[solved] first install help

[chimpooooo]

Yes i've tried your installer as well but end up with the same results.

I get the 500 Internal Server Error when i browse to cacti/index.php

Yup this is highly customized win 2003 image e.g even the default website was disabled etc. I'll try to snoop around.

Do let me know if you have any ideas! Thanks again

Oh and the ONLY permissions i set are

IUSR_XXX and IIS_WPG read & execute rights on cmd.exe
IUSR_XXX and IIS_WPG modify rights on cacti and its sub folders
svcCacti (service account for cacti) modify rights to C:\php\extras\mibs\.index

[BSOD2600]

You searched on google for IIS 500 errors related to PHP? Should give you some pointers in the right direction. Try re-setting the IIS PHP related settings, following my installation guide.

I still think Process Explorer (or Filemon) should reveal any permission issues (or possible that 500 error). just takes time to sift through the logs and analyze them.

[chimpooooo]

YES!!!!!!!!!!!!!!!!!!!!!

IIS manager/Web Service Extensions. Select "all unknown ISAPI filter" and press allow.

Did the trick

[BSOD2600]

Great, but wrong because that leaves a gaping hole in IIS. Instead, you should've followed my installation guide carefully:

# If using IIS6, go to Web Service Extensions and add a new Web Service Extension. Name the extension php, click Add and browse to C:\PHP\php5isapi.dll, enable Set Extension status to Enable, and click OK.

[chimpooooo]

I already had that web service extension in there and it didnt work apparently....

[chimpooooo]

sigh... ran into further problems now

the rrd files exist in the folder and are constantly updating.. but all the graphs are broken..

strangely enough the rrd files always stay at 93kb!

here is the debug. the iis_wpg and iis_usr and svcCacti have rights on all the cacti folders



RRDTool Command:

E:/inetpub/wwwroot/web/cacti/rrdtool/rrdtool/Release/rrdtool.exe graph - \
--imgformat=PNG \
--start=-86400 \
--end=-300 \
--title="SDK1 - Traffic - 146.27.67.33 (HP NC7782 Gigab)" \
--rigid \
--base=1000 \
--height=120 \
--width=500 \
--alt-autoscale-max \
--lower-limit=0 \
--vertical-label="bits per second" \
--slope-mode \
--font TITLE:12: \
--font AXIS:8: \
--font LEGEND:10: \
--font UNIT:8: \
DEF:a="E\:/inetpub/wwwroot/web/cacti/rra/sdk1_traffic_in_12.rrd":traffic_in:AVERAGE \
DEF:b="E\:/inetpub/wwwroot/web/cacti/rra/sdk1_traffic_in_12.rrd":traffic_out:AVERAGE \
CDEF:cdefa=a,8,* \
CDEF:cdeff=b,8,* \
AREA:cdefa#00CF00FF:"Inbound" \
GPRINT:cdefa:LAST:" Current\:%8.2lf %s" \
GPRINT:cdefa:AVERAGE:"Average\:%8.2lf %s" \
GPRINT:cdefa:MAX:"Maximum\:%8.2lf %s" \
COMMENT:"Total In\: 0 bytes\n" \
LINE1:cdeff#002A97FF:"Outbound" \
GPRINT:cdeff:LAST:"Current\:%8.2lf %s" \
GPRINT:cdeff:AVERAGE:"Average\:%8.2lf %s" \
GPRINT:cdeff:MAX:"Maximum\:%8.2lf %s" \
COMMENT:"Total Out\: 0 bytes"

RRDTool Says:

Access is denied.


C:\php>php -q E:\inetpub\wwwroot\web\cacti\cmd.php
06/12/2008 10:16:59 AM - CMDPHP: Poller[0] Host[1] PING: Host is alive
06/12/2008 10:16:59 AM - CMDPHP: Poller[0] Host[1] RECACHE: Processing 3 items i
n the auto reindex cache for '127.0.0.1'.
06/12/2008 10:16:59 AM - CMDPHP: Poller[0] Host[1] DS[11] SNMP: v1: 127.0.0.1, d
sname: traffic_in, oid: .1.3.6.1.2.1.2.2.1.10.65539, output: 325753105
06/12/2008 10:16:59 AM - CMDPHP: Poller[0] Host[1] DS[11] SNMP: v1: 127.0.0.1, d
sname: traffic_out, oid: .1.3.6.1.2.1.2.2.1.16.65539, output: 2153909754
06/12/2008 10:16:59 AM - CMDPHP: Poller[0] Host[2] PING: Host is alive




C:\php>php E:\inetpub\wwwroot\web\cacti\poller.php
06/12/2008 10:20:30 AM - POLLER: Poller[0] NOTE: Poller Int: '300', Scheduled Ta
sk Int: '300', Time Since Last: '90', Max Runtime '298', Poller Runs: '1'
06/12/2008 10:20:30 AM - POLLER: Poller[0] NOTE: Scheduled Task is configured to
run too often! The Poller Interval is '300' seconds, with a minimum Scheduled
Task period of '300' seconds, but only 90 seconds have passed since the poller l
ast ran.

C:\php>

[BSOD2600]

strangely enough the rrd files always stay at 93kb!

As they should be! Please read the rrdtool website how it functions.

RRDTool Says:

Access is denied.

Well this is an obvious NTFS permission issue. Please re-read the installation guide.

[chimpooooo]

Thanks for your patience.

I have gone over the permissions rrdtool.exe and cmd.exe the cacti folder the php folder. ALL accounts have full control over all files.. what more can i do?

[BSOD2600]

All accounts... as in the IUSR_ and IIS_WPG?

Have you changed the default user accounts for IIS so those are not the defaults?

Last resort, follow http://forums.cacti.net/viewtopic.php?t=26165, which SHOULD reveal what/where is getting denied.

[chimpooooo]

I ran filemon for 10 min while including * and highlighted denied. Let me know what i can do to fix them

However there were a lot of not found status message. e.g csrss.exe looking for php.exe in all sorts of folders. And buffer flows like c:\php\php.exe buffer overflow . do i care about these?

I've attached a snap of what i saw. Do let me know if i should be looking for something else.

[BSOD2600]

I ran filemon for 10 min while including * and highlighted denied. Let me know what i can do to fix them

Did you not follow this guide, which told you what needed to be fixed? Looks like you have NOT followed the installation guide, since at the very least cmd.exe does not have the correct NTFS permissions. Nor does the php\mibs\.index or some of the IIS directory.

However there were a lot of not found status message. e.g csrss.exe looking for php.exe in all sorts of folders. And buffer flows like c:\php\php.exe buffer overflow . do i care about these?

Typically no. Buffer overflows aren't as bad as they sound. File not found, could be bad if it never finds the file -- but if you notice it eventually does.

[chimpooooo]

The permissions have already been set accoriding to your docs. I have repeatedly confirmed them

From the screenshot all denies are from the user NT AUTHORITY\NETWORK and not from the scheduler account or iis etc

i am lost..

[BSOD2600]

From the screenshot all denies are from the user NT AUTHORITY\NETWORK and not from the scheduler account or iis etc

That is because that account is being impersonated by the accout which cacti is running under. The sysinternals process monitor tool would tell you the detail of the real user which it was launched under, if you got properties on that log entry.

Is your windows set up standard? i.e. IIS uses the IUSR_ and IIS_WPG accounts?

[chimpooooo]

Sorry was out of town.

I cannot run process monitor since SP1 is a pre-req. Is there any other program i can use to figure out the impersonated accounts? Or some small patch i can install instead of the whole SP1 to make it work?

Yes standard IIS accounts are being used..

[BSOD2600]

For testing, just go ahead and grant the NT AUTHORITY\NETWORK account the read/execute rights to all the files/folders which its currently getting denied. Then once you get cacti functional, you can tighten down security again.