Category: Uncategorized

Unifi 5.6.22 Upgrade Fails to Start Linux ERROR system – [exec] error, rc=255

When upgrading Unifi to 5.6.22, you will find that Unifi does not start on Linux system.

If you see the log files, you will see something like this:

/var/log/unifi/system.log

 <UniFi> ERROR system - [exec] error, rc=255

This is because of a change in the release notes:

The controller will not start if it is set to bind to a privileged port (<1024), as it now runs as a non-root user

To fix this, you must change your config file to use a port outside of the 1024 range. This will be an issue if you’ve changed your port, like me.

  1. Edit /var/lib/unifi/system.properties
  2. Change your ports from
    unifi.http.port=80
unifi.https.port=443

    to

    unifi.http.port=8080
unifi.https.port=8443
  3. Now type
    sudo service unifi restart

You should now be able to login to your system using the new ports.

Performance Tuning Forefront TMG 2010

Microsoft Forefront TMG 2010 has been a solid product. It has not had an update in some time, and that’s a shame.

I was reviewing my TMG server a few weeks ago in order get a bit more performance from it. The server is virtualized, and currently only gives me around 50-60mb/s throughput with all its rules. I wanted to increase this and make it more responsive in the process.

So let us proceed:

#1 Sort Rule Priority

Like most other firewalls, TMG processes rules from top to bottom. If you have a frequently accessed rule, like web browsing, for example, put this at the top. For me, this was a spam filter listening rule. TMG had connections coming in for the spam filter at the rate of 5-10 per second. I moved these to the top

tmg1

 

The next rule you want to sort out is traffic from TMG server. I would generally add this as my second/third rule.

tmg1.1

After this came my office outbound rulestmg2

 

After this came the rest of my rules which consisted of various servers/voip etc.

#2 Disabled Legacy Services

Since TMG is now discontinued, many of the services in TMG are no longer updated. It’s up to you, but you might as well disable them to recover some performance. These services are:

  • IPS
  • Spam Filtering
  • Virus and Content Filtering

Ensure each one is disabled. You might be a bit hesitant to disable these. If you check your definitions, you will find they have not been updated in some time.

tmg3

tmg4

#3 Remove Old Rules

Lastly, remove any old rules. We don’t tend to look at firewalls often. So this simple task often gets overlooked.

As well as removing the old rules, ensure that you make your listener rules only listen to what’s needed. This will cut down on processing time.

Conclusion

TMG is a great product, but now beyond its used by date. TMG will always hold a special place in my software archive as a product that could have become a great firewall appliance <3

I hope this helps.