Author Archives: Kaven Gagnon

About Kaven Gagnon

System & Network Architect

Linux : How to change default route metric

Under some rare circumstances, you may require to change the default route metric. The first way of doing should be through the “ifcfg-ethX” configuration file by adding the “METRIC=” statement.

However it has been found to be inefficient for me and had to apply it using “ip route” as followed :

ip route del default via <your.default.gateway.ip> dev <interface> proto static metric <current.metric>
ip route add default via <your.default.gateway.ip> dev <interface> proto static metric <new.metric>

1 2	ip route del default via <your.default.gateway.ip> dev <interface> proto static metric <current.metric> ip route add default via <your.default.gateway.ip> dev <interface> proto static metric <new.metric>

Example :

ip route del default via 1.2.3.4 dev eth0 proto static metric 100
ip route add default via 1.2.3.4 dev eth0 proto static metric 90

1 2	ip route del default via 1.2.3.4 dev eth0 proto static metric 100 ip route add default via 1.2.3.4 dev eth0 proto static metric 90

You should now be able to see the result using the following command :

ip route

ip route

JunOS : Buffer management parity error detected in mpfe1, value 0, re-init the PFE

Encountering the following error in the logs of your Juniper device?

/kernel: Buffer management parity error detected in mpfe1, value 0x4001, re-init the PFE
/kernel: Buffer management parity error detected in mpfe1, value 0, re-init the PFE

This is most likely pointing toward defective hardware, more specifically memory issue.

If this message showed only once, you may stay on alert and monitor closely. If it repeated three times in the last two years, raise a JTAC case for RMA.

If you’ve encountered this message, and your device rebooted by itself, hang at boot with “PWR OK” status code and need to pull out the power cord(s) to get your device back online, you definitely need to take immediate action to replace your device.

Windows : Failed to boot blue screen VOLMGRX INTERNAL ERROR

If your Windows 10 system suddenly stopped booting and show the following error message :

VOLMGRX INTERNAL ERROR

It most likely mean that your software RAID volume has failed. It may indicate a hardware underlying issue, such as a failed drive or the mirror just broke and is no longer in sync.

To find out, either use the Troubleshoot option from the startup menu or boot with the installation media in recovery mode to access the same menu and chose the following options :

Troubleshoot > Advanced options > Command Prompt

Enter into the disk utility using the following command :

diskpart

diskpart

Then have a look at the volumes present on your system :

list volume

1	list volume

If your situation match the one we are covering into this article, you should see something similar to this output :

Volume ###	Ltr	Label	Fs	Type	Size		Status		Info
----------	---	------  ----	-----	----------	-------		---------
Volume 0	C		NTFS	Mirror	465 GB		Failed Rd	
Volume 1	E		NTFS	Mirror	350 MB		Failed Rd	
Volume 2	D			DVD-ROM	   0 B		No Media

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ------ ---- ----- ---------- ------- ---------

Volume 0 C NTFS Mirror 465 GB Failed Rd

Volume 1 E NTFS Mirror 350 MB Failed Rd

Volume 2 D DVD-ROM 0 B No Media

Pay special attention to the “Status” column, look for “Failed Rd” (Failed Raid).

If you see the following on your system, attempt to initiate a rebuild as followed :

select volume 0
recover

1 2	select volume 0 recover

DiskPart will now attempt to rebuild all mirrored partition located on that dynamic disk. Running the “list volume” command again, you should see the state (you yon’t see the rebuild percentage though).

Leave it synchronize until full completion, you may run the command “list volume” periodically for update. Once you’ll see all volumes as “Healthy” (see example below), reboot your computer.

Volume ###	Ltr	Label	Fs	Type	Size		Status		Info
----------	---	------  ----	-----	----------	-------		---------
Volume 0	C		NTFS	Mirror	465 GB		Healthy		
Volume 1	E		NTFS	Mirror	350 MB		Healthy		
Volume 2	D			DVD-ROM	   0 B		No Media

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ------ ---- ----- ---------- ------- ---------

Volume 0 C NTFS Mirror 465 GB Healthy

Volume 1 E NTFS Mirror 350 MB Healthy

Volume 2 D DVD-ROM 0 B No Media

NOTE : Il the software RAID volume(s) fail to rebuild, have a look at your hardware. Most likely a failing drive could be the root cause.

VMware : Importing an OVA file with several disks fails with the error: Unable to access file: x:\vdisk.vmdk. End of OVA file reached while looking for: vdisk.vmdk

Experiencing the following error while importing Guest VM template from single OVA file?

Importing an OVA file with several disks fails with the error: Unable to access file: x:\vdisk.vmdk. End of OVA file reached while looking for: vdisk.vmdk

I have encountered the following error trying to export a template I made, selecting a single OVA file option when exporting the template. To work around this issue, I did the same export but selecting the “OVF / Folder of Files” option, which create multiple file in a folder, which create a OVF, MF and VMDK file(s).

Re-exporting the template with “OVF / Folder of Files” option solved that issue.

Linux : WARNING URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

If you’ve noticed the following error message while starting CSF Firewall, it means that you are missing Perl modules on your system in order to fully take advantage of the capabilities of CSF.

*WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

In order to install the missing Perl packages/dependencies, use the following command depending of your environment :

Debian/Ubuntu :

apt-get install libwww-perl

1	apt-get install libwww-perl

RHEL/CentOS

yum install perl-libwww-perl net-tools perl-LWP-Protocol-https

1	yum install perl-libwww-perl net-tools perl-LWP-Protocol-https

Linux : Seafile Failed to init ccnet database: Specified key was too long

Encountered the following error during the Seafile installation process?

Error: Failed to init ccnet database: Specified key was too long; max key length is 767 bytes

Something went wrong while the installation script attempted to deploy the database.

Normally, InnoDB has a limitation of 767 bytes and 1000 bytes for MyISAM. Creating the database with “utf8” charset would workaround that issue.

Warning! Dropping the databases will remove existing data you may have in them. Since this example is about a new Seafile installation, this shouldn’t be an issue, but I just thought it worth mentioning for any inexperienced folks ending up reading this article.

You first need to drop the current databases, example :

drop database seafile_server;
drop database ccnet_server;
drop database seahub_server;

drop database seafile_server;

drop database ccnet_server;

drop database seahub_server;

Then re-create them with utf8 charset, example :

create database seafile_server character set = 'utf8';
create database ccnet_server character set = 'utf8';
create database seahub_server character set = 'utf8';

create database seafile_server character set = 'utf8';

create database ccnet_server character set = 'utf8';

create database seahub_server character set = 'utf8';

Note : You should be good to launch the install script again (you will need first to clean the current leftover installation files before the script can be executed).

Web : How to password protect a Web directory with htaccess

If for any particular reason you need to password protect a Web directory, on an Apache Web server using htaccess, here are steps below :

1. If not already existing, create a file name “.htaccess” at the root of the folder you want to protect :

touch .htaccess

1	touch .htaccess

2. Make sure it is readable by the Web server user (write access can also be granted for convenience, but may represent a security risk) :

chown user:group .htaccess
chmod 440 .htaccess

1 2	chown user:group .htaccess chmod 440 .htaccess

3. Add or append the following into the “.htaccess” file (edit AuthUserFile accordingly) :

AuthUserFile /path/to/user/root-folder/.htpasswd
AuthGroupFile /dev/null
AuthName "Secure Document"
AuthType Basic
require user username

AuthUserFile /path/to/user/root-folder/.htpasswd

AuthGroupFile /dev/null

AuthName "Secure Document"

AuthType Basic

require user username

Note : You need to replace “username” by the actual username you want. You may also append as many users as you need.

4. Create the password file (we recommend putting this file outside of your Document Root (within your home folder but inaccessible by Web visitors for enhanced security) :

touch /path/to/user/root-folder/.htpasswd

1	touch /path/to/user/root-folder/.htpasswd

5. Create the user/password :

htpasswd -c /path/to/user/root-folder/.htpasswd username

1	htpasswd -c /path/to/user/root-folder/.htpasswd username

Note : You may repeat the step above for as many users you need and initially entered in the .htaccess file above. If you do not have shell access, there are many generators available on the Web, you may just copy/paste the content to a text file and upload it with

Linux : Error deleting domain in cPanel The subdomain does not correspond to domain.tld

Experiencing the following issue trying to delete a domain in your cPanel account?

The subdomain hostname_domain.tld does not correspond to domain.tld.

Have a look if the domain isn’t listed in “Addon Domains” or “Alias”. If the domain show up in either of those category, try deleting from there first.

In this case, it turned out that the domain was added as “Addon Domain”, deleting in that category worked out and is no longer listed in “Domains”.

JunOS : Port forwarding on Juniper SRX

A friend of mine who was used to the legacy and EOL SSG/ScreenOS platform and he just jumped into the new world of SRX/JunOS gave me the motivation to write this article. As the syntax is quite different between the two platform, it may be harder to get at first and the following example should help you out!

This tutorial will show the various steps of he configuration. I have used as much as possible “intuitive names” for the various elements while this example is about port forwarding a non-standard RDP port to the server 192.168.15.15.

1. Define the target machine object name in the “address book” (this is a name alias for the target IP) :

set security zones security-zone LAN address-book address ip-lan_SERVERNAME description "Server Description"
set security zones security-zone LAN address-book address ip-lan_SERVERNAME 192.168.15.15/32

1 2	set security zones security-zone LAN address-book address ip-lan_SERVERNAME description "Server Description" set security zones security-zone LAN address-book address ip-lan_SERVERNAME 192.168.15.15/32

2. Define the custom application protocol and port (this step is optional, to be used if your application isn’t listed in the default list) :

set applications application custapp-rdp-tcp-3399 protocol tcp
set applications application custapp-rdp-tcp-3399 destination-port 3399
set applications application custapp-rdp-tcp-3399 description RDP

set applications application custapp-rdp-tcp-3399 protocol tcp

set applications application custapp-rdp-tcp-3399 destination-port 3399

set applications application custapp-rdp-tcp-3399 description RDP

3. Define the destination NAT pool for the target machine :

set security nat destination pool dnat-pool_SERVERNAME address 192.168.15.15/32
set security nat destination pool dnat-pool_SERVERNAME address port 3399

1 2	set security nat destination pool dnat-pool_SERVERNAME address 192.168.15.15/32 set security nat destination pool dnat-pool_SERVERNAME address port 3399

4. Define the destination NAT rule for the target machine :

set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 description RDP
set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 match destination-address 0.0.0.0/0
set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 match destination-port 3399
set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 match protocol tcp
set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 then destination-nat pool dnat-pool_SERVERNAME

set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 description RDP

set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 match destination-address 0.0.0.0/0

set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 match destination-port 3399

set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 match protocol tcp

set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 then destination-nat pool dnat-pool_SERVERNAME

5. Define the firewall policy for the target server :

set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME description RDP
set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME match source-address any
set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME match destination-address ip-lan_SERVERNAME
set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME match application custapp-rdp-tcp-3399
set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME then permit

set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME description RDP

set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME match source-address any

set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME match destination-address ip-lan_SERVERNAME

set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME match application custapp-rdp-tcp-3399

set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME then permit

6. The configuration is now complete, you may now commit the change :

commit comment "add port forwarding for SERVERNAME"

1	commit comment "add port forwarding for SERVERNAME"

JunOS : fpc CMLC: Going disconnected; Routing engine chassis socket closed abruptly

Getting the following error on your Juniper EX/MX/QFX virtual chassis?

fpc1 CMLC: Going disconnected; Routing engine chassis socket closed abruptly

This message is informational and does not necessary indicate any serious issue, for example in a graceful Routing Engine switchover (GRES) context / if you flipped the routing-engine (RE) on purpose. However if this is message is printed repeateadly, without any virtual chassis (VC) topology change or manual intervention, this may indicate a more serious issue that worth investigating.

The most common issue is cabling between your VC members, and most likely to happen if the members are distant from each others connected with SFP+/QSFP+ and fiber rather than the short length DAC cables (it does not mean that no issue can happen with DAC cables, it is just that the elements and distance in the chain of even is reduced).

Here are the common symptom/possibilities on the vc-ports :

Defective SFP+/QSFP+ optic (dying optic, losing power transmission capability)
Fiber length too tight for the optic capability (check laser transmit/receive power)
Damaged fiber/connector, bad fusion point, dirty connector/optic (investigate with light testers, loopback, OTDR, clean the tips…)
Port flapping (can be caused by all the above)
If you are using DAC cables and observe CRCs, just swap it out with another one and monitor if there is any change in the situation.

OBSERVATION : When such issue occur and there is a lot of flaps/errors between VC ports members, you may observe a higher load on the CPU/RE than usual and some functionalities such as ICMP drop, SNMP polling issues. If your device is usually very busy and near capacity, more serious service impacting issues may occur on layer 3 services such as BGP and OSPF as well (especially on EX series devices).

In most cases, you will observe Cyclic Redundancy Check (CRC) errors on the vc-port(s). You should check it out using the following command :

show virtual-chassis vc-port statistics extensive

1	show virtual-chassis vc-port statistics extensive

And investigate accordingly based on the tips provided above.

Here is an example output below of a VC with this behavior showing CRC errors (yeah… I knew the fiber that was delivered to me by the cabling technician was bad just by looking at it, I was told it has been tested – trust no one!) :

> show virtual-chassis vc-port statistics extensive 
fpc0:
--------------------------------------------------------------------------

                           RX                     TX

Port: vcp-255/1/2     
Total octets:              3380878201             414651629    
Total packets:             3271509                3342492      
Unicast packets:           3271509                3062662      
Broadcast packets:         0                      147643       
Multicast packets:         0                      132187       
MAC control frames:        0                      0            
CRC alignment errors:      12744        
Oversize packets:          0            
Undersize packets:         67998        
Jabber packets:            0            
Fragments received:        367          
Ifout errors:              0            
64        octets frames:   60           
65-127    octets frames:   2710825      
128-255   octets frames:   273987       
256-511   octets frames:   42794        
512-1023  octets frames:   196819       
1024-1518 octets frames:   12615        
Rate packets per second:   295                    280          
Rate bytes per second:     1663994                25665        

Port: vcp-255/1/3     
Total octets:              32445910               124169721    
Total packets:             62039                  712329       
Unicast packets:           62039                  224385       
Broadcast packets:         0                      254986       
Multicast packets:         0                      232958       
MAC control frames:        0                      0            
CRC alignment errors:      0            
Oversize packets:          0            
Undersize packets:         2            
Jabber packets:            0            
Fragments received:        0            
Ifout errors:              0            
64        octets frames:   0            
65-127    octets frames:   8377         
128-255   octets frames:   33238        
256-511   octets frames:   569          
512-1023  octets frames:   6567         
1024-1518 octets frames:   12649        
Rate packets per second:   27                     51           
Rate bytes per second:     4948                   12619        





fpc1:
--------------------------------------------------------------------------

                           RX                     TX

Port: vcp-255/1/2     
Total octets:              416620156              768802603    
Total packets:             3367017                3270937      
Unicast packets:           3087273                3270937      
Broadcast packets:         147597                 0            
Multicast packets:         132147                 0            
MAC control frames:        0                      0            
CRC alignment errors:      0            
Oversize packets:          0            
Undersize packets:         68060        
Jabber packets:            0            
Fragments received:        0            
Ifout errors:              0            
64        octets frames:   35298        
65-127    octets frames:   3030401      
128-255   octets frames:   189368       
256-511   octets frames:   32934        
512-1023  octets frames:   29095        
1024-1518 octets frames:   16791        
Rate packets per second:   273                    284          

Message from syslogd@SW-HOSTNAME at Aug 31 12:01:57  ...
SW-HOSTNAME fpc1 CMLC: Going disconnected; Routing engine chassis socket closed abruptly 
Rate bytes per second:     26796                  40621        

Port: vcp-255/1/3     
Total octets:              124189980              32448435     
Total packets:             712472                 62042        
Unicast packets:           224444                 62042        
Broadcast packets:         255026                 0            
Multicast packets:         233002                 0            
MAC control frames:        0                      0            
CRC alignment errors:      0            
Oversize packets:          0            
Undersize packets:         3            
Jabber packets:            0            
Fragments received:        0            
Ifout errors:              0            
64        octets frames:   123265       
65-127    octets frames:   360255       
128-255   octets frames:   180304       
256-511   octets frames:   3119         
512-1023  octets frames:   26097        
1024-1518 octets frames:   17052        
Rate packets per second:   23                     1            
Rate bytes per second:     4284                   660          
                                        
{master:0}

100

101

102

103

104

105

106

107

> show virtual-chassis vc-port statistics extensive

fpc0:

--------------------------------------------------------------------------

RX TX

Port: vcp-255/1/2

Total octets: 3380878201 414651629

Total packets: 3271509 3342492

Unicast packets: 3271509 3062662

Broadcast packets: 0 147643

Multicast packets: 0 132187

MAC control frames: 0 0

CRC alignment errors: 12744

Oversize packets: 0

Undersize packets: 67998

Jabber packets: 0

Fragments received: 367

Ifout errors: 0

64 octets frames: 60

65-127 octets frames: 2710825

128-255 octets frames: 273987

256-511 octets frames: 42794

512-1023 octets frames: 196819

1024-1518 octets frames: 12615

Rate packets per second: 295 280

Rate bytes per second: 1663994 25665

Port: vcp-255/1/3

Total octets: 32445910 124169721

Total packets: 62039 712329

Unicast packets: 62039 224385

Broadcast packets: 0 254986

Multicast packets: 0 232958

MAC control frames: 0 0

CRC alignment errors: 0

Oversize packets: 0

Undersize packets: 2

Jabber packets: 0

Fragments received: 0

Ifout errors: 0

64 octets frames: 0

65-127 octets frames: 8377

128-255 octets frames: 33238

256-511 octets frames: 569

512-1023 octets frames: 6567

1024-1518 octets frames: 12649

Rate packets per second: 27 51

Rate bytes per second: 4948 12619

fpc1:

--------------------------------------------------------------------------

RX TX

Port: vcp-255/1/2

Total octets: 416620156 768802603

Total packets: 3367017 3270937

Unicast packets: 3087273 3270937

Broadcast packets: 147597 0

Multicast packets: 132147 0

MAC control frames: 0 0

CRC alignment errors: 0

Oversize packets: 0

Undersize packets: 68060

Jabber packets: 0

Fragments received: 0

Ifout errors: 0

64 octets frames: 35298

65-127 octets frames: 3030401

128-255 octets frames: 189368

256-511 octets frames: 32934

512-1023 octets frames: 29095

1024-1518 octets frames: 16791

Rate packets per second: 273 284

Message from syslogd@SW-HOSTNAME at Aug 31 12:01:57 ...

SW-HOSTNAME fpc1 CMLC: Going disconnected; Routing engine chassis socket closed abruptly

Rate bytes per second: 26796 40621

Port: vcp-255/1/3

Total octets: 124189980 32448435

Total packets: 712472 62042

Unicast packets: 224444 62042

Broadcast packets: 255026 0

Multicast packets: 233002 0

MAC control frames: 0 0

CRC alignment errors: 0

Oversize packets: 0

Undersize packets: 3

Jabber packets: 0

Fragments received: 0

Ifout errors: 0

64 octets frames: 123265

65-127 octets frames: 360255

128-255 octets frames: 180304

256-511 octets frames: 3119

512-1023 octets frames: 26097

1024-1518 octets frames: 17052

Rate packets per second: 23 1

Rate bytes per second: 4284 660

{master:0}