Author Archives: Kaven Gagnon

avatar

About Kaven Gagnon

System & Network Architect

Linux : How to change default route metric

Under some rare circumstances, you may require to change the default route metric. The first way of doing should be through the “ifcfg-ethX” configuration file by adding the “METRIC=” statement.

However it has been found to be inefficient for me and had to apply it using “ip route” as followed :

Example :

You should now be able to see the result using the following command :

JunOS : Buffer management parity error detected in mpfe1, value 0, re-init the PFE

Encountering the following error in the logs of your Juniper device?

/kernel: Buffer management parity error detected in mpfe1, value 0x4001, re-init the PFE
/kernel: Buffer management parity error detected in mpfe1, value 0, re-init the PFE

This is most likely pointing toward defective hardware, more specifically memory issue.

If this message showed only once, you may stay on alert and monitor closely. If it repeated three times in the last two years, raise a JTAC case for RMA.

If you’ve encountered this message, and your device rebooted by itself, hang at boot with “PWR OK” status code and need to pull out the power cord(s) to get your device back online, you definitely need to take immediate action to replace your device.

Windows : Failed to boot blue screen VOLMGRX INTERNAL ERROR

If your Windows 10 system suddenly stopped booting and show the following error message :

VOLMGRX INTERNAL ERROR

It most likely mean that your software RAID volume has failed. It may indicate a hardware underlying issue, such as a failed drive or the mirror just broke and is no longer in sync.

To find out, either use the Troubleshoot option from the startup menu or boot with the installation media in recovery mode to access the same menu and chose the following options :

Troubleshoot > Advanced options > Command Prompt

Enter into the disk utility using the following command :

Then have a look at the volumes present on your system :

If your situation match the one we are covering into this article, you should see something similar to this output :

Pay special attention to the “Status” column, look for “Failed Rd” (Failed Raid).

If you see the following on your system, attempt to initiate a rebuild as followed :

DiskPart will now attempt to rebuild all mirrored partition located on that dynamic disk. Running the “list volume” command again, you should see the state (you yon’t see the rebuild percentage though).

Leave it synchronize until full completion, you may run the command “list volume” periodically for update. Once you’ll see all volumes as “Healthy” (see example below), reboot your computer.

NOTE : Il the software RAID volume(s) fail to rebuild, have a look at your hardware. Most likely a failing drive could be the root cause.

VMware : Importing an OVA file with several disks fails with the error: Unable to access file: x:\vdisk.vmdk. End of OVA file reached while looking for: vdisk.vmdk

Experiencing the following error while importing Guest VM template from single OVA file?

Importing an OVA file with several disks fails with the error: Unable to access file: x:\vdisk.vmdk. End of OVA file reached while looking for: vdisk.vmdk

I have encountered the following error trying to export a template I made, selecting a single OVA file option when exporting the template. To work around this issue, I did the same export but selecting the “OVF / Folder of Files” option, which create multiple file in a folder, which create a OVF, MF and VMDK file(s).

Re-exporting the template with “OVF / Folder of Files” option solved that issue.

Linux : *WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

If you’ve noticed the following error message while starting CSF Firewall, it means that you are missing Perl modules on your system in order to fully take advantage of the capabilities of CSF.

*WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

In order to install the missing Perl packages/dependencies, use the following command depending of your environment :

Debian/Ubuntu :

RHEL/CentOS

Linux : Seafile Failed to init ccnet database: Specified key was too long

Encountered the following error during the Seafile installation process?

Error: Failed to init ccnet database: Specified key was too long; max key length is 767 bytes

Something went wrong while the installation script attempted to deploy the database.

Normally, InnoDB has a limitation of 767 bytes and 1000 bytes for MyISAM. Creating the database with “utf8” charset would workaround that issue.

Warning! Dropping the databases will remove existing data you may have in them. Since this example is about a new Seafile installation, this shouldn’t be an issue, but I just thought it worth mentioning for any inexperienced folks ending up reading this article.

You first need to drop the current databases, example :

Then re-create them with utf8 charset, example :

Note : You should be good to launch the install script again (you will need first to clean the current leftover installation files before the script can be executed).

Web : How to password protect a Web directory with htaccess

If for any particular reason you need to password protect a Web directory, on an Apache Web server using htaccess, here are steps below :

1. If not already existing, create a file name “.htaccess” at the root of the folder you want to protect :

2. Make sure it is readable by the Web server user (write access can also be granted for convenience, but may represent a security risk) :

3. Add or append the following into the “.htaccess” file (edit AuthUserFile accordingly) :

Note : You need to replace “username” by the actual username you want. You may also append as many users as you need.

4. Create the password file (we recommend putting this file outside of your Document Root (within your home folder but inaccessible by Web visitors for enhanced security) :

5. Create the user/password :

Note : You may repeat the step above for as many users you need and initially entered in the .htaccess file above. If you do not have shell access, there are many generators available on the Web, you may just copy/paste the content to a text file and upload it with

Category: Web

Linux : Error deleting domain in cPanel The subdomain does not correspond to domain.tld

Experiencing the following issue trying to delete a domain in your cPanel account?

The subdomain hostname_domain.tld does not correspond to domain.tld.

Have a look if the domain isn’t listed in “Addon Domains” or “Alias”. If the domain show up in either of those category, try deleting from there first.

In this case, it turned out that the domain was added as “Addon Domain”, deleting in that category worked out and is no longer listed in “Domains”.

JunOS : Port forwarding on Juniper SRX

A friend of mine who was used to the legacy and EOL SSG/ScreenOS platform and he just jumped into the new world of SRX/JunOS gave me the motivation to write this article. As the syntax is quite different between the two platform, it may be harder to get at first and the following example should help you out!

This tutorial will show the various steps of he configuration. I have used as much as possible “intuitive names” for the various elements while this example is about port forwarding a non-standard RDP port to the server 192.168.15.15.

1. Define the target machine object name in the “address book” (this is a name alias for the target IP) :

2. Define the custom application protocol and port (this step is optional, to be used if your application isn’t listed in the default list) :

3. Define the destination NAT pool for the target machine :

4. Define the destination NAT rule for the target machine :

5. Define the firewall policy for the target server :

6. The configuration is now complete, you may now commit the change :

JunOS : fpc CMLC: Going disconnected; Routing engine chassis socket closed abruptly

Getting the following error on your Juniper EX/MX/QFX virtual chassis?

fpc1 CMLC: Going disconnected; Routing engine chassis socket closed abruptly

This message is informational and does not necessary indicate any serious issue, for example in a graceful Routing Engine switchover (GRES) context / if you flipped the routing-engine (RE) on purpose. However if this is message is printed repeateadly, without any virtual chassis (VC) topology change or manual intervention, this may indicate a more serious issue that worth investigating.

The most common issue is cabling between your VC members, and most likely to happen if the members are distant from each others connected with SFP+/QSFP+ and fiber rather than the short length DAC cables (it does not mean that no issue can happen with DAC cables, it is just that the elements and distance in the chain of even is reduced).

Here are the common symptom/possibilities on the vc-ports :

  • Defective SFP+/QSFP+ optic (dying optic, losing power transmission capability)
  • Fiber length too tight for the optic capability (check laser transmit/receive power)
  • Damaged fiber/connector, bad fusion point, dirty connector/optic (investigate with light testers, loopback, OTDR, clean the tips…)
  • Port flapping (can be caused by all the above)
  • If you are using DAC cables and observe CRCs, just swap it out with another one and monitor if there is any change in the situation.

OBSERVATION : When such issue occur and there is a lot of flaps/errors between VC ports members, you may observe a higher load on the CPU/RE than usual and some functionalities such as ICMP drop, SNMP polling issues. If your device is usually very busy and near capacity, more serious service impacting issues may occur on layer 3 services such as BGP and OSPF  as well (especially on EX series devices).

In most cases, you will observe Cyclic Redundancy Check (CRC) errors on the vc-port(s). You should check it out using the following command :

And investigate accordingly based on the tips provided above.

Here is an example output below of a VC with this behavior showing CRC errors (yeah… I knew the fiber that was delivered to me by the cabling technician was bad just by looking at it, I was told it has been tested – trust no one!) :