Koozali.org formerly Contribs.org

continuation of the topic SME Server 10 known issues

continuation of the topic SME Server 10 known issues
« on: March 30, 2021, 10:56:13 AM »
#2 after I restore my data from my SME9 to my SME10 , I can not access to the web server / server-manager

Bonjour.
I'm testing to restore my 9.2 backup to a new SmeV10Rc1 installatiion.
On the 9.2 i've the smeserver-dhcpmanager and sme9admin contribs installed.
I've two problems when restoring :
 - The access to the server-manager isn't working, (ip or Netbios, and the httpd -t command say all is correct)
 - I've the server in DHCP mode but the client doesn't have an ip.
If i install the smeserver-dhcp-dns contrib, the dhcp works, but the access to the manager no.
Sorry for my poor english.
Thank you for your hard work.
Raphaël Larronde

Re: continuation of the topic SME Server 10 known issues
« Reply #1 on: March 30, 2021, 11:01:12 AM »
Is it a certificate issue. What's in the logs

Offline TerryF

  • grumpy old man
  • *
  • 1,378
Re: continuation of the topic SME Server 10 known issues
« Reply #2 on: March 30, 2021, 11:44:13 AM »
My bet is on

Remove your templates-custom for httpd. There are chances you have a fragment with reference to php values for php module for httpd. We do not use this anymore, and it creates a fatal error on start of httpd

Be careful with following:

 mv /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf /root/
 systemctl restart httpd-e-smith.service
--
qui scribit bis legit

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #3 on: March 30, 2021, 05:36:09 PM »
Is it a certificate issue. What's in the logs
unlikely, it has been fool proofed.

My bet is on

Remove your templates-custom for httpd. There are chances you have a fragment with reference to php values for php module for httpd. We do not use this anymore, and it creates a fatal error on start of httpd
most likely, so it is not a continuation of SME Server 10 known issues, but it is #2 after I restore my data from my SME9 to my SME10 , I can not access to the web server / server-manage


so please do , and report here the content of
Code: [Select]
# /sbin/e-smith/audittools/templates
#httpd -t

then to fix as pointed by Terry

Code: [Select]
# mv /etc/e-smith/templates-custom/etc/httpd.conf/httpd.conf /root/
# systemctl restart httpd-e-smith.service
why not the /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf ? because systemd does it for httpd-e-smith....




for the dhcp it is unclear for me because you speak about having smeserver-dhcpmanager on SME9, but solved the issue by installing smeserver-dhcp-dns on SME10 ... please clarify
« Last Edit: March 31, 2021, 05:17:30 PM by Jean-Philippe Pialasse »

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #4 on: March 30, 2021, 05:58:39 PM »
for the dhcp it is unclear for me because you speak about having smeserver-dhcpmanager on SME9, but solved the issue by installing smeserver-dhcp-dns on SME10 ... please clarify

$ ls smeserver-dhcpmanager-2.0.4/root/etc/e-smith/templates-custom/etc/dhcpd.conf/
25DomainNameServers  25LeaseTimeDefault  25LeaseTimeMax  25Routers

so this is similar issue  as #3
you need to remove the templates-custom that the contribs should not have put there.... or install it, but we need to fix the contrib not to do that

Re: continuation of the topic SME Server 10 known issues
« Reply #5 on: March 31, 2021, 09:40:19 AM »
Bonjour and thank's for yours answers.
I will do a fresh smeserver 10 install, and restore the backup.
And after report the command mentionned by Jean-Philippe Pialasse
# /sbin/e-smith/audittools/templates
#httpd -t
And sorry it's not a continuation but i didn't know how to put.

Re: continuation of the topic SME Server 10 known issues
« Reply #6 on: March 31, 2021, 01:45:12 PM »
Suite.
New installation (no contrib installation) and restoration from a USB key.
See the results in attachment.
The state of the server !
 - server ping: OK.
 - No IP address affected to the client.
 - After setting a manual ip, access to the internet is fine but no access to the server-manager.
For the dhcpmanager and dhcp-dns contribs, it was just to show you what I had on version 9.2 and how I had done to have the DHCP working on V10.
Thanks

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #7 on: March 31, 2021, 05:26:11 PM »
sorry there was a typo, fixed it in the original message

Code: [Select]
mv /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf /root/
should be
Code: [Select]
mv /etc/e-smith/templates-custom/etc/httpd.conf/httpd.conf /root/
as shown in your pic "aucun fichier ou dossier" because of the typo, so nothing has changed

a free tips, when typing this long paths, hit "tab" key it will autocomplete to what is available, it limits the amount of typos, and could have help you to find mine ;)


but funny, you do not seem to have any templates custom looking at the empty output of
/sbin/e-smith/audittools/templates

so might not be this the issue...

could you give us the output of
Code: [Select]
tail -f /var/log/httpd/error_log
also the output of
Code: [Select]
tail -f /var/log/dhcpd/dhcpd.log -n50

Re: continuation of the topic SME Server 10 known issues
« Reply #8 on: April 03, 2021, 02:27:27 PM »
Egun on.
Here are the results of the orders. In attachments.
Certificate and subnetwork problems obviously.
Thanks in advance for your help.

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #9 on: April 03, 2021, 05:43:23 PM »
Well seems that the cookie is for James Wilson, as certificates it is.

certificate it is, we fool proofed it by checking that files exists, but not by testing they are actual SSL server certificates and keys....

what were you using for your SSL certificates ? Let's encrypt or do you import them from an external CA ?
if you imported a key forme xternal CA, it could be that the order inside the pem file is wrong see https://stackoverflow.com/questions/4658484/ssl-install-problem-key-value-mismatch-but-they-do-match

a quick workaround would be :
Code: [Select]

config show modSSL
config delprop modSSL crt key CertificateChainFile
 signal-event ssl-update
you then would have a httpd working with the default self signed certificate.

for dhcp you did not show the output of the command asked.

Re: continuation of the topic SME Server 10 known issues
« Reply #10 on: April 03, 2021, 06:11:16 PM »
Oups. Sorry for the attachment.
I will test your code tomorrow.
Then thanks and  also to James Wilson

Offline TerryF

  • grumpy old man
  • *
  • 1,378
Re: continuation of the topic SME Server 10 known issues
« Reply #11 on: April 03, 2021, 10:07:54 PM »
Well seems that the cookie is for James Wilson, as certificates it is.

certificate it is, we fool proofed it by checking that files exists, but not by testing they are actual SSL server certificates and keys....

:-) Free chicken dinner to James, well picked.....
--
qui scribit bis legit

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #12 on: April 03, 2021, 10:37:04 PM »
Oups. Sorry for the attachment.
I will test your code tomorrow.
Then thanks and  also to James Wilson

not realy readable but I imagine I read something like
Not configured to listen to any interface
...
No subnet declaration for eth0 (noIPv4 addresses)


so there is no template custom  as per previous output...

and you have a reference to eth0 while it is highly imporbable that on SME10 you have a eth0, it will more likely be called ens1 or something else.

what gives :
Code: [Select]
systemctl cat dhcpd
also
Code: [Select]
config show InternalInterface
do a simple
Code: [Select]
signal-event  e-smith-base-updatehelps ?

Re: continuation of the topic SME Server 10 known issues
« Reply #13 on: April 04, 2021, 12:58:56 AM »
Whoa too much credit
Just something that caught me and stopped apache starting. Had it on affa rise when the certs were not added to the backup.
But I'll take it lol

Re: continuation of the topic SME Server 10 known issues
« Reply #14 on: April 06, 2021, 05:10:56 PM »
Bonjour.
Concerning the DHCP your command worked well. I will put the captures of your commands tonight if it helps.
On the other hand I still have an error accessing the server-manager. Can I try to recreate them with these command : https://wiki.contribs.org/Useful_Commands#Certificates?
Thanks

Offline ReetP

  • *
  • 2,825
Re: continuation of the topic SME Server 10 known issues
« Reply #15 on: April 06, 2021, 11:53:39 PM »
Use the command as per JPs post above

https://forums.contribs.org/index.php/topic,54441.msg285046.html#msg285046

Terry, that probably needs updating on the wiki - useful commands & letsencrypt?
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline TerryF

  • grumpy old man
  • *
  • 1,378
Re: continuation of the topic SME Server 10 known issues
« Reply #16 on: April 07, 2021, 01:51:34 AM »
« Last Edit: April 07, 2021, 01:55:49 AM by TerryF »
--
qui scribit bis legit

Offline ReetP

  • *
  • 2,825
Re: continuation of the topic SME Server 10 known issues
« Reply #17 on: April 07, 2021, 09:14:56 AM »
Letsencrypt one doesn't use ssl-update?
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline TerryF

  • grumpy old man
  • *
  • 1,378
Re: continuation of the topic SME Server 10 known issues
« Reply #18 on: April 07, 2021, 09:48:29 AM »
as per the wiki

config delprop modSSL CertificateChainFile
config delprop modSSL crt
config delprop modSSL key

signal-event console-save
--
qui scribit bis legit

Offline ReetP

  • *
  • 2,825
Re: continuation of the topic SME Server 10 known issues
« Reply #19 on: April 07, 2021, 03:49:28 PM »
Inconsistent then :-)
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: continuation of the topic SME Server 10 known issues
« Reply #20 on: April 08, 2021, 08:47:52 AM »
USB mouse connect/disconnect log noise in messages log.

I've submitted a bug report:  https://bugs.koozali.org/show_bug.cgi?id=11536

See bug for fix that works for me but as yet untested/unconfirmed.
..................

Offline TerryF

  • grumpy old man
  • *
  • 1,378
Re: continuation of the topic SME Server 10 known issues
« Reply #21 on: April 08, 2021, 08:50:00 AM »
Excellent, thank you
--
qui scribit bis legit

Re: continuation of the topic SME Server 10 known issues
« Reply #22 on: April 08, 2021, 05:13:40 PM »
Bonjour.
Unfortunately, after several attempts, I still can't access the server-manager despite your help and the help of the wiki https://wiki.koozali.org/Useful_Commands#Certificates.
I also tested the completed installation, the import of the backup with the admin console (number 9) and recreate the certificate but still nothing.
Thank you for everything, I will start from scratch and reassemble the user data, accounts ... manually.

Offline ReetP

  • *
  • 2,825
Re: continuation of the topic SME Server 10 known issues
« Reply #23 on: April 08, 2021, 05:37:56 PM »
Hmmm.

You really ought to try and nail your issue as it might happen all over again.

Show us:

Code: [Select]
/sbin/e-smith/audittools/templates
Code: [Select]
/sbin/e-smith/audittools/newrpms
What do your logs say?

Look in:

/var/log/messages
/var/log/httpd/error_log
/var/log/httpd/admin_error_log

https://wiki.koozali.org/Useful_Commands#Parse_Log_files_to_search_for_errors

There should be something in there to give you a clue.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: continuation of the topic SME Server 10 known issues
« Reply #24 on: April 09, 2021, 08:58:35 AM »
Thank you for your encouragement. I am attaching the screenshots but I don't see anything that can inform us unfortunately.
Some kernel errors in the /var/log/messages and nothing  in the other.


Offline ReetP

  • *
  • 2,825
Re: continuation of the topic SME Server 10 known issues
« Reply #25 on: April 09, 2021, 05:32:08 PM »
Hmmmm. It doesn't make sense.

There has to be something, somewhere.

Those screenshots were taken AFTER a restore and while you have the issue?

The assumption is there is a problem with server-manager, but I am wondering if you actually have network issues.

What error do you get in your browser trying to access the server manager?

Can you ping the server?
Can you ping from the server to your router or internet?
Can you ssh to the server?

What is your network configuration?


...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: continuation of the topic SME Server 10 known issues
« Reply #26 on: April 10, 2021, 01:41:16 AM »
I know it a bit basic but you have shut down the old sme, ie the new one is booting when the IP it wants is available

Re: continuation of the topic SME Server 10 known issues
« Reply #27 on: April 11, 2021, 10:04:03 PM »
In summary.
The current server, v9.2 is a domain controller, 2 sata disks in raid1, running the administrative part in a small school set, 40 users and 50 workstations.
The contribs dhcpmanager, dhcpdns and sme9admin are installed.
2 Ethernets cards, one to the fixed IP router, one to the local network distributing DHCP addresses.
Almost no files, no ibays, the storage is done on a Nas.

The new server is a DellT110, 16go ram, 3 sata disks. I'm testing on a separate network, with a windows 10 pro client.
In reply to ReetP
 - all screenshots are taken after the restore,
After the restore :
 - internet access works from server and client,
 - access to the server-manager does not work,
 - I haven't tested to mount the client to the domain yet. I'll do it tomorrow.
Thanks for your help.

Offline ReetP

  • *
  • 2,825
Re: continuation of the topic SME Server 10 known issues
« Reply #28 on: April 11, 2021, 10:18:55 PM »
So you are accessing the new server manager using Windows 10 on the internal network?

What does the browser say?

What do the /var/log/httpd/access & error logs say - there should be something when you try to connect?

Tail them both as you try.

You definitely removed all custom templates and reset the certificates after restore?
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #29 on: April 11, 2021, 10:41:36 PM »
I saw that you were able to update a few times so you  have network access apart from the dhcp issue which is now fixed with signal-event  e-smith-base-update.


I would really suggest you to do the following commands using putty or any means to access using ssh to your server, as it will be easier to avoid a typo and would of greater help for us and latter to be able to read copy pasted text than poor quality pics.

So to debug httpd

we already had
Code: [Select]
httpd -t
Syntax OK

no custom template as /sbin/e-smith/audittools/templates returns nothing


also I am assuming that we have the following
Code: [Select]
config show modSSL
modSSL=service
    Country=CA
    TCPPort=443
    access=public
    status=enabled

If you see key, crt or CertificateChainFile properties do:
Code: [Select]
config delprop modSSL CertificateChainFile crt key
signal-event ssl-update
systemctl restart httpd-e-smith
systemctl is-active httpd-e-smith


we are assuming the issue is httpd-e-smith as the erorrs we get about certs in one of your pics, but you only speak about server-manager does not work, which we have interpreted as is not reachable.
What exactly you mean as does not work ??? what are you seeing ?
Are you able to see the content of your primary ebay using http ? what do you see if you try ? error message ?


can you access (at least seeing the login page ) the manager from the  server doing
Code: [Select]
elinks http://localhost:980/server-managerare you able to login ?

and doing this way :
Code: [Select]
elinks http://localhost:80/server-manager


assuming this works using port 980 but not 80; could you try those 2 commands
Code: [Select]
openssl rsa -noout -modulus -in /home/e-smith/ssl.key/$HOSTNAME.key |openssl md5
openssl x509 -noout -modulus -in /home/e-smith/ssl.crt/$HOSTNAME.crt |openssl md5
you do not need to paste here the actual result but please check that the content of those two command is eaxctly the same, letter by letter amd no error message is provided before this line
Code: [Select]
(stdin)= sometexthere

if they are different please delete or move those two files and do
Code: [Select]
signal-event ssl-update
systemctl restart httpd-e-smith
systemctl is-active httpd-e-smith


finally, if still not working getting the result of the following would help
Code: [Select]
ll /var/log/httpd/error_log*
tail -f   /var/log/httpd/error_log
systemctl cat httpd-e-smith
systemctl status httpd-e-smith

Re: continuation of the topic SME Server 10 known issues
« Reply #30 on: April 12, 2021, 03:43:30 PM »
Bonjour.

Yes, the command return (Capture from Putty)

[root@smeserveur ~]# httpd -t
Syntax OK
[root@smeserveur ~]# /sbin/e-smith/audittools/templates
[root@smeserveur ~]#

Then
[root@smeserveur ~]# config show modSSL
modSSL=service
    TCPPort=443
    access=public
    status=enabled
[root@smeserveur ~]#

After

[root@smeserveur ~]# config delprop modSSL CertificateChainFile crt key
[root@smeserveur ~]# signal-event ssl-update
[root@smeserveur ~]# systemctl restart httpd-e-smith
Job for httpd-e-smith.service failed because the control process exited with error code. See "systemctl status httpd-e-smith.service" and "journalctl -xe" for details.
[root@smeserveur ~]# systemctl is-active httpd-e-smith failed



Re: continuation of the topic SME Server 10 known issues
« Reply #31 on: April 12, 2021, 04:03:48 PM »
Suite
elinks http://localhost:980/server-manager
are you able to login ?
and doing this way :
Code: [Select]
elinks http://localhost:80/server-manager


Both aren't working, or from the admin console

in case i put the command. Md5 sum is different but it's maybe normal since the elink don't work

[root@smeserveur ~]# openssl rsa -noout -modulus -in /home/e-smith/ssl.key/$HOSTNAME.key |openssl md5
(stdin)= 7493fb457087917da69a16ab3e998b87
[root@smeserveur ~]# openssl x509 -noout -modulus -in /home/e-smith/ssl.crt/$HOSTNAME.crt |openssl md5
(stdin)= 63e4ae38feabb8cde40b1ce5ac


Re: continuation of the topic SME Server 10 known issues
« Reply #32 on: April 12, 2021, 04:12:25 PM »
Next, after erasing the key and crt files


[root@smeserveur ~]# signal-event ssl-update
[root@smeserveur ~]# systemctl restart httpd-e-smith
Job for httpd-e-smith.service failed because the control process exited with error code. See "systemctl status httpd-e-smith.service" and "journalctl -xe" for details.


If i do a systemctl status  httpd-e-smith.service as asked

[root@smeserveur ~]# systemctl status  httpd-e-smith.service
● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Service
   Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since lun. 2021-04-12 16:09:26 CEST; 1min 58s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 16599 ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND (code=exited, status=1/FAILURE)
  Process: 16596 ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare (code=exited, status=0/SUCCESS)
  Process: 16593 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf (code=exited, status=0/SUCCESS)
  Process: 16586 ExecStartPre=/sbin/e-smith/service-status httpd-e-smith (code=exited, status=0/SUCCESS)
 Main PID: 16599 (code=exited, status=1/FAILURE)

avril 12 16:09:26 smeserveur.esh systemd[1]: Starting httpd-e-smith The Koozali SME Server Apache HTTP Service...
avril 12 16:09:26 smeserveur.esh httpd[16599]: AH00526: Syntax error on line 146 of /etc/httpd/conf/httpd.conf:
avril 12 16:09:26 smeserveur.esh httpd[16599]: SSLCertificateFile: file '/home/e-smith/ssl.crt/smeserveur.esh.cr...empty
avril 12 16:09:26 smeserveur.esh systemd[1]: httpd-e-smith.service: main process exited, code=exited, status=1/FAILURE
avril 12 16:09:26 smeserveur.esh systemd[1]: Failed to start httpd-e-smith The Koozali SME Server Apache HTTP Service.
avril 12 16:09:26 smeserveur.esh systemd[1]: Unit httpd-e-smith.service entered failed state.
avril 12 16:09:26 smeserveur.esh systemd[1]: httpd-e-smith.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@smeserveur ~]#

Re: continuation of the topic SME Server 10 known issues
« Reply #33 on: April 12, 2021, 04:17:28 PM »
To finish

[root@smeserveur ~]# ll /var/log/httpd/error_log*
lrwxrwxrwx 1 root root   39 12 avril 15:13 /var/log/httpd/error_log -> /var/log/httpd/error_log.20210412151302
-rw-r--r-- 1 root root 1354 12 avril 15:10 /var/log/httpd/error_log.20210412145843
-rw-r--r-- 1 root root 2031 12 avril 15:39 /var/log/httpd/error_log.20210412151302
[root@smeserveur ~]# tail -f   /var/log/httpd/error_log
[Mon Apr 12 15:39:49.253599 2021] [ssl:warn] [pid 9305] AH01906: RSA server certificate is a CA certificate (BasicConstr             aints: CA == TRUE !?)
[Mon Apr 12 15:39:49.253667 2021] [ssl:warn] [pid 9305] AH01909: RSA certificate configured for esh:443 does NOT include              an ID which matches the server name
[Mon Apr 12 15:39:49.253682 2021] [ssl:emerg] [pid 9305] AH02238: Unable to configure RSA server private key
[Mon Apr 12 15:39:49.253697 2021] [ssl:emerg] [pid 9305] SSL Library Error: error:0B080074:x509 certificate routines:X50             9_check_private_key:key values mismatch
[Mon Apr 12 15:39:49.253701 2021] [ssl:emerg] [pid 9305] AH02312: Fatal error initialising mod_ssl, exiting.
[Mon Apr 12 15:39:49.783941 2021] [ssl:warn] [pid 9383] AH01906: RSA server certificate is a CA certificate (BasicConstr             aints: CA == TRUE !?)
[Mon Apr 12 15:39:49.784006 2021] [ssl:warn] [pid 9383] AH01909: RSA certificate configured for esh:443 does NOT include              an ID which matches the server name
[Mon Apr 12 15:39:49.784022 2021] [ssl:emerg] [pid 9383] AH02238: Unable to configure RSA server private key
[Mon Apr 12 15:39:49.784037 2021] [ssl:emerg] [pid 9383] SSL Library Error: error:0B080074:x509 certificate routines:X50             9_check_private_key:key values mismatch
[Mon Apr 12 15:39:49.784040 2021] [ssl:emerg] [pid 9383] AH02312: Fatal error initialising mod_ssl, exiting.


and

[root@smeserveur ~]# systemctl cat httpd-e-smith
# /usr/lib/systemd/system/httpd-e-smith.service
[Unit]
Description=httpd-e-smith The Koozali SME Server Apache HTTP Service
After=network.target remote-fs.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)

[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/httpd
ExecStartPre=/sbin/e-smith/service-status httpd-e-smith
ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare
ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
ExecReload=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -k graceful
ExecStop=/bin/kill -WINCH ${MAINPID}
# We want systemd to give httpd some time to finish gracefully, but still want
# it to kill httpd after TimeoutStopSec if something went wrong during the
# graceful stop. Normally, Systemd sends SIGTERM signal right after the
# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
# httpd time to finish.
KillSignal=SIGCONT
PrivateTmp=true

[Install]
WantedBy=sme-server.target


and then


[root@smeserveur ~]# systemctl status httpd-e-smith
● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Service
   Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since lun. 2021-04-12 16:09:26 CEST; 7min ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 16599 ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND (code=exited, status=1/FAILURE)
  Process: 16596 ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare (code=exited, status=0/SUCCESS)
  Process: 16593 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf (code=exited, status=0/SUCCESS)
  Process: 16586 ExecStartPre=/sbin/e-smith/service-status httpd-e-smith (code=exited, status=0/SUCCESS)
 Main PID: 16599 (code=exited, status=1/FAILURE)

avril 12 16:09:26 smeserveur.esh systemd[1]: Starting httpd-e-smith The Koozali SME Server Apache HTTP Service...
avril 12 16:09:26 smeserveur.esh httpd[16599]: AH00526: Syntax error on line 146 of /etc/httpd/conf/httpd.conf:
avril 12 16:09:26 smeserveur.esh httpd[16599]: SSLCertificateFile: file '/home/e-smith/ssl.crt/smeserveur.esh.crt' does not ... empty
avril 12 16:09:26 smeserveur.esh systemd[1]: httpd-e-smith.service: main process exited, code=exited, status=1/FAILURE
avril 12 16:09:26 smeserveur.esh systemd[1]: Failed to start httpd-e-smith The Koozali SME Server Apache HTTP Service.
avril 12 16:09:26 smeserveur.esh systemd[1]: Unit httpd-e-smith.service entered failed state.
avril 12 16:09:26 smeserveur.esh systemd[1]: httpd-e-smith.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@smeserveur ~]#



Re: continuation of the topic SME Server 10 known issues
« Reply #34 on: April 12, 2021, 04:19:15 PM »
So sorry to waste your time. :-(

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #35 on: April 12, 2021, 08:46:28 PM »
do not be sorry.

so both httpd-admin and httpd-e-smith are not running becaus you can not join on  port 980 from the command line.


smeserveur.esh httpd[16599]: SSLCertificateFile: file '/home/e-smith/ssl.crt/smeserveur.esh.cr...empty

shows that cert has not been renewed.

and error log shows a mismatch between keys and crt.

also at the openssl test you had different output so there is an issue there

try
Code: [Select]
rm /home/e-smith/ssl.*/* -f
signal-event ssl-update
systemctl restart httpd-e-smith
systemctl status -l httpd-e-smith
also as httpd-admin seems to have an issue please do
Code: [Select]
systemctl status -l httpd-admin

is it a bare metal machine or vm?

Re: continuation of the topic SME Server 10 known issues
« Reply #36 on: April 13, 2021, 09:01:06 AM »
Hi
[[root@smeserveur ~]# rm /home/e-smith/ssl.*/* -f
[root@smeserveur ~]# signal-event ssl-update
[root@smeserveur ~]# systemctl restart httpd-e-smith
Job for httpd-e-smith.service failed because the control process exited with err                          or code. See "systemctl status httpd-e-smith.service" and "journalctl -xe" for d                          etails.
[root@smeserveur ~]# systemctl status -l httpd-e-smith
● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Servi                          ce
   Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendo                          r preset: enabled)
   Active: failed (Result: exit-code) since mar. 2021-04-13 08:53:38 CEST; 11s a                          go
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 14768 ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREG                          ROUND (code=exited, status=1/FAILURE)
  Process: 14765 ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare (code=                          exited, status=0/SUCCESS)
  Process: 14742 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/http                          d.conf (code=exited, status=0/SUCCESS)
  Process: 14733 ExecStartPre=/sbin/e-smith/service-status httpd-e-smith (code=e                          xited, status=0/SUCCESS)
 Main PID: 14768 (code=exited, status=1/FAILURE)

avril 13 08:53:38 smeserveur.esh systemd[1]: Starting httpd-e-smith The Koozali                           SME Server Apache HTTP Service...
avril 13 08:53:38 smeserveur.esh httpd[14768]: AH00526: Syntax error on line 146                           of /etc/httpd/conf/httpd.conf:
avril 13 08:53:38 smeserveur.esh httpd[14768]: SSLCertificateFile: file '/home/e                          -smith/ssl.crt/smeserveur.esh.crt' does not exist or is empty
avril 13 08:53:38 smeserveur.esh systemd[1]: httpd-e-smith.service: main process                           exited, code=exited, status=1/FAILURE
avril 13 08:53:38 smeserveur.esh systemd[1]: Failed to start httpd-e-smith The K                          oozali SME Server Apache HTTP Service.
avril 13 08:53:38 smeserveur.esh systemd[1]: Unit httpd-e-smith.service entered                           failed state.
avril 13 08:53:38 smeserveur.esh systemd[1]: httpd-e-smith.service failed.
/i]

And
[root@smeserveur ~]# systemctl status -l httpd-admin
● httpd-admin.service - httpd-admin The Koozali SME Server Server-Manager web service
   Loaded: loaded (/usr/lib/systemd/system/httpd-admin.service; enabled; vendor preset: enabled)
   Active: active (running) since lun. 2021-04-12 16:45:05 CEST; 16h ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 1465 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/admin-conf/httpd.conf (code=exited, status=0/SUCCESS)
  Process: 1374 ExecStartPre=/sbin/e-smith/service-status httpd-admin (code=exited, status=0/SUCCESS)
 Main PID: 1496 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
   Memory: 2.7M
   CGroup: /system.slice/httpd-admin.service
           ├─1496 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
           └─1709 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND

avril 12 16:45:00 smeserveur.esh systemd[1]: Starting httpd-admin The Koozali SME Server Server-Manager web service...
avril 12 16:45:05 smeserveur.esh systemd[1]: Started httpd-admin The Koozali SME Server Server-Manager web service.
[root@smeserveur ~]#


And


[root@smeserveur ~]# ls /home/e-smith/ssl.crt
[root@smeserveur ~]# ls /home/e-smith/ssl.key
smeserveur.esh.key
[root@smeserveur ~]#


It's a baremetal

Offline ReetP

  • *
  • 2,825
Re: continuation of the topic SME Server 10 known issues
« Reply #37 on: April 13, 2021, 11:27:36 AM »
So for whatever good reason ssl-update does not appear to be recreating your server certificates correctly.


Quote
avril 13 08:53:38 smeserveur.esh httpd[14768]: AH00526: Syntax error on line 146 of /etc/httpd/conf/httpd.conf:

avril 13 08:53:38 smeserveur.esh httpd[14768]: SSLCertificateFile: file '/home/e-smith/ssl.crt/smeserveur.esh.crt' does not exist or is empty

Can you try this:

Code: [Select]
rm /home/e-smith/ssl.crt/*
rm /home/e-smith/ssl.key/*
rm /home/e-smith/ssl.pem/*
signal-event post-upgrade
signal-event reboot

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: continuation of the topic SME Server 10 known issues
« Reply #38 on: April 13, 2021, 03:42:36 PM »
Hello
Sorry for my English (French)
I had the same problem as you to access server-manager on a backup restore (French) on a SME 10 French installation)
After reading you, I managed to work around the problem in the following way:
- SME 10 installation without restoring the backup
- Server configuration

Modification of the smeserver.tgz backup file with 7-Zip:
Delete files contained in these directories
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.crt \
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.key \
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.pem \

- Restore the backup from the console
- reboot
- Server configuration (restoring the backup crashed it after the reboot)

And it's good we can access server-manager

Restoring contributions, updating, and more than just testing
« Last Edit: April 13, 2021, 03:44:55 PM by Yull »

Offline ReetP

  • *
  • 2,825
Re: continuation of the topic SME Server 10 known issues
« Reply #39 on: April 13, 2021, 08:07:29 PM »
Perfect. Like your English!!

Yes it really needs a reboot I think.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #40 on: April 13, 2021, 11:15:56 PM »
Yull
thanks for your post

Hello
Sorry for my English (French)
I had the same problem as you to access server-manager on a backup restore (French) on a SME 10 French installation)
After reading you, I managed to work around the problem in the following way:
- SME 10 installation without restoring the backup
- Server configuration

Modification of the smeserver.tgz backup file with 7-Zip:
Delete files contained in these directories
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.crt \
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.key \
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.pem \

thanks you pointed one element that was not tested: importation of old keys....
we now use a size of 4096, which is what a lot of security audit now ask for
on sme 9 the key was lower, and it seems that the test to delete it and recreate is not at the right place.
so here is a bug, that you both suffered as you use the self signed certificate, and you found a really nice workaround


- Restore the backup from the console
- reboot
- Server configuration (restoring the backup crashed it after the reboot)

And it's good we can access server-manager

Restoring contributions, updating, and more than just testing
yes as Reetp pointed out after a restore a reboot is mandatory, for two reasons :
- only services planned to be started after installation are up at the end, systemd was not aware he needs to start services that have been enabled during the restore.
- mysql restore process also still depends on a backup




I have however tested the ssl-update event after deleting the old keys of a server, and this is working
I am able to restart httpd-e-smith, so there is something strange there with Raphaël
Code: [Select]
rm /home/e-smith/ssl.*/* -f
signal-event ssl-update
systemctl restart httpd-e-smith

curious to see with the signal-event post-upgrade ; signal-event reboot 

Re: continuation of the topic SME Server 10 known issues
« Reply #41 on: April 15, 2021, 09:33:48 AM »
Bonjour.
Merci Yull pour tes informations. Je suis dans le même cas, avec une installation de sme en français.
Je me permet de résumer mes tests.

Installation of sme10.
Server : update, internet access--> Ok
Client :
 - DHCP : not working--> signal-event e-smith-base-update-->DHCP : Ok
 - Internet : OK
 - Sme-manager : OK
 - //smeserver/primary : Ok
 - Joining the domain : Ok
I try to restore v9.2 through the admin console: no 9 restoration, maybe the signal-event e-smith-base-update remove this possibility.

For JPP, Reinstallation of sme10, restoration during installation,
Server : update, internet access--> Ok
Client:
 - signal-event e-smith-base-update-->Dhcp not working
 - signal-event post-upgrade ; signal-event reboot -->Dhcp : Ok
After rebooting
 - Internet: OK
 - Sme-manager not working
 - //smeserver/primary : not working
 - Joining the domain : not working
Quote
rm /home/e-smith/ssl.*/* -f
signal-event ssl-update
systemctl restart httpd-e-smith
signal-event post-upgrade ; signal-event reboot
- Sme-manager : Not working
 - //smeserver/primary : Not working
 - Join domain : Not working
 - ls /home/e-smith/ssl.key-->a key was create
 - ls /home/e-smith/ssl.crt-->nothing

I will try yull's method this afternoon or tomorrow.
Have a nice day.

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #42 on: April 15, 2021, 05:50:33 PM »
would you be able to open a second putty terminal and start a
tail -f /var/log/messages

juste before issuing the signal-event ssl-update

then post the result to try to debug that. you could post that as attachement in a bug it would be great

https://bugs.koozali.org/show_bug.cgi?id=11552
« Last Edit: April 15, 2021, 05:57:31 PM by Jean-Philippe Pialasse »

Re: continuation of the topic SME Server 10 known issues
« Reply #43 on: April 16, 2021, 01:52:35 PM »
Hello.
In answer to Jean Pierre, I have also posted the answer file in the bugzilla.
Quote
[root@smeserveur ~]# tail -f /var/log/messages
Apr 16 12:07:55 smeserveur mysql.init:                                         
Apr 16 12:07:55 smeserveur mysql.init:   Fatal Error:                           
Apr 16 12:07:55 smeserveur mysql.init:   Calendar is not activated.             
Apr 16 12:07:55 smeserveur mysql.init:   In /usr/share/pear/Horde/Registry.php on line 340
Apr 16 12:07:55 smeserveur mysql.init:                                         
Apr 16 12:07:55 smeserveur mysql.init:   1. Horde_Registry::appInit() /usr/bin/kronolith-convert-to-utc:15
Apr 16 12:07:55 smeserveur mysql.init:                                         
Apr 16 12:07:55 smeserveur mysql.init:                                         
Apr 16 12:07:55 smeserveur /sbin/e-smith/db[4209]: /home/e-smith/db/configuration: OLD horde=service|DbPassword|neo6OloXX0NnD1Zvpd9CnbQcqsjju9HbIWW36VfKDm4oXSA8yhlht0EgVv4Xe8H3uRKGuxuupPPM|SecretKey|J50hffRSvOdrk0a2fX1bbdiWHmBq+1HTIIg+tUjTvyeT3m3rMS+BZuSaPKYJneJvB8ADoTca2znI|access|public|freebusy|enabled|imp|installed|status|enabled
Apr 16 12:07:55 smeserveur /sbin/e-smith/db[4209]: /home/e-smith/db/configuration: NEW horde=service|DbPassword|neo6OloXX0NnD1Zvpd9CnbQcqsjju9HbIWW36VfKDm4oXSA8yhlht0EgVv4Xe8H3uRKGuxuupPPM|KronolithUTC|yes|SecretKey|J50hffRSvOdrk0a2fX1bbdiWHmBq+1HTIIg+tUjTvyeT3m3rMS+BZuSaPKYJneJvB8ADoTca2znI|access|public|freebusy|enabled|imp|installed|status|enabled
Apr 16 12:11:59 smeserveur esmith::event[5237]: Processing event: ssl-update
Apr 16 12:11:59 smeserveur esmith::event[5237]: Running event handler: /etc/e-smith/events/actions/generic_template_expand
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /etc/dovecot/dovecot.conf
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /etc/httpd/conf/httpd.conf
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /var/service/qpsmtpd/config/tls_before_auth
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /var/service/qpsmtpd/config/tls_ciphers
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /var/service/qpsmtpd/config/tls_protocols
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /var/service/qpsmtpd/ssl/cert.pem
Apr 16 12:11:59 smeserveur esmith::event[5237]: 12667 semi-random bytes loaded
Apr 16 12:11:59 smeserveur esmith::event[5237]: Generating RSA private key, 4096 bit long modulus
Apr 16 12:12:00 smeserveur esmith::event[5237]: ...++
Apr 16 12:12:01 smeserveur esmith::event[5237]: ...++
Apr 16 12:12:01 smeserveur esmith::event[5237]: e is 65537 (0x10001)
Apr 16 12:12:01 smeserveur esmith::event[5237]: problems making Certificate Request
Apr 16 12:12:01 smeserveur esmith::event[5237]: 139673335326608:error:0D07A098:asn1 encoding routines:ASN1_mbstring_ncopy:string too short:a_mbstr.c:151:minsize=1
Apr 16 12:12:01 smeserveur esmith::event[5237]: ERROR in /etc/e-smith/templates//home/e-smith/ssl.crt: Program fragment delivered error <<Closing openssl pipe reported:  at /etc/e-smith/templates//home/e-smith/ssl.crt line 114.>> at template line 1
Apr 16 12:12:01 smeserveur esmith::event[5237]: WARNING in /etc/e-smith/templates//home/e-smith/ssl.pem/40crt: ERROR: Template processing failed for //home/e-smith/ssl.crt/smeserveur.esh.crt: 1 fragment generated errors
Apr 16 12:12:01 smeserveur esmith::event[5237]:  at /etc/e-smith/templates//home/e-smith/ssl.pem/40crt line 10.
Apr 16 12:12:01 smeserveur esmith::event[5237]: ERROR in /etc/e-smith/templates//home/e-smith/ssl.pem/40crt: Program fragment delivered error <<Could not open crt file: Aucun fichier ou dossier de ce type at /etc/e-smith/templates//home/e-smith/ssl.pem/40crt line 15.>> at template line 1
Apr 16 12:12:01 smeserveur esmith::event[5237]: ERROR: Template processing failed for //var/service/qpsmtpd/ssl/cert.pem: 1 fragment generated warnings, 1 fragment generated errors
Apr 16 12:12:01 smeserveur esmith::event[5237]:  at /etc/e-smith/events/actions/generic_template_expand line 56.
Apr 16 12:12:01 smeserveur esmith::event[5237]: Can't opendir(./home): Aucun fichier ou dossier de ce type
Apr 16 12:12:01 smeserveur esmith::event[5237]:  at /etc/e-smith/events/actions/generic_template_expand line 38.
Apr 16 12:12:01 smeserveur esmith::event[5237]: generic_template_expand=action|Event|ssl-update|Action|generic_template_expand|Start|1618567919 57404|End|1618567921 641968|Elapsed|2.584564
Apr 16 12:12:01 smeserveur esmith::event[5237]: Running event handler: /etc/e-smith/events/actions/adjust-services
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised dovecot (start)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Warning: dovecot.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised dovecot (sigusr1)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Warning: dovecot.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised dovecot (sighup)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Warning: dovecot.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised qpsmtpd (start)
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised qpsmtpd (sighup)
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised sqpsmtpd (start)
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised sqpsmtpd (sighup)
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised ldap (start)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Job for ldap.service failed because the control process exited with error code. See "systemctl status ldap.service" and "journalctl -xe" for details.
Apr 16 12:12:01 smeserveur esmith::event[5237]: serviceControl: Couldn't system( /usr/bin/systemctl start ldap.service): Aucun fichier ou dossier de ce type
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised ldap (reload)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Failed to reload ldap.service: Job type reload is not applicable for unit ldap.service.
Apr 16 12:12:01 smeserveur esmith::event[5237]: See system logs and 'systemctl status ldap.service' for details.
Apr 16 12:12:01 smeserveur esmith::event[5237]: serviceControl: Couldn't system( /usr/bin/systemctl reload ldap.service): Aucun fichier ou dossier de ce type
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised httpd-e-smith (start)
Apr 16 12:12:02 smeserveur esmith::event[5237]: Job for httpd-e-smith.service failed because the control process exited with error code. See "systemctl status httpd-e-smith.service" and "journalctl -xe" for details.
Apr 16 12:12:02 smeserveur esmith::event[5237]: serviceControl: Couldn't system( /usr/bin/systemctl start httpd-e-smith.service): Aucun fichier ou dossier de ce type
Apr 16 12:12:02 smeserveur esmith::event[5237]: adjusting non-supervised httpd-e-smith (reload)
Apr 16 12:12:02 smeserveur esmith::event[5237]: Job for httpd-e-smith.service invalid.
Apr 16 12:12:02 smeserveur esmith::event[5237]: serviceControl: Couldn't system( /usr/bin/systemctl reload httpd-e-smith.service): Aucun fichier ou dossier de ce type
Apr 16 12:12:02 smeserveur esmith::event[5237]: adjust-services=action|Event|ssl-update|Action|adjust-services|Start|1618567921 642145|End|1618567922 447084|Elapsed|0.804939

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #44 on: April 17, 2021, 12:37:56 AM »
https://github.com/davidmoten/jenkins-ec2-https/issues/1

suggests one of the needed field to generate a csr is too short or empty

check your /etc/openssl.conf. all fields are mandatory.

Re: continuation of the topic SME Server 10 known issues
« Reply #45 on: April 17, 2021, 10:45:56 AM »
Sorry, but I don't have /etc/openssl.conf file

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #46 on: April 17, 2021, 03:47:04 PM »
Sorry, but I don't have /etc/openssl.conf file
which points toward a missing field.

i guess this one will display error

Code: [Select]
expand-template /etc/openssl.conf
and this would should show the culprite

Code: [Select]
config show ldap

Re: continuation of the topic SME Server 10 known issues
« Reply #47 on: April 20, 2021, 12:01:30 AM »
Good evening.
Jean-Pierre, you were right again : not all LDAP fields were filled.
I do it with Configuration-->LDAP of the server manager
One reinstallation and restoration of the new backup later, the access to the server-manager works.
I continue my tests:
- Test of access by samba to the Primary Ibay : not working
 - Test to join the domain : not working
 - In case I do a yum update e-smith-samba and everything works, or almost: I can't join the domain because the pc name already exists (normal for me,  it's a pc that is already mounted to the V9.2 domain).
 - I don't know if this has something to do with it but I had downgraded samba on V9.2
Quote
https://forums.contribs.org/index.php/topic,54360.0.html

To be continued:
 - signal-event user-delete and db accounts delete to delete the machines and test the mounting to the domain
And everything should be fine after that.
Thanks again to all of you.


Offline TerryF

  • grumpy old man
  • *
  • 1,378
Re: continuation of the topic SME Server 10 known issues
« Reply #48 on: April 20, 2021, 01:23:33 AM »
Good job mate - Winner  :-)
--
qui scribit bis legit

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #49 on: April 20, 2021, 01:51:47 AM »
will have to bug and fix that


thanks for taking the time to report and help us debug.

Offline TerryF

  • grumpy old man
  • *
  • 1,378
--
qui scribit bis legit

Re: continuation of the topic SME Server 10 known issues
« Reply #51 on: April 23, 2021, 11:18:40 AM »
Hello.
As expected, after removing the machine name from the server I was able to join the domain.
Next problem, the netlogon does not work for users, only for the SmeServer Admin account.
 - I was able to fix this by changing the security settings of the bat files in the Netlogon folder from Read to Read and Execute

Offline Jean-Philippe Pialasse

  • *
  • 1,674
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: continuation of the topic SME Server 10 known issues
« Reply #52 on: April 23, 2021, 04:09:13 PM »
known fixed bug.
please help verify it to allow faster release


list of bugs to verify and procedure here
https://wiki.koozali.org/Verification_Queue


just need to create an account on bugzila

and comment direct on the bug, not here

https://bugs.koozali.org/show_bug.cgi?id=11566



if you are using a contrib to esit your netlogon, there is also a fix needing verification and is listed in the first link for smeserver-tw-logonscript

I know also an old contrib not imported in cvs that is smeserver-loginscript that would need a fix also for that if few are still using it.