Author Archives: Kaven G.

avatar

About Kaven G.

System Engineer / Network Administrator

Linux : How to change User and Group ID

There might be some (rare) circumstances where you would like to change a UID or GID on Linux system.

If you know what you are doing and the implication behind this change (see warning comment below), this can be achieved using the commands below.

Change User ID (UID) :

Example :

Change Group ID (GID) :

Example :

Warning! Changing UID or GID will NOT apply apply on the filesystem. You will have files and folders left with numerical ownership values and the user and/or group that you just changed will not own these files and/or folders anymore. Manual change need to be applied. As you can imagine, if you are doing such operation for a user/group that run an application such as an Oracle database for example, the application should be stopped prior this change.

Note : UID and GID are 32 bits, therefore have a limitation of 232-1 (4 294 967 295), however there is a soft limit in place of 60 000, which is in my opinion way more than what is needed for common use. If needed, you can edit that limit in /etc/login.defs on RHEL.

ScreenOS : SSL error accessing the WebUI

If you are using the WebUI to manage your Juniper SSG / ScreenOS device, you probably encountered the following error accessing the page lately :

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

If you use a browser that allow SSLv3, you will be able to access the device. However as we all know the weakness of this protocol, it isn’t ideal to have it enabled. The workaround is to change the cipher on the ScreenOS device.

1. Login to your SSG firewall through SSH.

2. Enter the following command :

3. Save the configuration :

Linux : How to add rc.local in Debian 9

On Debian 9, the traditional “rc.local” has been deprecated. For traditional Linux users and administrators, there is a way to get it back using SystemD. See the procedure below :

1. Edit the non-existing file “rc-local.service” :

1.1. Add the following content to “/etc/systemd/system/rc-local.service” :

2. Edit the “rc.local” file :

 

2.1. Append the generic content below and save the file :

3. Change permissions :

4. Enable the “rc-local” script on boot :

5. Start the “rc-local” script :

6. Check if any error occurred while starting the service :

You may now append anything you’d like to the traditional “rc.local”.

Windows : Google Chrome freeze shortly after opening

I have encountered the following issue/symptoms with Google Chrome (version 56.0.2924.87) on Windows 10 :

– Google Chrome crash shortly after opening, the application become unresponsive even while going to settings
– Single tab opened with the default Google page
– No 3rd party extension, only Google defaults

After digging around, I found that the preference file was causing this issue (maybe corrupted). To resolve this matter, I simply renamed the “Preferences

1. Make sure Google Chrome is closed. You may use the “Task Manager” for this.

2. Go to the following folder using the Windows Explorer (the AppData folder is hidden, you need to have the “Display hidden files and folders” enabled) :

3. Locate the “Preferences” file and rename it to “Preferences.bak”.

4. Open Google Chrome again (the application will automatically create a new “Preferences” file) and the problem should be solved.

NOTE : Unlikely, but if you encountered any issue and would like to revert back, simply rename “Preferences.bak” to “Preferences”.

Category: PC

Linux : R1Soft failed backup of LVM configuration

Having the following error while executing a R1Soft backup on a Linux server?

Failed backup of LVM configuration
Failed to execute command ‘lvm.static pvs -o pv_fmt,pv_uuid,dev_size,pv_name,pv_mda_free,pv_mda_size,pv_all,seg_all,pvseg_all,vg_all,lv_all –nameprefixes –noheadings –units b –nosuffix –unquoted’

This seem to be related to the latest version. Apparently Idera are aware of the issue and working on a permanent fix.

In meantime, to workaround this issue, you can simply move the R1Soft static version of LVM and replace it with the system one as followed :

1. Move the original file as “.bak” :

2. Create a symbolic link of the system LVM version for R1Soft :

Your backup should work normally now.

Linux : Yum/rpm broken upgrading from CentOS/RHEL 7.3 to 7.4 (error: Failed to initialize NSS library)

You probably experienced the following issue, running “Yum update” on a RHEL 7.3 system :

error: Failed to initialize NSS library
There was a problem importing one of the Python modules
required to run yum. The error leading to this problem was:

cannot import name ts

Please install a package which provides this module, or
verify that the module is installed correctly.

It’s possible that the above module doesn’t match the
current version of Python, which is:
2.7.5 (default, Aug 2 2016, 04:20:16)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]

If you cannot solve this problem yourself, please go to
the yum faq at:
http://yum.baseurl.org/wiki/Faq

Apparently, some component updated are “out of sync” in term of version with existing, non-updated components of the system.

To resolve this issue, you need to invoke yum with “libnspr4” shared object, upgrading nspr.

1. Download libnspr4 shared object :

www.itechlounge.net/softwares/rhel/libnspr4.so_.tar.bz2

Alternate link (subscription required) : https://access.redhat.com/node/3134931/40/0

2. Unpack it :

3. Invoke Yum with it :

Yum should be working now.

ScreenOS : ERR_SSL_VERSION_OR_CIPHER_MISMATCH accessing WebUI

You probably encountered the following error if you are a fan of using the Juniper SSG/ScreenOS WebUI using a “modern” browser :

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Well, since the latest clustered SSL exploits, the vast majority of browsers decided to disable some protocols and ciphers for everyone’s safety.

To work around this issue, you may use the following command to change the cipher suite on your SSG device :

This command can be safely used on a production system and will apply right away. Then you may issue the following command to write the change to the memory :

You should be able to use your browser to access the WebUI through SSL.

Windows : Convert Server 2016 Standard to Datacenter

Windows evolved a lot in the last years, what was once a headache for system administrators is now behind us since a few years. Microsoft now allow to convert a installed Windows Server 2016 Standard to Datacenter without having to re-install.

To achieve this, you will need to have in hand your Windows Server 2016 Datacenter product key.

1. Open the command prompt with elevated privileges

2. Enter the following command :

Example :

Output example :

VMware : vSphere client “Expected put message. Got: ERROR” from datastore browser

I recently encountered the following message trying to copy a ISO file located on a datastore :

Expected put message. Got: ERROR

Unfortunately, this message isn’t telling us much. However by deduction, this error is caused by some lock on the file because already in use in some way.

Make sure that no virtual machine have the ISO mounted. If there is any, just unmount the ISO from all VMs optical drive device and start the copy again.

Windows : BSOD 0x0000007E (0xFFFFFFFFC0000005, 0xFFFFF880018C9836, 0xFFFFF880009A9008, 0xFFFFF880009A8860)

I had the luck of experiencing the following blue screen on a Windows Server 2008 R2 domain controller server at boot lately :

*** STOP: 0x0000007E (0xFFFFFFFFC0000005, 0xFFFFF880018C9836, 0xFFFFF880009A9008, 0xFFFFF880009A8860)

Related facts with this server :

– Haven’t been rebooted since two years
– Windows Updates haven’t been run for two years
– Running minimalistic list of software (Avast Endpoint Protection Suite Plus)
– The server have enough free disk space
– Not any hardware or software drivers is in cause
Won’t boot in any mode (Safe mode, Last Known Good Configuration, etc.) except DSRM
– Restore from backup 30 days back does the same thing as well

Analyzing the EventViewer or the Kernel Crash Dump did not revealed anything useful beside that the system crashed because of an event that couldn’t be catched by the system! (Yes… I know!)

After trying all possible things, disabling services, boot items etc. without any positive results, I decided to remove the only piece of non-Windows software that was in the equation (even though there isn’t any trace of evidence that point to it)…

SOLUTION : Uninstall Avast Endpoint Protection Suite Plus!

Indeed, as crazy as it sound, removing Avast from the system solved this blue screen. I have filled a bug report to Avast about this and awaiting their reply. Stay tuned for update.