On calling azure powershell cmdlet Login-AzureRmAccount I'm prompted to enter my email address. I do this and then the message "redirecting you to your organization's sign-page" appears. The sign-in page is then displayed with the error message:
•Activity ID: 33a3798c-1362-45ad-a03c-c6dcde5f55ff
•Relying party: Microsoft Office 365 Identity Platform
•Error time: Tue, 20 Mar 2018 11:16:25 GMT
•Cookie: enabled
•User agent string: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Any ideas on how to diagnose what is happening here?
Related
what is the difference between the following user agent strings
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; rv:11.0) like Gecko
I am currently trying to debug a JS issue specific to IE and while debugging noticed that there are these 2 varying user agent strings, for windows 10 and IE 11.
Also, additionally, the user agent some times has Gecko/20100101 like in the string Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0, does presence of Gecko/20100101 indicate that its a Desktop always?
Thanks.
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
By default, Internet Explorer 11 on Windows 10 sends the above User-Agent string:
Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C;
rv:11.0) like Gecko
By default, Internet Explorer 11 on Windows 8.1 sends the following User-Agent string:
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Internet Explorer 11 continues the IE9 tradition of exposing extensible tokens in the navigator.userAgent property but not sending those tokens in the request header. For instance, by default this property returns the following on IE11/Win8.1:
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C; rv:11.0) like Gecko
The .NET tokens here were pulled from the registry and allow JavaScript to detect that the .NET Framework is installed on the computer. (They’re a bit misleading because Windows 8.1 includes the 4.5 version of the Framework.)
More detail information, please check the User Agent and Internet Explorer 11’s Many User-Agent String.
The UA string of Firefox itself is broken down into four components:
Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefoxversion
Gecko/geckotrail indicates that the browser is based on Gecko.
On Desktop, geckotrail is the fixed string "20100101".
More detail information about Firefox user agent string, please check the Firefox user agent string reference.
Edit:
[Note] In Windows, Macintosh, Linux, Firefox for Maemo (Nokia N900), Camino on Mac, SeaMonkey on Windows, SeaMonkey on Mac and SeaMonkey on Linux, the Firefox user agent string contains "20100101".
I'me trying to parse some Apache access logs using ELK stack, but I'm having issues with logstash not applying the Apache filter i created on any Apache logs.
Here is my filter file:
filter {
if [type] == "apache_access" {
grok {
patterns_dir => ["/opt/logstash/patterns/apache"]
add_tag => ["grokked", "apache"]
match => ["messege", "%{IP:client} - - \[%{HTTPDATE:event_date}\] %{QS:first} %{NUMBER:response} %{NUMBER:bytes} %{QS:destination} %{QS:browser}"]
}
}
}
filebeat config:
filebeat:
prospectors:
-
paths:
- /var/log/apache2/access.log
document_type: apache_access
registry_file: /var/lib/filebeat/registry
Also I'm using an example log file from logz.io, it contains logs like the following:
88.114.162.149 - - [04/Aug/2016:00:00:05 +0000] "GET /item/giftcards/3802 HTTP/1.1" 200 82 "/category/books" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
156.141.192.36 - - [04/Aug/2016:00:00:10 +0000] "GET /category/toys?from=20 HTTP/1.1" 200 135 "/category/toys" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11"
92.213.110.215 - - [04/Aug/2016:00:00:15 +0000] "GET /category/software HTTP/1.1" 200 108 "/category/books" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11"
80.225.119.24 - - [04/Aug/2016:00:00:20 +0000] "GET /category/cameras HTTP/1.1" 200 100 "http://www.google.com/search?ie=UTF-8&q=google&sclient=psy-ab&q=Cameras+Books&oq=Cameras+Books&aq=f&aqi=g-vL1&aql=&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&biw=2640&bih=427" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; YTB730; GTB7.2; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Media Center PC 6.0)"
208.219.150.176 - - [04/Aug/2016:00:00:25 +0000] "GET /category/software HTTP/1.1" 200 117 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.2; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
160.165.186.172 - - [04/Aug/2016:00:00:30 +0000] "GET /category/office HTTP/1.1" 200 101 "/category/electronics" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; YTB720; GTB7.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
224.150.219.97 - - [04/Aug/2016:00:00:35 +0000] "GET /category/jewelry HTTP/1.1" 200 74 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
I've check my filter in grokdebug and everything works fine there, but every time I push those logs into logstash it doesn't apply that filter, instead all logs entries have a "_grokparsefailure" tag.
Any idea what could be the issue here? I've followed several guides and still have this problem.
P.S.
I know about COMBINEDAPACHELOG but I still wanted to parse it this way for my own experience and to understand ELK stack batter.
Try to change messege to message in your grok match
change 'e' to 'a'
|
v
match => ["message", "%{IP:client} - - \[%{HTTPDATE:event_date}\] %{QS:first} %{NUMBER:response} %{NUMBER:bytes} %{QS:destination} %{QS:browser}"]
I'm seeing this HTTP header on some requests made to my server:
X-P2P-PeerDist: Version=1.0
I'm aware of this: http://www.faqs.org/patents/app/20110016220#ixzz3g3X8lSYF, but I would like to know what are the known clients sending that header.
Any idea?
UPDATE: as requested, i'm including the other headers sent with the request (I've obfuscated some private stuff that are related to our customer with ***):
GET http://***.com/ HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Connection: Keep-Alive
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3; .NET4.0C; .NET4.0E)
X-P2P-PeerDist: Version=1.0
UA-CPU: AMD64
Accept-Encoding: gzip, deflate, peerdist
Host: ***.com
Cookie: SMSESSION=***; OrgName=***; authCookie=***; ASP.NET_SessionId=***
Pragma: no-cache
Cache-Control: no-cache
The user agent seems to indicate IE11 (Trident/) in IE7 mode (compatible; MSIE 7.0), but I'm not getting the X-P2P-PeerDist header when I'm using this config, so I don't think it's directly related.
It is one of the headers used in the PeerDist peer content caching protocol. It has never been standardized and are not even registered with the IANA registry for HTTP headers.
It is known to be sent from some recent versions of Internet Explorer, .NET HTTP clients and SilverLight HTTP clients.
I’m relatively certain that this header is send when if the client is configured to use BranchCache and a request is made using WinHTTP. About BranchCache:
To optimize WAN bandwidth, BranchCache copies content from your main office content servers and caches the content at branch office locations, allowing client computers at branch offices to access the content locally rather than over the WAN. (Source).
When testing here locally, a client that has BranchCache enabled sends the X-P2P-PeerDist header, while a brand new client (no BranchCache configured) does not sent it.
The underlying protocol seems for is Peer Content Caching and Retrieval (MS-PCCRTP), as the section Message Syntax from the protocol description defines X-P2P-PeerDist as one of the HTTP header extension it uses.
However, the document BranchCache Deployment Guide for Windows Server 2008 R2 and Windows 7 lists other MS-PCCx protocols but not MS-PCCRTP. So I don't have an external evidence that this header is caused by a BranchCache enabled client.
I have seen this in IE11 + compatibility mode on Windows 7, connected to an intranet application and downloading a docx file. The request only appears when downloading a document. All requests are going through an F5 load balancer. In other non-download requests on the same browser and same application, the X-p2p-peerdist header is missing.
I'm trying to determine the user agent string for surface RT for testing purposes.
Just do some Google'ing and you will find your answer.
Internet Explorer 10 User-agent string
Internet Explorer 10 on Windows RT:
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; ARM; Trident/6.0)
Update after comment below
The link above also states:
Identifying touch-enabled systemsInternet Explorer 10 introduces the "Touch" UA string token. If this token is present at the end of the UA string, the computer has touch capability, and is running Windows 8 (or later). This UA string will be transmitted on a touch-enabled system running Windows 8. Note Internet Explorer 10 on Windows 7 will never report a UA string with the "Touch" token.
Internet Explorer 10 on Windows RT with Touch enabled:
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; ARM; Trident/6.0; Touch)
Update for Internet Explorer 11
User-agent string changes
Here is what's reported for Internet Explorer 11 on Windows 8.1:
Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Here is the string for Internet Explorer 11 on Windows 7:
Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
If you compare these values to those reported by earlier versions of Internet Explorer, you'll find the following changes:
The compatible ("compatible") and browser ("MSIE") tokens have been removed.
The "like Gecko" token has been added (for consistency with other browsers).
The version of the browser is now reported by a new revision ("rv") token.
I went to a Microsoft retail location yesterday (November 13, 2012) and used IE to browse to http://whatsmyuseragent.com/ in both Metro and Desktop modes.
Here is the user agent given in both cases:
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; ARM; Trident/6.0; Touch)
For those interested. Here is the User Agent string for a Surface Pro (128Gb):
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0; Touch)
Actually, everyone is wrong. The actual user agent that comes up in metro mode is
Mozilla/4.0 (Compatible; msie 7.0; windows nt 6.2; arm; trident/6.0;
touch; .net4.0e; .net4.0c; tablet PC 2.0; Version).
This is what I get when I visit the whatsmyuseragent site:
Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; rv:11.0) like Gecko
Hope this helps.
surface RT will run only IE 10.
The User Agent string is
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; ARM; Trident/6.0)
(source: this MSDN blog entry)
This type of information is typically published well in advance of the delivery of the underlying browsers / machines, because of the interest Web Browser manufacturers have in seeing the new browsers well supported by most Web Sites.
UserAgent for devices -
IE desktop - "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.3; rv:11.0) like Gecko"
IE Surface Pro - "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; .NET4.0C; .NET4.0E; Tablet PC 2.0; rv 11.0) like Gecko"
Edge desktop - "Mozilla/5.0 (Windows NT 10.0; Win64; x64; ServiceUI 9) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063"
Edge surface - "Mozilla/5.0 (Windows NT 10.0; Win64; x64; ServiceUI 13) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134"
By looking at the above user agents we don't have any clear distinguish between desktop and surface pro for Edge(IE is having Tablet PC check available ). So here to detect the window device first(surface pro is window tablet) and then verify if the device is touch device.
window + touch: true - surface pro
window + touch: false - desktop
isSurface: function () {
// Window device Check
if(!!navigator.userAgent.match(/Win/)) {
// Check if the device is touch
return !!navigator.userAgent.match(/Tablet PC/i) || "ontouchstart" in document.documentElement;
}
}
I've been searching for a solution on the internet for this, and can not find it anywhere.
I've setup a simple POST request through Fiddler for an ASP page on my local machine:
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)
Host: localhost
Connection: Keep-Alive
Authorization: Basic xW91bsdtcyNqYTpfs8Jkb4ql
Content-Length: 9
asdfdfdsf
The ASP page contains the following line:
Response.Write(Request.ServerVariables("HTTP_Authorization"))
Instead of writing out "Basic .....", it doesn't write anything at all. If I change "HTTP_Authorization" to any of the other headers (HTTP_Content_Length), I can pull in their values.
Is there a reason ASP is refusing to let me see that specific header?
Thanks!
Apparently it was being removed by the server's windows auth
I unchecked "Integrated Windows authentication" and the header started showing up correctly