[389-users] Unable to Manage Registered Servers from Console
Tom Tucker
tktucker at gmail.com
Thu Nov 10 21:56:01 UTC 2011
Attached is the console.log output from serverA.
I noticed this error in the output. BTW no firewalls exists between these
hosts nor is IPTables or selinux running on either end.
ResourceSet: found in cache
loader6298545:com.netscape.management.client.util.default
ClassLoader: :loadClass():name:java.net.URL
CommManager> New CommRecord (
http://serverB.mydomain.com:9830/admin-serv/tasks/operation/StatusPing)
java.net.NoRouteToHostException: No route to host
ClassLoader: :loadClass():name:java.net.SocketException
On Thu, Nov 10, 2011 at 3:31 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> **
> On 11/10/2011 01:16 PM, Tom Tucker wrote:
>
> The upgrade to a5 addressed the subroutine error, thanks. Unfortunately
> serverB is still refusing to be managed via the Console. I ran the -u
> update twice and bounced services for the helluva it. Additional output can
> be found below.
>
> Ok. Run the console like this: 389-console -D 9 -f console.log -
> remove/obscure any sensitive data in console.log - post console.log to the
> list
>
>
>
> SERVER A
> ########
>
> Are you ready to set up your servers? [yes]:
> Could not open TLS connection to serverA.mydomain.com:389 - trying
> regular connection
> rm: cannot remove `/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*': No
> such file or directory
> rm: cannot remove `/var/lib/dirsrv/slapd-serverA/changelogdb/guardian': No
> such file or directory
> Registering the directory server instances with the configuration
> directory server . . .
> Beginning Admin Server reconfiguration . . .
> Registering admin server with the configuration directory server . . .
> Updating adm.conf with information from configuration directory server . .
> .
> Exiting . . .
> Log file is '/tmp/setupYUpMQ4.log'
>
>
> [root at serverA phpldapadmin]# rpm -qi 389-ds-base
> Name : 389-ds-base
> Version : 1.2.10
> Release : 0.5.a5.fc15
> Architecture: i686
> Install Date: Thu 10 Nov 2011 02:54:23 PM EST
> Group : System Environment/Daemons
> Size : 4738178
> License : GPLv2 with exceptions
> Signature : RSA/SHA256, Sat 05 Nov 2011 09:17:58 AM EDT, Key ID
> b4ebf579069c8460
> Source RPM : 389-ds-base-1.2.10-0.5.a5.fc15.src.rpm
> Build Date : Fri 04 Nov 2011 07:13:25 PM EDT
> Build Host : x86-11.phx2.fedoraproject.org
> Relocations : (not relocatable)
> Packager : Fedora Project
> Vendor : Fedora Project
> URL : http://port389.org/
> Summary : 389 Directory Server (base)
> Description :
> 389 Directory Server is an LDAPv3 compliant server. The base package
> includes
> the LDAP server and command line utilities for server administration.
>
>
>
> SERVER B
> #########
>
>
> Are you ready to set up your servers? [yes]:
> Could not open TLS connection to serverB.mydomain.com:389 - trying
> regular connection
> Registering the directory server instances with the configuration
> directory server . . .
> Beginning Admin Server reconfiguration . . .
> Registering admin server with the configuration directory server . . .
> Updating adm.conf with information from configuration directory server . .
> .
> Exiting . . .
> Log file is '/tmp/setupS0ZvAH.log'
>
>
> [root at serverB admin-serv]# !292
> rpm -qi 389-ds-base
> Name : 389-ds-base
> Version : 1.2.10
> Release : 0.5.a5.fc15
> Architecture: i686
> Install Date: Thu 10 Nov 2011 03:04:01 PM EST
> Group : System Environment/Daemons
> Size : 4738178
> License : GPLv2 with exceptions
> Signature : RSA/SHA256, Sat 05 Nov 2011 09:17:58 AM EDT, Key ID
> b4ebf579069c8460
> Source RPM : 389-ds-base-1.2.10-0.5.a5.fc15.src.rpm
> Build Date : Fri 04 Nov 2011 07:13:25 PM EDT
> Build Host : x86-11.phx2.fedoraproject.org
> Relocations : (not relocatable)
> Packager : Fedora Project
> Vendor : Fedora Project
> URL : http://port389.org/
> Summary : 389 Directory Server (base)
>
>
>
> On Thu, Nov 10, 2011 at 2:36 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>
>> On 11/10/2011 12:02 PM, Tom Tucker wrote:
>>
>> Responding to the group..this time.
>>
>>
>> Thanks for the quick response, unfortunately no change.
>>
>> OS: FC 15
>> https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=751495
>>
>> Server1
>> ##########
>> [root at serverA phpldapadmin]# setup-ds-admin.pl -u
>>
>>
>> ==============================================================================
>> The update option will allow you to re-register your servers with the
>> configuration directory server and update the information about your
>> servers that the console and admin server uses. You will need your
>> configuration directory server admin ID and password to continue.
>>
>> Continue? [yes]:
>>
>>
>> ==============================================================================
>> Please specify the information about your configuration directory
>> server. The following information is required:
>> - host (fully qualified), port (non-secure or secure), suffix,
>> protocol (ldap or ldaps) - this information should be provided in the
>> form of an LDAP url e.g. for non-secure
>> ldap://host.example.com:389/o=NetscapeRoot
>> or for secure
>> ldaps://host.example.com:636/o=NetscapeRoot
>> - admin ID and password
>> - admin domain
>> - a CA certificate file may be required if you choose to use ldaps and
>> security has not yet been configured - the file must be in PEM/ASCII
>> format - specify the absolute path and filename
>>
>> Configuration directory server URL [ldap://
>> serverA.mydomain.com:389/o=NetscapeRoot]:
>> Configuration directory server admin ID
>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>> Configuration directory server admin password:
>> Configuration directory server admin domain [mydomain.com]:
>>
>>
>> ==============================================================================
>> The interactive phase is complete. The script will now set up your
>> servers. Enter No or go Back if you want to change something.
>>
>> Are you ready to set up your servers? [yes]:
>> Could not open TLS connection to serverA.mydomain.com:389 - trying
>> regular connection
>> rm: cannot remove `/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*': No
>> such file or directory
>> rm: cannot remove `/var/lib/dirsrv/slapd-serverA/changelogdb/guardian':
>> No such file or directory
>> Undefined subroutine &DSUpdate::updateSystemD called at
>> /usr/lib/dirsrv/perl/DSUpdate.pm line 419.
>>
>> rpm -qi 389-ds-base
>> this issue is fixed in 1.2.10.a5 in updates-testing
>>
>>
>>
>> Server2
>> #########
>> [root at usg-ldap7901 admin-serv]# setup-ds-admin.pl -u
>>
>>
>> ==============================================================================
>> The update option will allow you to re-register your servers with the
>> configuration directory server and update the information about your
>> servers that the console and admin server uses. You will need your
>> configuration directory server admin ID and password to continue.
>>
>> Continue? [yes]: yes
>>
>>
>> ==============================================================================
>> Please specify the information about your configuration directory
>> server. The following information is required:
>> - host (fully qualified), port (non-secure or secure), suffix,
>> protocol (ldap or ldaps) - this information should be provided in the
>> form of an LDAP url e.g. for non-secure
>> ldap://host.example.com:389/o=NetscapeRoot
>> or for secure
>> ldaps://host.example.com:636/o=NetscapeRoot
>> - admin ID and password
>> - admin domain
>> - a CA certificate file may be required if you choose to use ldaps and
>> security has not yet been configured - the file must be in PEM/ASCII
>> format - specify the absolute path and filename
>>
>> Configuration directory server URL [ldap://
>> serverA.mydomain.com:389/o=NetscapeRoot]:
>> Configuration directory server admin ID
>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>> Configuration directory server admin password:
>> Configuration directory server admin domain [mydomain.com]:
>>
>>
>> ==============================================================================
>> The interactive phase is complete. The script will now set up your
>> servers. Enter No or go Back if you want to change something.
>>
>> Are you ready to set up your servers? [yes]:
>> Could not open TLS connection to serverA.mydomain.com:389 - trying
>> regular connection
>> Undefined subroutine &DSUpdate::updateSystemD called at
>> /usr/lib/dirsrv/perl/DSUpdate.pm line 419.
>>
>>
>>
>>
>> On Thu, Nov 10, 2011 at 1:48 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>>
>>> On 11/10/2011 11:48 AM, Tom Tucker wrote:
>>>
>>>
>>> I would appreciate any troubleshooting advise you might have regarding
>>> my registered ldap servers. I am referring to the first page you see when
>>> launching the console (servers listed underneath Servers and Applications).
>>> I see my servers listed, however I am unable to open them. Their "Server
>>> status" always reports "Stopped" even though the remote servers are running.
>>>
>>> Based on my tcpdump capture below the 'admin prohibited' message is a
>>> clear indication of the problem, but I can't seem to correct it. I have
>>> reran the setup several times, confirmed the password and such.
>>>
>>> What am I missing?
>>>
>>> Have you tried running setup-ds-admin.pl -u on both the local servers
>>> and the remote servers?
>>>
>>>
>>>
>>>
>>>
>>> ==============================================================================
>>>
>>> 13:35:27.458489 IP serverA.mydomain.com.30940 >
>>> serverB.mydomain.com.ldap: Flags [S], seq 404137883, win 14600, options
>>> [mss 1460,sackOK,TS val 348721371 ecr 0,nop,wscale 6], length 0
>>> 13:35:27.458591 IP serverB.mydomain.com > serverA.mydomain.com: ICMP
>>> host serverB.mydomain.com unreachable - admin prohibited, length 68
>>>
>>>
>>>
>>> Please specify the information about your configuration directory
>>> server. The following information is required:
>>> - host (fully qualified), port (non-secure or secure), suffix,
>>> protocol (ldap or ldaps) - this information should be provided in the
>>> form of an LDAP url e.g. for non-secure
>>> ldap://host.example.com:389/o=NetscapeRoot
>>> or for secure
>>> ldaps://host.example.com:636/o=NetscapeRoot
>>> - admin ID and password
>>> - admin domain
>>> - a CA certificate file may be required if you choose to use ldaps and
>>> security has not yet been configured - the file must be in PEM/ASCII
>>> format - specify the absolute path and filename
>>>
>>> Configuration directory server URL [ldap://
>>> serverA.mydomain.com:389/o=NetscapeRoot]:
>>> Configuration directory server admin ID
>>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>>> Configuration directory server admin password:
>>> Configuration directory server admin domain [mydomain.com]:
>>>
>>>
>>> --
>>> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20111110/d88de148/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: console.log
Type: application/octet-stream
Size: 60690 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20111110/d88de148/attachment.obj>
More information about the 389-users
mailing list