Experiencing the following issue trying to delete a domain in your cPanel account?
The subdomain hostname_domain.tld does not correspond to domain.tld.
Have a look if the domain isn’t listed in “Addon Domains” or “Alias”. If the domain show up in either of those category, try deleting from there first.
In this case, it turned out that the domain was added as “Addon Domain”, deleting in that category worked out and is no longer listed in “Domains”.
A friend of mine who was used to the legacy and EOL SSG/ScreenOS platform and he just jumped into the new world of SRX/JunOS gave me the motivation to write this article. As the syntax is quite different between the two platform, it may be harder to get at first and the following example should help you out!
This tutorial will show the various steps of he configuration. I have used as much as possible “intuitive names” for the various elements while this example is about port forwarding a non-standard RDP port to the server 192.168.15.15.
1. Define the target machine object name in the “address book” (this is a name alias for the target IP) :
|
1 2 |
set security zones security-zone LAN address-book address ip-lan_SERVERNAME description "Server Description" set security zones security-zone LAN address-book address ip-lan_SERVERNAME 192.168.15.15/32 |
2. Define the custom application protocol and port (this step is optional, to be used if your application isn’t listed in the default list) :
|
1 2 3 |
set applications application custapp-rdp-tcp-3399 protocol tcp set applications application custapp-rdp-tcp-3399 destination-port 3399 set applications application custapp-rdp-tcp-3399 description RDP |
3. Define the destination NAT pool for the target machine :
|
1 2 |
set security nat destination pool dnat-pool_SERVERNAME address 192.168.15.15/32 set security nat destination pool dnat-pool_SERVERNAME address port 3399 |
4. Define the destination NAT rule for the target machine :
|
1 2 3 4 5 |
set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 description RDP set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 match destination-address 0.0.0.0/0 set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 match destination-port 3399 set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 match protocol tcp set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 then destination-nat pool dnat-pool_SERVERNAME |
5. Define the firewall policy for the target server :
|
1 2 3 4 5 |
set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME description RDP set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME match source-address any set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME match destination-address ip-lan_SERVERNAME set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME match application custapp-rdp-tcp-3399 set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME then permit |
6. The configuration is now complete, you may now commit the change :
|
1 |
commit comment "add port forwarding for SERVERNAME" |
Getting the following error on your Juniper EX/MX/QFX virtual chassis?
fpc1 CMLC: Going disconnected; Routing engine chassis socket closed abruptly
This message is informational and does not necessary indicate any serious issue, for example in a graceful Routing Engine switchover (GRES) context / if you flipped the routing-engine (RE) on purpose. However if this is message is printed repeateadly, without any virtual chassis (VC) topology change or manual intervention, this may indicate a more serious issue that worth investigating.
The most common issue is cabling between your VC members, and most likely to happen if the members are distant from each others connected with SFP+/QSFP+ and fiber rather than the short length DAC cables (it does not mean that no issue can happen with DAC cables, it is just that the elements and distance in the chain of even is reduced).
Here are the common symptom/possibilities on the vc-ports :
OBSERVATION : When such issue occur and there is a lot of flaps/errors between VC ports members, you may observe a higher load on the CPU/RE than usual and some functionalities such as ICMP drop, SNMP polling issues. If your device is usually very busy and near capacity, more serious service impacting issues may occur on layer 3 services such as BGP and OSPF as well (especially on EX series devices).
In most cases, you will observe Cyclic Redundancy Check (CRC) errors on the vc-port(s). You should check it out using the following command :
|
1 |
show virtual-chassis vc-port statistics extensive |
And investigate accordingly based on the tips provided above.
Here is an example output below of a VC with this behavior showing CRC errors (yeah… I knew the fiber that was delivered to me by the cabling technician was bad just by looking at it, I was told it has been tested – trust no one!) :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
> show virtual-chassis vc-port statistics extensive fpc0: -------------------------------------------------------------------------- RX TX Port: vcp-255/1/2 Total octets: 3380878201 414651629 Total packets: 3271509 3342492 Unicast packets: 3271509 3062662 Broadcast packets: 0 147643 Multicast packets: 0 132187 MAC control frames: 0 0 CRC alignment errors: 12744 Oversize packets: 0 Undersize packets: 67998 Jabber packets: 0 Fragments received: 367 Ifout errors: 0 64 octets frames: 60 65-127 octets frames: 2710825 128-255 octets frames: 273987 256-511 octets frames: 42794 512-1023 octets frames: 196819 1024-1518 octets frames: 12615 Rate packets per second: 295 280 Rate bytes per second: 1663994 25665 Port: vcp-255/1/3 Total octets: 32445910 124169721 Total packets: 62039 712329 Unicast packets: 62039 224385 Broadcast packets: 0 254986 Multicast packets: 0 232958 MAC control frames: 0 0 CRC alignment errors: 0 Oversize packets: 0 Undersize packets: 2 Jabber packets: 0 Fragments received: 0 Ifout errors: 0 64 octets frames: 0 65-127 octets frames: 8377 128-255 octets frames: 33238 256-511 octets frames: 569 512-1023 octets frames: 6567 1024-1518 octets frames: 12649 Rate packets per second: 27 51 Rate bytes per second: 4948 12619 fpc1: -------------------------------------------------------------------------- RX TX Port: vcp-255/1/2 Total octets: 416620156 768802603 Total packets: 3367017 3270937 Unicast packets: 3087273 3270937 Broadcast packets: 147597 0 Multicast packets: 132147 0 MAC control frames: 0 0 CRC alignment errors: 0 Oversize packets: 0 Undersize packets: 68060 Jabber packets: 0 Fragments received: 0 Ifout errors: 0 64 octets frames: 35298 65-127 octets frames: 3030401 128-255 octets frames: 189368 256-511 octets frames: 32934 512-1023 octets frames: 29095 1024-1518 octets frames: 16791 Rate packets per second: 273 284 Message from syslogd@SW-HOSTNAME at Aug 31 12:01:57 ... SW-HOSTNAME fpc1 CMLC: Going disconnected; Routing engine chassis socket closed abruptly Rate bytes per second: 26796 40621 Port: vcp-255/1/3 Total octets: 124189980 32448435 Total packets: 712472 62042 Unicast packets: 224444 62042 Broadcast packets: 255026 0 Multicast packets: 233002 0 MAC control frames: 0 0 CRC alignment errors: 0 Oversize packets: 0 Undersize packets: 3 Jabber packets: 0 Fragments received: 0 Ifout errors: 0 64 octets frames: 123265 65-127 octets frames: 360255 128-255 octets frames: 180304 256-511 octets frames: 3119 512-1023 octets frames: 26097 1024-1518 octets frames: 17052 Rate packets per second: 23 1 Rate bytes per second: 4284 660 {master:0} |
I ran into a weird issue trying to adopt several Ubiquiti UniFi AP Mesh Pro access points on a newly created site within the UniFi controller lately. Here is the behavior encountered :
– Newly UniFi access point deployed showed up in the controller for adoption ;
– Clicking “Adopt” did started the provisioning process ;
– At the end of the provisioning (adoption), the access point show as “Disconnected”.
Additional information :
– APs were running firmware 3.7.58.6385 ;
– All three deployed APs ran into the same issue
– No filtering rules between APs and controller is blocking traffic.
Fix attempt :
1. Login to the AP using SSH and credentials (ubnt / ubnt) ;
2. Issue the command to inform the controller that a new access point is available :
|
1 |
set-inform http://ip.of.controller:8080/inform |
This actually started the adoption and provisioning again, but still end up failing with “Disconnected” status.
So, what was the fix?
I did both steps mentioned above, but actually did the step two (2) repeatedly using the [up arrow] + [enter] key combination until I was kicked out from the SSH session (this meant that the provisioning process rebooted the AP to complete the adoption.
I believe this could have been caused by a bug in that particular firmware version that was on the APs initially.
If you are wondering why copying text from your VMware Workstation host to your Debian guest VM isn’t working, it is most likely because you either do not have the virtualization tools installed or have the wrong one installed.
VMware does provide what is commonly called “VMware Tools”, however those need to be compiled from source. If you decide using this approach, it should be just fine, but the recommended approach with Debian would be using the binary packages from the APT repo.
If you are used to install them on your servers and did install “open-vm-tools” package, you probably found that most of host/guest operations are working from VMware Workstation, except the GUI related ones. This is because the virtualization package for workstation contains additional GUI related options that isn’t shipped with that package, but can be found in “open-vm-tools-desktop”.
Optional – If you had “open-vm-tools” installed, do the following step to remove the package :
|
1 |
sudo apt-get autoremove open-vm-tools |
Then reboot your Debian guest machine.
Here is the command that should be used to install the desktop version of the virtualization tools :
|
1 |
sudo apt-get install open-vm-tools-desktop |
Note : Changes should technically be visible immediately, if any issue, try rebooting your guest VM.
As much as I love Windows Server 2016 compared to previous versions, there is nothing that annoy me more that the Server Manager opening when I logon. Fortunately, there is a way to disable it using Group Policy editor.
NOTE : If you are not within a domain group environment (Active Directory), there is an easy way to apply this change to a standalone server as followed.
In the Server Manager pane :
1. Click on “Manage” located in the upper right corner of the window ;
2. Then click on “Server Manager Properties” ;
3. Thick the box “Do not start Server Manager automatically at logon” ;
4. Click OK.
Here is the procedure with GPO / Active Directory :
1. Open the Group Policy editor :
a. If you want to apply this on a standalone server, use :
|
1 |
gpedit.msc |
b. If you are within an Active Directory environment and intent to apply this to multiple servers :
|
1 |
gpmc.msc |
And then edit the desired GPO where this should apply to.
2. Browse to the following tree :
Computer Configuration > Policies, Administrative Templates > System > Server Manager
3. Open the following object :
Do not display Server Manager automatically at logon (DoNotOpenAtLogon)
4. Set to “Enabled” and click “OK”.
NOTE : If you applied to a GPO, you’ll need of course to make sure the policy is enabled and either wait for it to apply or force the update using “gpupdate /force”.
If your Power over Ethernet (PoE) device(s) connected to an EX 4300-48p switch suddenly lose power unexpectedly after some time working just fine, you may be experiencing PoE controller software issue.
First of all, verify if you are not over your PoE power budget (this could be sometimes the case when you have a LOT of devices connected – this kind of situation occurs only if you have a lot of type 2 high powered PoE (IEEE 802.3at) devices connected to it) :
|
1 |
show chassis power-budget-statistics |
You should see a similar output like this :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
user@HOSTNAME> show chassis power-budget-statistics fpc 0: ------------------------------------------------------------------------- PSU 0 ) : 0 W Offline PSU 1 (JPSU-1100-AC-AFO-A ) : 1100 W Online Power redundancy configuration : N+0 Total power supplied by all online PSUs : 1100 W Base power reserved : 175 W Non-PoE power being consumed : 140 W Total power allocated for PoE : 925 W Total PoE power consumed : 0 W Total PoE power remaining : 925 W {master:0} |
You should look at the “Total PoE power consumed”. If you are equal or tight to the limit, it might be just your problem, you should disconnect a few devices/relocate them on another switch and see if there is any improvement.
In this particular situation, the output above was taken immediately after the “PoE outage” occurred. All devices were connected properly, but no power was injected by the switch and consumed by the devices. Down/Up the port(s) had no effect.
It then came to mind to have a look at the “PoE controller”
|
1 |
show poe controller |
Here is an example of the output of this command :
|
1 2 3 4 5 6 7 8 9 |
user@HOSTNAME> show poe controller Controller Maximum Power Guard Management Status Lldp index power consumption band Priority 0** 925.00W 66.44W 0W Class AT_MODE Disabled **New PoE software upgrade available. Use 'request system firmware upgrade poe fpc-slot <slot>' This procedure will take around 10 minutes (recommended to be performed during maintenance) {master:0} |
As we can see, there is a notification that a new version of the PoE software is available. In my case, that was the issue, most likely a bug in the current version that I was running.
NOTE : It may be a good idea to validate first if you are running the recommended JunOS version by JTAC. If not, upgrading that first is recommended.
NOTICE : Before you continue, this upgrade need to be performed within a maintenance window, a minimum of 10 – 15 minutes will be required, as in addition of upgrading the PoE software, the switch will automatically reboot once completed. The switch may become unstable while performing the upgrade.
In order to perform the PoE software upgrade, do the following command :
|
1 |
request system firmware upgrade poe fpc-slot 0 |
NOTE : Please note that if you are running a virtual-chassis, the command will need to be performed for all unit and change the “fpc-slot” number matching the other units in the VC.
You will now notice the following output once you’ve issued the PoE firmware upgrade :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
user@HOSTNAME> request system firmware upgrade poe fpc-slot 0 Firmware upgrade initiated. Poe Upgrade takes about 10 minutes Use 'show poe controller' to get the download status, Please Reboot the system after Upgrade is complete. {master:0} user@HOSTNAME> request system firmware upgrade poe fpc-slot 0 Message from syslogd@HOSTNAME at Mar 20 08:40:54 ... HOSTNAME pfex: SCHED: Thread 53 (PoE Firmware Download) aborted, hogged 13341 ms Message from syslogd@HOSTNAME at Mar 20 08:41:01 ... HOSTNAME pfex: SCHED: Thread 53 (PoE Firmware Download) aborted, hogged 6818 ms [...] Message from syslogd@HOSTNAME at Mar 20 08:46:51 ... HOSTNAME pfex: SCHED: Thread 50 (TNPC CM) ran for 1806 ms without yielding Message from syslogd@HOSTNAME at Mar 20 08:46:51 ... HOSTNAME pfex: Scheduler Oinker Message from syslogd@HOSTNAME at Mar 20 08:46:51 ... HOSTNAME pfex: Frame 00: sp = 0x05e98840, pc = 0x0184d424 Message from syslogd@HOSTNAME at Mar 20 08:46:51 ... HOSTNAME pfex: Frame 01: sp = 0x05e98858, pc = 0x0181082c [...] *** System shutdown message from user@HOSTNAME *** System going down in 30 seconds *** FINAL System shutdown message from user@HOSTNAME *** System going down IMMEDIATELY |
Once the switch(es) completed their upgrade and rebooted, the PoE injection should be stable and steady.
[This article may also apply to EX2200, EX3200, EX2300, EX3300, EX3400-p chassis as well]
Experiencing the following issue trying to update your Debian distro using apt-get?
# apt-get update
Ign:1 http://deb.debian.org/debian stretch InRelease
Hit:2 http://deb.debian.org/debian stretch Release
Ign:3 http://repo.r1soft.com/apt stable InRelease
Hit:4 http://repo.r1soft.com/apt stable Release
Hit:5 http://security.debian.org/debian-security stretch/updates InRelease
Ign:8 https://download.webmin.com/download/repository sarge InRelease
Hit:9 https://download.webmin.com/download/repository sarge Release
Err:11 https://packages.sury.org/php stretch InRelease
FailReason: ConnectionRefused
Reading package lists… Done
W: Failed to fetch https://packages.sury.org/php/dists/stretch/InRelease FailReason: ConnectionRefused
W: Some index files failed to download. They have been ignored, or old ones used instead.
In that particular case, the pgp key was revoked/changed on that particular apt repo (packages.sury.org). To resolve this issue, you need to download the new key and import it as followed :
|
1 |
wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg |
This should resolve the issue, you may issue the “apt-get update” command again to test.
If you want your SRX firewall to handle DNS requests on your network, you need to configure the forwarders to make this possible, in addition to a few other parameters.
First, make sure you have no local forwarders set on the device itself as it cannot be used along with the dns-proxy service – if you have any configured, they should be all removed :
|
1 |
delete system services dns forwarders <ip.address> |
Then, follow the step-by-step procedure below :
1. Configure the DNS proxy setting on the desired interface(s) where it should listen for DNS requests :
|
1 |
set system services dns dns-proxy interface <logical-interface> |
2. Configure the DNS resolver(s) where the requests will be resolved from (aka your ISPs or any public DNS service) :
|
1 |
set system services dns dns-proxy default-domain * forwarders <ip.address> |
3. Allow DNS traffic on the security zone :
|
1 |
set security zones security-zone <security-zone> interfaces <logical-interface> host-inbound-traffic system-services dns |
4. Apply the configuration (use “commit synchronize” if you are running HA) :
|
1 |
commit comment "configure dns-proxy" |
Here is a sample of how it would look like :
|
1 2 3 4 |
set system services dns dns-proxy interface irb.0 set system services dns dns-proxy default-domain * forwarders 8.8.8.8 set system services dns dns-proxy default-domain * forwarders 8.8.4.4 set security zones security-zone LAN interfaces irb.0 host-inbound-traffic system-services dns |
Well this is embarrassing, my 11 years old workstation crashed while I had several VMware Workstation guests running (thanks for all those years of flawless runtime!).
All my VMs had auto-snapshots enabled, meaning that VMware Workstation was automatically taking snapshots of my development VMs every day. Guests VMs with snapshot does not react so well when hard crash occur – unfortunately this was my case.
Once I had my new computer up, connected my old data drives and attempted to start the VMs – Surprise! – The following error occurred :
The process cannot access the file because another process has locked a portion of the file
Cannot open the disk ‘X:\Path\To\VM\Guest-000001.vmdk’ or one of the snapshot disks it depends on.
Module ‘Disk’ power on failed.
Failed to start the virtual machine.
First of all, I copied all VMs to a safe location before attempting any further actions. Then, did the following attempts :
1. Remove all “*.lck” files/folders ;
2. Import the VM guest(s) to VMware Workstation ;
3. Take a new snapshot ;
4. Delete the oldest snapshot ;
5. [Optional step based on the state of your vDisk] VMware Workstation may complain about vDisk that require repair – if this is the case, using the Command Prompt. go to :
|
1 |
cd "C:\Program Files (x86)\VMware\VMware Workstation\" |
And run the following command to repair the vDisk :
|
1 |
vmware-vdiskmanager.exe -R your-guest-vdisk-file.vmdk |
6. Have a look in the Snapshot Manager if any snapshot remains – delete if required – if it fail, take a new one and delete ;
7. Start the guest VM.
Note : Step 3, taking a new snapshot before removing the existing ones did all the difference in my case, just deleting existing snapshots bricked the vmdk files, taking a new one first worked the magic!
At this point, your old guest(s) VM(s) should be starting without issue, hopefully!