Trying to add a user in ESXi 4.0 using the vSphere Client, always gave me this error:
A general system error occurred: passwd: Authentication token manipulation error passwd:
The solution is extremely simple. The problem is the error message. It seems to tell us there’s a problem with authentication, but actually, all that is happening is the password is too short or too simple. Making it at least 8 characters is length did the trick for me.
Yesterday, all outgoing emails started to accumulate in the Postfix queue with this error:
Jun 29 13:35:02 intranet postfix/smtp[15330]: 88AE28C839: to=, relay=none, delay=8921, delays=8897/4/20/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=myprovider.isp.hosting type=MX: Host not found, try again)
First thing I did, nslookup and dig tests, yep the host can be found, although there is no MX record. Could it be that Postfix absolutely requires the MX record?
As it turns out: no. What actually happened is that I changed DNS settings for this server. I went into /etc/resolv.conf and updated the settings, as a new DNS server was installed and replaced and agin one.
What I didn’t know is that Postfix keeps a cached copy of this resolv.conf in a mini-chroot jail located in /var/spool/postfix/etc/resolv.conf
That file had the old DNS server settings! I changed it for the correct servers, and issued
postfix reload
postqueue -p
Voilà!
This post isn’t a regular “fix” in the sense that I point out a problem that is often overlooked or badly documented. It’s just that after spending so many hours chasing this problem, I felt compelled to share it in case it can help, even though it makes little sense.
The setup: I want to add VPN access to my corporate network, consisting of a few servers behind a Linksys/Tomato router. Most servers are Windows 2008 virtualized on VmWare ESX4i servers (but that doesn’t really make any difference.) The VPN server will be placed on a windows 2008 machine that currently serves WSUS (updates) and anti-virus deployment. DNS, DHCP, domain controller, that’s all on other machines.
I followed the guides I could find on the net, but every time I would be able to log my user on to the VPN, but not access anything (not ping any host).
Finally, I resolved this by uninstalling the role from the Server Admin page, rebooting that box, re-installing the role and re-installing the feature.
It worked right away!
I’ve just finished building this ESX4i server with a few VMs in it and as I plug it into the serve space and into the network switch, I notice that the vSphere console is laggy, to the point of being really annoying.
I ping the server from a workstation, a few packets get lost in transit. I grew the ping packets to 60 kilobytes, and sure enough, about 10% packet loss. I tried pinging the hypervisor management interface, still from my workstation, and I get a slightly lower, but still significant amount of packet loss.
After checking all my cables and trying another network switch, I finally saw that the switch was not illuminating the “Full duplex” light, indicating it was, instead, half-duplex.
Going back into vSphere client, clicking my host in the left menu, then going in the configuration tab, then Networking, then Properties. Second tab “Network Adapters”, then Edit. In there, the Status of my physical NIC was set at 100 mbit Full Duplex (so it should have worked.) I changed it to Auto Negociate and now everything works perfectly. 1800 ping packets transmitted, 0 loss.
A lot of things can go wrong with tethering, but after spending some time fixing mine, I thought I would document it.
My problem was that after setting it up properly on my Mac via either bluetooth or USB, the tethering would get activated from the iPhone’s side, but on the computer I would have an error message when using bluetooth, and no error on USB. On either, I would get no data from the internet.
After investigating a bit, I found out that my Mac would get a self-assigned IP, instead of a regular IP address given by the phone’s DHCP server.
The problem was PdaNet that was left activated! I installed the trial version of PdaNet to play a bit with WiFi tethering, and forgot to turn it off. As it turns out, PdaNet disables the DHCP server.
After about 10 months of use of my iPhone 3G, the screen became littered with dust specks. I could see various sizes of dust particles, a bit spread out but mostly around the center of the screen. They appear to be stuck in the thin layer of air between the LCD glass and the casing protective glass with touchscreen.
As I’ve had my unit replaced by Apple yesterday (broken vibration switch), the Genius shown me where dust particles can enter the frame: through the SIM slot.
As he pulled the SIM slot out to recover my SIM chip, a considerable amount of white powder/dust came out with it.
So here’s my theory about how to prevent that. I’ll do it myself, and report back in a few months if it works or not.
For some reason, in photo roll I could delete pictures, but when I quit and return in the photo roll, the deleted pictures were back.
Turns out it’s a permission issue, open a terminal and go:
chown -R mobile /var/mobile/Media/DCIM
I setup my own mail server on my debian etch server, with IMAP SSL (courier-imap).
I guess I was asleep when I did it, because everytime I connect Thunderbird to my SSL imap account, it complains about the SSL certificate being invalid because the hostname doesn’t match.
rm -rf /etc/courier/*.pem make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/courier/imapd.pem
I typed my publicly accessible hostname for the server instead of “localhost” and voilà.
EDIT August 25th 2009: As I activated SSL on Postfix, I encountered the very same error message in Thunderbird. This time, however, I discovered that I need to set the “Organizational Unit Name” and “Common Name” in the certificate to match the fully qualified domain name of the machine.
Ex: My mail server runs on “somehost.mybiz.com”, so I’ll put exactly that in both certificate fields.
I have SpamAssassin with Amavid-new on my Debian Etch server acting as filtering for spam and viruses (along with ClamD).
Every few hours, I receive an email such as this (to root):
From: root@xxxx (Cron Daemon) To: amavis@xxxx Subject: Cron <amavis@fry> test -e /usr/sbin/amavisd-new-cronjob && /usr/sbin/amavisd-new-cronjob sa-sync bayes: synced databases from journal in 1 seconds: 1751 unique entries (3454 total entries
It gets annoying fast.
As I’ve found in Debian bugs list, they’re not 100% sure as how to resolve this issue, being not clearly a bug but rather a communication problem (should we inform the user or not).
Tuomas Jormola came up with an elegant patch that does not redirect the wrongly behaving script to /dev/null, but instead filters it. If it’s the sync message, it removes it, otherwise the message is passed on and will get emailed to root via cron, effectively keeping the ability of reporting errors and problems to the administrators.
To fix it, I opened /usr/sbin/amavisd-new-cronjob, and replaced line 32 (right after “sa-sync”) that was this:
do_amavis_cmd "/usr/bin/sa-learn --sync >/dev/null"
to this:
do_amavis_cmd "/usr/bin/sa-learn --sync 2>&1 | egrep -v '^bayes: synced databases from journal in [0-9]+ seconds: [0-9]+ unique entries \([0-9]+ total entries\)$'"
I just built a new server on Debian 5, using the latest of everything.
After building my amavids-new + spamassassin + clamav + postfix + bayesian learning system, it started to crash with this error:
in amavis log:
amavisd-new Net::Server: Couldn’t fork: [Cannot allocate memory]
in mail.log:
Mar 12 05:15:16 fry amavis[29358]: (29358-08) (!!)TROUBLE in check_mail: parts_decode_ext FAILED: file(1) utility (/usr/bin/file) error: run_command (open pipe): Can’t fork at /usr/lib/perl/5.10/IO/File.pm line 66, <GEN77> line 89. at /usr/sbin/amavisd-new line 2892, <GEN77> line 89.
Mar 12 05:15:16 fry amavis[29358]: (29358-08) (!)PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20090312T051516-29358
Well, after 2 days of googling’ about this problem, i finally found a thread where someone realized he forgot to activate swap on the server, and therefore, fork was failing.
Would I be that kind of admin, that rebuilds a whole server and forgets to mount swap? Yes! That’s me! Thanks Richard!