All posts by dartron

About dartron

dartron

SQL2547N while restoring database on DB2 10.5

While restoring database from DB2 9.7 to DB2 10.5 I encountered the following error:

PROBLEM

SQL2547N
The database was not restored because the backup image is from a previous release and requires rollforward recovery.

TAKEN ACTION:

I ran the DB2 check backup command db2ckbkp -h <backup_file_name>.001

And resulted with:
[1] Buffers processed: #################

Image Verification Complete – successful.

SOLUTION:

To resolve the problem a new OFFLINE backup is needed, power down your db instance and take a new backup.

Setup Proxy in SUSE/VCSA

To setup proxy manually in VCSA 5.5 login as root and look into the following file:

/etc/sysconfig/proxy

PROXY_ENABLED=”yes”

HTTP_PROXY=”http://<IP address or FQDN>:<port_number>”

HTTPS_PROXY=”http://<IP address or FQDN>:<port_number>”

FTP_PROXY=”http://<IP address or FQDN>:<port_number>”

NO_PROXY=”localhost, 127.0.0.1″

 

If you need to authenticate via proxy

Create a file in your home directory,

/root/.curlrc with permissions 644

and contain the following:

# Proxy credentials

proxy-user = “<username>:<password>”

source the file to apply the changes

source /root/.curlrc

 

openssl verify error 20 at 0 depth lookup:unable to get local issuer certificate

When testing my certificate against intermediate and root certificate I received the following error: error 20 at 0 depth lookup:unable to get local issuer certificate. The issue is probably related to the chain of the certificate so we need to create reliable chain.

  1. My certificate needs to be merged with intermediate certificate into one file:
    $ cat intermediate.pem cert.pem > combined.pem
  2. Then we can test it using openssl verify command:
    $ openssl verify -CAfile rootcert.pem combined.pem

Constant RDP disconnects from Windows 2012 on VMware

Running Windows Server 2012 virtual machine on VMware ESXi hypervisor and receive constant disconnects through RDP.

Checked the logs and found out e1qexpress which indicates incompatibility of virtualNIC
Power down the machine, remove existing network interface and add a new one based on VMXNET3.
Bring the machine up and Windows should automatically apply the changes.

 

Constant restarting of opscode-erchef – bad gateway

I’ve freshly installed Chef Server 12.7.0 on Ubuntu 16.04 LTS and opscode-erchef kept getting restarted approx every 40 seconds and was getting Bad Gateway error.

Checked the logs unfortunately, couldn’t conclude anything out of it. Found this open issue with Chef https://github.com/chef/chef-server/issues/435

By cleaning and re-configuring the server everything worked.

$ chef-server-ctl cleanse
$ chef-server-ctl reconfigure

 

Enable TLSv1.2 in CLM6 and LibertyProfile

By default on Liberty Profile only TLSv1 is enabled check by scanning port:

nmap –script ssl-enum-ciphers -p 9443 <hostname>

Starting Nmap 6.49BETA5 ( https://nmap.org ) at
Nmap scan report for fqdn.com (IP address)
Host is up (0.13s latency).
PORT STATE SERVICE
9443/tcp open tungsten-https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) – D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) – A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) – C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
|_ least strength: D

Nmap done: 1 IP address (1 host up) scanned in 5.15 seconds

Edit the following file to enable TLSv1.2:
1. <JazzInstallationDir>/server/server.startup:

…Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972″
JAVA_OPTS=”$JAVA_OPTS -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2″

Save and exit the file

2. <JazzInstallationDir>/server/liberty/servers/clm/server.xml:

<logging hideMessage=”SRVE9967W”/>

<ssl id=”defaultSSLConfig” keyStoreRef=”defaultKeyStore” sslProtocol=”SSL_TLSv2″ />

</server>

Save and exit the file

Start CLM server again and test protocols:

nmap –script ssl-enum-ciphers -p 9443 <hostname>

Starting Nmap 6.49BETA5 ( https://nmap.org ) at
Nmap scan report for fqdn.com (IP address)
Host is up (0.13s latency).
PORT STATE SERVICE
9443/tcp open tungsten-https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) – D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) – A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) – C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
| TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) – D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) – A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) – C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) – D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) – A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) – A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) – A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) – C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) – A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) – A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
|_ least strength: D

Nmap done: 1 IP address (1 host up) scanned in 7.57 seconds