[389-users] Unable to Manage Registered Servers from Console
Rich Megginson
rmeggins at redhat.com
Thu Nov 10 22:20:43 UTC 2011
On 11/10/2011 02:56 PM, Tom Tucker wrote:
> Attached is the console.log output from serverA.
>
> I noticed this error in the output. BTW no firewalls exists between
> these hosts nor is IPTables or selinux running on either end.
>
> ResourceSet: found in cache
> loader6298545:com.netscape.management.client.util.default
> ClassLoader: :loadClass():name:java.net.URL
> CommManager> New CommRecord
> (http://serverB.mydomain.com:9830/admin-serv/tasks/operation/StatusPing)
> java.net.NoRouteToHostException: No route to host
> ClassLoader: :loadClass():name:java.net.SocketException
Can you go to http://serverB.mydomain.com:9830
<http://serverB.mydomain.com:9830/admin-serv/tasks/operation/StatusPing>
in your web browser, from both machines?
<http://serverB.mydomain.com:9830/admin-serv/tasks/operation/StatusPing>
>
>
> On Thu, Nov 10, 2011 at 3:31 PM, Rich Megginson <rmeggins at redhat.com
> <mailto:rmeggins at redhat.com>> wrote:
>
> On 11/10/2011 01:16 PM, Tom Tucker wrote:
>> The upgrade to a5 addressed the subroutine error, thanks.
>> Unfortunately serverB is still refusing to be managed via the
>> Console. I ran the -u update twice and bounced services for the
>> helluva it. Additional output can be found below.
> Ok. Run the console like this: 389-console -D 9 -f console.log -
> remove/obscure any sensitive data in console.log - post
> console.log to the list
>
>>
>>
>> SERVER A
>> ########
>>
>> Are you ready to set up your servers? [yes]:
>> Could not open TLS connection to serverA.mydomain.com:389
>> <http://serverA.mydomain.com:389> - trying regular connection
>> rm: cannot remove
>> `/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*': No such file
>> or directory
>> rm: cannot remove
>> `/var/lib/dirsrv/slapd-serverA/changelogdb/guardian': No such
>> file or directory
>> Registering the directory server instances with the configuration
>> directory server . . .
>> Beginning Admin Server reconfiguration . . .
>> Registering admin server with the configuration directory server
>> . . .
>> Updating adm.conf with information from configuration directory
>> server . . .
>> Exiting . . .
>> Log file is '/tmp/setupYUpMQ4.log'
>>
>>
>> [root at serverA phpldapadmin]# rpm -qi 389-ds-base
>> Name : 389-ds-base
>> Version : 1.2.10
>> Release : 0.5.a5.fc15
>> Architecture: i686
>> Install Date: Thu 10 Nov 2011 02:54:23 PM EST
>> Group : System Environment/Daemons
>> Size : 4738178
>> License : GPLv2 with exceptions
>> Signature : RSA/SHA256, Sat 05 Nov 2011 09:17:58 AM EDT, Key ID
>> b4ebf579069c8460
>> Source RPM : 389-ds-base-1.2.10-0.5.a5.fc15.src.rpm
>> Build Date : Fri 04 Nov 2011 07:13:25 PM EDT
>> Build Host : x86-11.phx2.fedoraproject.org
>> <http://x86-11.phx2.fedoraproject.org>
>> Relocations : (not relocatable)
>> Packager : Fedora Project
>> Vendor : Fedora Project
>> URL : http://port389.org/
>> Summary : 389 Directory Server (base)
>> Description :
>> 389 Directory Server is an LDAPv3 compliant server. The base
>> package includes
>> the LDAP server and command line utilities for server administration.
>>
>>
>>
>> SERVER B
>> #########
>>
>>
>> Are you ready to set up your servers? [yes]:
>> Could not open TLS connection to serverB.mydomain.com:389
>> <http://serverB.mydomain.com:389> - trying regular connection
>> Registering the directory server instances with the configuration
>> directory server . . .
>> Beginning Admin Server reconfiguration . . .
>> Registering admin server with the configuration directory server
>> . . .
>> Updating adm.conf with information from configuration directory
>> server . . .
>> Exiting . . .
>> Log file is '/tmp/setupS0ZvAH.log'
>>
>>
>> [root at serverB admin-serv]# !292
>> rpm -qi 389-ds-base
>> Name : 389-ds-base
>> Version : 1.2.10
>> Release : 0.5.a5.fc15
>> Architecture: i686
>> Install Date: Thu 10 Nov 2011 03:04:01 PM EST
>> Group : System Environment/Daemons
>> Size : 4738178
>> License : GPLv2 with exceptions
>> Signature : RSA/SHA256, Sat 05 Nov 2011 09:17:58 AM EDT, Key ID
>> b4ebf579069c8460
>> Source RPM : 389-ds-base-1.2.10-0.5.a5.fc15.src.rpm
>> Build Date : Fri 04 Nov 2011 07:13:25 PM EDT
>> Build Host : x86-11.phx2.fedoraproject.org
>> <http://x86-11.phx2.fedoraproject.org>
>> Relocations : (not relocatable)
>> Packager : Fedora Project
>> Vendor : Fedora Project
>> URL : http://port389.org/
>> Summary : 389 Directory Server (base)
>>
>>
>>
>> On Thu, Nov 10, 2011 at 2:36 PM, Rich Megginson
>> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> wrote:
>>
>> On 11/10/2011 12:02 PM, Tom Tucker wrote:
>>> Responding to the group..this time.
>>>
>>>
>>> Thanks for the quick response, unfortunately no change.
>>>
>>> OS: FC 15
>>> https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=751495
>>> <https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=751495>
>>>
>>> Server1
>>> ##########
>>> [root at serverA phpldapadmin]# setup-ds-admin.pl
>>> <http://setup-ds-admin.pl/> -u
>>>
>>> ==============================================================================
>>> The update option will allow you to re-register your servers
>>> with the
>>> configuration directory server and update the information
>>> about your
>>> servers that the console and admin server uses. You will
>>> need your
>>> configuration directory server admin ID and password to
>>> continue.
>>>
>>> Continue? [yes]:
>>>
>>> ==============================================================================
>>> Please specify the information about your configuration
>>> directory
>>> server. The following information is required:
>>> - host (fully qualified), port (non-secure or secure), suffix,
>>> protocol (ldap or ldaps) - this information should be
>>> provided in the
>>> form of an LDAP url e.g. for non-secure
>>> ldap://host.example.com:389/o=NetscapeRoot
>>> <http://host.example.com:389/o=NetscapeRoot>
>>> or for secure
>>> ldaps://host.example.com:636/o=NetscapeRoot
>>> <http://host.example.com:636/o=NetscapeRoot>
>>> - admin ID and password
>>> - admin domain
>>> - a CA certificate file may be required if you choose to use
>>> ldaps and
>>> security has not yet been configured - the file must be in
>>> PEM/ASCII
>>> format - specify the absolute path and filename
>>>
>>> Configuration directory server URL
>>> [ldap://serverA.mydomain.com:389/o=NetscapeRoot
>>> <http://serverA.mydomain.com:389/o=NetscapeRoot>]:
>>> Configuration directory server admin ID
>>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>>>
>>> Configuration directory server admin password:
>>> Configuration directory server admin domain [mydomain.com
>>> <http://mydomain.com/>]:
>>>
>>> ==============================================================================
>>> The interactive phase is complete. The script will now set
>>> up your
>>> servers. Enter No or go Back if you want to change something.
>>>
>>> Are you ready to set up your servers? [yes]:
>>> Could not open TLS connection to serverA.mydomain.com:389
>>> <http://serverA.mydomain.com:389/> - trying regular connection
>>> rm: cannot remove
>>> `/var/lib/dirsrv/slapd-serverA/changelogdb/__db.*': No such
>>> file or directory
>>> rm: cannot remove
>>> `/var/lib/dirsrv/slapd-serverA/changelogdb/guardian': No
>>> such file or directory
>>> Undefined subroutine &DSUpdate::updateSystemD called at
>>> /usr/lib/dirsrv/perl/DSUpdate.pm line 419.
>> rpm -qi 389-ds-base
>> this issue is fixed in 1.2.10.a5 in updates-testing
>>
>>>
>>>
>>> Server2
>>> #########
>>> [root at usg-ldap7901 admin-serv]# setup-ds-admin.pl
>>> <http://setup-ds-admin.pl/> -u
>>>
>>> ==============================================================================
>>> The update option will allow you to re-register your servers
>>> with the
>>> configuration directory server and update the information
>>> about your
>>> servers that the console and admin server uses. You will
>>> need your
>>> configuration directory server admin ID and password to
>>> continue.
>>>
>>> Continue? [yes]: yes
>>>
>>> ==============================================================================
>>> Please specify the information about your configuration
>>> directory
>>> server. The following information is required:
>>> - host (fully qualified), port (non-secure or secure), suffix,
>>> protocol (ldap or ldaps) - this information should be
>>> provided in the
>>> form of an LDAP url e.g. for non-secure
>>> ldap://host.example.com:389/o=NetscapeRoot
>>> <http://host.example.com:389/o=NetscapeRoot>
>>> or for secure
>>> ldaps://host.example.com:636/o=NetscapeRoot
>>> <http://host.example.com:636/o=NetscapeRoot>
>>> - admin ID and password
>>> - admin domain
>>> - a CA certificate file may be required if you choose to use
>>> ldaps and
>>> security has not yet been configured - the file must be in
>>> PEM/ASCII
>>> format - specify the absolute path and filename
>>>
>>> Configuration directory server URL
>>> [ldap://serverA.mydomain.com:389/o=NetscapeRoot
>>> <http://serverA.mydomain.com:389/o=NetscapeRoot>]:
>>> Configuration directory server admin ID
>>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>>>
>>> Configuration directory server admin password:
>>> Configuration directory server admin domain [mydomain.com
>>> <http://mydomain.com/>]:
>>>
>>> ==============================================================================
>>> The interactive phase is complete. The script will now set
>>> up your
>>> servers. Enter No or go Back if you want to change something.
>>>
>>> Are you ready to set up your servers? [yes]:
>>> Could not open TLS connection to serverA.mydomain.com:389
>>> <http://serverA.mydomain.com:389/> - trying regular connection
>>> Undefined subroutine &DSUpdate::updateSystemD called at
>>> /usr/lib/dirsrv/perl/DSUpdate.pm line 419.
>>>
>>>
>>>
>>>
>>> On Thu, Nov 10, 2011 at 1:48 PM, Rich Megginson
>>> <rmeggins at redhat.com <mailto:rmeggins at redhat.com>> wrote:
>>>
>>> On 11/10/2011 11:48 AM, Tom Tucker wrote:
>>>>
>>>> I would appreciate any troubleshooting advise you might
>>>> have regarding my registered ldap servers. I am
>>>> referring to the first page you see when launching the
>>>> console (servers listed underneath Servers and
>>>> Applications). I see my servers listed, however I am
>>>> unable to open them. Their "Server status" always
>>>> reports "Stopped" even though the remote servers are
>>>> running.
>>>>
>>>> Based on my tcpdump capture below the 'admin
>>>> prohibited' message is a clear indication of the
>>>> problem, but I can't seem to correct it. I have reran
>>>> the setup several times, confirmed the password and such.
>>>>
>>>> What am I missing?
>>> Have you tried running setup-ds-admin.pl
>>> <http://setup-ds-admin.pl> -u on both the local servers
>>> and the remote servers?
>>>>
>>>>
>>>>
>>>> ==============================================================================
>>>>
>>>> 13:35:27.458489 IP serverA.mydomain.com.30940 >
>>>> serverB.mydomain.com.ldap: Flags [S], seq 404137883,
>>>> win 14600, options [mss 1460,sackOK,TS val 348721371
>>>> ecr 0,nop,wscale 6], length 0
>>>> 13:35:27.458591 IP serverB.mydomain.com
>>>> <http://serverB.mydomain.com> > serverA.mydomain.com
>>>> <http://serverA.mydomain.com>: ICMP host
>>>> serverB.mydomain.com <http://serverB.mydomain.com>
>>>> unreachable - admin prohibited, length 68
>>>>
>>>>
>>>>
>>>> Please specify the information about your configuration
>>>> directory
>>>> server. The following information is required:
>>>> - host (fully qualified), port (non-secure or secure),
>>>> suffix,
>>>> protocol (ldap or ldaps) - this information should be
>>>> provided in the
>>>> form of an LDAP url e.g. for non-secure
>>>> ldap://host.example.com:389/o=NetscapeRoot
>>>> <http://host.example.com:389/o=NetscapeRoot>
>>>> or for secure
>>>> ldaps://host.example.com:636/o=NetscapeRoot
>>>> <http://host.example.com:636/o=NetscapeRoot>
>>>> - admin ID and password
>>>> - admin domain
>>>> - a CA certificate file may be required if you choose
>>>> to use ldaps and
>>>> security has not yet been configured - the file must
>>>> be in PEM/ASCII
>>>> format - specify the absolute path and filename
>>>>
>>>> Configuration directory server URL
>>>> [ldap://serverA.mydomain.com:389/o=NetscapeRoot
>>>> <http://serverA.mydomain.com:389/o=NetscapeRoot>]:
>>>> Configuration directory server admin ID
>>>> [uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot]:
>>>>
>>>> Configuration directory server admin password:
>>>> Configuration directory server admin domain
>>>> [mydomain.com <http://mydomain.com>]:
>>>>
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20111110/ca40376e/attachment.html>
More information about the 389-users
mailing list