You can search for this bug and it seems like it may be related to ecryptfs and is many years old.

The symptoms are that you return to the computer and the screensaver was active or the screen was asleep/black and it doesn't seem to come back.  But you check by SSH the computer is running fine and are frustrated you'll lose your running programs and have to reboot.

There is a simple solution:

Ctrl + Alt + F1

Ctrl + Alt + F8

Basically you are switching to another virtual console/screen and then back to screen 8 which is your Desktop.  This removes the black screen and presents the login prompt and doesn't cause any loss of data or interruption to your session.

This also works if you are using your computer normally and the screen becomes partially dark or very dark.  It seems related to the above bug.

It may also be related to a bug in the Intel i915 driver but this issue seems to plague Nvidia and AMD users too.

Some related syslog or dmesg errors you may see:

mate-screensaver-dialog: pam_ecryptfs: seteuid error
[    4.825400] [drm] RC6 on
[15732.058803] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=172171 end=172172) time 100 us, min 894, max 899, scanline start 893, end 900
[24966.142220] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=54325 end=54326) time 101 us, min 894, max 899, scanline start 893, end 900
[252173.205297] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=33067 end=33068) time 102 us, min 894, max 899, scanline start 893, end 900
[266867.040745] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=19806 end=19807) time 102 us, min 894, max 899, scanline start 893, end 900
[266872.190787] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=20115 end=20116) time 102 us, min 894, max 899, scanline start 893, end 899
[266873.174149] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=20174 end=20175) time 100 us, min 894, max 899, scanline start 893, end 900
[370925.989870] [drm] stuck on render ring
[370925.995049] [drm] GPU HANG: ecode 9:0:0x85dffffd, in Xorg [1562], reason: Engine(s) hung, action: reset
[370925.995054] [drm] GPU hangs can indicate a bug anywhere in the entire gfx stack, including userspace.
[370925.995056] [drm] Please file a _new_ bug report on bugs.freedesktop.org against DRI -> DRM/Intel
[370925.995057] [drm] drm/i915 developers can then reassign to the right component if it's not a kernel issue.
[370925.995059] [drm] The gpu crash dump is required to analyze gpu hangs, so please always attach it.
[370925.995061] [drm] GPU crash dump saved to /sys/class/drm/card0/error
[370925.998026] drm/i915: Resetting chip after gpu hang
[370928.001884] [drm] RC6 on


iptables allow port 22 example

Of course change --dport and -s to suit your needs


#allow certain IP to access port 22
 iptables -A INPUT -p tcp -m tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT


# block others
iptables -A INPUT -p tcp --dport 22 -j DROP

I thought I'd post this becuase there is some bad information out there.  Some guides tell you to edit /etc/postfix/master.cf (-o smtp_bind_address=) but this doesn't work.  The same guide also says if you don't change it there you end up changing the listening IP/bind interface which is also not true.

Here is a simple and effective way to change Postfix's sending/binding/outgoing IP address (very important for reverse DNS and so mail servers don't block you):

vi /etc/postfix/main.cf

#add this option

smtp_bind_address=192.168.5.80

*Obviously change the 192.168.5.80 to the outgoing address you want to use for Postfix

I've read a few guides about this but they didn't work for me.

sudo apt-get install bridge-utils

#don't think the above is enough it won't work still even though you have by default an /etc/qemu-ifup that handles it if you have the right tools and setup
sudo qemu-system-x86_64 -net tap -net nic -enable-kvm -cpu host,vmx=on ~/VirtualBox VMs/vsphere-vcenter/vsphere-vcenter.vdi
W: /etc/qemu-ifup: no bridge for guest interface found

vi /etc/networking/interfaces

Add the following br0 adapter and make sure you replace eth0 with your network adapter name such as "enp3s0"

auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_stp off
bridge_maxwait 0
bridge_fd 0
 

#restart your network/networking

sudo service networking restart

sudo qemu-system-x86_64 -m 11G -net tap -net nic -enable-kvm -cpu host,vmx=on ~/VirtualBox VMs/vsphere-vcenter/vsphere-vcenter.vdi

There is no more error or complaint about no bridge interface being found not that we've installed bridge utils and created a br0 bridge.

I can't get vmx cpu extensions to show up in Virtualbox guests despite enabling nested paging and

enable vmx in virtualbox guest but this doesn't help that you check VT-X or the AMD Virtualization SVM it enables it for the guest to use BUT does not pass it through.  This means if you check cat /proc/cpuinfo in the guest you will see the CPU doesn't support virtualization.  It looks like VirtualBox still hasn't implemented this!

But there is good news I was able to install qemu-kvm and run straight from the VirtualBox .vdi directly and also enable the nested virtualization no problem.

#it looks like it is just not supported it's just easier to use KVM directly on the .vdi file!

qemu-system-x86_64 -enable-kvm -cpu host,vmx=on ~/VirtualBox VMs/test/test.vdi

Virtualbox is a great project and way for virtualizing but it is disappointing that they don't just pass through the virtualization CPU flags for nesting.

InternalServerError (com.vmware.vapi.std.errors.internal_server_error) => {
messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
id = vapi.bindings.method.impl.unexpected,
defaultMessage = Provider method implementation threw unexpected exception: com.vmware.vapi.std.errors.InternalServerError,
args = [com.vmware.vapi.std.errors.InternalServerError]
}],
data = <null>
}

I was getting the error but it almost seemed delayed as if it were from the previous operation a minute before and not the current.  You can just refresh and try again but it seems like a bug.  The permissions show they have applied but hopefully they really have and nothing is broken!

nfs mount failed:

mount 10.10.2.20:/tmp/nfsmount /mnt/nfs/
mount: wrong fs type, bad option, bad superblock on 10.10.2.20:/tmp/nfsmount,
       missing codepage or helper program, or other error
       (for several filesystems (e.g. nfs, cifs) you might
       need a /sbin/mount.<type> helper program)
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

In this case the client machine didn't have nfs-utils installed!  You would think that when trying to mount that the error would indicate this!


yum -y install nfs-utils

So make sure you have nfs client utilities installed on the machine you are trying to mount the nfs share from!

Intel VT-X is enabled in Virtualbox but it doesn't seem to pass through the needed vmx extension despite the following variables on the host confirming it is enabled:

cat /sys/module/kvm_intel/parameters/nested
Y
cat /sys/module/kvm_intel/parameters/ept
Y
 

OVF Tool: Disk progress: 99%
OVF Tool: Transfer Completed
OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance-
OVF Tool: Task progress: 0%
OVF Tool: Task Failed
OVF Tool: Error: Task failed on server: This host does not support Intel VT-x.
OVF Tool: Error: Fault cause: vim.fault.InvalidState
OVF Tool: Completed with errors
Deployment failed. OVF Tool return error code: 1
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.54' will not be verified because you have provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify' command parameter, which disables
verification for all certificates. Remove this parameter from the command line if you want server certificates to be verified.
Failed to collect support bundle from appliance because: Cannot gather support logs because the appliance was not power on.
=========================================================================== [FAILED] Task: Deploying vCenter Server Appliance execution failed at 19:34:28
===========================================================================
======================================================================================================================================================================================================
Error message: com.vmware.vcsa.installer.ovf.deploy_appliance: ApplianceDeploymentTask: Caught an exception Deployment failed. O

VF Tool return error code: 1
============================================================================================== 19:34:29 ==============================================================================================
Result and Log File Information...


sudo apt-get install nfs-kernel-server  #oops there are no exports so it won't startsudo /etc/init.d/nfs-kernel-server start
 * Not starting NFS kernel daemon: no exports.

#we will use the /tmp/nfstestshare directory for our NFS share

mkdir /tmp/nfstestshare

#add it to /etc/exports (basically what NFS checks to determine what to make an NFS share)

/tmp/nfstestshare 192.168.1.5(rw,sync,no_root_squash)

As you can see the brackets take 3 variables as follows:

1. ro (readonly) or rw (readwrite)
2. sync means no changes to the directory until changes are committed
3. no_root_squash allows root to access the directory

sudo /etc/init.d/nfs-kernel-server start

I had this error in an unsupported CPU on VMWare 6.7 and apparently this sometimes works especially on older VMWare versions like 6.5 5.5 etc (but in my case it did not).

1. To make sure it proceed when you see "Loading VMWare"
2. Hit "Shift+O"
3. Then add "ignoreHeadless=TRUE"

See an example below:

Usually it will get you past the mentioned screen but may fail with other errors such as an Unsupported CPU.

#mount the VCSA DVD
mount /dev/sr0 /mnt/cd
#alternatively you could mount the iso directly
mount -o loop vcsa.iso /your/mount/path

#for this purpose we are using the CLI installer on Linux
cd /mnt/cd/vcsa-cli-installer/lin64

#no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file
./vcsa-deploy
Usage: vcsa-deploy [-h] [--version] [--supported-deployment-sizes]
                   {install,upgrade,migrate} ...
For descriptions of valid options, use:
    $ vcsa-deploy --help

vcsa-deploy: error: Too few arguments. The required arguments are not provided. Retry the command following the usage instructions.

#seriously just telling it to install is not enough

./vcsa-deploy install
Previous versions of this script defaulted to 'install' when no subcommand was specified. Running without a subcommand is no longer allowed. Specify 'install' as a subcommand if you want to run installation. Usage: vcsa-deploy install [-h] [--template-help] [--log-dir LOG_DIR]
                           [--skip-ovftool-verification] [--accept-eula]
                           [--acknowledge-ceip] [--pause-on-warnings]
                           [--operation-id OPERATION_ID] [-v | -t]
                           [--no-esx-ssl-verify | --no-ssl-certificate-verification]
                           [--verify-template-only | --precheck-only]
                           template [template ...]
For descriptions of valid options, use:
    $ vcsa-deploy install --help

vcsa-deploy install: error: the following arguments are required: template



./vcsa-deploy install --accept-eula --no-esx-ssl-verify /path/to/yourconfig.json

#there are preconfigured .json templates here:

ls /mnt/cd/vcsa-cli-installer/templates/install

embedded_vCSA_on_ESXi.json              PSC_first_instance_on_VC.json
embedded_vCSA_on_VC.json                PSC_replication_on_ESXi.json
embedded_vCSA_replication_on_ESXi.json  PSC_replication_on_VC.json
embedded_vCSA_replication_on_VC.json    vCSA_on_ESXi.json
PSC_first_instance_on_ESXi.json         vCSA_on_VC.json

Before getting started make sure your ESXi 6.7 Host Meets The Requirements for RAM, CPU and Storage

source credit: http://vcdx56.com/2018/04/vmware-vcenter-server-6-7-resource-requirements/

http://vcdx56.com/2016/12/vmware-vsphere-vcenter-server-6-5-appliance-deployment-using-cli/

Compute requirements per Deployment Size

The below table lists the ESXi host and VM capacity per vCSA 6.5 deployment size

Storage requirements per Deployment Size

The below table lists the storage requirements per deployment size

Here is a description from the VMWare site of what they do:

For most people they will probably choose the smartly placed #1 .json option on VMWare's list as it applies to the most use cases I would think:

embedded_vCSA_on_ESXi.json

Contains the minimum configuration parameters that are required for deployment of a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.

In plain English you have an ESXi host and want to setup the vSphere/vCenter management off the same server.

OK think you're ready now?

./vcsa-deploy install --accept-eula --no-esx-ssl-verify /mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json

Run the installer with "-v" or "--verbose" to log detailed information
Updating log file location, copying '/tmp/vcsaCliInstaller-2018-07-12-06-10-od3jvta8/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2018-07-12-06-10-od3jvta8/workflow_1531375823977/vcsa-cli-installer.log.bak'
Workflow log-dir
/tmp/vcsaCliInstaller-2018-07-12-06-10-od3jvta8/workflow_1531375823977
====== [START] Start executing Task: To validate CLI options at 06:10:24 ======
Deprecation Warning: The command parameter '--no-esx-ssl-verify' is deprecated.
You must use the new parameter '--no-ssl-certificate-verification' in the next
deployment.
template
'/mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json' has
ceip_enabled set to True, but the command line doesn't have --acknowledge-ceip.
You must pass in the --acknowledge-ceip command line option to confirm your
acknowledgement about your VMware Customer Experience Improvement Program (CEIP)
participation.
================ [FAILED] Task: CLIOptionsValidationTask: Executing CLI
optionsValidation task execution failed at 06:10:24 ================
================================================================================
Error message: com.vmware.vcsa.installer.template.cli_argument_validation:
template
'/mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json' has
ceip_enabled set to True, but the command line doesn't have --acknowledge-ceip.
You must pass in the --acknowledge-ceip command line option to confirm your
acknowledgement about your VMware Customer Experience Improvement Program (CEIP)
participation.
=================================== 06:10:24 ===================================
Result and Log File Information...
WorkFlow log directory:
/tmp/vcsaCliInstaller-2018-07-12-06-10-od3jvta8/workflow_1531375823977
 

Let's try it again oops we have used some deprecated stuff since VMWare 6.7 is a new beast!

./vcsa-deploy install --no-ssl-certificate-verification --acknowledge-ceip --accept-eula /mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json 

What went wrong?

./vcsa-deploy install --no-ssl-certificate-verification --acknowledge-ceip --accept-eula /mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json
Run the installer with "-v" or "--verbose" to log detailed information
Updating log file location, copying '/tmp/vcsaCliInstaller-2018-07-12-06-12-7_cs0okb/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2018-07-12-06-12-7_cs0okb/workflow_1531375934346/vcsa-cli-installer.log.bak'
Workflow log-dir /tmp/vcsaCliInstaller-2018-07-12-06-12-7_cs0okb/workflow_1531375934346
================================================================= [START] Start executing Task: To validate CLI options at 06:12:14 =================================================================
Command line arguments verfied.
======================= [SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI optionsValidation task' in TaskFlow 'template_validation' at 06:12:14 =======================
========================================================= [START] Start executing Task: To validate the syntax of the template. at 06:12:14 =========================================================
Template syntax validation for template '/mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json' succeeded.
Syntax validation for all templates succeeded.
======================= [SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing Template Syntax Validation task' in TaskFlow 'template_validation' at 06:12:14 =======================
 [START] Start executing Task: To check the version of each template, and for each older template that supports CEIP, convert it to the latest template format, and save it to the Template Blackboard
at 06:12:15
Template version processing for template '/mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json' succeeded.
Version processing for all templates succeeded.
====================== [SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing Template Version Processing task' in TaskFlow 'template_validation' at 06:12:15 ======================
============================ [START] Start executing Task: To validate the template structure against the rules specified by a corresponding template schema. at 06:12:15 ============================
The entered password for new_vcsa sso password does not meet the requirements. The password must be between 8 characters and 20 characters long. It must also contain at least one uppercase and
lowercase letter, one number, and one character from '!"#$%&'()*+,-./:;<=>?@[]^_`{|}~' and all characters must be ASCII. Space is not allowed in password.
Section 'new_vcsa', subsection 'network', property 'ip' validation failed: Expected 4 octets in ''
Section 'new_vcsa', subsection 'network', property 'system_name' validation failed: Given hostname '' is neither IPv4, IPv6 nor an
FQDN
Section 'new_vcsa', subsection 'network', property 'dns_servers' validations failed: Expected 4 octets in ''
Section 'new_vcsa', subsection 'network', property 'gateway' validation failed: Expected 4 octets in ''
An invalid value was encountered in section 'new_vcsa', subsection 'network', property 'prefix'. The network prefix must be a positive integer
Cannot obtain a valid ESXi/vCenter hostname from the template. Make sure a valid hostname is provided for the key 'hostname' under the section 'new_vcsa', section 'esxi' or 'vc'.
Section 'new_vcsa', subsection 'esxi', field 'hostname' validation failed: Given hostname '' is neither IPv4, IPv6 nor an
FQDN
The entered password for new_vcsa os password does not meet the requirements. The password must be between 8 characters and 20 characters long. It must also contain at least one uppercase and
lowercase letter, one number, and one character from '!"#$%&'()*+,-./:;<=>?@[]^_`{|}~' and all characters must be ASCII. Space is not allowed in password.
Template structure validation failed for template /mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json.
The value '******' of the key 'password' in section 'new_vcsa', subsection 'sso' is invalid. Correct the value and rerun the script.
The value '' of the key 'ip' in section 'new_vcsa', subsection 'network' is invalid. Correct the value and rerun the script.
The value '' of the key 'system_name' in section 'new_vcsa', subsection 'network' is invalid. Correct the value and rerun the
script.
The value '' of the key 'dns_servers' in section 'new_vcsa', subsection 'network' is invalid. Correct the value and rerun the script.
The value '' of the key 'gateway' in section 'new_vcsa', subsection 'network' is invalid. Correct the value and rerun the script.
The value ' 255.255.255.0, there are 24 bits in the binary version of the subnet mask, so the prefix length is 24. if used, the values must be in the inclusive range of 0 to 32 for ipv4 and 0 to 128 for ipv6.>'
of the key 'prefix' in section 'new_vcsa', subsection 'network' is invalid. Correct the value and rerun the script.
The value 'ipv4' of the key 'ip_family' in section 'new_vcsa', subsection 'network' is invalid. Correct the value and rerun the script.
The value '' of the key 'hostname' in section 'new_vcsa', subsection 'esxi' is invalid. Correct the value and rerun the
script.
The value '******' of the key 'password' in section 'new_vcsa', subsection 'os' is invalid. Correct the value and rerun the script.
=========================================================================== [FAILED] Task: StructureValidationTask: Executing Template Structure Validation task execution failed at 06:12:15
===========================================================================
======================================================================================================================================================================================================
Error message: com.vmware.vcsa.installer.template.structure_validation: Template structure validation failed for template /mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json.
============================================================================================== 06:12:15 ==============================================================================================
Result and Log File Information...
WorkFlow log directory: /tmp/vcsaCliInstaller-2018-07-12-06-12-7_cs0okb/workflow_1531375934346
 

We have to edit our .json template first

cp /mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json /tmp/

{
    "__version": "2.13.0",
    "__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.",
    "new_vcsa": {
        "esxi": {
            "hostname": "",
            "username": "root",
            "password": " ",
            "deployment_network": "VM Network",
            "datastore": ""
        },
        "appliance": {
            "__comments": [
                "You must provide the 'deployment_option' key with a value, which will affect the VCSA's configuration parameters, such as the VCSA's number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deployment-sizes"
            ],
            "thin_disk_mode": true,
            "deployment_option": "small",
            "name": "Embedded-vCenter-Server-Appliance"
        },
        "network": {
            "ip_family": "ipv4",
            "mode": "static",
            "ip": "",
            "dns_servers": [
                ""
            ],
            "prefix": "",
            "gateway": "",
            "system_name": ""
        },
        "os": {
            "password": "",
            "ntp_servers": "time.nist.gov",
            "ssh_enable": false
        },
        "sso": {
            "password": "",
            "domain_name": "vsphere.local"
        }
    },
    "ceip": {
        "description": {
            "__comments": [
                "++++VMware Customer Experience Improvement Program (CEIP)++++",
                "VMware's Customer Experience Improvement Program (CEIP) ",
                "provides VMware with information that enables VMware to ",
                "improve its products and services, to fix problems, ",
                "and to advise you on how best to deploy and use our ",
                "products. As part of CEIP, VMware collects technical ",
                "information about your organization's use of VMware ",
                "products and services on a regular basis in association ",
                "with your organization's VMware license key(s). This ",
                "information does not personally identify any individual. ",
                "Additional information regarding the data collected ",
                "through CEIP and the purposes for which it is used by ",
                "VMware is set forth in the Trust & Assurance Center at ",
                "http://www.vmware.com/trustvmware/ceip.html . If you ",
                "prefer not to participate in VMware's CEIP for this ",
                "product, you should disable CEIP by setting ",
                "'ceip_enabled': false. You may join or leave VMware's ",
                "CEIP for this product at any time. Please confirm your ",
                "acknowledgement by passing in the parameter ",
                "--acknowledge-ceip in the command line.",
                "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
            ]
        },
        "settings": {
            "ceip_enabled": true
        }
    }
}

#after editing the above make sure you run the install again but point to the /tmp .json file:

./vcsa-deploy install --no-ssl-certificate-verification --acknowledge-ceip --accept-eula /tmp/embedded_vCSA_on_ESXi.json
 

Run the installer with "-v" or "--verbose" to log detailed information
Updating log file location, copying '/tmp/vcsaCliInstaller-2018-07-12-06-37-r4wnppls/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2018-07-12-06-37-r4wnppls/workflow_1531377437847/vcsa-cli-installer.log.bak'
Workflow log-dir /tmp/vcsaCliInstaller-2018-07-12-06-37-r4wnppls/workflow_1531377437847
================================================================= [START] Start executing Task: To validate CLI options at 06:37:18 =================================================================
Command line arguments verfied.
======================= [SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI optionsValidation task' in TaskFlow 'template_validation' at 06:37:18 =======================
========================================================= [START] Start executing Task: To validate the syntax of the template. at 06:37:18 =========================================================
Template syntax validation for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
Syntax validation for all templates succeeded.
======================= [SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing Template Syntax Validation task' in TaskFlow 'template_validation' at 06:37:18 =======================
 [START] Start executing Task: To check the version of each template, and for each older template that supports CEIP, convert it to the latest template format, and save it to the Template Blackboard
at 06:37:18
Template version processing for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
Version processing for all templates succeeded.
====================== [SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing Template Version Processing task' in TaskFlow 'template_validation' at 06:37:18 ======================
============================ [START] Start executing Task: To validate the template structure against the rules specified by a corresponding template schema. at 06:37:18 ============================
The entered password for new_vcsa sso password does not meet the requirements. The password must be between 8 characters and 20 characters long. It must also contain at least one uppercase and
lowercase letter, one number, and one character from '!"#$%&'()*+,-./:;<=>?@[]^_`{|}~' and all characters must be ASCII. Space is not allowed in password.
The entered password for new_vcsa os password does not meet the requirements. The password must be between 8 characters and 20 characters long. It must also contain at least one uppercase and
lowercase letter, one number, and one character from '!"#$%&'()*+,-./:;<=>?@[]^_`{|}~' and all characters must be ASCII. Space is not allowed in password.
Template structure validation failed for template /tmp/embedded_vCSA_on_ESXi.json.
The value '******' of the key 'password' in section 'new_vcsa', subsection 'sso' is invalid. Correct the value and rerun the script.
The value '******' of the key 'password' in section 'new_vcsa', subsection 'os' is invalid. Correct the value and rerun the script.
The key 'system_name' in section 'new_vcsa' subsection 'network' is required. Its value cannot be null or empty.
The key 'dns_servers' in section 'new_vcsa' subsection 'network' is required. Its value cannot be null or empty.
The key 'gateway' in section 'new_vcsa' subsection 'network' is required. Its value cannot be null or empty.
The key 'prefix' in section 'new_vcsa' subsection 'network' is required. Its value cannot be null or empty.
The key 'ip' in section 'new_vcsa' subsection 'network' is required. Its value cannot be null or empty.
=========================================================================== [FAILED] Task: StructureValidationTask: Executing Template Structure Validation task execution failed at 06:37:19
===========================================================================
======================================================================================================================================================================================================
Error message: com.vmware.vcsa.installer.template.structure_validation: Template structure validation failed for template /tmp/embedded_vCSA_on_ESXi.json.
============================================================================================== 06:37:19 ==============================================================================================
Result and Log File Information...
WorkFlow log directory: /tmp/vcsaCliInstaller-2018-07-12-06-37-r4wnppls/workflow_1531377437847
 

#no luck so far

./vcsa-deploy install --no-ssl-certificate-verification --acknowledge-ceip --accept-eula /tmp/embedded_vCSA_on_ESXi.json
Run the installer with "-v" or "--verbose" to log detailed information
Updating log file location, copying '/tmp/vcsaCliInstaller-2018-07-12-06-45-f3v4sgw5/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2018-07-12-06-45-f3v4sgw5/workflow_1531377957356/vcsa-cli-installer.log.bak'
Workflow log-dir /tmp/vcsaCliInstaller-2018-07-12-06-45-f3v4sgw5/workflow_1531377957356
================================================================= [START] Start executing Task: To validate CLI options at 06:45:57 =================================================================
Command line arguments verfied.
======================= [SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI optionsValidation task' in TaskFlow 'template_validation' at 06:45:57 =======================
========================================================= [START] Start executing Task: To validate the syntax of the template. at 06:45:57 =========================================================
Template syntax validation for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
Syntax validation for all templates succeeded.
======================= [SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing Template Syntax Validation task' in TaskFlow 'template_validation' at 06:45:57 =======================
 [START] Start executing Task: To check the version of each template, and for each older template that supports CEIP, convert it to the latest template format, and save it to the Template Blackboard
at 06:45:58
Template version processing for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
Version processing for all templates succeeded.
====================== [SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing Template Version Processing task' in TaskFlow 'template_validation' at 06:45:58 ======================
============================ [START] Start executing Task: To validate the template structure against the rules specified by a corresponding template schema. at 06:45:58 ============================
The entered password for new_vcsa sso password does not meet the requirements. The password must be between 8 characters and 20 characters long. It must also contain at least one uppercase and
lowercase letter, one number, and one character from '!"#$%&'()*+,-./:;<=>?@[]^_`{|}~' and all characters must be ASCII. Space is not allowed in password.
Template structure validation failed for template /tmp/embedded_vCSA_on_ESXi.json.
The value '******' of the key 'password' in section 'new_vcsa', subsection 'sso' is invalid. Correct the value and rerun the script.
=========================================================================== [FAILED] Task: StructureValidationTask: Executing Template Structure Validation task execution failed at 06:45:58
===========================================================================
======================================================================================================================================================================================================
Error message: com.vmware.vcsa.installer.template.structure_validation: Template structure validation failed for template /tmp/embedded_vCSA_on_ESXi.json.
============================================================================================== 06:45:58 ==============================================================================================
Result and Log File Information...
WorkFlow log directory: /tmp/vcsaCliInstaller-2018-07-12-06-45-f3v4sgw5/workflow_1531377957356
[root@vsphere-center lin64]# vi /tmp/embedded_vCSA_on_ESXi.json
[root@vsphere-center lin64]# ./vcsa-deploy install --no-ssl-certificate-verification --acknowledge-ceip --accept-eula /tmp/embedded_vCSA_on_ESXi.json
Run the installer with "-v" or "--verbose" to log detailed information
Updating log file location, copying '/tmp/vcsaCliInstaller-2018-07-12-06-46-8qv_x80w/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2018-07-12-06-46-8qv_x80w/workflow_1531377985688/vcsa-cli-installer.log.bak'
Workflow log-dir /tmp/vcsaCliInstaller-2018-07-12-06-46-8qv_x80w/workflow_1531377985688
================================================================= [START] Start executing Task: To validate CLI options at 06:46:25 =================================================================
Command line arguments verfied.
======================= [SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI optionsValidation task' in TaskFlow 'template_validation' at 06:46:25 =======================
========================================================= [START] Start executing Task: To validate the syntax of the template. at 06:46:26 =========================================================
Template syntax validation for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
Syntax validation for all templates succeeded.
======================= [SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing Template Syntax Validation task' in TaskFlow 'template_validation' at 06:46:26 =======================
 [START] Start executing Task: To check the version of each template, and for each older template that supports CEIP, convert it to the latest template format, and save it to the Template Blackboard
at 06:46:26
Template version processing for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
Version processing for all templates succeeded.
====================== [SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing Template Version Processing task' in TaskFlow 'template_validation' at 06:46:26 ======================
============================ [START] Start executing Task: To validate the template structure against the rules specified by a corresponding template schema. at 06:46:26 ============================
Template structure validation for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
Structure validation for all templates succeeded.
==================== [SUCCEEDED] Successfully executed Task 'StructureValidationTask: Executing Template Structure Validation task' in TaskFlow 'template_validation' at 06:46:27 ====================
 [START] Start executing Task: To create a dependency graph for the provided templates, with an edge pairing two templates that are dependent on each other. Such graph relationships will affect
whether certain templates can be deployed in parallel, or must be deployed sequentially. at 06:46:27
Dependency processing for all templates succeeded.
=================== [SUCCEEDED] Successfully executed Task 'DependencyProcessingTask: Executing Template Dependency Processing task' in TaskFlow 'template_validation' at 06:46:27 ===================
================================================== [START] Start executing Task: Validate that requirements are met in the source VCSA. at 06:46:29 ==================================================
InstallRequirementCollector: Reached gathering requirement
============================== [SUCCEEDED] Successfully executed Task 'SrcRequirementTask: Running SrcRequirementTask' in TaskFlow 'embedded_vCSA_on_ESXi' at 06:46:29 ==============================
================================================================= [START] Start executing Task: Perform precheck tasks. at 06:46:30 =================================================================
========================================== [START] Start executing Task: Verify that the provided credentials for the target ESXi/VC are valid at 06:46:30 ==========================================
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.54' will not be verified because you have provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify' command parameter, which disables
verification for all certificates. Remove this parameter from the command line if you want server certificates to be verified.
=========================================== [SUCCEEDED] Successfully executed Task 'Running precheck: TargetCredentials' in TaskFlow 'install' at 06:46:31 ===========================================
============================================= [START] Start executing Task: Precheck CPU, memory and datastore size requirements for a host. at 06:46:31 =============================================
Proceed with certificate thumbprint check...
The certificate for server '192.168.1.54' will not be verified because you have provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify' command parameter, which disables
verification for all certificates. Remove this parameter from the command line if you want server certificates to be verified.
The VCSA 'Embedded-vCenter-Server-Appliance' requires hardware virtualization support from the ESXi host 'localhost.localdomain'. You are recommended to check the BIOS settings of the ESXi host for
hardware virtualization support before proceeding.
=========================================================================== [FAILED] Task: Running precheck: HostConfigs execution failed at 06:46:37
===========================================================================
======================================================================================================================================================================================================
=========================================================================== [FAILED] Task: PrecheckTask: Running prechecks. execution failed at 06:46:37
===========================================================================
======================================================================================================================================================================================================
Error message: com.vmware.vcsa.installer.prechecks: com.vmware.vcsa.installer.prechecks.host_configs: The deployment size selected by user's template for the VCSA 'Embedded-vCenter-Server-Appliance'
is 'small', which requires 4 CPUs while the ESXi host 'localhost.localdomain' has 2 physical CPUs (cores) available. Choose a different deployment option for the VCSA, or use a different ESXi host,
or provide more CPUs for the ESXi. Deployment size selected by user's template for the VCSA 'Embedded-vCenter-Server-Appliance' is 'small', which requires 16 GB of memory. That exceeds the total
memory of 4 GB of the ESXi host 'localhost.localdomain'. Choose a different deployment option for the VCSA. The capacity of datastore 'datastore1' (3.0 GB) in host 'localhost.localdomain' is less
than the minimum size required (25 GB). Use a different datastore, or increase the datastore size above the required minimum.
============================================================================================== 06:46:38 ==============================================================================================
Result and Log File Information...
WorkFlow log directory: /tmp/vcsaCliInstaller-2018-07-12-06-46-8qv_x80w/workflow_1531377985688
 

 #now the server seems to die or at least the NIC during the install process

OVF Tool: Opening OVA source:
/mnt/cd/vcsa-cli-installer/lin64/../../vcsa/VMware-vCenter-Server-Appliance-6.7.0.12000-8832884_OVF10.ova
OVF Tool: Opening VI target: vi://root@192.168.1.54:443/
OVF Tool: Deploying to VI: vi://root@192.168.1.54:443/
OVF Tool: Disk progress: 99%
OVF Tool: Transfer Completed
OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance-
OVF Tool: Task progress: 58%
OVF Tool: Task Completed
OVF Tool: Waiting for IP address...Error: Operation was canceled
OVF Tool: Error: No route to host
Deployment failed. OVF Tool return error code: 1
 

It's not so much that it fails to install but rather that once the vcenter appliance starts for some reason the network stops working.  Restarting the network does not help either.

When starting the Virtual Appliance the last thing on the console I can see is:

Started Network Time Servce:
[ *** ] (2 of 2) A start job is running for Initial c...metadata service crawler) (21s /no limit)


The reason for this article is because a lot of us don't physically see our hard drives they are often remote in a datacenter etc and the actual serial number we see in SMART is not enough to check for some manufacturers.

A good example is our first one the Toshiba

=== START OF INFORMATION SECTION ===
Device Model:     TOSHIBA DT01ACA200
Serial Number:    33FMDW4AS

If you enter the serial in Toshiba's site above: https://myapps.taec.toshiba.com/myapps/admin/jsp/webrma/addRequest1NoLogin.jsp

You will get the following result:

That is  because you are missing the "TZ5" at the end.  See when you add the TZ5.

Hard Drive Full Serial List Examples

The format will be that the extra characters before or after the serial number are what you have to add on your own.

Device Model:     TOSHIBA DT01ACA200
Serial Number:    33FMDW4ASTZ5

Device Model:     TOSHIBA MG03ACA200
Serial Number:    Z4JAK5C8FVD2
 

10/07/2018 03:05:14 PM [IPv4] Got connection from client10.10.25.1
10/07/2018 03:05:14 PM   other clients:
10/07/2018 03:05:14 PM Client Protocol Version 3.7
10/07/2018 03:05:14 PM Advertising security type 18
10/07/2018 03:05:14 PM Client returned security type 18
10/07/2018 03:05:14 PM TLS Handshake failed: Could not negotiate a supported cipher suite.
10/07/2018 03:05:14 PM Client10.10.25.1 gone
10/07/2018 03:05:14 PM Statistics:
10/07/2018 03:05:14 PM   framebuffer updates 0, rectangles 0, bytes 0
10/07/2018 03:05:16 PM [IPv4] Got connection from client10.10.25.1
10/07/2018 03:05:16 PM   other clients:
10/07/2018 03:05:17 PM rfbProcessClientProtocolVersion: not a valid RFB client
10/07/2018 03:05:17 PM Client10.10.25.1 gone
10/07/2018 03:05:17 PM Statistics:
10/07/2018 03:05:17 PM   framebuffer updates 0, rectangles 0, bytes 0

 

Starting with newer versions of OpenVPN I believe 2.2+ you need to have "script-security 3" set or you can't execute a third party script.

Prior to that you could also use the auth-user-pass-verify like this:

auth-user-pass-verify ./validate.pl "$username $password $ip" via-env

Options error: the --auth-user-pass-verify directive should have at most 2 parameters.  To pass a list of arguments as one of the parameters, try enclosing them in double quotes ("").

However this no longer works.  The way env works no longer gives you the variables as variables that you can pass as arguments.

It now works as normal so for example in a shell script you call from OpenVPN.

Just referencing $username and $password gives you the login information the user sent.  This seems to have taken effect in version 2.3 or 2.4 or possibly even 2.2

This basically means that you are running as non-root and you need to be root to create the tun0 or tap0 device on OpenVPN.  You could try sudo or adding the openvpn binary to the list of sudoers.

First of all download the raw .so file from zend:

Copy the one relevant to your PHP version to  /usr/lib64/php/modules/

eg.: cp ioncube_loader_lin_5.3.so /usr/lib64/php/modules/

Then in your /etc/php.d/ directory create the file:

vi /etc/php.d/zend.ini

zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_5.3.so

After that restart apache/httpd and you'll be good to go!

The main issue is it looks like Java is not configured to accept the invalid ssl cert that is coming from the download location.

Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error

 export ANDROID_HOME=/home/user/Downloads/tools/
Conversations-master$ ./gradlew
Downloading https://services.gradle.org/distributions/gradle-4.4-all.zip

Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
    at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:78)
    at org.gradle.wrapper.Install.createDist(Install.java:47)
    at org.gradle.wrapper.WrapperExecutor.execute(WrapperExecutor.java:129)
    at org.gradle.wrapper.GradleWrapperMain.main(GradleWrapperMain.java:48)
Caused by: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1914)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1872)
    at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1855)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1376)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1366)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
    at org.gradle.wrapper.Download.downloadInternal(Download.java:59)
    at org.gradle.wrapper.Download.download(Download.java:45)
    at org.gradle.wrapper.Install$1.call(Install.java:60)
    at org.gradle.wrapper.Install$1.call(Install.java:47)
    at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:65)
    ... 3 more
Caused by: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
    at sun.security.pkcs11.P11Key$P11ECPublicKey.getEncodedInternal(P11Key.java:1024)
    at sun.security.pkcs11.P11Key.equals(P11Key.java:158)
    at java.util.ArrayList.indexOf(ArrayList.java:302)
    at java.util.ArrayList.contains(ArrayList.java:285)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:239)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1459)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:213)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:897)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1033)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369)
    ... 13 more
Caused by: java.security.InvalidKeyException: EC parameters error
    at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:284)
    at sun.security.ec.ECPublicKeyImpl.<init>(ECPublicKeyImpl.java:59)
    at sun.security.pkcs11.P11Key$P11ECPublicKey.getEncodedInternal(P11Key.java:1021)
    ... 28 more
Caused by: java.security.NoSuchProviderException: no such provider: SunEC
    at sun.security.jca.GetInstance.getService(GetInstance.java:83)
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
    at java.security.Security.getImpl(Security.java:697)
    at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:199)
    at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:279)
    ... 30 more
 

This is most likely to happen on a normal GUI system like Ubuntu or Linux Mint.  If you or the user is meant to have sudo / root privileges it is as simple as editing the following files:

Now assume your username is "iamtheuser"

vi /etc/group


adm:x:4:syslog,iamtheuser
sudo:x:27:anotheruser,iamtheuser

Find the above lines and add a comma and "iamtheuser" right after as shown in the example above.  You'll have to log out and login and things will be fine after that.  If you want to stay logged into the GUI you could always just ssh in to localhost and that ssh connection would give you the new privileges.

Database Error
One or more of the WHMCS database tables appear to be either missing or corrupted. Please check and repair.

This error can be misleading especially if you know you are using a known good backup or restoration of the WHMCS database.  The error can also be that the user lacks permissions to read and write to the database.

To check to this in MySQL shell:

GRANT read,write to dbusername@localhost on dbname;

After that things should work again.

Jul  3 22:12:17mailserver postfix/smtpd[6195]: fatal: no SASL authentication mechanisms
Jul  3 22:12:18mailserver postfix/master[4881]: warning: process /usr/libexec/postfix/smtpd pid 6195 exit status 1
Jul  3 22:12:18mailserver postfix/master[4881]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling


This only ever happens in my experience when the authentication method is actually Dovecot.  Usually the problem will be that Dovecot cannot start due to a misconfiguration and or permissions issue. 

The solution is to try to trace through /var/log/maillog and find out what is wrong with Dovecot (assuming it cannot start).

After this postfix should work fine.

You should also enable debug info in dovecot.conf like this:

auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes


To give you an idea of what commonly goes wrong after a new Dovecot migration or install:

dovecot: auth: Error: passwd-file /etc/dovecot.passwd: open(/etc/dovecot.passwd) failed: Permission denied (euid=97(dovecot) egid=97(dovecot) missing +r perm: /etc/dovecot.passwd, euid is not dir owner)

Solution:

chmod +x /etc/dovecot.passwd

Another error:

dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused

In this case you need to make sure /var/run/dovecot/auth-userdb and also /var/mail is set to the correct user id and group id or username/groupname as in your /etc/dovecot/dovecot.conf

first_valid_gid = 502
first_valid_uid = 501
last_valid_gid = 502
last_valid_uid = 501
 

A simple way that may work for a lot of people who just need basic output for their scripts or daemons to announce an action is this:

echo "body or message" | mail -s "realtechtalk.com" user@domain.com

If you want to send a text file as the body just do this instead:


mail -s "realtechtalk.com" user@domain.com < /tmp/sometxtfile.txt

These are some very basic but simple and powerful examples that could assist in basic shell scripting such as taking the output of a command and e-mailing it based on a cronjob etc..

An excellent resource on this is also here.

Centos when copying old files and restarting it seems load everything fine and then says [FAILED] with no log or other message.

service restart named

named   [FAILED]

Check more thoroughly you may have missed the error if you have lots of zones!

 service named restart|grep error
zone 1.168.192.in-addr.arpa/IN: not loaded due to errors.
zone 2.168.192.in-addr.arpa/IN: not loaded due to errors.
zone 3.168.192.in-addr.arpa/IN: not loaded due to errors.
 

Check the zone file you probably made a mistake that was accepted in an older version of bind/named:

$TTL 60  ; 172800 seconds
$ORIGIN 3.168.192.IN-ADDR.ARPA.
@             IN      SOA   ns1.rtt.com. ns2.rtt.com. (
                              2003080854 ; serial number
                              3h         ; refresh
                              15m        ; update retry
                              3w         ; expiry
                              3h         ; nx = nxdomain ttl
                              )
                IN NS ns1.rtt.com
                IN NS ns2.rtt.com
2       IN PTR testdns.com.
3       IN PTR dubmail-smart-www.testdns.com.
4       IN PTR path-mail-vlan20.testdns.com.

17 IN PTR testdns.com.
18 IN PTR tehka.testdns.com.
19 IN PTR khyra.testdns.com.
20 IN PTR skulda.testdns.com.
21 IN PTR thehip.testdns.com.
22 IN PTR ccipe.testdns.com.

Notice above how the IN NS does NOT have a period at the end of the TLD or .com

This is a mistake and not allowed and not tolerated in modern versions of bind but clearly in previous ones it was fine and working!

So just add the dots at the end like below and it will be good.

                IN NS ns1.rtt.com.
                IN NS ns2.rtt.com.
 

The above is just a real life example and there was no mention specifically of this being the issue in the output or logs on the server.

Sometimes if you have a very basic configuration OpenVPN on the client side for some reason sends all traffic to the OpenVPN server IP through the tun0 which is of course impossible and creates a block or routing loop. 

This is because you need to use your normal ISP/LAN gateway to hit the OpenVPN server if it is remote/offsite as is usually the case.  So if you are connected to the OpenVPN through say a tun0 device and your routing is set to connect to the OpenVPN server via the tun0 device this breaks everything!

Example below:

  I am very familiar with OpenVPN servers but I can't seem to ping the gateway or the DNS server for some reason.

    Mon Jul  9 21:46:56 2018 [access] Peer Connection Initiated with [AF_INET]92.85.42.11:1194
    Mon Jul  9 21:46:58 2018 TUN/TAP device tun0 opened
    Mon Jul  9 21:46:58 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Mon Jul  9 21:46:58 2018 /sbin/ip link set dev tun0 up mtu 1500
    Mon Jul  9 21:46:58 2018 /sbin/ip addr add dev tun0 local 10.45.100.14 peer 10.45.100.13
    Mon Jul  9 21:46:58 2018 Initialization Sequence Completed

    route looks good but I cannot ping the gateway

    10.0.0.0        10.45.100.13   255.0.0.0       UG    0      0        0 tun0
    92.85.42.11   10.45.100.13   255.255.255.255 UGH   0      0        0 tun0
    142.232.221.0   10.45.100.13   255.255.255.0   UG    0      0        0 tun0

    10.45.0.0      10.45.100.13   255.255.0.0     UG    0      0        0 tun0
    10.45.100.1    10.45.100.13   255.255.255.255 UGH   0      0        0 tun0
    10.45.100.13   0.0.0.0         255.255.255.255 UH    0      0        0 tun0

    ping 10.45.100.1
    PING 10.45.100.1 (10.45.100.13) 56(84) bytes of data.
    ^C
    --- 10.45.100.1 ping statistics ---
    11 packets transmitted, 0 received, 100% packet loss, time 9999ms

Notice how the route for the VPN server 92.85.42.11 above is going through tun0.  Of course this breaks everything.  How can you connect to the remote IP server when it is going through a tunnel already running to it.  It is basically like a routing loop.  You connect to the Public IP of the OpenVPN server and then you are telling all traffic to that VPN network must first go over the tunnel but really all you've done here is broken the connection to the VPN server!

tun0 IP: 10.45.58.249

fix routing loop:

ip route del 92.85.42.11
 

Simply just delete the erroneous route to the VPN server IP and this will force traffic to pass properly through the tunnel and allow you to stay connected to the VPN tunnel this way and actually use it.  Alternatively you also could have manually specified that the VPN IP of 92.85.42.11 be specifically routed over a particular interface such as 192.168.1.1 or interface such as eth0 or enp3s0 etc..

This happens because Dovecot limits the maximum IMAP connections per IP to just 10.  This may be fine for a single client side IP but if an entire office or multiple users are behind one IP or a single heavy user is active then you will get bizarre errors in your e-mail clients such as "Password Incorrect" or similar in Thunderbird.  It won't be obvious on the client side as to what the problem is and they will probably just think the server is misconfigured.

 dovecot: imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10): user=<user@domain.com>, method=PLAIN, rip=10.15.12.5, lip=10.15.12.59, TLS
Jul 10 14:16:21 mailserverdovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [10.15.12.5]


add this to dovecot.conf:


  mail_max_userip_connections = 50

Restart dovecot and after that you should be good to go.

Note that some users say you have to put the above in an imap stanza like this (but it was not necessary for me):

protocol imap {
  mail_max_userip_connections = 50
}
 

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.
Apache/2.2.15 (CentOS) Server at testdomain.com Port 80

Check your apache log and find something like this:

.htaccess: No comments are allowed here

the issue was .htaccess literally not allowing comments after a rule:
 

deny from 207.114.253.34 #blocked user

Look at the line above.  Apache certainly didn't help with its cryptic "no comment allowed here".  I wish it would mention what line but it literally meant "no comments allowed at the end of a rule".  This is crazy because it worked fine in a previous version of Apache.  Another caveat and gotcha of upgrading from an older Apache server that what worked before no longer does.

This is not the normal "black screen" issue and I was shocked to eventually find out why.  The normal advice of reconfiguring Xorg didn't work.  Even booting into "Recovery Mode" did not help.

Here is the short end of the stick that fixed it:

sudo apt-get install mdm mate-desktop-environment

Yes you got it right, mdm and the mate-desktop-environment / gnome were somehow uninstalled.  This must be when removing a related package sometimes you just say Y and it uninstalls other important and necessary things!  This is just a guess.

I also couldn't login after that it would kick me right out.  This has something to do with Virtualbox (I wasn't using it) so I just uninstalled it.

Linux Mint 18 has so far been a very finicky environment compared to the previous 17.

Here is my saga:

sudo service mdm restart

"Failed to restart mdm.service: Unit mdm.service is masked."

/usr/sbin/mdm
-bash: /usr/sbin/mdm: No such file or directory


strace:

rt_sigaction(SIGQUIT, {SIG_DFL, ~[RTMIN RT_1], SA_RESTORER, 0x7f96ebba04b0}, NULL, 8) = 0
rt_sigaction(SIGTERM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {SIG_DFL, ~[RTMIN RT_1], SA_RESTORER, 0x7f96ebba04b0}, NULL, 8) = 0
read(10, "#! /bin/shn### BEGIN INIT INFOn#"..., 8192) = 2340
geteuid()                               = 1000
faccessat(AT_FDCWD, "/usr/sbin/mdm", X_OK) = -1 ENOENT (No such file or directory)
exit_group(0)                           = ?




sudo apt-get remove mdm

Reading package lists... Done
Building dependency tree      
Reading state information... Done
Package 'mdm' is not installed, so not removed
You might want to run 'apt-get -f install' to correct these:
The following packages have unmet dependencies:
 fglrx : Depends: fglrx-core but it is not installable
E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).




sudo apt-get -f install

Reading package lists... Done
Building dependency tree      
Reading state information... Done
Correcting dependencies... Done
The following packages were automatically installed and are no longer required:
  baloo-kf5 breeze breeze-cursor-theme cheese-common frameworkintegration gjs kde-cli-tools kde-cli-tools-data kde-telepathy-data kde-telepathy-kaccounts ktexteditor-data kwin-style-breeze libcln6
  libdmtx0a libgjs0e libglib2.0-dev libgoocanvas-common libgoocanvas3 libgps22 libjs-underscore libjsoncpp1 libkaccounts1 libkdecorations2-5v5 libkdecorations2private5v5
  libkf5activitiesexperimentalstats1 libkf5baloo5 libkf5balooengine5 libkf5emoticons-data libkf5emoticons5 libkf5js5 libkf5jsembed-data libkf5jsembed5 libkf5kcmutils-data libkf5kcmutils5
  libkf5networkmanagerqt6 libkf5people-data libkf5people5 libkf5peoplebackend5 libkf5peoplewidgets5 libkf5plotting5 libkf5prison1 libkf5pty-data libkf5pty5 libkf5runner5 libkf5screen-bin
  libkf5screen6 libkf5su-data libkf5su5 libkf5sysguard-data libkf5texteditor5 libkf5texteditor5-libjs-underscore libkf5threadweaver5 libkf5xmlrpcclient-data libkf5xmlrpcclient5 libkfontinst5
  libkfontinstui5 libkprintutils4 libksgrd7 libkworkspace5-5 liblmdb0 libmagick++-6.q16-5v5 libmission-control-plugins0 libmozjs-24-0v5 libmusicbrainz5cc2v5 libopenshot-audio5 libopenshot12
  libpackagekitqt5-0 libpcre3-dev libpcre32-3 libpcrecpp0v5 libplasma-geolocation-interface5 libprocesscore7 libqalculate5-data libqalculate5v5 libqimageblitz4 libqrencode3 libqt5clucene5
  libqt5concurrent5 libqt5designer5 libqt5designercomponents5 libqt5help5 libqt5multimedia5 libqt5multimediawidgets5 libqt5test5 libtaskmanager5 libtelepathy-logger-qt5 libtelepathy-logger3
  libtelepathy-qt5-0 libweather-ion7 libxcb-record0 milou oxygen-sounds plasma-desktop-data plasma-look-and-feel-org-kde-breezedark-desktop python-pygoocanvas python3-openshot python3-pyqt5
  python3-pyqt5.qtmultimedia python3-pyqt5.qtopengl python3-pyqt5.qtsvg python3-sip python3-zmq qdbus-qt5 qml-module-org-kde-draganddrop qml-module-org-kde-extensionplugin
  qml-module-org-kde-kcoreaddons qml-module-org-kde-kwindowsystem qml-module-org-kde-solid qml-module-qt-labs-folderlistmodel qml-module-qt-labs-settings qml-module-qtgraphicaleffects
  signon-kwallet-extension telepathy-accounts-signon zlib1g-dev
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  fglrx
0 upgraded, 0 newly installed, 1 to remove and 21 not upgraded.
1 not fully installed or removed.
After this operation, 175 MB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 294544 files and directories currently installed.)
Removing fglrx (2:15.201-0ubuntu1) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...


sudo apt-get install mdm

Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following packages were automatically installed and are no longer required:
  baloo-kf5 breeze breeze-cursor-theme cheese-common frameworkintegration gjs kde-cli-tools kde-cli-tools-data kde-telepathy-data kde-telepathy-kaccounts ktexteditor-data kwin-style-breeze libcln6
  libdmtx0a libgjs0e libglib2.0-dev libgoocanvas-common libgoocanvas3 libgps22 libjs-underscore libjsoncpp1 libkaccounts1 libkdecorations2-5v5 libkdecorations2private5v5
  libkf5activitiesexperimentalstats1 libkf5baloo5 libkf5balooengine5 libkf5emoticons-data libkf5emoticons5 libkf5js5 libkf5jsembed-data libkf5jsembed5 libkf5kcmutils-data libkf5kcmutils5
  libkf5networkmanagerqt6 libkf5people-data libkf5people5 libkf5peoplebackend5 libkf5peoplewidgets5 libkf5plotting5 libkf5prison1 libkf5pty-data libkf5pty5 libkf5runner5 libkf5screen-bin
  libkf5screen6 libkf5su-data libkf5su5 libkf5sysguard-data libkf5texteditor5 libkf5texteditor5-libjs-underscore libkf5threadweaver5 libkf5xmlrpcclient-data libkf5xmlrpcclient5 libkfontinst5
  libkfontinstui5 libkprintutils4 libksgrd7 libkworkspace5-5 liblmdb0 libmagick++-6.q16-5v5 libmission-control-plugins0 libmozjs-24-0v5 libmusicbrainz5cc2v5 libopenshot-audio5 libopenshot12
  libpackagekitqt5-0 libpcre3-dev libpcre32-3 libpcrecpp0v5 libplasma-geolocation-interface5 libprocesscore7 libqalculate5-data libqalculate5v5 libqimageblitz4 libqrencode3 libqt5clucene5
  libqt5concurrent5 libqt5designer5 libqt5designercomponents5 libqt5help5 libqt5multimedia5 libqt5multimediawidgets5 libqt5test5 libtaskmanager5 libtelepathy-logger-qt5 libtelepathy-logger3
  libtelepathy-qt5-0 libweather-ion7 libxcb-record0 milou oxygen-sounds plasma-desktop-data plasma-look-and-feel-org-kde-breezedark-desktop python-pygoocanvas python3-openshot python3-pyqt5
  python3-pyqt5.qtmultimedia python3-pyqt5.qtopengl python3-pyqt5.qtsvg python3-sip python3-zmq qdbus-qt5 qml-module-org-kde-draganddrop qml-module-org-kde-extensionplugin
  qml-module-org-kde-kcoreaddons qml-module-org-kde-kwindowsystem qml-module-org-kde-solid qml-module-qt-labs-folderlistmodel qml-module-qt-labs-settings qml-module-qtgraphicaleffects
  signon-kwallet-extension telepathy-accounts-signon zlib1g-dev
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  gir1.2-webkit-3.0 libwebkitgtk-1.0-0 libwebkitgtk-3.0-0
Recommended packages:
  zenity
The following NEW packages will be installed:
  gir1.2-webkit-3.0 libwebkitgtk-1.0-0 libwebkitgtk-3.0-0 mdm
0 upgraded, 4 newly installed, 0 to remove and 21 not upgraded.
Need to get 17.2 MB of archives.
After this operation, 78.9 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://packages.linuxmint.com serena/upstream amd64 mdm amd64 2.0.17+serena [1,932 kB]
Get:2 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 libwebkitgtk-3.0-0 amd64 2.4.11-0ubuntu0.1 [7,593 kB]
Get:3 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 gir1.2-webkit-3.0 amd64 2.4.11-0ubuntu0.1 [60.7 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 libwebkitgtk-1.0-0 amd64 2.4.11-0ubuntu0.1 [7,587 kB]
Fetched 17.2 MB in 2s (6,079 kB/s)             
Preconfiguring packages ...
Selecting previously unselected package libwebkitgtk-3.0-0:amd64.
(Reading database ... 294417 files and directories currently installed.)
Preparing to unpack .../libwebkitgtk-3.0-0_2.4.11-0ubuntu0.1_amd64.deb ...
Unpacking libwebkitgtk-3.0-0:amd64 (2.4.11-0ubuntu0.1) ...
Selecting previously unselected package gir1.2-webkit-3.0:amd64.
Preparing to unpack .../gir1.2-webkit-3.0_2.4.11-0ubuntu0.1_amd64.deb ...
Unpacking gir1.2-webkit-3.0:amd64 (2.4.11-0ubuntu0.1) ...
Selecting previously unselected package libwebkitgtk-1.0-0:amd64.
Preparing to unpack .../libwebkitgtk-1.0-0_2.4.11-0ubuntu0.1_amd64.deb ...
Unpacking libwebkitgtk-1.0-0:amd64 (2.4.11-0ubuntu0.1) ...
Selecting previously unselected package mdm.
Preparing to unpack .../mdm_2.0.17+serena_amd64.deb ...
Unpacking mdm (2.0.17+serena) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for hicolor-icon-theme (0.15-0ubuntu1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (229-4ubuntu21.2) ...
Setting up libwebkitgtk-3.0-0:amd64 (2.4.11-0ubuntu0.1) ...
Setting up gir1.2-webkit-3.0:amd64 (2.4.11-0ubuntu0.1) ...
Setting up libwebkitgtk-1.0-0:amd64 (2.4.11-0ubuntu0.1) ...
Setting up mdm (2.0.17+serena) ...
Upstart detected. Removing rc.d links.
Linking /usr/bin/gdmflexiserver to /usr/bin/mdmflexiserver
Processing triggers for libc-bin (2.23-0ubuntu10) ...


after restarting mdm this works with a weird/different generic looking login screen but then it logs out right away without showing anything except an error message saying to check this:

~/.xession-errors

initctl: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused
/etc/mdm/Xsession: Beginning session setup...
localuser:mintuser being added to access control list


sudo apt-get --reinstall install xserver-xorg-core xserver-xorg

initctl: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused


sudo apt-get --reinstall install mate-desktop-environment

#after this the normal login screen but after logging in you get kicked out immediately without ever seeing the desktop environment and the message about the xsession-errors

Your session only lasted less than 10 seconds. 

=========

I also believed it was an Xorg issue but I just had to reinstall mdm and the mate-desktop:

[    27.153]
X.Org X Server 1.18.4
Release Date: 2016-07-19
[    27.154] X Protocol Version 11, Revision 0
[    27.154] Build Operating System: Linux 4.4.0-97-generic x86_64 Ubuntu
[    27.154] Current Operating System: Linux queenlazina-laptop 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64
[    27.154] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.4.0-116-generic root=UUID=328e6d8a-529d-4f5e-8d72-16a9f3ec16e1 ro quiet splash vt.handoff=7
[    27.154] Build Date: 13 October 2017  01:57:05PM
[    27.154] xorg-server 2:1.18.4-0ubuntu0.7 (For technical support please see http://www.ubuntu.com/support)
[    27.154] Current version of pixman: 0.33.6
[    27.154]    Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
[    27.154] Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[    27.154] (==) Log file: "/var/log/Xorg.0.log", Time: Tue May  1 12:25:36 2018
[    27.154] (==) Using config directory: "/etc/X11/xorg.conf.d"
[    27.154] (==) Using system config directory "/usr/share/X11/xorg.conf.d"
[    27.155] (==) No Layout section.  Using the first Screen section.
[    27.155] (==) No screen section available. Using defaults.
[    27.155] (**) |-->Screen "Default Screen Section" (0)
[    27.155] (**) |   |-->Monitor "<default monitor>"
[    27.156] (==) No device specified for screen "Default Screen Section".
        Using the first device section listed.
[    27.156] (**) |   |-->Device "Intel Graphics"
[    27.156] (==) No monitor specified for screen "Default Screen Section".


(II) [KMS] Kernel modesetting enabled.
No devices to configure.  Configuration failed.
(EE) Server terminated with error (2). Closing log file.
 

This usually happens when you are using something like an INT and try to insert a larger value than the maximum which is larger than "2147483647"

On a practical term I have seen this and been guilty of this error when using scripts like PHP and generating large random numbers:

  $hash = mt_rand(5,9999999999999);

Obviously that many 9's are more digits than the maximum of an INT resulting in that error.  Change your code accordingly to avoid the problem:

  $hash = mt_rand(5,2147483647);

More info on MySQL INT sizes here.

Here is the only solution I found that works in Firefox:

*Note you could basically just copy all of the commands in bold (the rest just shows the output)

Install sqlite3

sqlite3 places.sqlite

sqlite> .clone places.sqlite-fixed
moz_places... done
moz_historyvisits... done
moz_inputhistory... done
moz_bookmarks... done
moz_keywords... done
sqlite_sequence... Error: object name reserved for internal use: sqlite_sequence
SQL: [CREATE TABLE sqlite_sequence(name,seq)]
done
moz_anno_attributes... done
moz_annos... done
moz_items_annos... done
sqlite_stat1... Error: object name reserved for internal use: sqlite_stat1
SQL: [CREATE TABLE sqlite_stat1(tbl,idx,stat)]
Error 1: no such table: sqlite_stat1 on [SELECT * FROM "sqlite_stat1"]
done
moz_hosts... done
moz_bookmarks_deleted... done
sqlite_autoindex_moz_inputhistory_1... done
sqlite_autoindex_moz_keywords_1... done
sqlite_autoindex_moz_anno_attributes_1... done
sqlite_autoindex_moz_hosts_1... done
sqlite_autoindex_moz_bookmarks_deleted_1... done
moz_places_hostindex... done
moz_places_visitcount... done
moz_places_frecencyindex... done
moz_places_lastvisitdateindex... done
moz_historyvisits_placedateindex... done
moz_historyvisits_fromindex... done
moz_historyvisits_dateindex... done
moz_bookmarks_itemindex... done
moz_bookmarks_parentindex... done
moz_bookmarks_itemlastmodifiedindex... done
moz_places_url_hashindex... done
moz_places_guid_uniqueindex... done
moz_bookmarks_guid_uniqueindex... done
moz_annos_placeattributeindex... done
moz_items_annos_itemattributeindex... done
moz_keywords_placepostdata_uniqueindex... done
moz_bookmarks_dateaddedindex... done

PRAGMA user_version;

sqlite> PRAGMA user_version;
41
sqlite> .exit

*Note the output "41" or whatever number you will need to use this later *below*

#Note again in the command "PRAGMA user_version = 41" (substitute 41 with whatever version you got above).

sqlite3 places.sqlite-fixed

PRAGMA integrity_check;

PRAGMA user_version = 41;


PRAGMA journal_mode = truncate;


PRAGMA page_size = 32768;


VACUUM;


PRAGMA journal_mode = wal;


SQLite version 3.11.0 2016-02-15 17:29:24
Enter ".help" for usage hints.
sqlite> PRAGMA integrity_check;
ok
sqlite> PRAGMA user_version = 41;
sqlite> PRAGMA journal_mode = truncate;
truncate
sqlite> PRAGMA page_size = 32768;
sqlite> VACUUM;
sqlite> PRAGMA journal_mode = wal;
wal
sqlite> .exit

Now restore the "places.sqlite-fixed" to places.sqlite and reopen Firefox

After doing this my address bar history worked fine and perfectly!  No need to start with a fresh database and lose valuable history and shortcuts to key sites you visit!

sign_and_send_pubkey: signing failed: agent refused operation

This happens when you don't manually add your ssh key with ssh-add it is some weird new feature in SSH or Ubuntu/Debian that causes this weird problem.
 

Solution:

ssh-add
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)

ValueError: new value non-existent xfs filesystem is not valid as a default fs type

Pane is dead

From what I read this is misleading and has to do with the fact that the initrd and kernel are mismatched.

This is a hard situation because for some older hardware I am using the Centos Plus kernel which has modules that I require for an older server/NIC.  This seems to have cropped up in the past few months and there is no simple fix which is quite frustrating.

I wish RHEL/Centos would provide a CentosPlus kernel for their PXE boot image as this essentially stops things from working and creates a PXEBoot/NetInstall scenario that cannot be relied on because it seems to pull other image data from the Centos repo which ends up breaking in the event that the repo has been updated and your kernel/initrd are mismatched.

But it worked before the whole time so something unexpected or undesirable has changed upstream unfortunately.  For now I am not sure of the solution short of creating my own PXEBoot initrd image and kernel.

It looks like this has something to do with APIC but I am not sure.  I have similar CPUs with a different MB and BIOS that work fine on the same type of kernel.  A lot of time the issue is because of the C-step setting in the BIOS.

The same thing happened on the 2.6 kernel with Centos 6 but this is a homebrew 4.4 kernel so I am not sure why it is happening when even Centos 7 (3.2) kernel works OK.

Solution - It comes down to the BIOS settings:

*The most critical part is this:

Boot:

OS Selection "Linux" (now note this is weird but even if you are booting without UEFI this setting applies still).

If you don't choose Linux as your OS everything runs snail slow.

Security:

Disable "Execute Disable Bit"

Disable "Intel Platform Trust"

Power:

Disable "Enhanced Intel Speedstep Technology"

Disable "OS ACPI C2 Report"

[72799.017154] INFO: rcu_sched detected stalls on CPUs/tasks:
[72799.017193]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
[72799.017220]     (detected by 0, t=5252 jiffies, g=1775778, c=1775777, q=678)
[72799.017249] Task dump for CPU 1:
[72799.017270] swapper/1       R running      0     0      1 0x00200008
[72799.017301]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
[72799.017353]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
[72799.017405]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
[72799.017458] Call Trace:
[72799.017486]  [] ? smp_apic_timer_interrupt+0x30/0x40
[72799.017515]  [] ? apic_timer_interrupt+0x2d/0x34
[72799.017542]  [] ? mwait_idle+0x68/0x150
[72799.017568]  [] ? arch_cpu_idle+0x6/0x10
[72799.017593]  [] ? cpu_startup_entry+0x1dd/0x2d0
[72799.017618]  [] ? setup_APIC_timer+0x9b/0xb0
[72799.017645] rcu_sched kthread starved for 5252 jiffies! g1775778 c1775777 f00
[72862.037828] INFO: rcu_sched detected stalls on CPUs/tasks:
[72862.037866]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
[72862.037893]     (detected by 0, t=21007 jiffies, g=1775778, c=1775777, q=3093)
[72862.037923] Task dump for CPU 1:
[72862.037944] swapper/1       R running      0     0      1 0x00200008
[72862.037975]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
[72862.038028]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
[72862.038080]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
[72862.038132] Call Trace:
[72862.038161]  [] ? smp_apic_timer_interrupt+0x30/0x40
[72862.038190]  [] ? apic_timer_interrupt+0x2d/0x34
[72862.038216]  [] ? mwait_idle+0x68/0x150
[72862.038242]  [] ? arch_cpu_idle+0x6/0x10
[72862.038268]  [] ? cpu_startup_entry+0x1dd/0x2d0
[72862.038293]  [] ? setup_APIC_timer+0x9b/0xb0
[72862.038320] rcu_sched kthread starved for 21007 jiffies! g1775778 c1775777 f0
[72925.058501] INFO: rcu_sched detected stalls on CPUs/tasks:
[72925.058539]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
[72925.058566]     (detected by 2, t=36762 jiffies, g=1775778, c=1775777, q=5985)
[72925.058596] Task dump for CPU 1:
[72925.058617] swapper/1       R running      0     0      1 0x00200008
[72925.058648]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
[72925.058701]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
[72925.058752]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
[72925.058805] Call Trace:
[72925.058834]  [] ? smp_apic_timer_interrupt+0x30/0x40
[72925.058863]  [] ? apic_timer_interrupt+0x2d/0x34
[72925.058890]  [] ? mwait_idle+0x68/0x150
[72925.058915]  [] ? arch_cpu_idle+0x6/0x10
[72925.058941]  [] ? cpu_startup_entry+0x1dd/0x2d0
[72925.058967]  [] ? setup_APIC_timer+0x9b/0xb0
[72925.058993] rcu_sched kthread starved for 36762 jiffies! g1775778 c1775777 f0
[72988.079176] INFO: rcu_sched detected stalls on CPUs/tasks:
[72988.079216]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
[72988.079243]     (detected by 0, t=52517 jiffies, g=1775778, c=1775777, q=9582)
[72988.079273] Task dump for CPU 1:
[72988.079294] swapper/1       R running      0     0      1 0x00200008
[72988.079325]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
[72988.079378]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
[72988.079430]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
[72988.079482] Call Trace:
[72988.079511]  [] ? smp_apic_timer_interrupt+0x30/0x40
[72988.079539]  [] ? apic_timer_interrupt+0x2d/0x34
[72988.079566]  [] ? mwait_idle+0x68/0x150
[72988.079592]  [] ? arch_cpu_idle+0x6/0x10
[72988.079617]  [] ? cpu_startup_entry+0x1dd/0x2d0
[72988.079643]  [] ? setup_APIC_timer+0x9b/0xb0
[72988.079669] rcu_sched kthread starved for 52517 jiffies! g1775778 c1775777 f0
[73051.099850] INFO: rcu_sched detected stalls on CPUs/tasks:
[73051.099888]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
[73051.099915]     (detected by 0, t=68272 jiffies, g=1775778, c=1775777, q=12493)
[73051.099946] Task dump for CPU 1:
[73051.099966] swapper/1       R running      0     0      1 0x00200008
[73051.099997]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
[73051.100050]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
[73051.100102]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
[73051.100154] Call Trace:
[73051.100183]  [] ? smp_apic_timer_interrupt+0x30/0x40
[73051.100211]  [] ? apic_timer_interrupt+0x2d/0x34
[73051.100238]  [] ? mwait_idle+0x68/0x150
[73051.100264]  [] ? arch_cpu_idle+0x6/0x10
[73051.100289]  [] ? cpu_startup_entry+0x1dd/0x2d0
[73051.100315]  [] ? setup_APIC_timer+0x9b/0xb0
[73051.100341] rcu_sched kthread starved for 68272 jiffies! g1775778 c1775777 f0
[73114.120521] INFO: rcu_sched detected stalls on CPUs/tasks:
[73114.120560]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
[73114.120588]     (detected by 3, t=84027 jiffies, g=1775778, c=1775777, q=15681)
[73114.120618] Task dump for CPU 1:
[73114.120639] swapper/1       R running      0     0      1 0x00200008
[73114.120670]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
[73114.120722]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
[73114.120774]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
[73114.120827] Call Trace:
[73114.120856]  [] ? smp_apic_timer_interrupt+0x30/0x40
[73114.120884]  [] ? apic_timer_interrupt+0x2d/0x34
[73114.120911]  [] ? mwait_idle+0x68/0x150
[73114.120937]  [] ? arch_cpu_idle+0x6/0x10
[73114.120962]  [] ? cpu_startup_entry+0x1dd/0x2d0
[73114.120988]  [] ? setup_APIC_timer+0x9b/0xb0
[73114.121014] rcu_sched kthread starved for 84027 jiffies! g1775778 c1775777 f0
[73177.141194] INFO: rcu_sched detected stalls on CPUs/tasks:
[73177.141232]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
[73177.141259]     (detected by 2, t=99782 jiffies, g=1775778, c=1775777, q=18837)
[73177.141289] Task dump for CPU 1:
[73177.141310] swapper/1       R running      0     0      1 0x00200008
[73177.141340]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
[73177.141393]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
[73177.141445]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
[73177.141497] Call Trace:
[73177.141525]  [] ? smp_apic_timer_interrupt+0x30/0x40
[73177.141554]  [] ? apic_timer_interrupt+0x2d/0x34
[73177.141581]  [] ? mwait_idle+0x68/0x150
[73177.141607]  [] ? arch_cpu_idle+0x6/0x10
[73177.141632]  [] ? cpu_startup_entry+0x1dd/0x2d0
[73177.141658]  [] ? setup_APIC_timer+0x9b/0xb0
[73177.141684] rcu_sched kthread starved for 99782 jiffies! g1775778 c1775777 f0
[73240.161868] INFO: rcu_sched detected stalls on CPUs/tasks:
[73240.161906]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
[73240.161934]     (detected by 3, t=115537 jiffies, g=1775778, c=1775777, q=22200)
[73240.161964] Task dump for CPU 1:
[73240.161985] swapper/1       R running      0     0      1 0x00200008
[73240.162016]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
[73240.162069]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
[73240.162121]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
[73240.162173] Call Trace:
[73240.163521]  [] ? smp_apic_timer_interrupt+0x30/0x40
[73240.163550]  [] ? apic_timer_interrupt+0x2d/0x34
[73240.163577]  [] ? mwait_idle+0x68/0x150
[73240.163603]  [] ? arch_cpu_idle+0x6/0x10
[73240.163628]  [] ? cpu_startup_entry+0x1dd/0x2d0
[73240.163654]  [] ? setup_APIC_timer+0x9b/0xb0
[73240.163680] rcu_sched kthread starved for 115537 jiffies! g1775778 c1775777 0
[73303.182543] INFO: rcu_sched detected stalls on CPUs/tasks:
[73303.182582]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
[73303.182609]     (detected by 0, t=131292 jiffies, g=1775778, c=1775777, q=24499)
[73303.182639] Task dump for CPU 1:
[73303.182660] swapper/1       R running      0     0      1 0x00200008
[73303.182691]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
[73303.182743]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
[73303.182796]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
[73303.182848] Call Trace:
[73303.182877]  [] ? smp_apic_timer_interrupt+0x30/0x40
[73303.182906]  [] ? apic_timer_interrupt+0x2d/0x34
[73303.182932]  [] ? mwait_idle+0x68/0x150
[73303.182958]  [] ? arch_cpu_idle+0x6/0x10
[73303.182984]  [] ? cpu_startup_entry+0x1dd/0x2d0
[73303.183009]  [] ? setup_APIC_timer+0x9b/0xb0
[73303.183035] rcu_sched kthread starved for 131292 jiffies! g1775778 c1775777 0
[73366.203215] INFO: rcu_sched detected stalls on CPUs/tasks:
[73366.203254]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
[73366.203281]     (detected by 3, t=147047 jiffies, g=1775778, c=1775777, q=26783)
[73366.203311] Task dump for CPU 1:
[73366.203332] swapper/1       R running      0     0      1 0x00200008
[73366.203363]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
[73366.203416]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
[73366.203468]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
[73366.203520] Call Trace:
[73366.203549]  [] ? smp_apic_timer_interrupt+0x30/0x40
[73366.203578]  [] ? apic_timer_interrupt+0x2d/0x34
[73366.203604]  [] ? mwait_idle+0x68/0x150
[73366.203630]  [] ? arch_cpu_idle+0x6/0x10
[73366.203656]  [] ? cpu_startup_entry+0x1dd/0x2d0
[73366.203681]  [] ? setup_APIC_timer+0x9b/0xb0
[73366.203707] rcu_sched kthread starved for 147047 jiffies! g1775778 c1775777 0


You may also get errors like these:

[  299.955483] mce: [Hardware Error]: Machine check events logged

Other symptoms are that everything seems to run very slow such as basic keyboard input there is a lot of lag even when opening top or waiting for the output of dmesg etc..When typing it basically feels like you are on a dialup modem connecting to a server on the other side of the world with packet loss or that is saturated.

So you restarted your router/dhcpd server or for some other reason you wonder why DHCP is not working on any of your clients?  You go and check that named is in fact running fine.

But then you check /var/log/messages and see this error for everything hostname:

named[1525]: error (broken trust chain) resolving 'min-api.cryptocompare.com/A/IN': 173.245.58.78#53

I've only ever seen this when the time on the server was off.  It is important to make sure you are running ntpd or ntpdate on boot and at all times.  Once you change your time to the correct time things will work again.

In xplayer I get the following error "Could not initialize supporting library.".  It actually looks more like a gstreamer issue.

For those wondering what the default video player is called it is "xvid" and not "totem" anymore like previous versions.

Basically it looks like some codecs are missing when I uninstalled another program it uninstalled other programs and codecs that it shouldn't have.

I've tried installing all the gstream packages and other codecs but nothing has helped so far.

 There is also this console output:

libva info: VA-API version 0.39.0
libva info: va_getDriverName() returns -1
libva error: va_getDriverName() failed with unknown libva error,driver_name=(null)


Solution:

sudo apt-get remove gstreamer1.0-vaapi

wget -qO

You just need the -qO switch and you'll be good to go, the output then goes to your console/screen/script rather than a file.

 convert -crop -0-400 image.jpg image.pdf

The -crop -0-400 is what does it.  The 0 says not to chop anything from the left.  If you want to chop the left of course change 0 to whatever pixels you want chopped from the left.  The 400 says to chop 400 pixels off the top.

This is useful if you have a bunch of images/scans where the same area at the top needs to be chopped.

Sometimes the -trim option (such as the case of white space on top) is wrong and ends up cropping the image and losing some text.

ImageMagick's convert is very useful but tricky to find some things out as I find it to be less than intuitive sometimes.

In your browser go to "about:config"

Right click and choose "New" -> "String"

The name should be:

general.useragent.override

String Value:

Mozilla/5.0 (Linux; U; Android 2.2.1; en-ca; LG-P505R Build/FRG83) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1

You don't even have to restart to make this work.

This works for almost all ISO's I find (at least Linux based):

sudo dd if=CentOS-6.9-x86_64-minimal.iso of=/dev/sdg bs=20M
20+1 records in
20+1 records out
427819008 bytes (428 MB) copied, 118.233 s, 3.6 MB/s
 

Of course change the .iso filename above and the /dev/sdg to your desired USB drive!

It is well known hackers, the NSA, CIA and other groups have created malware to secretly turn on your webcam and microphone on your phone, tv etc.. But fortunately on our computers and laptops we have some options.

Most webcams use the "uvcvideo" kernel module / driver.  You can disable this in two ways on boot. I recommend both just as a failsafe. 

Disable it on rc.local once your system boots automatically

Add the following to /etc/rc.local:

/sbin/rmmod uvcvideo

Even if the kernel module was loaded during boot this will unload it.

Disable it from loading at all in blacklist.conf

Edit /etc/modprobe.d/blacklist.conf

blacklist uvcvideo
 

Now of course note a hacker who gains access as root/admin could still load this driver and spy on you but it is a reasonable amount of privacy.  To increase security you should use electrical or duct tape over your microphone and webcam itself.

As a more invasive mode you could also edit your initramfs and kernel not to even contain the driver (but the issue is that on kernel upgrade the uvcvideo driver will be back).

You could also use a cronjob like this every minute:

sudo crontab -e

*/1 * * * * /sbin/rmmod uvcvideo

This would try to unload the driver every minute just in case something malicious did activate it again. 

In at least Ubuntu and Mint there is nothing intuitive about configuring Java.

Execute it to get to it:

itweb-settings

You'll be able to configure different options and variables.

sudo chmod 000 /etc/cron.daily/apt-compat
 

This is the easiest way to disable the cron without anything more invasive like deleting the file.

After that you won't have anymore apt-get's starting.

This can be critical for systems without much extra RAM that is not in use.  I've seen systems that have swapped and crashed over apt-get.

It's a little tricky if you are running a 64-bit OS which most people will be.

The weird thing is that the Seamonkey website for Linux seems to only provide a 32-bit download.

seamonkey-2.49.2.tar.bz2

First unpack it

tar -jxvf seamonkey-2.49.2.tar.bz2
 

Try to run it

 ./seamonkey
XPCOMGlueLoad error for file /home/queenlazina/Downloads/seamonkey/libmozgtk.so:
libgtk-3.so.0: cannot open shared object file: No such file or directory
Couldn't load XPCOM.

Seems that libgtk is installed:

ls /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
/usr/lib/x86_64-linux-gnu/libgtk-3.so.0
 

But note it is 64-bit and you need the 32-bit library since Seamonkey is 32-bit.

We need to enable i386/32-bit architecture and add the libgtk for 32 bit

sudo dpkg --add-architecture i386
sudo apt-get install libgtk-3-0:i386

After that you can run Seamonkey finally!

One simple way to keep your server public but almost impossible to hack via SSH is to disable password authentication over SSH.  This means the only way in is via  your own private key that only you should have.

Edit your /etc/ssh/sshd.conf file

Set this option

PasswordAuthentication no

Restart your SSH server.

service sshd restart

Now your server will be much more secure, even if someone has the password they cannot login remotely no matter what (so long as no one has stolen your private key).  This makes bruteforcing absolutely impossible, so long as they don't enter another way, get root access and enable password login again.

This is one thing that has me wondering about SMF.  It is apparently a known issue but in the latest version and new install nothing looked right because it was using http://127.0.0.1 to find everything!  How on earth would it ever do this or think it is normal?

Excerpt of crazy html code it produces that causes the issue:


    <link rel="stylesheet" type="text/css" href="http://127.0.0.1/smf/Themes/default/css/index.css?fin20" />
    <script type="text/javascript" src="http://127.0.0.1/smf/Themes/default/scripts/script.js?fin20"></script>
    <script type="text/javascript" src="http://127.0.0.1/smf/Themes/default/scripts/theme.js?fin20"></script>

        <img id="upshrink" src="http://127.0.0.1/smf/Themes/default/images/upshrink.png" alt="*" title="Shrink or expand the header." style="display: none;" />
            <img id="smflogo" src="http://127.0.0.1/smf/Themes/default/images/smflogo.png" alt="Simple Machines Forum" title="Simple Machines Forum" />
        </div>




To repair it you need to get a tool from the SMF site: https://wiki.simplemachines.org/smf/Repair_settings.php#Download_the_Repair_Settings_Tool

Get the tool run it and you'll see some output like this:

Almost always aside from MySQL DB you should change 127.0.0.1 to the domain name of your server.



 URLs
These are the paths and URLs to your SMF installation, and can cause big problems when they are wrong. Sorry, there are a lot of them.
Forum URL:    
Recommended value: "https://forums.domain.com".
Forum Directory:    
Recommended value: "/var/www/vhosts/domain.com/httpdocs".
Sources Directory:    
Recommended value: "/var/www/vhosts/domain.com/httpdocs/Sources".
Attachment Directory:    
Recommended value: "/var/www/vhosts/domain.com/httpdocs/attachments".
Avatar URL:    
Recommended value: "https://forums.domain.com/avatars".
Avatar Directory:    
Recommended value: "/var/www/vhosts/domain.com/httpdocs/avatars".
Custom Avatar URL:
Value not found!    
Custom Avatar Directory:
Value not found!    
Smileys URL:    
Recommended value: "https://forums.domain.com/Smileys".
Smileys Directory:    
Recommended value: "/var/www/vhosts/domain.com/httpdocs/Smileys".






Paths & URLs For Themes
These are the paths and URLs to your SMF themes.
SMF Default Theme - Curve URL:    
Recommended value: "https://forums.domain.com/Themes/default".
SMF Default Theme - Curve Images URL:    
Recommended value: "https://forums.domain.com/Themes/default/images".
SMF Default Theme - Curve Directory:    
Recommended value: "/var/www/vhosts/domain.com/httpdocs/Themes/default".
Core Theme URL:    
Recommended value: "https://forums.domain.com/Themes/core".
Core Theme Images URL:    
Recommended value: "https://forums.domain.com/Themes/core/images".
Core Theme Directory:    
Recommended value: "/var/www/vhosts/domain.com/httpdocs/Themes/core".

It is simple the user just needs to be given the "LOCK TABLES" privilege.

As root run this command:

GRANT LOCK TABLES ON yourdatabase.* TO yourmysqluser@localhost;

GRANT SELECT, LOCK TABLES ON *.* TO yourmysqluser@localhost;

All you need to do a full MySQL dump on all databases is the SELECT and LOCK TABLES privileges.  This way you don't have to use the mysql root user.  Data could be compromised this way but at least no harm from manipulation, changes or deletion are possible by locking down the privileges to the minimum for a full MySQL dump and backup.

Here is a command you could use to dump all databases.

It's fairly simple to start or stop a check but I do wish mdadm's command had this built in.  Sometimes it will do a check at the worst time causing the server to crawl to a halt.

Stop check on md126:

echo idle > /sys/block/md126/md/sync_action

Start check on md126:


echo check > /sys/block/md126/md/sync_action

If you don't want to stop everything you can use this guide to set the minimum and maximum sync speed which does help.

Starting container...
vzquota : (error) Quota on syscall for id 4532: No such file or directory
vzquota on failed [3]
 

Solution

vzquota drop 4532

Then start the container and it should work.  It actually happened after migrating the VPS manually to another location (very common).

Another way of doing essentially the same is the following:

https://realtechtalk.com/vzquota_error_Quota_on_syscall_for_id_42131_No_such_file_or_directory_vzquota_on_failed_[3]-1447-articles

So I have a domain "testdomain.com".

Inside test domain.com's root is the following .htaccess:

Options +FollowSymLinks -Indexes
ErrorDocument 403 /launch/index.html

Order Deny,Allow
Deny From All
Allow From 192.168.1.2

When you visit anything other than root things work fine.  Eg. if you visit http://testdomain.com/somedirfile.html

It will show the right error in /launch/

But if you just visit the root you get the standard Apache Test page even though a 403 is returned.  The reason for this is because of an Alias "Error" in /etc/httpd/httpd.conf

Find this line and comment it out:

Alias /error/ "/var/www/error/"

What happens when visiting root is that it checks for a custom 403 error in /var/www/error/ and when it doesn't find one in there it returns noindex.html (the Apache test page).

However I don't know a better work-around what Apache then does after commenting out that alias is it insists in then looking inside your /www/document_root/error/ folder for a matching custom file.  If not it looks for a noindex.html in there.

So all I did was create a no index.html in an error folder within my document root.

This solves the issue but I am not sure of how to make a better solution.  I searched for hours modifying the vhost configuration but nothing worked or helped except the above.

These URLs below had the same issue:

https://www.linuxquestions.org/questions/linux-server-73/apache-403-on-root-serves-test-page-instead-of-forbidden-page-4175492016/
https://www.linuxquestions.org/questions/linux-server-73/apache-denied-ips-getting-test-page-914257/

Here is some of the troubleshooting process I went through:

I have an issue where I am only allowing a few IPs to view a website in .htaccess:


Options +FollowSymLinks -Indexes
ErrorDocument 403 /launch/index.html

Order Deny,Allow
Deny From All
Allow From 192.168.1.2


# Now it works if you go to http://url/somecrap it will take you to /launch/index.html
But if you just go to the reoot http://url/ or http://url you get the Apache Test page instead:



https://www.linuxquestions.org/questions/linux-server-73/apache-403-on-root-serves-test-page-instead-of-forbidden-page-4175492016/
https://www.linuxquestions.org/questions/linux-server-73/apache-denied-ips-getting-test-page-914257/

solution:
edit /etc/httpd/httpd.conf

# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections.  We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
#   Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /var/www/error/include/ files and
# copying them to /your/include/path/, even on a per-VirtualHost basis.
#

#Alias /error/ "/var/www/error/"


[root@serverdev error]# mv noindex.html noindex.html-bad
[root@serverdev error]# readlink -f .
/var/www/error


Alias /error/ "/var/www/error/"


#Alias /error/ "/var/www/error/"

<IfModule mod_negotiation.c>
<IfModule mod_include.c>
    <Directory "/var/www/error">
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority en es de fr
        ForceLanguagePriority Prefer Fallback
    </Directory>


Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

log#
[Sun Apr 08 04:09:43 2018] [error] [client 192.168.1.55] client denied by server configuration: /www/vhosts/vhosttest.com/httpdocs/
[Sun Apr 08 04:09:43 2018] [error] [client 192.168.1.55] client denied by server configuration: /www/vhosts/vhosttest.com/httpdocs/error
 

Just type the command:

localboot

By default it will boot the first local drive "0".  I believe you can specify a different number to boot a different device.

eg.

localboot 3

(will boot the 4th BIOS device)'

This is useful for security purposes especially on a server which may have a public IP assigned to it but has a second NIC for the LAN.

Here is how you edit smb.conf:

[global]

interfaces = 192.168.1.50
bind interfaces only = yes


As you can see above it will only listen on 192.168.1.50 and remind to keep the "bind interfaces only" option.

It has been a big pain for a long-time to install Windows from a Linux environment.  I used to run a windows install server and it never worked right for some reason (the install would fail on most servers).

Before getting start be sure to setup your samba share so once you boot into WinPE you can mount the install for whatever Windows you want

/etc/samba/smb.conf

[smbwinstall]
path = /tftpboot/images/winstall
guest ok = yes
directory mask = 0775


It's much easier and stable to deploy all OS's using a Linux tftp and dhcpd server:

WinPE Boot with pxelinux
It requires pxelinux 6.04 or higher so I've included that in winpe-libs.tar.gz

cd /tftpboot/images
wget realtechtalk.com/downloads/winpe-tftp.tar.gz
wget realtechtalk.com/downloads/winpe-tftp-root-libs.tar.gz
#Extract it into your /tftpboot/

cd /tftpboot/
tar -zxvf winpe-tftp-root-libs.tar.gz
ldlinux.c32
libcom32.c32
libutil.c32
linux.c32
menu.c32
pxelinux.0
wimboot


cp winpe-libs/* /tftpboot/

tar -zxvf winpe-tftp.tar.gz
Edit your /tftpboot/pxelinux.cfg/default

Add this:

MENU TITLE WinPE
label WinPE
com32 linux.c32
APPEND wimboot initrdfile=../images/winpe/bootmgr,../images/winpe/bcd,../images/winpe/boot.sdi,../images/winpe/boot.wim

#the next step is to make sure you have a samba or windows fileshare with the windows install you want

mkdir -p /tftpboot/images/winstall
#mount and copy the install you want

pxeboot the WinPE image then mount the remote share and install windows from it

Get booting!

If everything was done right you should be able to boot off your NIC, see the pxellinux menu for winpe and boot into it.

Once in WinPE type the following command to mount your install share:

net use z: \192.168.5.20winstall

z:

Of course change the IP and "winstall" share name to match what you have on your network.
 

#errors
linux.c32: not a COM32R image this means your pxelinux is probably trying to open an image like Winpe with wimboot and is too old (upgrade to at least pxelinux 6.04.  The pxelinux.0 file in the winpe-tftp.tar.gz file is from 6.04 so it will automatically update if you overwrite your pxelinux.0 file
 

error: Could not locate RPC credentials. No authentication cookie could be found, and no rpcpassword is set in the configuration file

This is usually because the .cookie file cannot be read by the user you are running Litecoin or Bitcoin client/daemon as.

You can adjust the permissions of the file so that the user or group they are apart of has read permissions.

Error: Unable to apply new quota values: quota not running
Container start failed (try to check kernel messages, e.g. "dmesg | tail")
Killing container ...
Container was stopped
Error: Unable to apply new quota values: quota not running
Can't umount /vz/private/123123: Invalid argument


[root@rtt 123123]# vzquota on 123123
vzquota : (error) Can't open quota file for id 123123, maybe you need to reinitialize quota: No such file or directory
You have mail in /var/spool/mail/root
[root@rtt 123123]# vzquota off 123123
vzquota : (error) Can't open quota file for id 123123, maybe you need to reinitialize quota: No such file or directory


problem:

VE_ROOT="/vz/private/$VEID"
VE_PRIVATE="/vz/private/$VEID"

solution = fix VE_ROOT!

VE_ROOT="/vz/root/$VEID"


 vzctl start 123123
Starting container...
Initializing quota ...
Container is mounted
Adding IP address(es):
Setting CPU units: 1000
Container start in progress...


 

curl: (35) Unknown SSL protocol error in connection

The main solution is to update curl and nss.  If you are having an issue with curl through Apache/PHP you will need to restart PHP after.

It's important to remember that this error could mean a lot of things but most often it simply means that curl and openssl may be outdated and only allow newer secure ways of connecting to SSL.

In general here is how you would fix it in most cases:

yum -y update curl nss openssl

*Remember again if your PHP/Apache application is using curl it won't work until you restart Apache

sudo: unable to resolve host yourhostname


No clue why sudo is doing that when running.

Solution

Check /etc/hosts

You will probably find that it doesn't contain "yourhostname" for 127.0.0.1

Just update the hostname or add a field for your hostname like this:

127.0.0.1 yourhostname

Normally when I've seen this it's when you are using a variable like a normal string when in fact it's actually an array such as this example:

[Tue Mar 13 04:22:35 2018] [error] PHP Catchable fatal error:  Object of class WP_Term could not be converted to string in /vhost/httpdocs/wp-content/plugins/wp-instagram-post/classes/class-woo-igp.php on line 578


                                $tags = get_tags($post_id);
                                foreach ( $tags as $tag )
                                {
                                   $the_tags=$the_tags. "#". $tag;
                                }

With the above the $tag variable actually is an array so you would need to reference it like this $tag->name or $tag["name"];

 

I modified this code after quickly learning how Wordpress plugins actually work, how they're called etc.. was the first trick to modifying the code to add tags.

Add this code after line 570 in wp-content/plugins/wp-instagram-post/classes/class-woo-igp.php
 


                                $tags = get_the_tags($post_id);
                                foreach( $tags as $tag )
                                {

                                   $the_tags=$the_tags. "#". $tag->name;
                                }


                                $message = $message .  "$the_tags";


I've never seen this before in all of my years.  I have some very old CDs and DVDs 12-15 years old that seem not to work in this BD-R/DVD-R/CD-R Asus drive.

The discs are fine actually and ironically they even work fine on a normal LG USB based BD-R drive!

Here are the errors in Linux:
[2914936.884924] attempt to access beyond end of device
[2914936.884927] loop1: rw=0, want=730424, limit=688384
[2914954.556873] attempt to access beyond end of device
[2914954.556883] loop1: rw=0, want=730328, limit=688384
[2914954.557225] attempt to access beyond end of device
[2914954.557230] loop1: rw=0, want=730424, limit=688384
[2914954.560679] attempt to access beyond end of device
[2914954.560685] loop1: rw=0, want=730328, limit=688384
[2914954.666068] attempt to access beyond end of device
[2914954.666081] loop1: rw=0, want=730072, limit=688384
[2914969.467216] attempt to access beyond end of device
[2914969.467231] loop1: rw=0, want=730072, limit=688384


Mar 12 11:53:13 localhost kernel: [2915064.079511] VFS: busy inodes on changed media or resized disk sr0
Mar 12 12:55:04 localhost kernel: [2918775.634645] VFS: busy inodes on changed media or resized disk sr0
Mar 12 12:55:23 localhost kernel: [2918794.508782] VFS: busy inodes on changed media or resized disk sr0
Mar 12 12:55:40 localhost kernel: [2918811.408231] VFS: busy inodes on changed media or resized disk sr0
Mar 12 12:55:45 localhost kernel: [2918816.012111] VFS: busy inodes on changed media or resized disk sr0
Mar 12 12:56:02 localhost kernel: [2918832.911498] VFS: busy inodes on changed media or resized disk sr0
Mar 12 12:56:16 localhost kernel: [2918847.599010] VFS: busy inodes on changed media or resized disk sr0


Basically you can read the directory structure and browse it but no actual data from any file even though the discs themselves are fine and 100% working in another drive.

Drives in question:

sudo wodim --devices
wodim: Overview of accessible drives (2 found) :
-------------------------------------------------------------------------
 0  dev='/dev/sg5'    rwrw-- : 'ASUS' 'BW-16D1HT'
 1  dev='/dev/sg4'    rwrw-- : 'HL-DT-ST' 'BD-RE WP50NB40'
-------------------------------------------------------------------------
 

Just to clarify again the Asus has a problem with a lot of my discs whereas the LG works with everything.  I would have thought the USB powered LG would be more likely to have issues.

I suspect this is some firmware bug in the Asus.  For now I'll use the LG or plugin an old DVD-R SATA based drive.

Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!).

In the Apache vhost conf for the domain here is what you add:

SSLCACertificateFile /path/to/your/cafile.pem

Here is a full example of an SSL Vhost config in Apache using a CA Certificate file

<VirtualHost *:443>
DocumentRoot /www/vhosts/domain.com/httpdocs
ServerName domain.com
ServerAlias www.domain.com
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"" combined
CustomLog /www/vhosts/domain.com/stats/access_log combined
ErrorLog /www/vhosts/domain.com/stats/error_log
#begin enable SSL
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /www/ssl-certs/www.domain.com-ssl-cert.crt
SSLCertificateKeyFile /www/ssl-certs/www.domain.com-ssl-private.key
SSLCACertificateFile /www/ssl-certs/www.domain.com-ssl-ca.crt
#begin stop SSL
</VirtualHost>


PHP Warning:  Cannot load module 'XCache' because conflicting module 'apc' is already loaded in Unknown on line 0


Solution:

yum remove php-pecl-apc-*

Getting this error on Centos 6 with PHP 5.3 when just running "php -v"

PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/module.so' - /usr/lib64/php/modules/module.so: cannot open shared object file: No such file or directory in Unknown on line 0
PHP Warning:  Cannot load module 'XCache' because conflicting module 'apc' is already loaded in Unknown on line 0


Solution:

 This is caused by php-mcrypt and usually means your OS doesn't have mcrypt installed and Centos by default doesn't seem to have it.

The easiest thing to do if you aren't using it is to remove it:

yum remove php-mcrypt

You could also edit /etc/php.d/mcrypt.ini and comment the line out and add the module back when and if you get it.

It takes some tinkering the main thing is that the "-dmS" flag allows screen to start without a session which of course sudo won't have.

solution:

/usr/bin/sudo -u user /usr/bin/screen -dmS nameyouchoose /script/start.bash


this doesn't work at all:

/usr/bin/sudo -u user "/usr/bin/screen /script/start.bash"

this doesn't work:

/usr/bin/sudo -u user /usr/bin/screen /script/start.bash


The easiest way is to use SSH and DD or a combination of netcat.  SSH will be a little slower due to encryption but is the most secure way (on two older systems the average clone speed is about 40-50MB/s).  This is also OS independent as it doesn't matter what the source OS is because you are literallly cloning the drive so you retain the partition table and settings.

Clone HDD using SSH and DD

dd if=/dev/sourcedrive | ssh user@yourhostname.com "dd of=/dev/destinationdrive"

However especially in Linux you'll want to do a fsck on all partitions on the remote drive or it probably won't boot because the filesystem recognizes the partitions are not right due to the different drive sizes. More info here.

Note you will need to use sudo or root on both systems.  I also like to use a live CD/USB/Network on the remote system so that the operation can completely cleanly (especially helpful if that would be the only disk device on the remote system).

Clone HDD using netcat (nc)

This is the faster but less secure way someone could accidentally or maliciously send random/wrong data to the remote nc causing corruption.  There is of course the risk of eavesdropping where an attacker could essentially have a copy of your cloned hard drive too.

First setup the remote server.

Remote Server Setup

nc -l 29000|dd of=/dev/destinationdrive

This tells nc to listen on port 29000 and write the data to /dev/destinationdrive

Now we are ready to push the source drive from the source server.

Source Server

dd if=/dev/sourcedrive| nc remoteserver 29000

This tells dd to take data from /dev/sourcedrive and send it to an nc server at remoteserver on port 29000

I don't recall having this issue in the distant past but nowadays at least Debian seems to be very picky about this.

I used dd to copy one hard drive to another and tried booting it.  Everything seemed fine with grub working but each time it would drop to the busybox shell.  There is no particular error so this is misleading.

Normally the first things you would check are to make sure your fstab is correct (that the UUID is correct) and that you've updated grub.  This will not apply or be necessary if you've cloned the entire hard drive (by doing this your partitions still retain the same UUID).

Part of the issue is likely that the filesystem thinks something is wrong since the partition table is technically going to be incorrect if you clone a 256GB drive to a 3TB for example (as in this case).

The solution in this case is that you need to fsck the boot and root partitions.  The great news is that this can be done from the same busybox shell that you landed in.

fsck.ext4 /dev/sda1

After that reboot and everything should be good!

ssh rtt@192.168.1.199
Unable to negotiate with 192.168.1.99 port 22: no matching host key type found. Their offer: ssh-dss

It looks like the DSS option is not considered secure so when connecting from newer Linux systems to an older one you will get the above error.

It can be fixed (but you should consider upgrading your SSH daemon):

ssh -oHostKeyAlgorithms=+ssh-dss rtt@192.168.1.199