Rebuilding Ubuntu LTS on WSL2 and Interfering Docker Integrations

Posted on by dk

In an attempt to get some AMD iGPU accelerated apps to run via Ubuntu LTS on WSL2, I had rebuild my Ubuntu LTS “VM” under WSL2.

  • I had to first remove the existing Ubuntu LTS (named “UbuntuLTS”): wsl --unregister UbuntuLTS

WARNING: Although multiple sources state that the source .vhdx file does not get deleted, it actually does get deleted for me! 🙄

  • I re-downloaded the .wsl file directly from Ubuntu, then installed the VM manually:

wsl --install --from-file "ubuntu-24.04.4-wsl-amd64.wsl" --name UbuntuLTS --location "D:\WSL\UbuntuLTS" --no-launch

Note that if you have Docker already installed, the default “distro” WSL2 may have been set to Docker’s docker-desktop:

  • set the correct default: wsl --set-default UbuntuLTS
  • run wsl.exe and it will launch into the newly created distribution, set a new (default) user and password… and ignore the stupid <3>WSL (299 - Relay) ERROR: operator():579: getpwuid(1000) failed error 🙄
    • NOTE: the error will “go away” after a wsl --shutdown and restart…


  • turn on the integration in Docker again…  and watch errors pop up…
    An error occurred while running the command. DockerDesktop/Wsl/ExecError: c:\windows\system32\wsl.exe -d -e sh -c cat - > ~/.docker/config.json: exit status 1 (stderr: , wslErrorCode: DockerDesktop/Wsl/ExecError)

Continue reading

AMD Radeon Software Hanging Windows Explorer…

Posted on by dk

So, another day, another IT f*ck-up…

AMD’s in the crosshairs today. Due to having to muck around with AMD iGPUs in/on a WSL2-hosted Ubuntu LTS VM, I had to install an “older” AMD Radeon 26.2.2 driver…

Now, every time I right-clicked on a drive, a folder or a file in Windows Explorer, the stupid Radeon dashboard launches… and proceeds to “hang” Windows Explorer (with your mouse cursor turning into a spinning cursor) until something times out and hands Windows Explorer back its head…

  • No, killing the dashboard immediately does not give Windows Explorer back its head
  • No, attempting the registry hacks found across the ‘net did not help
  • No, disabling all non-Microsoft “Context Menu” items via ShellExView did not help

What did help was one of the suggestions by Google’s “AI Mode”!

i.e. F*ck Rename C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe (as an Administrator, of course).

“Unrooting” WSL…

Posted on by dk

WSL starts as root user be default.

Here’s how to ensure it runs as a “non-root user” (assumedly already created), which you then have to su and/or sudo <something> to act as root:

  • either/and:
    • modify a shortcut or change Windows Terminal’s Profile to set the distribution (if required) and the user name, and starting in the user’s home directory:
      • wsl -d <distro> -u <user> -cd ~
    • edit /etc/wsl.conf to always start with a specific user:
      • [user]
        default=<user>

Simple! (Not!)

Unifi Controller

Posted on by dk

I had a docker container of the jacobalberty/unifi “all-in-one” Unifi Network Application, and I somehow garbled the password…

The fix?

  • enter the container:
    • docker exec -it <container_name> /bin/bash
  • run MongoDB CLI:
    • mongo --port 27117
  • find the administrator user name/s:
    • use ace;
    • db.admin.find().forEach(printjson);
  • you should see one or more name entry/entries:
    • "name" : "<user_name>"
  • set/reset the password (to “password“):
    • db.admin.update( { "name" : "<user_name>" }, { $set : { "x_shadow" : "$6$ybLXKYjTNj9vv$dgGRjoXYFkw33OFZtBsp1flbCpoFQR7ac8O0FrZixHG.sw2AQmA5PuUbQC/e5.Zu.f7pGuF7qBKAfT/JRZFk8/" } } )

You should be able to log right back in with the reset password.

LAGGing pfSense… Manually…

Posted on by dk

Throughput through my KVM-hosted pfSense was abysmal for a 10Gbps link – despite the Intel Core i7 155h host w/128GB 5600Mhz RAM doing nothing else but hosting the pfSense VM (replete with VFIO-passthrough)…

I could get ~8-9Gbps iperf3 performance on from my PC to the WAN interface, which was “OK”, but iperf3 from pfSense out to various 10Gbps-capable public iperf3 servers was bad, as was Ookla speedtest.net results (from my PC).

In an attempt to figure out if the virtualisation was part of the issue, I attempted to run pfSense bare metal (via dual-booting – which had a whole storied journey itself)…

If you want the solution, just jump to the second last paragraph…

Continue reading

Upgrading WSL2 Ubuntu LTS 22.04 to LTS 24.04…

Posted on by dk

After fixing WSL networking issues, I had to upgrade the Ubuntu LTS instance… The sequence should have been:

  • apt update
  • apt upgrade -y
  • apt dist-update
  • lsb_release -a   # to confirm version before upgrade
  • do-release-upgrade
  • lsb_release -a   # to confirm version after upgrade

But, as per usual, I hit another issue attempting to upgrade (i.e. while running do-release-upgrade):

error: cannot list snaps: cannot communicate with server: Get "http://localhost/v2/snaps": dial unix /run/snapd.socket: connect: no such file or directory

A quick ‘net search brought up the point that snapd was not running…

Continue reading

Windows 11 Host Network Service (HNS) and Windows Subsystem for Linux (WSL)…

Posted on by dk

For the longest time, my Ubuntu LTS 22.04 on my (forced-to-be-update-to) Windows 11 (replete with other networking horrors) was not working properly – I could only access the Internet from within the WSL2 container when Windows Firewall was disabled.

Despite shenanigans like attempting to whitelist a whole plethora of executables:

  • C:\Windows\System32\vmcompute.exe
  • C:\Windows\System32\vmms.exe
  • C:\Windows\System32\vmwp.exe
  • C:\Windows\System32\wsl.exe
  • C:\Program Files\WSL\wsl.exe
  • C:\Program Files\WSL\wslservice.exe

Even attempting to whitelist the usual services suspects via C:\Windows\System32\svchost.exe like the following:

  • Host Network Service
  • Internet Connection Sharing (ICS)

All were to no avail. I could resolve domain names, but no traffic went out unless the host’s Windows Firewall was disabled.

I could not even see any blocked traffic from the logs, despite having the correct set up (tip: just use WFC‘s logging interface).

Searching ChatGPT and Perplexity sent me on various wild-goose chases, from changing WSL networking modes (NAT vs. “mirrored” in %USERPROFILE%/.wslconfig), to setting up dubious firewall rules referencing InterfaceAlias using New-NetFirewallRule (but which actual interface UUIDs change every boot). Continue reading

pfSense and 2FA…

Posted on by dk

I wasted quite a bit of time attempting to implement 2FA as part of user authentication on pfSense, firstly finding out that 2FA support was not intrinsic…

Next up, grappling with the FreeRADIUS extension for pfSense 2.7.x and attempting to follow everything from Reddit posts, some time-wasting video posts, to the abbreviated instructions from Google Search and some posts from different Google Search results.

Continue reading

Malwarebytes fka BiniSoft Windows Firewall Control and Windows Defender Firewall with Advanced Security Interactions…

Posted on by dk

I used to swear by the very useful, but extremely complicated (and easy to break your OS if you get it wrong, but free) Comodo Internet Security suite, which included  Comodo Firewall…

Unfortunately, having been forced to upgrade to Windows 11 a few months back, replete with feature retardation, my trusty ol’ CIS 12.x no longer worked (properly), and I had to switch to the “plain ‘ol Windows Firewall” – which works great except for the rules and rules management. Working with the Advanced Firewall console UI is a nightmare, and not being able to quickly allow something that was blocked renders the plain ‘ol Windows Firewall unusable.

I may have gotten the following versions and timelines wrong: When I initially tested Windows 7, I knew ZoneAlarm 7.x was not compatible (then), I actually looked at, and bought, BiniSoft’s WFC before finally settling on CIS… I returned to BiniSoft in 2024 only to find out that it had been bought out in 2018 by Malwarebytes…

Nevertheless, background and fuzzy memory aside, I was chugging along on Windows 11 (sans LACP’d 10Gbps NICs) with “just” Windows Firewall and WFC, when I must have changed something, because, all of a sudden:

  • attempting to pull up the connection logs through WFC resulted in a never-ending “loading” prompt
  • attempting to change any setting in the Windows Defender Firewall with Advanced Security console (i.e. running wf.msc with Administrator privileges) failed with a repeated “access denied” message

 

Checking the ‘net did not help much:

  • explicitly adding NT Service\mpssvc user and even myself to security ACL of the (default) C:\Windows\System32\LogFiles\Firewall directory and the created .log files with “Full Control” permissions did nothing
  • attempting to edit anything via the registry still worked, but the never-ending connection logs UI was still a problem

I bashed my head against this issue for the better part of some 3 hours before some memory synapses lit up…

Continue reading

pfSense OpenVPN Server IP Address Changes and DNS Forwarder…

Posted on by dk

Note to self – if attempting to change the IP address of the OpenVPN server/service, you need to disable the interface then re-enable it, otherwise the DNS Forwarder selection of active interfaces will still take the old IP address (and therefore fail to start).

You will be able to see the pfSense’s debug logs showing a failed attempt to listen on the old IP.