[389-users] Unable to Manage Registered Servers from Console

Tom Tucker tktucker at gmail.com
Thu Nov 10 21:56:01 UTC 2011 

Attached is the console.log output from serverA.

I noticed this error in the output.  BTW no firewalls exists between these
hosts nor is IPTables or selinux running on either end.

ResourceSet: found in cache
loader6298545:com.netscape.management.client.util.default
ClassLoader: :loadClass():name:java.net.URL
CommManager> New CommRecord (
http://serverB.mydomain.com:9830/admin-serv/tasks/operation/StatusPing)
java.net.NoRouteToHostException: No route to host
ClassLoader: :loadClass():name:java.net.SocketException


On Thu, Nov 10, 2011 at 3:31 PM, Rich Megginson <rmeggins at redhat.com> wrote:

> **
> On 11/10/2011 01:16 PM, Tom Tucker wrote:
>
> The upgrade to a5 addressed the subroutine error, thanks. Unfortunately
> serverB is still refusing to be managed via the Console.  I ran the  -u
> update twice and bounced services for the helluva it. Additional output can
> be found below.
>
> Ok.  Run the console like this: 389-console -D 9 -f console.log -
> remove/obscure any sensitive data in console.log - post console.log to the
> list
>
>
>
>  SERVER A
> ########
>
>  Are you ready to set up your servers? [yes]:
> Could not open TLS connection to serverA.mydomain.com:389 - trying
> regular connection
> rm: cannot remove `/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*': No
> such file or directory
> rm: cannot remove `/var/lib/dirsrv/slapd-serverA/changelogdb/guardian': No
> such file or directory
> Registering the directory server instances with the configuration
> directory server . . .
> Beginning Admin Server reconfiguration . . .
> Registering admin server with the configuration directory server . . .
> Updating adm.conf with information from configuration directory server . .
> .
> Exiting . . .
> Log file is '/tmp/setupYUpMQ4.log'
>
>
>  [root at serverA phpldapadmin]# rpm -qi 389-ds-base
> Name        : 389-ds-base
> Version     : 1.2.10
> Release     : 0.5.a5.fc15
> Architecture: i686
> Install Date: Thu 10 Nov 2011 02:54:23 PM EST
> Group       : System Environment/Daemons
> Size        : 4738178
> License     : GPLv2 with exceptions
> Signature   : RSA/SHA256, Sat 05 Nov 2011 09:17:58 AM EDT, Key ID
> b4ebf579069c8460
> Source RPM  : 389-ds-base-1.2.10-0.5.a5.fc15.src.rpm
> Build Date  : Fri 04 Nov 2011 07:13:25 PM EDT
> Build Host  : x86-11.phx2.fedoraproject.org
> Relocations : (not relocatable)
> Packager    : Fedora Project
> Vendor      : Fedora Project
> URL         : http://port389.org/
> Summary     : 389 Directory Server (base)
> Description :
> 389 Directory Server is an LDAPv3 compliant server.  The base package
> includes
> the LDAP server and command line utilities for server administration.
>
>
>
>  SERVER B
> #########
>
>
>  Are you ready to set up your servers? [yes]:
> Could not open TLS connection to serverB.mydomain.com:389 - trying
> regular connection
> Registering the directory server instances with the configuration
> directory server . . .
> Beginning Admin Server reconfiguration . . .
> Registering admin server with the configuration directory server . . .
> Updating adm.conf with information from configuration directory server . .
> .
> Exiting . . .
> Log file is '/tmp/setupS0ZvAH.log'
>
>
>  [root at serverB admin-serv]# !292
> rpm -qi 389-ds-base
> Name        : 389-ds-base
> Version     : 1.2.10
> Release     : 0.5.a5.fc15
> Architecture: i686
> Install Date: Thu 10 Nov 2011 03:04:01 PM EST
> Group       : System Environment/Daemons
> Size        : 4738178
> License     : GPLv2 with exceptions
> Signature   : RSA/SHA256, Sat 05 Nov 2011 09:17:58 AM EDT, Key ID
> b4ebf579069c8460
> Source RPM  : 389-ds-base-1.2.10-0.5.a5.fc15.src.rpm
> Build Date  : Fri 04 Nov 2011 07:13:25 PM EDT
> Build Host  : x86-11.phx2.fedoraproject.org
> Relocations : (not relocatable)
> Packager    : Fedora Project
> Vendor      : Fedora Project
> URL         : http://port389.org/
> Summary     : 389 Directory Server (base)
>
>
>
>   On Thu, Nov 10, 2011 at 2:36 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>
>>   On 11/10/2011 12:02 PM, Tom Tucker wrote:
>>
>> Responding to the group..this time.
>>
>>
>>  Thanks for the quick response, unfortunately no change.
>>
>>  OS: FC 15
>> https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=751495
>>
>>  Server1
>> ##########
>>  [root at serverA phpldapadmin]# setup-ds-admin.pl -u
>>
>>
>> ==============================================================================
>> The update option will allow you to re-register your servers with the
>> configuration directory server and update the information about your
>> servers that the console and admin server uses.  You will need your
>> configuration directory server admin ID and password to continue.
>>
>>  Continue? [yes]:
>>
>>
>> ==============================================================================
>>  Please specify the information about your configuration directory
>> server.  The following information is required:
>> - host (fully qualified), port (non-secure or secure), suffix,
>>   protocol (ldap or ldaps) - this information should be provided in the
>>   form of an LDAP url e.g. for non-secure
>> ldap://host.example.com:389/o=NetscapeRoot
>>   or for secure
>> ldaps://host.example.com:636/o=NetscapeRoot
>> - admin ID and password
>> - admin domain
>> - a CA certificate file may be required if you choose to use ldaps and
>>   security has not yet been configured - the file must be in PEM/ASCII
>>   format - specify the absolute path and filename
>>
>>  Configuration directory server URL [ldap://
>> serverA.mydomain.com:389/o=NetscapeRoot]:
>> Configuration directory server admin ID
>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>> Configuration directory server admin password:
>> Configuration directory server admin domain [mydomain.com]:
>>
>>
>> ==============================================================================
>> The interactive phase is complete.  The script will now set up your
>> servers.  Enter No or go Back if you want to change something.
>>
>>  Are you ready to set up your servers? [yes]:
>> Could not open TLS connection to serverA.mydomain.com:389 - trying
>> regular connection
>> rm: cannot remove `/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*': No
>> such file or directory
>> rm: cannot remove `/var/lib/dirsrv/slapd-serverA/changelogdb/guardian':
>> No such file or directory
>> Undefined subroutine &DSUpdate::updateSystemD called at
>> /usr/lib/dirsrv/perl/DSUpdate.pm line 419.
>>
>>  rpm -qi 389-ds-base
>> this issue is fixed in 1.2.10.a5 in updates-testing
>>
>>
>>
>>  Server2
>> #########
>>  [root at usg-ldap7901 admin-serv]# setup-ds-admin.pl -u
>>
>>
>> ==============================================================================
>> The update option will allow you to re-register your servers with the
>> configuration directory server and update the information about your
>> servers that the console and admin server uses.  You will need your
>> configuration directory server admin ID and password to continue.
>>
>>  Continue? [yes]: yes
>>
>>
>> ==============================================================================
>>  Please specify the information about your configuration directory
>> server.  The following information is required:
>> - host (fully qualified), port (non-secure or secure), suffix,
>>   protocol (ldap or ldaps) - this information should be provided in the
>>   form of an LDAP url e.g. for non-secure
>> ldap://host.example.com:389/o=NetscapeRoot
>>   or for secure
>> ldaps://host.example.com:636/o=NetscapeRoot
>> - admin ID and password
>> - admin domain
>> - a CA certificate file may be required if you choose to use ldaps and
>>   security has not yet been configured - the file must be in PEM/ASCII
>>   format - specify the absolute path and filename
>>
>>  Configuration directory server URL [ldap://
>> serverA.mydomain.com:389/o=NetscapeRoot]:
>> Configuration directory server admin ID
>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>> Configuration directory server admin password:
>> Configuration directory server admin domain [mydomain.com]:
>>
>>
>> ==============================================================================
>> The interactive phase is complete.  The script will now set up your
>> servers.  Enter No or go Back if you want to change something.
>>
>>  Are you ready to set up your servers? [yes]:
>> Could not open TLS connection to serverA.mydomain.com:389 - trying
>> regular connection
>> Undefined subroutine &DSUpdate::updateSystemD called at
>> /usr/lib/dirsrv/perl/DSUpdate.pm line 419.
>>
>>
>>
>>
>> On Thu, Nov 10, 2011 at 1:48 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>>
>>>  On 11/10/2011 11:48 AM, Tom Tucker wrote:
>>>
>>>
>>>  I would appreciate any troubleshooting advise you might have regarding
>>> my registered ldap servers.  I am referring to the first page you see when
>>> launching the console (servers listed underneath Servers and Applications).
>>> I see my servers listed, however I am unable to open them. Their  "Server
>>> status" always reports "Stopped" even though the remote servers are running.
>>>
>>>  Based on my tcpdump capture below the 'admin prohibited' message is a
>>> clear indication of the problem, but I can't seem to correct it.  I have
>>> reran the setup several times, confirmed the password and such.
>>>
>>>  What am I missing?
>>>
>>>  Have you tried running setup-ds-admin.pl -u on both the local servers
>>> and the remote servers?
>>>
>>>
>>>
>>>
>>>
>>> ==============================================================================
>>>
>>>  13:35:27.458489 IP serverA.mydomain.com.30940 >
>>> serverB.mydomain.com.ldap: Flags [S], seq 404137883, win 14600, options
>>> [mss 1460,sackOK,TS val 348721371 ecr 0,nop,wscale 6], length 0
>>> 13:35:27.458591 IP serverB.mydomain.com > serverA.mydomain.com: ICMP
>>> host serverB.mydomain.com unreachable - admin prohibited, length 68
>>>
>>>
>>>
>>>  Please specify the information about your configuration directory
>>> server.  The following information is required:
>>> - host (fully qualified), port (non-secure or secure), suffix,
>>>   protocol (ldap or ldaps) - this information should be provided in the
>>>   form of an LDAP url e.g. for non-secure
>>> ldap://host.example.com:389/o=NetscapeRoot
>>>   or for secure
>>> ldaps://host.example.com:636/o=NetscapeRoot
>>> - admin ID and password
>>> - admin domain
>>> - a CA certificate file may be required if you choose to use ldaps and
>>>   security has not yet been configured - the file must be in PEM/ASCII
>>>   format - specify the absolute path and filename
>>>
>>>  Configuration directory server URL [ldap://
>>> serverA.mydomain.com:389/o=NetscapeRoot]:
>>> Configuration directory server admin ID
>>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>>> Configuration directory server admin password:
>>> Configuration directory server admin domain [mydomain.com]:
>>>
>>>
>>> --
>>> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20111110/d88de148/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: console.log
Type: application/octet-stream
Size: 60690 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20111110/d88de148/attachment.obj>

More information about the 389-users mailing list