Author Archives: Kaven G.

avatar

About Kaven G.

System Engineer / Network Administrator

VMware : Time on VCSA is out of sync with external PSC

This issue appear to be banal, but actually consumed precious (lost) time of my day deploying a vCenter Server Appliance on an external Platform Service controller, version 6.5.

At the “Install – Stage 2: Set Up vCenter Server Appliance”, you are asked for Single Sign-On infos of the PSC appliance. Clicking next, you may encounter the following message :

The time on this VMware vCenter Server Appliance is out of synchronization with the external Platform Services Controller with which you are trying to register by <seconds> seconds.

First thoughts, check for timezone and clock on both machines, it match. Ok, maybe it is offset a few seconds and the installer is very sensitive, configuring NTP with same source, same issue.

It turned out that the installer does not like other localtime value than UTC! If you have changed it to your local time zone, please change it back to UTC.

Using the VMware vSphere Appliance Management (https://domain.tld:5480) :

Navigator > Time > Time Zone

Using the CLI :

1. Remove the current timezone symlink :

2. Set the new timezone :

You may do a manual synchronization to time server using the following commands if necessary :

(Time servers are defined in /etc/ntpd.conf as well)

VMware : How to reset the root password of the vCenter Server Appliance

VMware vCenter is now shifting toward the all in one appliance running Photon OS, a Linux container optimized operating system by VMware.

Whatever you have lost your password or the deployment failed and the supplied password was not applied, you will need to reset it. To do so, simply the following procedure :

1. On boot, immediately after the BIOS post, press “E” on the Photon OS boot screen ;

2. On the 3rd line of the Grub screen (starting by “linux”, ending by “consoleblank=0”), add one space and append “rw init=/bin/bash” at the very end ;

3. Press “F10” or “CTRL+X” to boot with the entered parameters ;

4. The appliance will start in the bash environment as root, simply type “passwd” and enter the new password ;

5. Once the password is set, enter the command “umount /” ;

6. Then force reboot using “reboot -f”.

JunOS : Configuring the QSFP+ uplink ports on EX4300

By default, all QSFP+ ports on the EX4300 chassis are configured as virtual chassis ports (vcp).

VC minimal (recommended) requirement is two ports, meaning that two out of the four ports can be used as regular 40 Gbps interfaces and/or for uplink purpose.

Let’s assume we want to use the port #0 and 1 as uplink rather than VC ports, in order to do that, issue the following commands :

Then set them as auto-negotiation :

Commit the change :

From this point, interfaces “et-0/1/0” and “et-0/1/1” are now visible as interfaces and can be configured as such.

MacOS : Unable to negotiate with 0.0.0.0 port 22: no matching cipher found

Having the following issue connecting to a device using SSH after upgrading to macOS High Sierra 10.13.2?

Unable to negotiate with 0.0.0.0 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se

This is an expected behavior if you attempt to connect to a legacy system or network device running older version of SSH.

To workaround this issue, you may enable the legacy ciphers of your SSH client. To do so, follow these easy steps :

1. Open the Terminal (Go > Utilities > Terminal)

2. Open the SSH client configuration file using a text editor with elevated privileges (this example assume that you are using Vim, you will be prompted for the admin/root password as well) :

3. Locate the “Ciphers” line (should be at #38) and uncomment (remove the # sign) :

4. Save the file and you should now be able to connect.

EXTRA :

You may also continue to get additional message such as :

no matching host key type found. Their offer: ssh-dss

In that case, you may attempt to add “HostKeyAlgorithms” as suggested, for example :

Linux : How to show connected client of NFS export on the server?

Here is how to quickly show the connected clients to a NFS server. It might be useful to know before rebooting the server!

On the server, execute the following command (replace <> with the NFS server IP address) :

Example :

You should see a similar output :

tcp 0 0 192.168.45.32:2049 192.168.45.52:840 ESTABLISHED
tcp 0 0 192.168.45.32:2049 192.168.45.22:980 ESTABLISHED
tcp 0 0 192.168.45.32:2049 192.168.45.42:859 ESTABLISHED

Windows : How to pause Windows 10 updates download

Since Windows 10, Microsoft made it harder for users to disable automatic updates and downloads. When triggered automatically, there is no function on the user interface to stop them, unfortunately.

If you are running with the default settings, you might at some point end up working on your computer and noticed that your bandwidth was capped by a large Windows Update download, affecting your work.

To stop them and free up your system immediately, simply do the following procedure :

1. Open the Command Prompt or PowerShell with administrative privileges (you may right click on the Windows button to find it easily)

NOTICE : The following commands may prevent or interrupt updates from being installed, if Windows Update is actually installing, not downloading. I recommend to use them only to interrupt download, as interrupting installation could cause an issue. You can see by opening the update pane what is actually being done.

2. Execute the following commands :

Windows Update should have stopped downloading now. These services will restart automatically if you reboot your computer.

If you want to restart them manually rather than reboot, execute the following commands :

Linux : How to change User and Group ID

There might be some (rare) circumstances where you would like to change a UID or GID on Linux system.

If you know what you are doing and the implication behind this change (see warning comment below), this can be achieved using the commands below.

Change User ID (UID) :

Example :

Change Group ID (GID) :

Example :

Warning! Changing UID or GID will NOT apply apply on the filesystem. You will have files and folders left with numerical ownership values and the user and/or group that you just changed will not own these files and/or folders anymore. Manual change need to be applied. As you can imagine, if you are doing such operation for a user/group that run an application such as an Oracle database for example, the application should be stopped prior this change.

Note : UID and GID are 32 bits, therefore have a limitation of 232-1 (4 294 967 295), however there is a soft limit in place of 60 000, which is in my opinion way more than what is needed for common use. If needed, you can edit that limit in /etc/login.defs on RHEL.

ScreenOS : SSL error accessing the WebUI

If you are using the WebUI to manage your Juniper SSG / ScreenOS device, you probably encountered the following error accessing the page lately :

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

If you use a browser that allow SSLv3, you will be able to access the device. However as we all know the weakness of this protocol, it isn’t ideal to have it enabled. The workaround is to change the cipher on the ScreenOS device.

1. Login to your SSG firewall through SSH.

2. Enter the following command :

3. Save the configuration :

Linux : How to add rc.local in Debian 9

On Debian 9, the traditional “rc.local” has been deprecated. For traditional Linux users and administrators, there is a way to get it back using SystemD. See the procedure below :

1. Edit the non-existing file “rc-local.service” :

1.1. Add the following content to “/etc/systemd/system/rc-local.service” :

2. Edit the “rc.local” file :

 

2.1. Append the generic content below and save the file :

3. Change permissions :

4. Enable the “rc-local” script on boot :

5. Start the “rc-local” script :

6. Check if any error occurred while starting the service :

You may now append anything you’d like to the traditional “rc.local”.

Windows : Google Chrome freeze shortly after opening

I have encountered the following issue/symptoms with Google Chrome (version 56.0.2924.87) on Windows 10 :

– Google Chrome crash shortly after opening, the application become unresponsive even while going to settings
– Single tab opened with the default Google page
– No 3rd party extension, only Google defaults

After digging around, I found that the preference file was causing this issue (maybe corrupted). To resolve this matter, I simply renamed the “Preferences

1. Make sure Google Chrome is closed. You may use the “Task Manager” for this.

2. Go to the following folder using the Windows Explorer (the AppData folder is hidden, you need to have the “Display hidden files and folders” enabled) :

3. Locate the “Preferences” file and rename it to “Preferences.bak”.

4. Open Google Chrome again (the application will automatically create a new “Preferences” file) and the problem should be solved.

NOTE : Unlikely, but if you encountered any issue and would like to revert back, simply rename “Preferences.bak” to “Preferences”.

Category: PC