On 11/10/2011 04:20 PM, Tom Tucker wrote:
Hmm...No!
serverA to serverB:9830 fails to connect, while serverB to
serverA:9830 works.
Odd, a pid exists and port9830 is bound.
The below capture from serverB shows connectivity between
the two and it also shows the port 9830 problems. Any
suggestions for troubleshooting the admin piece? I have
include the admin-srv/error.log and debug output from
start-ds-admin. I didn't notice anything questionable from
either source.
ServerA to B
############
[root@serverA]# telnet 10.224.146.243 9830
Trying 10.224.146.243...
ServerB
#########
[root@serverB]# netstat -an | grep 9830
unix 3 [ ] STREAM CONNECTED 19830
@/tmp/dbus-32VTqFryLw
[root@serverB]# telnet 10.102.71.211 9830
Trying 10.102.71.211...
Connected to 10.102.71.211.
Escape character is '^]'.
[root@serverB]# tcpdump -i p3p1 host serverA
tcpdump: verbose output suppressed, use -v or -vv for
full protocol decode
listening on p3p1, link-type EN10MB (Ethernet), capture
size 65535 bytes
17:53:46.634915 IP serverA > serverB: ICMP echo
request, id 11535, seq 1, length 64
17:53:46.635000 IP serverB > serverA: ICMP echo reply,
id 11535, seq 1, length 64
17:53:47.636120 IP serverA > serverB: ICMP echo
request, id 11535, seq 2, length 64
17:53:47.636192 IP serverB > serverA: ICMP echo reply,
id 11535, seq 2, length 64
17:53:48.637272 IP serverA > serverB: ICMP echo
request, id 11535, seq 3, length 64
17:53:48.637327 IP serverB > serverA: ICMP echo reply,
id 11535, seq 3, length 64
17:53:49.638405 IP serverA > serverB: ICMP echo
request, id 11535, seq 4, length 64
17:53:49.638461 IP serverB > serverA: ICMP echo reply,
id 11535, seq 4, length 64
17:53:50.639521 IP serverA > serverB: ICMP echo
request, id 11535, seq 5, length 64
17:53:50.639556 IP serverB > serverA: ICMP echo reply,
id 11535, seq 5, length 64
17:54:03.762709 IP serverA.33027 > serverB.9830: Flags
[S], seq 3182616044, win 14600, options [mss 1460,sackOK,TS
val 364237574 ecr 0,nop,wscale 6], length 0
17:54:03.762809 IP serverB > serverA: ICMP host
serverB unreachable - admin prohibited, length 68
This looks like the problem. I have no idea what would cause this.
Syntax is ok ;-)
#############
[root@serverB]# /usr/sbin/start-ds-admin -t
Syntax OK
Start-up debug
##########
[root@serverB]# /usr/sbin/start-ds-admin -e debug
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module authz_host_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module auth_basic_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module authn_file_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module log_config_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module env_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module mime_magic_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module unique_id_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module setenvif_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module mime_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module negotiation_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module dir_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module alias_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module rewrite_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module cgi_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module restartd_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module nss_module
[Thu Nov 10 18:07:01 2011] [debug] mod_so.c(246):
loaded module admserv_module
[Thu Nov 10 18:07:01 2011] [debug]
mod_admserv/mod_admserv.c(2509): [7034]
create_server_config [0xbogus %p for (null)
[Thu Nov 10 18:07:01 2011] [debug]
mod_admserv/mod_admserv.c(2497): [7034] create_config
[0xbogus %p for (null)
[Thu Nov 10 18:07:01 2011] [debug]
mod_admserv/mod_admserv.c(2570): [7034] Set [0xbogus %p
[ADMCacheLifeTime] to 600
[Thu Nov 10 18:07:01 2011] [debug]
mod_admserv/mod_admserv.c(2588): [7034] Set [0xbogus %p
[ADMServerVersionString] to 389-Administrator/1.1.25
[Thu Nov 10 18:07:01 2011] [debug]
mod_admserv/mod_admserv.c(2497): [7034] create_config
[0xbogus %p for /*/[tT]asks/[Oo]peration/*
[Thu Nov 10 18:07:01 2011] [debug]
mod_admserv/mod_admserv.c(2522): [7034] adminsdk [0xbogus
%p flag 1
[Thu Nov 10 18:07:01 2011] [debug]
mod_admserv/mod_admserv.c(2497): [7034] create_config
[0xbogus %p for /*/[tT]asks/[Cc]onfiguration/*
[Thu Nov 10 18:07:01 2011] [debug]
mod_admserv/mod_admserv.c(2522): [7034] adminsdk [0xbogus
%p flag 1
[Thu Nov 10 18:07:01 2011] [debug]
mod_admserv/mod_admserv.c(2497): [7034] create_config
[0xbogus %p for
/*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create|remove)$
[Thu Nov 10 18:07:01 2011] [debug]
mod_admserv/mod_admserv.c(2522): [7034] adminsdk [0xbogus
%p flag 0
admin-serv error log from serverB
############################
root@serverB]# tail -30 error
[Thu Nov 10 18:07:02 2011] [debug]
mod_admserv/mod_admserv.c(220): HashTableEnumerate:
Key=admin-serv Val=cn=admin-serv-serverB,cn=389
Administration Server,cn=Server Group,cn=
serverB.mydomain.com ,ou=
mydomain.com ,o=NetscapeRoot
[Thu Nov 10 18:07:02 2011] [debug]
mod_admserv/mod_admserv.c(1456):
populate_tasks_from_server(): getting tasks for server
[admin-serv] siedn [cn=admin-serv-serverB,cn=389
Administration Server,cn=Server Group,cn=
serverB.mydomain.com ,ou=
mydomain.com ,o=NetscapeRoot]
[Thu Nov 10 18:07:02 2011] [notice] Access Host
filter is: *.
mydomain.com [Thu Nov 10 18:07:02 2011] [notice] Access Address
filter is: *
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module authz_host_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module auth_basic_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module authn_file_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module log_config_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module env_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module mime_magic_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module unique_id_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module setenvif_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module mime_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module negotiation_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module dir_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module alias_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module rewrite_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module cgi_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module restartd_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module nss_module
[Thu Nov 10 18:07:02 2011] [debug] mod_so.c(246):
loaded module admserv_module
[Thu Nov 10 18:07:02 2011] [debug]
mod_admserv/mod_admserv.c(2509): [7034]
create_server_config [0xbogus %p for (null)
[Thu Nov 10 18:07:02 2011] [debug]
mod_admserv/mod_admserv.c(2497): [7034] create_config
[0xbogus %p for (null)
[Thu Nov 10 18:07:03 2011] [notice] Apache/2.2.21
(Unix) configured -- resuming normal operations
[Thu Nov 10 18:07:03 2011] [debug]
mod_admserv/mod_admserv.c(2940): Entering
admserv_init_child pid [7039] init count is [1]
[Thu Nov 10 18:07:03 2011] [debug]
mod_admserv/mod_admserv.c(220): HashTableEnumerate:
Key=admin-serv Val=cn=admin-serv-serverB,cn=389
Administration Server,cn=Server Group,cn=
serverB.mydomain.com ,ou=
mydomain.com ,o=NetscapeRoot
[Thu Nov 10 18:07:03 2011] [debug]
mod_admserv/mod_admserv.c(1456):
populate_tasks_from_server(): getting tasks for server
[admin-serv] siedn [cn=admin-serv-serverB,cn=389
Administration Server,cn=Server Group,cn=
serverB.mydomain.com ,ou=
mydomain.com ,o=NetscapeRoot]
[Thu Nov 10 18:07:03 2011] [notice] Access Host
filter is: *.
mydomain.com [Thu Nov 10 18:07:03 2011] [notice] Access Address
filter is: *
[Thu Nov 10 18:07:03 2011] [debug]
mod_admserv/mod_admserv.c(2954): Leaving
admserv_init_child
On Thu, Nov 10, 2011 at 5:20 PM, Rich
Megginson
<rmeggins@xxxxxxxxxx >
wrote:
On 11/10/2011 02:56 PM, Tom Tucker
wrote:
Attached is the console.log
output from serverA.
I noticed this error in the output. BTW no
firewalls exists between these hosts nor is
IPTables or selinux running on either end.
ResourceSet: found in cache
loader6298545:com.netscape.management.client.util.default
ClassLoader: :loadClass():name:java.net.URL
java.net.NoRouteToHostException: No route to
host
ClassLoader:
:loadClass():name:java.net.SocketException
Can you go to
http://serverB.mydomain.com:9830
in your web browser, from both machines?
On Thu, Nov 10, 2011 at
3:31 PM, Rich Megginson
<rmeggins@xxxxxxxxxx >
wrote:
On 11/10/2011 01:16 PM, Tom Tucker
wrote:
The upgrade to a5 addressed the
subroutine error, thanks.
Unfortunately serverB is still
refusing to be managed via the
Console. I ran the -u update twice
and bounced services for the helluva
it. Additional output can be found
below.
Ok. Run the console like this:
389-console -D 9 -f console.log -
remove/obscure any sensitive data in
console.log - post console.log to the list
SERVER A
########
Are you ready to set up your
servers? [yes]:
rm: cannot remove
`/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*':
No such file or directory
rm: cannot remove
`/var/lib/dirsrv/slapd-serverA/changelogdb/guardian':
No such file or directory
Registering the directory
server instances with the
configuration directory server .
. .
Beginning Admin Server
reconfiguration . . .
Registering admin server with
the configuration directory
server . . .
Updating adm.conf with
information from configuration
directory server . . .
Exiting . . .
Log file is
'/tmp/setupYUpMQ4.log'
[root@serverA phpldapadmin]#
rpm -qi 389-ds-base
Name : 389-ds-base
Version : 1.2.10
Release : 0.5.a5.fc15
Architecture: i686
Install Date: Thu 10 Nov 2011
02:54:23 PM EST
Group : System
Environment/Daemons
Size : 4738178
License : GPLv2 with
exceptions
Signature : RSA/SHA256, Sat
05 Nov 2011 09:17:58 AM EDT, Key
ID b4ebf579069c8460
Source RPM :
389-ds-base-1.2.10-0.5.a5.fc15.src.rpm
Build Date : Fri 04 Nov 2011
07:13:25 PM EDT
Relocations : (not
relocatable)
Packager : Fedora Project
Vendor : Fedora Project
Summary : 389 Directory
Server (base)
Description :
389 Directory Server is an
LDAPv3 compliant server. The
base package includes
the LDAP server and command
line utilities for server
administration.
SERVER B
#########
Are you ready to set up your
servers? [yes]:
Registering the directory
server instances with the
configuration directory server .
. .
Beginning Admin Server
reconfiguration . . .
Registering admin server with
the configuration directory
server . . .
Updating adm.conf with
information from configuration
directory server . . .
Exiting . . .
Log file is
'/tmp/setupS0ZvAH.log'
[root@serverB admin-serv]#
!292
rpm -qi 389-ds-base
Name : 389-ds-base
Version : 1.2.10
Release : 0.5.a5.fc15
Architecture: i686
Install Date: Thu 10 Nov 2011
03:04:01 PM EST
Group : System
Environment/Daemons
Size : 4738178
License : GPLv2 with
exceptions
Signature : RSA/SHA256, Sat
05 Nov 2011 09:17:58 AM EDT, Key
ID b4ebf579069c8460
Source RPM :
389-ds-base-1.2.10-0.5.a5.fc15.src.rpm
Build Date : Fri 04 Nov 2011
07:13:25 PM EDT
Relocations : (not
relocatable)
Packager : Fedora Project
Vendor : Fedora Project
Summary : 389 Directory
Server (base)
On Thu,
Nov 10, 2011 at 2:36 PM, Rich
Megginson
<rmeggins@xxxxxxxxxx >
wrote:
On 11/10/2011 12:02
PM, Tom Tucker wrote:
Responding
to the group..this
time.
Thanks
for the quick
response,
unfortunately no
change.
OS: FC 15
Server1
##########
==============================================================================
The update
option will
allow you to
re-register
your servers
with the
configuration
directory
server and
update the
information
about your
servers
that the
console and
admin server
uses. You
will need your
configuration
directory
server admin
ID and
password to
continue.
Continue?
[yes]:
==============================================================================
Please
specify the
information
about your
configuration
directory
server.
The following
information is
required:
- host
(fully
qualified),
port
(non-secure or
secure),
suffix,
protocol (ldap
or ldaps) -
this
information
should be
provided in
the
form of
an LDAP url
e.g. for
non-secure
or for
secure
- admin
ID and
password
- admin
domain
- a CA
certificate
file may be
required if
you choose to
use ldaps and
security has
not yet been
configured -
the file must
be in
PEM/ASCII
format
- specify the
absolute path
and filename
Configuration
directory
server admin
ID
[uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
Configuration
directory
server admin
password:
==============================================================================
The
interactive
phase is
complete. The
script will
now set up
your
servers.
Enter No or
go Back if you
want to change
something.
Are you
ready to set
up your
servers?
[yes]:
rm: cannot
remove
`/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*':
No such file
or directory
rm: cannot
remove
`/var/lib/dirsrv/slapd-serverA/changelogdb/guardian':
No such file
or directory
Undefined
subroutine
&DSUpdate::updateSystemD
called at
/usr/lib/dirsrv/perl/DSUpdate.pm
line 419.
rpm -qi 389-ds-base
this issue is fixed in
1.2.10.a5 in updates-testing
Server2
#########
==============================================================================
The update
option will
allow you to
re-register
your servers
with the
configuration
directory
server and
update the
information
about your
servers
that the
console and
admin server
uses. You
will need your
configuration
directory
server admin
ID and
password to
continue.
Continue?
[yes]: yes
==============================================================================
Please
specify the
information
about your
configuration
directory
server.
The following
information is
required:
- host
(fully
qualified),
port
(non-secure or
secure),
suffix,
protocol (ldap
or ldaps) -
this
information
should be
provided in
the
form of
an LDAP url
e.g. for
non-secure
or for
secure
- admin
ID and
password
- admin
domain
- a CA
certificate
file may be
required if
you choose to
use ldaps and
security has
not yet been
configured -
the file must
be in
PEM/ASCII
format
- specify the
absolute path
and filename
Configuration
directory
server admin
ID
[uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
Configuration
directory
server admin
password:
==============================================================================
The
interactive
phase is
complete. The
script will
now set up
your
servers.
Enter No or
go Back if you
want to change
something.
Are you
ready to set
up your
servers?
[yes]:
Undefined
subroutine
&DSUpdate::updateSystemD
called at
/usr/lib/dirsrv/perl/DSUpdate.pm
line 419.
On
Thu, Nov 10, 2011
at 1:48 PM, Rich
Megginson
<rmeggins@xxxxxxxxxx >
wrote:
On
11/10/2011
11:48 AM, Tom
Tucker wrote:
I would
appreciate any
troubleshooting
advise you
might have
regarding my
registered
ldap servers.
I am
referring to
the first page
you see when
launching the
console
(servers
listed
underneath
Servers and
Applications).
I see my
servers
listed,
however I am
unable to open
them. Their
"Server
status" always
reports
"Stopped" even
though the
remote servers
are running.
Based on
my tcpdump
capture below
the 'admin
prohibited'
message is a
clear
indication of
the problem,
but I can't
seem to
correct it. I
have reran the
setup several
times,
confirmed the
password and
such.
What am I
missing?
Have you tried
running
setup-ds-admin.pl -u
on both the
local servers
and the remote
servers?
==============================================================================
13:35:27.458489
IP
serverA.mydomain.com.30940
>
serverB.mydomain.com.ldap:
Flags [S], seq
404137883, win
14600, options
[mss
1460,sackOK,TS
val 348721371
ecr
0,nop,wscale
6], length 0
Please
specify the
information
about your
configuration
directory
server.
The following
information is
required:
- host
(fully
qualified),
port
(non-secure or
secure),
suffix,
protocol (ldap
or ldaps) -
this
information
should be
provided in
the
form of
an LDAP url
e.g. for
non-secure
or for
secure
- admin
ID and
password
- admin
domain
- a CA
certificate
file may be
required if
you choose to
use ldaps and
security has
not yet been
configured -
the file must
be in
PEM/ASCII
format
- specify the
absolute path
and filename
Configuration
directory
server admin
ID
[uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
Configuration
directory
server admin
password:
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
