Category Archives: Uncategorized

No Valid Subscription message from Proxmox server

You do not have a valid subscription for this server. Please visit www.proxmox.com to get a list of available options.

  1. One way of removing the message is to purchase a subscription.
  2. Modify subscrption configuration file
    1. SSH to proxmox server
    2. Create a backup of the existing subscription checkup file
      # cp /usr/share/pve-manager/ext4/pvemanagerlib.js /usr/shar e/pve-manager/ext4/pvemanagerlib.js.orig
    3. Edit pvemanagerlib.js file
      # vim /usr/share/pve-manager/ext4/pvemanagerlib.js
    4. In “checked_command” function search for if (data.status !== ‘Active’) { and change to if(false) {
    5. Save and exit the file
    6. Clear your browsing data and log back in to the proxmox server the message will not pop-up anymore.

openssl verify error 20 at 0 depth lookup:unable to get local issuer certificate

When testing my certificate against intermediate and root certificate I received the following error: error 20 at 0 depth lookup:unable to get local issuer certificate. The issue is probably related to the chain of the certificate so we need to create reliable chain.

  1. My certificate needs to be merged with intermediate certificate into one file:
    $ cat intermediate.pem cert.pem > combined.pem
  2. Then we can test it using openssl verify command:
    $ openssl verify -CAfile rootcert.pem combined.pem

Constant RDP disconnects from Windows 2012 on VMware

Running Windows Server 2012 virtual machine on VMware ESXi hypervisor and receive constant disconnects through RDP.

Checked the logs and found out e1qexpress which indicates incompatibility of virtualNIC
Power down the machine, remove existing network interface and add a new one based on VMXNET3.
Bring the machine up and Windows should automatically apply the changes.

 

Constant restarting of opscode-erchef – bad gateway

I’ve freshly installed Chef Server 12.7.0 on Ubuntu 16.04 LTS and opscode-erchef kept getting restarted approx every 40 seconds and was getting Bad Gateway error.

Checked the logs unfortunately, couldn’t conclude anything out of it. Found this open issue with Chef https://github.com/chef/chef-server/issues/435

By cleaning and re-configuring the server everything worked.

$ chef-server-ctl cleanse
$ chef-server-ctl reconfigure

 

Enable TLSv1.2 in CLM6 and LibertyProfile

By default on Liberty Profile only TLSv1 is enabled check by scanning port:

nmap –script ssl-enum-ciphers -p 9443 <hostname>

Starting Nmap 6.49BETA5 ( https://nmap.org ) at
Nmap scan report for fqdn.com (IP address)
Host is up (0.13s latency).
PORT STATE SERVICE
9443/tcp open tungsten-https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) – D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) – A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) – C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
|_ least strength: D

Nmap done: 1 IP address (1 host up) scanned in 5.15 seconds

Edit the following file to enable TLSv1.2:
1. <JazzInstallationDir>/server/server.startup:

…Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972″
JAVA_OPTS=”$JAVA_OPTS -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2″

Save and exit the file

2. <JazzInstallationDir>/server/liberty/servers/clm/server.xml:

<logging hideMessage=”SRVE9967W”/>

<ssl id=”defaultSSLConfig” keyStoreRef=”defaultKeyStore” sslProtocol=”SSL_TLSv2″ />

</server>

Save and exit the file

Start CLM server again and test protocols:

nmap –script ssl-enum-ciphers -p 9443 <hostname>

Starting Nmap 6.49BETA5 ( https://nmap.org ) at
Nmap scan report for fqdn.com (IP address)
Host is up (0.13s latency).
PORT STATE SERVICE
9443/tcp open tungsten-https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) – D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) – A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) – C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
| TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) – D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) – A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) – C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) – D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) – A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) – A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) – A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) – C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) – A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) – A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) – A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Key exchange parameters of lower strength than certificate key
|_ least strength: D

Nmap done: 1 IP address (1 host up) scanned in 7.57 seconds

Modify Ubuntu ens network interface card to eth0

  1. Display current interface cards and verify that eth0 doesnt exist:
    ifconfig -a
  2. Edit grub file configuration to disable new naming convention
    vim /etc/default/grub
  3. Look for GRUB_CMDLINE_LINUX= include the following net.ifnames=0 biosdevname=0″
    From:
    GRUB_CMDLINE_LINUX=””
    To
    GRUB_CMDLINE_LINUX=”net.ifnames=0 biosdevname=0″
  4. Save and exit the file
  5. Reload grub config file:
    update-grub
  6. Edit interfaces file
    vim /etc/network/interfaces
    From:
    # The primary network interface
    auto ens16
    iface ens16 inet dhcpTo:
    # The primary network interface
    auto eth0
    iface eth0 inet dhcp
  7. Reboot your machine/Restart networking service

 

Reference:
https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/