Hodžův blog

02 Lis

The revocation function was unable to check revocation because the revocation server was offline

Translated humorously into Czech as Funkce zrušení nemohla zkontrolovat zrušení, protože server pro zrušení byl offline.
If the issue is with the certification authority, the following registry modification will help you. In HKLM\System\CCS\Services\SSTPSvc\Parameters create a new DWORD (32-bit) named NoCertRevocationCheck with a value of 1.The provided solution should be implemented only for the necessary period!

21 Kvě

Switch TeamViewer to the old interface

From PowerShell, run the following commands as administrator:
Set-ItemProperty -Path “HKCU:\Software\Teamviewer” -Name ‘UIVersion’ -Value 2 -Type DWORD –Force
Stop-Process -Name "TeamViewer*" -Force
Start-Sleep 5
cd "C:\Program Files\TeamViewer"
.\TeamViewer.exe

16 Říj

KB5018410 = Outlook error 0x800CCC1A & Postfix SSL_accept:error

After installing the October update (KB5018410), customers started reporting to us that they were unable to send mail from Outlook using SMTP TLS (port 587). The email client only displays the error message: 0x800CCC1A and postfix writes in the log:

Oct 16 18:21:39 mail postfix/submission/smtpd[719912]: connect from my.private.ip.[xxx.xxx.xxx.xxx]
Oct 16 18:21:39 mail postfix/submission/smtpd[719912]: SSL_accept error from my.private.ip[xxx.xxx.xxx.xxx]: lost connection
Oct 16 18:21:39 mail postfix/submission/smtpd[719912]: lost connection after STARTTLS from my.private.ip[xxx.xxx.xxx.xxx]
Oct 16 18:21:39 mail postfix/submission/smtpd[719912]: disconnect from my.private.ip[xxx.xxx.xxx.xxx] ehlo=1 starttls=0/1 commands=1/2

The following facts are interesting:
1. There is no problem with the IMAP protocol
2. On other servers with the same configuration and the same version of the libraries, everything works without a problem
3. Regeneration of the certificate (I use Let’s Encrypt) did not solve the problem, but with a certificate from another server, everything works again without a problem

At first I waited for a solution from Microsoft, which traditionally did not come. In the end, it was enough to slightly modify the Postfix configuration file (add the tls_ssl_options option for submission in master.cf) to temporarily solve the problem.

submission inet n - n - - smtpd
...
-o tls_ssl_options=NO_TICKET
...

Don’t forget to restart postfix after editing the configuration file.

29 Srp

Greenbone Enterprise TRIAL – Login problem

With Greenbone Enterprise TRIAL, as well as Greenbone Community Edition (GCE), I ran into a problem where I could not log into the web interface after several tests. I just get a message:

The Greenbone Vulnerability Manager service is not responding. This could be due to system maintenance. Please try again later, check the system status, or contact your system administrator.

In order to get any information from the running system at all, it is necessary to become the root user. I achieved this as follows:

Open the Shell via the Support Menu and in the shell enter the following commands:

gos-state-manager set superuser enabled
gos-state-manager set superuserpassword y0ur-fuck1ng-c0mpleX-superus3r-p@ssw0rd
gos-state-manager save

Now you can log in directly in the console as the root user (for SSH it would probably be necessary to modify the configuration file /etc/ssh/sshd-config).

After a short investigation, I discovered that the GVMD service (systemctl status gvmd) is not running. This service cannot be started because the PostgreSQL database is not running either (systemctl status postgresql) and PostgreSQL cannot be started because it is always killed by the OOM killer (read from dmesg).

The free command showed that there was 4GB of RAM in the system, but this did not match my VMware setup, which is set to 16GB. Likewise, the number of cores in VMware was 8, while Linux only had 2.

It occurred to me that system resources could be limited directly by the kernel using the GRUB bootloader. Therefore, I looked into the file /etc/default/grub and I really found some limitations here:

GRUB_CMDLINE_LINUX = "$GRUB_CMDLINE_LINUX maxcpus=2"
GRUB_CMDLINE_LINUX = "$GRUB_CMDLINE_LINUX mem=5G"

So I commented out the mentioned lines, applied the changes to the system (update-grub) and restarted the machine. Now the machine has 8 cores and 16GB of RAM (as configured in VMware) and all services are running…

02 Čvc

Soft Reset DELL iDRAC using SSH

racadm racreset soft

07 Čvn

HowTo: Upgrade Intel NVMe P4600 SSD firmware in ESXi 7

Download and install Intel® Memory and Storage Tool CLI Solidigm™ Storage Tool CLI (SST)

[root@vmware:~] /opt/solidigm/sst/sst load -ssd 0
WARNING! You have selected to update the drives firmware!
Proceed with the update? (Y|N): y
Checking for firmware update...
- Intel SSD DC P4600 Series PHLE729000X14P0KGN -
Status : The selected drive contains current firmware as of this tool release.

[root@vmware:~] /opt/solidigm/sst/sst show -ssd 0
- 0 Intel SSD DC P4600 Series PHLE729000X14P0KGN -
Bootloader : 0136
Capacity : 3.64 TB (4,000,787,030,016 bytes)
DevicePath : nvmeMgmt-nvmhba0
DeviceStatus : Healthy
Firmware : QDV101D1
FirmwareUpdateAvailable : The selected drive contains current firmware as of this tool release.
Index : 0
MaximumLBA : 7814037167
ModelNumber : INTEL SSDPEDKE040T7
NamespaceId : 1
PercentOverProvisioned : 100.00
ProductFamily : Intel SSD DC P4600 Series
SMARTEnabled : True
SectorDataSize : 512
SerialNumber : PHLE729000X14P0KGN

02 Čvn

Proxmox – Could not login to web interface and read only directory /etc/pve

May 29 02:06:55 pve1 pvestatd[1931]: authkey rotation error: cfs-lock 'authkey' error: got lock request timeout
May 29 02:06:55 pve1 pvestatd[1931]: status update time (9.120 seconds)
May 29 02:06:56 pve1 pve-ha-lrm[2050]: unable to write lrm status file - unable to delete old temp file: Input/output error

Fix the cluster filesystem:
# systemctl stop pve-cluster
# rm -f /var/lib/pve-cluster/.pmxcfs.lockfile
# systemctl start pve-cluster

25 Kvě

Howto: Remove Microsoft Office from your windows computer with PowerShell

Simple … Isn’t It??
Get-AppxPackage -name “Microsoft.Office.Desktop” | Remove-AppxPackage
Get-AppxPackage *officehub* | Remove-AppxPackage

25 Kvě

HowTo: Old Debian & error while loading shared libraries: libstdc++.so.6: cannot open shared object file: No such file or directory

Problem:
#./hpsetup
./hpsetup: error while loading shared libraries: libstdc++.so.6: cannot open shared object file: No such file or directory

Quick Fix:
# apt-get install lib32stdc++6

12 Kvě

HowTo: Import a PEM certificate and PEM private key into the Windows key store

Create a PKCS12 file containing the certificate and its private key:

$ openssl pkcs12 -export -in MyCertficate.crt -inkey MyPrivateKey.pem -out CertificateForImportInWindows.p12

The .p12 generated file is protected by a password and can then be transported without any risk.
On a Windows, open this .p12 file and follow the instructions provided.

Hodžův blog is is proudly powered by Wordpress and the Magellan Theme