encrypted keys for arch linux

  Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
  Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
  Update: 2013-01-13: Updated the hook files using the corrections by Deth.
  Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
  I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
  Intro
  Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
  Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
  Conventions
  In this short guide, I use the following disk/partition names:
  /dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
  /dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
  /dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
  Credits
  Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
  Guide
  1. Boot the arch live cd
  I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
  2. Set keymap
  Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
  3. Wipe your discs
  ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
  Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
  shred -v /dev/sda
  shred -v /dev/sdb
  4. Partitioning
  Fire up fdisk and create the following partitions:
  /dev/sda1, type linux swap.
  /dev/sda2: type linux
  /dev/sda3: type linux
  /dev/sdb1, type linux
  Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
  5. Format  and mount the usb stick
  Create an ext2 filesystem on /dev/sdb1:
  mkfs.ext2 /dev/sdb1
  mkdir /root/usb
  mount /dev/sdb1 /root/usb
  cd /root/usb # this will be our working directory for now.
  Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
  6. Configure the network (if not already done automatically)
  ifconfig eth0 192.168.0.2 netmask 255.255.255.0
  route add default gw 192.168.0.1
  echo "nameserver 192.168.0.1" >> /etc/resolv.conf
  (this is just an example, your mileage may vary)
  7. Install gnupg
  pacman -Sy
  pacman -S gnupg
  Verify that gnupg works by launching gpg.
  8. Create the keys
  Just to be sure, make sure swap is off:
  cat /proc/swaps
  should return no entries.
  Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
  dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
  dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
  Choose a strong password!!
  Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
  Note that the default cipher for gpg is cast5, I just chose to use a different one.
  9. Create the encrypted devices with cryptsetup
  Create encrypted swap:
  cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
  You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
  Important: From the Cryptsetup 1.1.2 Release notes:
  Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
      if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
        as normal binary file and no new line is interpreted.
      if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
        stop after new line is detected.
  If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
  gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
  gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
  Check for any errors.
  10. Open the luks devices
  gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
  gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
  If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
  11. Start the installer /arch/setup
  Follow steps 1 to 3.
  At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
  Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
  Select DONE to start formatting.
  At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
  Start step 6 (Install packages).
  Go to step 7 (Configure System).
  By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
  Edit /etc/fstab:
  /dev/mapper/root / ext4 defaults 0 1
  /dev/mapper/swap swap swap defaults 0 0
  /dev/mapper/var /var ext4 defaults 0 1
  # /dev/sdb1 /boot ext2 defaults 0 1
  Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
  Go to step 8 (install boot loader).
  Be sure to change the kernel line in menu.lst:
  kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
  Don't forget the :root suffix in cryptdevice!
  Also, my root line was set to (hd1,0). Had to change that to
  root (hd0,0)
  Install grub to /dev/sdb (the usb stick).
  Now, we can exit the installer.
  12. Install mkinitcpio with the etwo hook.
  Create /mnt/lib/initcpio/hooks/etwo:
  #!/usr/bin/ash
  run_hook() {
  /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
  if [ -e "/sys/class/misc/device-mapper" ]; then
  if [ ! -e "/dev/mapper/control" ]; then
  /bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
  fi
  [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
  # Get keyfile if specified
  ckeyfile="/crypto_keyfile"
  usegpg="n"
  if [ "x${cryptkey}" != "x" ]; then
  ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
  ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
  ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
  if poll_device "${ckdev}" ${rootdelay}; then
  case ${ckarg1} in
  *[!0-9]*)
  # Use a file on the device
  # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
  if [ "${ckarg2#*.}" = "gpg" ]; then
  ckeyfile="${ckeyfile}.gpg"
  usegpg="y"
  fi
  mkdir /ckey
  mount -r -t ${ckarg1} ${ckdev} /ckey
  dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
  umount /ckey
  # Read raw data from the block device
  # ckarg1 is numeric: ckarg1=offset, ckarg2=length
  dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
  esac
  fi
  [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
  fi
  if [ -n "${cryptdevice}" ]; then
  DEPRECATED_CRYPT=0
  cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
  cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
  else
  DEPRECATED_CRYPT=1
  cryptdev="${root}"
  cryptname="root"
  fi
  warn_deprecated() {
  echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
  echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
  if poll_device "${cryptdev}" ${rootdelay}; then
  if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
  [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
  dopassphrase=1
  # If keyfile exists, try to use that
  if [ -f ${ckeyfile} ]; then
  if [ "${usegpg}" = "y" ]; then
  # gpg tty fixup
  if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
  cp -a /dev/console /dev/tty
  while [ ! -e /dev/mapper/${cryptname} ];
  do
  sleep 2
  /usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
  dopassphrase=0
  done
  rm /dev/tty
  if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
  else
  if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
  dopassphrase=0
  else
  echo "Invalid keyfile. Reverting to passphrase."
  fi
  fi
  fi
  # Ask for a passphrase
  if [ ${dopassphrase} -gt 0 ]; then
  echo ""
  echo "A password is required to access the ${cryptname} volume:"
  #loop until we get a real password
  while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
  sleep 2;
  done
  fi
  if [ -e "/dev/mapper/${cryptname}" ]; then
  if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
  export root="/dev/mapper/root"
  fi
  else
  err "Password succeeded, but ${cryptname} creation failed, aborting..."
  exit 1
  fi
  elif [ -n "${crypto}" ]; then
  [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
  msg "Non-LUKS encrypted device found..."
  if [ $# -ne 5 ]; then
  err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
  err "Non-LUKS decryption not attempted..."
  return 1
  fi
  exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
  tmp=$(echo "${crypto}" | cut -d: -f1)
  [ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f2)
  [ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f3)
  [ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f4)
  [ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f5)
  [ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
  if [ -f ${ckeyfile} ]; then
  exe="${exe} --key-file ${ckeyfile}"
  else
  exe="${exe} --verify-passphrase"
  echo ""
  echo "A password is required to access the ${cryptname} volume:"
  fi
  eval "${exe} ${CSQUIET}"
  if [ $? -ne 0 ]; then
  err "Non-LUKS device decryption failed. verify format: "
  err " crypto=hash:cipher:keysize:offset:skip"
  exit 1
  fi
  if [ -e "/dev/mapper/${cryptname}" ]; then
  if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
  export root="/dev/mapper/root"
  fi
  else
  err "Password succeeded, but ${cryptname} creation failed, aborting..."
  exit 1
  fi
  else
  err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
  fi
  fi
  rm -f ${ckeyfile}
  fi
  Create /mnt/lib/initcpio/install/etwo:
  #!/bin/bash
  build() {
  local mod
  add_module dm-crypt
  if [[ $CRYPTO_MODULES ]]; then
  for mod in $CRYPTO_MODULES; do
  add_module "$mod"
  done
  else
  add_all_modules '/crypto/'
  fi
  add_dir "/dev/mapper"
  add_binary "cryptsetup"
  add_binary "dmsetup"
  add_binary "/usr/bin/gpg"
  add_file "/usr/lib/udev/rules.d/10-dm.rules"
  add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
  add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
  add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
  add_runscript
  help ()
  cat<<HELPEOF
  This hook allows for an encrypted root device with support for gpg encrypted key files.
  To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
  to your BINARIES var in /etc/mkinitcpio.conf.
  HELPEOF
  Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
  MODULES=”ext2 ext4” # not sure if this is really nessecary.
  BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
  HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
  Copy the initcpio stuff over to the live cd:
  cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
  cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
  cp /mnt/etc/mkinitcpio.conf /etc/
  Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
  Now reinstall the initcpio:
  mkinitcpio -g /mnt/boot/kernel26.img
  Make sure there were no errors and that all hooks were included.
  13. Decrypt the "var" key to the encrypted root
  mkdir /mnt/keys
  chmod 500 /mnt/keys
  gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
  chmod 400 /mnt/keys/var
  14. Setup crypttab
  Edit /mnt/etc/crypttab:
  swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
  var /dev/sda2 /keys/var
  15. Reboot
  We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names.  I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
  Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
  Last edited by fabriceb (2013-01-15 22:36:23)

  I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
  Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
  any idea ?
  #!/bin/bash
  # This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
  # prereqs:
  # EFI "BIOS" set to boot *only* from EFI
  # successful EFI boot of Archboot USB
  # mount /dev/sdb1 /src
  set -o nounset
  #set -o errexit
  # Host specific configuration
  # this whole script needs to be customized, particularly disk partitions
  # and configuration, but this section contains global variables that
  # are used during the system configuration phase for convenience
  HOSTNAME=daniel
  USERNAME=user
  # Globals
  # We don't need to set these here but they are used repeatedly throughout
  # so it makes sense to reuse them and allow an easy, one-time change if we
  # need to alter values such as the install target mount point.
  INSTALL_TARGET="/install"
  HR="--------------------------------------------------------------------------------"
  PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
  TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
  CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
  FILE_URL="file:///packages/core-$(uname -m)/pkg"
  FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
  HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
  # Functions
  # I've avoided using functions in this script as they aren't required and
  # I think it's more of a learning tool if you see the step-by-step
  # procedures even with minor duplciations along the way, but I feel that
  # these functions clarify the particular steps of setting values in config
  # files.
  SetValue () {
  # EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
  VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
  sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
  CommentOutValue () {
  VALUENAME="$1" FILEPATH="$2"
  sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
  UncommentValue () {
  VALUENAME="$1" FILEPATH="$2"
  sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
  # Initialize
  # Warn the user about impending doom, set up the network on eth0, mount
  # the squashfs images (Archboot does this normally, we're just filling in
  # the gaps resulting from the fact that we're doing a simple scripted
  # install). We also create a temporary pacman.conf that looks for packages
  # locally first before sourcing them from the network. It would be better
  # to do either *all* local or *all* network but we can't for two reasons.
  # 1. The Archboot installation image might have an out of date kernel
  # (currently the case) which results in problems when chrooting
  # into the install mount point to modprobe efivars. So we use the
  # package snapshot on the Archboot media to ensure our kernel is
  # the same as the one we booted with.
  # 2. Ideally we'd source all local then, but some critical items,
  # notably grub2-efi variants, aren't yet on the Archboot media.
  # Warn
  timer=9
  echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
  echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
  while [[ $timer -gt 0 ]]
  do
  sleep 1
  let timer-=1
  echo -en "$timer seconds..."
  done
  echo "STARTING"
  # Get Network
  echo -n "Waiting for network address.."
  #dhclient eth0
  dhcpcd -p eth0
  echo -n "Network address acquired."
  # Mount packages squashfs images
  umount "/packages/core-$(uname -m)"
  umount "/packages/core-any"
  rm -rf "/packages/core-$(uname -m)"
  rm -rf "/packages/core-any"
  mkdir -p "/packages/core-$(uname -m)"
  mkdir -p "/packages/core-any"
  modprobe -q loop
  modprobe -q squashfs
  mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
  mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
  # Create temporary pacman.conf file
  cat << PACMANEOF > /tmp/pacman.conf
  [options]
  Architecture = auto
  CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
  CacheDir = /packages/core-$(uname -m)/pkg
  CacheDir = /packages/core-any/pkg
  [core]
  Server = ${FILE_URL}
  Server = ${FTP_URL}
  Server = ${HTTP_URL}
  [extra]
  Server = ${FILE_URL}
  Server = ${FTP_URL}
  Server = ${HTTP_URL}
  #Uncomment to enable pacman -Sy yaourt
  [archlinuxfr]
  Server = http://repo.archlinux.fr/\$arch
  PACMANEOF
  # Prepare pacman
  [[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
  [[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
  ${PACMAN} -Sy
  ${TARGET_PACMAN} -Sy
  # Install prereqs from network (not on archboot media)
  echo -e "\nInstalling prereqs...\n$HR"
  #sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
  UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
  ${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
  # Configure Host
  # Here we create three partitions:
  # 1. efi and /boot (one partition does double duty)
  # 2. swap
  # 3. our encrypted root
  # Note that all of these are on a GUID partition table scheme. This proves
  # to be quite clean and simple since we're not doing anything with MBR
  # boot partitions and the like.
  echo -e "format\n"
  # shred -v /dev/sda
  # disk prep
  sgdisk -Z /dev/sda # zap all on disk
  #sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
  sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
  #sgdisk -a 2048 -o /dev/mmcb1k0
  # create partitions
  sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
  sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
  sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
  #sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
  # set partition types
  sgdisk -t 1:ef00 /dev/sda
  sgdisk -t 2:8200 /dev/sda
  sgdisk -t 3:8300 /dev/sda
  #sgdisk -t 1:0700 /dev/mmcb1k0
  # label partitions
  sgdisk -c 1:"UEFI Boot" /dev/sda
  sgdisk -c 2:"Swap" /dev/sda
  sgdisk -c 3:"LUKS" /dev/sda
  #sgdisk -c 1:"Key" /dev/mmcb1k0
  echo -e "create gpg file\n"
  # create gpg file
  dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
  echo -e "format LUKS on root\n"
  # format LUKS on root
  gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
  echo -e "open LUKS on root\n"
  gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
  # NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
  # NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
  # make filesystems
  # following swap related commands not used now that we're encrypting our swap partition
  #mkswap /dev/sda2
  #swapon /dev/sda2
  #mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
  echo -e "\nCreating Filesystems...\n$HR"
  # make filesystems
  mkfs.ext4 /dev/mapper/root
  mkfs.vfat -F32 /dev/sda1
  #mkfs.vfat -F32 /dev/mmcb1k0p1
  echo -e "mount targets\n"
  # mount target
  #mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
  mount /dev/mapper/root ${INSTALL_TARGET}
  # mount target
  mkdir ${INSTALL_TARGET}
  # mkdir ${INSTALL_TARGET}/key
  # mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
  mkdir ${INSTALL_TARGET}/boot
  mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
  # Install base, necessary utilities
  mkdir -p ${INSTALL_TARGET}/var/lib/pacman
  ${TARGET_PACMAN} -Sy
  ${TARGET_PACMAN} -Su base
  # curl could be installed later but we want it ready for rankmirrors
  ${TARGET_PACMAN} -S curl
  ${TARGET_PACMAN} -S libusb-compat gnupg
  ${TARGET_PACMAN} -R grub
  rm -rf ${INSTALL_TARGET}/boot/grub
  ${TARGET_PACMAN} -S grub2-efi-x86_64
  # Configure new system
  SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
  sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
  SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
  #following replaced due to netcfg
  #SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
  # write fstab
  # You can use UUID's or whatever you want here, of course. This is just
  # the simplest approach and as long as your drives aren't changing values
  # randomly it should work fine.
  cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  tmpfs /tmp tmpfs nodev,nosuid 0 0
  /dev/sda1 /boot vfat defaults 0 0
  /dev/mapper/cryptswap none swap defaults 0 0
  /dev/mapper/root / ext4 defaults,noatime 0 1
  FSTAB_EOF
  # write etwo
  mkdir -p /lib/initcpio/hooks/
  mkdir -p /lib/initcpio/install/
  cp /src/etwo_hooks /lib/initcpio/hooks/etwo
  cp /src/etwo_install /lib/initcpio/install/etwo
  mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
  mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
  cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
  cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
  # write crypttab
  # encrypted swap (random passphrase on boot)
  echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
  # copy configs we want to carry over to target from install environment
  mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
  cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
  mkdir -p ${INSTALL_TARGET}/tmp
  cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
  # mount proc, sys, dev in install root
  mount -t proc proc ${INSTALL_TARGET}/proc
  mount -t sysfs sys ${INSTALL_TARGET}/sys
  mount -o bind /dev ${INSTALL_TARGET}/dev
  echo -e "umount boot\n"
  # we have to remount /boot from inside the chroot
  umount ${INSTALL_TARGET}/boot
  # Create install_efi script (to be run *after* chroot /install)
  touch ${INSTALL_TARGET}/install_efi
  chmod a+x ${INSTALL_TARGET}/install_efi
  cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
  # functions (these could be a library, but why overcomplicate things
  SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
  CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
  UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
  echo -e "mount boot\n"
  # remount here or grub et al gets confused
  mount -t vfat /dev/sda1 /boot
  # mkinitcpio
  # NOTE: intel_agp drm and i915 for intel graphics
  SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
  SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
  SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
  mkinitcpio -p linux
  # kernel modules for EFI install
  modprobe efivars
  modprobe dm-mod
  # locale-gen
  UncommentValue de_AT /etc/locale.gen
  locale-gen
  # install and configure grub2
  # did this above
  #${CHROOT_PACMAN} -Sy
  #${CHROOT_PACMAN} -R grub
  #rm -rf /boot/grub
  #${CHROOT_PACMAN} -S grub2-efi-x86_64
  # you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
  # even omit the cryptdevice altogether, though it will wag a finger at you for using
  # a deprecated syntax, so we're using the correct form here
  # NOTE: take out i915.modeset=1 unless you are on intel graphics
  SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
  # set output to graphical
  SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
  SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
  SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
  # install the actual grub2. Note that despite our --boot-directory option we will still need to move
  # the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
  grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
  # create our EFI boot entry
  # bug in the HP bios firmware (F.08)
  efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
  # copy font for grub2
  cp /usr/share/grub/unicode.pf2 /boot/grub
  # generate config file
  grub-mkconfig -o /boot/grub/grub.cfg
  exit
  EFI_EOF
  # Install EFI using script inside chroot
  chroot ${INSTALL_TARGET} /install_efi
  rm ${INSTALL_TARGET}/install_efi
  # Post install steps
  # anything you want to do post install. run the script automatically or
  # manually
  touch ${INSTALL_TARGET}/post_install
  chmod a+x ${INSTALL_TARGET}/post_install
  cat > ${INSTALL_TARGET}/post_install <<POST_EOF
  set -o errexit
  set -o nounset
  # functions (these could be a library, but why overcomplicate things
  SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
  CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
  UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
  # root password
  echo -e "${HR}\\nNew root user password\\n${HR}"
  passwd
  # add user
  echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
  groupadd sudo
  useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
  passwd ${USERNAME}
  # mirror ranking
  echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
  cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
  mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
  sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
  rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
  # temporary fix for locale.sh update conflict
  mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
  # yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
  echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
  echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
  # additional groups and utilities
  pacman --noconfirm -Syu
  pacman --noconfirm -S base-devel
  pacman --noconfirm -S yaourt
  # sudo
  pacman --noconfirm -S sudo
  cp /etc/sudoers /tmp/sudoers.edit
  sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
  sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
  visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
  # power
  pacman --noconfirm -S acpi acpid acpitool cpufrequtils
  yaourt --noconfirm -S powertop2
  sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
  sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
  # following requires my acpi handler script
  echo "/etc/acpi/handler.sh boot" > /etc/rc.local
  # time
  pacman --noconfirm -S ntp
  sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
  # wireless (wpa supplicant should already be installed)
  pacman --noconfirm -S iw wpa_supplicant rfkill
  pacman --noconfirm -S netcfg wpa_actiond ifplugd
  mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
  echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
  # make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
  sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
  sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
  echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
  echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
  echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
  # sound
  pacman --noconfirm -S alsa-utils alsa-plugins
  sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
  mv /etc/asound.conf /etc/asound.conf.orig || true
  #if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
  # video
  pacman --noconfirm -S base-devel mesa mesa-demos
  # x
  #pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
  #yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
  #TODO: cut down the install size
  #pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
  # TODO: wacom
  # environment/wm/etc.
  #pacman --noconfirm -S xfce4 compiz ccsm
  #pacman --noconfirm -S xcompmgr
  #yaourt --noconfirm -S physlock unclutter
  #pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
  #pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
  #pacman --noconfirm -S ghc
  # note: try installing alex and happy from cabal instead
  #pacman --noconfirm -S haskell-platform haskell-hscolour
  #yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
  #yaourt --noconfirm -S xmobar-git
  # TODO: edit xfce to use compiz
  # TODO: xmonad, but deal with video tearing
  # TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
  # switching to cabal
  # fonts
  pacman --noconfirm -S terminus-font
  yaourt --noconfirm -S webcore-fonts
  yaourt --noconfirm -S fontforge libspiro
  yaourt --noconfirm -S freetype2-git-infinality
  # TODO: sed infinality and change to OSX or OSX2 mode
  # and create the sym link from /etc/fonts/conf.avail to conf.d
  # misc apps
  #pacman --noconfirm -S htop openssh keychain bash-completion git vim
  #pacman --noconfirm -S chromium flashplugin
  #pacman --noconfirm -S scrot mypaint bc
  #yaourt --noconfirm -S task-git stellarium googlecl
  # TODO: argyll
  POST_EOF
  # Post install in chroot
  #echo "chroot and run /post_install"
  chroot /install /post_install
  rm /install/post_install
  # copy grub.efi file to the default HP EFI boot manager path
  mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
  mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
  cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
  cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
  cp /root/root.gpg ${INSTALL_TARGET}/boot/
  # NOTES/TODO

• An old question about the down of mshttpd

  The mshttpd is abnormally down for many times a day.
  The warning messages in the default log are:
  "[07/Jun/2005:14:56:58 +0800] mail stored[854]: General Error: function=getserverhello|port=80|error=failed to connect
  [07/Jun/2005:14:56:58 +0800] mail stored[854]: General Warning: alarmid=serverresponse|instance=http|time=07/Jun/2005:14:56:58 +0800|value=10|low=0|high=10|threshold(over)=10|count over threshold=1|warning sent=0"
  Would an increase of this threshold help? Where to set this threshold?
  Would it be possible to be caused by spam which sends to the server at a high rate during a period or by malicious invaders?
  I installed Solaris patch recently. It seems at lease having worsened the situation.
  Our Solaris version:
  Kernel version: SunOS 5.8 Generic 117350-25 May 2005
  It is iMS 5.2, no hotfix applied yet.
  Thanks.

  When you say, "mshttpd is abnormally down", do you mean that infact, it's not running? crashed?
  If so, then you should have downloaded and applied patch 2 months ago. There were literally hundreds of fixes for you, there.
  You don't really state much of what the problem is. If your mshttpd is actually dumping core. then you need to apply patch2, first. If that doesn't fix it, then we can look further.
  If it's not actually going down, and your problem is only the error messages, please let us know. There are several reasons why you might get these.

• Autoscaling Application block for Azure worker role console app not working. Get error as The HTTP request was forbidden with client authentication

  I have written a console application to test the WASABi(AutoScaling Application Block) for my worker role running in azure. The worker role processes the messages in the queue and I want to scale-up based on the queue length. I have configured and set the
  constraints and reactive rules properly. I get the following error when I run this application.
  [BEGIN DATA]{}
      DateTime=2013-12-11T21:30:02.5731267Z
  Autoscaling General Verbose: 1002 : Rule match.
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","MatchingRules":[{"RuleName":"default","RuleDescription":"The default constraint rule","Targets":["AutoscalingWebRole","AutoscalingWorkerRole"]},{"RuleName":"ScaleUpOnHighWebRole","RuleDescription":"Scale
  up the web role","Targets":[]},{"RuleName":"ScaleDownOnLowWebRole","RuleDescription":"Scale down the web role","Targets":[]},{"RuleName":"ScaleUpOnHighWorkerRole","RuleDescription":"Scale
  up the worker role","Targets":[]},{"RuleName":"ScaleDownOnLowWorkerRole","RuleDescription":"Scale down the worker role","Targets":[]},{"RuleName":"ScaleUpOnQueueMessages","RuleDescription":"Scale
  up the web role","Targets":[]},{"RuleName":"ScaleDownOnQueueMessages","RuleDescription":"Scale down the web role","Targets":[]}]}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling General Warning: 1004 : Undefined target.
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","TargetName":"AutoscalingWebRole"}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling Updates Verbose: 3001 : The current deployment configuration for a hosted service is about to be checked to determine if a change is required (for role scaling or changes to settings).
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","HostedServiceDetails":{"Subscription":"psicloud","HostedService":"rmsazure","DeploymentSlot":"Staging"},"ScaleRequests":{"AutoscalingWorkerRole":{"Min":1,"Max":2,"AbsoluteDelta":0,"RelativeDelta":0,"MatchingRules":"default"}},"SettingChangeRequests":{}}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling Updates Error: 3010 : Microsoft.Practices.EnterpriseLibrary.WindowsAzure.Autoscaling.ServiceManagement.ServiceManagementClientException: The service configuration could not be retrieved from Windows Azure for hosted service with DNS prefix 'rmsazure'
  in subscription id 'af1e96ad-43aa-4d05-b3f1-0c9d752e6cbb' and deployment slot 'Staging'. ---> System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException:
  The remote server returned an error: (403) Forbidden.
     at System.Net.HttpWebRequest.GetResponse()
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     --- End of inner exception stack trace ---
  Server stack trace: 
     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  If anyone know why I am getting this anonymous access violation error. My webrole is secured site but worker role not.
  I appreciate any help.
  Thanks,
  ravi
    

  Hello,
  >>: The service configuration could not be retrieved from Windows Azure for hosted service with DNS prefix 'rmsazure' in subscription id **************
  Base on error message, I guess your azure service didn't get your certificate and other instances didn't have certificate to auto scale. Please check your upload the certificate on your portal management. Also, you could refer to same thread via link(
  http://stackoverflow.com/questions/12843401/azure-autoscaling-block-cannot-find-certificate ).
  Hope it helps.
  Any question or result, please let me know.
  Thanks
  Regards,
  Will 
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Messages remained in queue - deferred

  NMS 4.15/patched.
  Any local domain user who has Email forwarded to a non-local domain is not receiving the forwarded Email.
  The NMS message queue is stacked up with thousands of messages for remote hosts.
  The queue is set for 1 minute retries for 3 days.
  PROCESSQ does not cause delivery.
  A test was setup with a non-local host, and the NMS 4.15 server never even contacts the remote host for delivery. BIND is running on the same machine and NSLOOKUP resolves remote hosts fine.
  Prior to this, all was working fine. We had to reinstalled NMS 4.15 and reload the LDAP database due to a corrupted disc. The same configuration was used.
  This sounds like a DNS issue whereby NMS is not finding an entry for the non-local host MX, however, the DNS used on the server (which has one IP address) resolves everything just fine.
  Any help appreciated !
  Thanks - Ado

  (1) There are four entries for SMTP routing which affect domains which we are MX backup for. I am not concerned with any Email on these domains at the moment.
  (2) Below is the test message which came into a local account which is forwarded. The local NMS account receipient got the message.
  The SMTP server for the forwarded recipient (@thepilotshop.us) is sitting right next to me, and NMS has never made a connection to it.
  Again, DNS resolves MX fine on that domain using the NMS server NSLOOKUP
  The same is true for 1,500+ forwards to @aol.com and others well-known domains.
  Envelope Contents:
  743
  Message-Id: HUOLPW01.E04
  Parent: 0
  Header-Size: 1413
  Body-Size: 719
  Header-Flush: 0
  Function: SMTP-Deliver
  Control-Type: Mail
  Priority: 2
  Submitted-Date: Tue, 16 Mar 2004 12:22:44 -0600
  MIME-Encoding: 7BIT
  Host-From: mailproxy.stl-net.net [65.127.236.34]
  User-From: SMTP<[email protected]>
  Message-Size: 2132
  MTA-Hops: 2
  Received-From-MTA: dns; mailproxy.stl-net.net (65.127.236.34)
  MAIL-Exts: RET=HDRS
  Trace: SMTP-Accept
  Trace: Account-Handler
  Trace: SMTP-Router
  Trace: SMTP-Deliver
  Account-To! repcogchatten
  Deliver-To! Mailbox repcogchatten
  Host-To: thepilotshop.us
  Channel-To: SMTP <[email protected]>
  RCPT-Exts:
  Remote-MTA: DNS;thepilotshop.us
  Last-Delayed-DSN-Date: Tue, 16 Mar 2004 12:22:44 -0600
  743
  Message-Id: HUOLYX01.204
  Parent: 0
  Header-Size: 1412
  Body-Size: 719
  Header-Flush: 0
  Function: SMTP-Deliver
  Control-Type: Mail
  Priority: 2
  Submitted-Date: Tue, 16 Mar 2004 12:28:09 -0600
  MIME-Encoding: 7BIT
  Host-From: mailproxy.stl-net.net [65.127.236.34]
  User-From: SMTP<[email protected]>
  Message-Size: 2131
  MTA-Hops: 2
  Received-From-MTA: dns; mailproxy.stl-net.net (65.127.236.34)
  MAIL-Exts: RET=HDRS
  Trace: SMTP-Accept
  Trace: Account-Handler
  Trace: SMTP-Router
  Trace: SMTP-Deliver
  Account-To! repcogchatten
  Deliver-To! Mailbox repcogchatten
  Host-To: thepilotshop.us
  Channel-To: SMTP <[email protected]>
  RCPT-Exts:
  Remote-MTA: DNS;thepilotshop.us
  Last-Delayed-DSN-Date: Tue, 16 Mar 2004 12:28:09 -0600
  It added the SMTP log DEBUG, and restarted the server. Below is the output from the startup, and the entry pertaining to the test Email to "@thepilotshop.us":
  [16/Mar/2004:16:24:49 -0600] smtp smtpd[272]: General Notice: listening on all interfaces port 29
  [16/Mar/2004:16:24:56 -0600] smtp smtpd[272]: General Warning: Netscape Messaging Server ESMTP 4.15 Patch 1 (built Mar 15 2000) starting up
  [16/Mar/2004:16:28:10 -0600] smtp smtpd[269]: General Notice: SMTP-Deliver:HUOLYX01.204:<[email protected]>:Deferred:thepilotshop.us:<[email protected]>:2133:1:<[email protected]>
  The oddity is that we installed from the exact same originals that we had been running onto a clean disc, with the same settings. The LDAP users were re-imported and that's it, and all was working fine before -:<>
  Any suggestions ?
  Thanks - Ado