Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x => Topic started by: Raphaël on March 30, 2021, 10:56:13 AM
-
#2 after I restore my data from my SME9 to my SME10 , I can not access to the web server / server-manager
Bonjour.
I'm testing to restore my 9.2 backup to a new SmeV10Rc1 installatiion.
On the 9.2 i've the smeserver-dhcpmanager and sme9admin contribs installed.
I've two problems when restoring :
- The access to the server-manager isn't working, (ip or Netbios, and the httpd -t command say all is correct)
- I've the server in DHCP mode but the client doesn't have an ip.
If i install the smeserver-dhcp-dns contrib, the dhcp works, but the access to the manager no.
Sorry for my poor english.
Thank you for your hard work.
Raphaël Larronde
-
Is it a certificate issue. What's in the logs
-
My bet is on
Remove your templates-custom for httpd. There are chances you have a fragment with reference to php values for php module for httpd. We do not use this anymore, and it creates a fatal error on start of httpd
Be careful with following:
mv /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf /root/
systemctl restart httpd-e-smith.service
-
Is it a certificate issue. What's in the logs
unlikely, it has been fool proofed.
My bet is on
Remove your templates-custom for httpd. There are chances you have a fragment with reference to php values for php module for httpd. We do not use this anymore, and it creates a fatal error on start of httpd
most likely, so it is not a continuation of SME Server 10 known issues, but it is #2 after I restore my data from my SME9 to my SME10 , I can not access to the web server / server-manage
so please do , and report here the content of
# /sbin/e-smith/audittools/templates
#httpd -t
then to fix as pointed by Terry
# mv /etc/e-smith/templates-custom/etc/httpd.conf/httpd.conf /root/
# systemctl restart httpd-e-smith.service
why not the /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf ? because systemd does it for httpd-e-smith....
for the dhcp it is unclear for me because you speak about having smeserver-dhcpmanager on SME9, but solved the issue by installing smeserver-dhcp-dns on SME10 ... please clarify
-
for the dhcp it is unclear for me because you speak about having smeserver-dhcpmanager on SME9, but solved the issue by installing smeserver-dhcp-dns on SME10 ... please clarify
$ ls smeserver-dhcpmanager-2.0.4/root/etc/e-smith/templates-custom/etc/dhcpd.conf/
25DomainNameServers 25LeaseTimeDefault 25LeaseTimeMax 25Routers
so this is similar issue as #3
you need to remove the templates-custom that the contribs should not have put there.... or install it, but we need to fix the contrib not to do that
-
Bonjour and thank's for yours answers.
I will do a fresh smeserver 10 install, and restore the backup.
And after report the command mentionned by Jean-Philippe Pialasse
# /sbin/e-smith/audittools/templates
#httpd -t
And sorry it's not a continuation but i didn't know how to put.
-
Suite.
New installation (no contrib installation) and restoration from a USB key.
See the results in attachment.
The state of the server !
- server ping: OK.
- No IP address affected to the client.
- After setting a manual ip, access to the internet is fine but no access to the server-manager.
For the dhcpmanager and dhcp-dns contribs, it was just to show you what I had on version 9.2 and how I had done to have the DHCP working on V10.
Thanks
-
sorry there was a typo, fixed it in the original message
mv /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf /root/
should be
mv /etc/e-smith/templates-custom/etc/httpd.conf/httpd.conf /root/
as shown in your pic "aucun fichier ou dossier" because of the typo, so nothing has changed
a free tips, when typing this long paths, hit "tab" key it will autocomplete to what is available, it limits the amount of typos, and could have help you to find mine ;)
but funny, you do not seem to have any templates custom looking at the empty output of
/sbin/e-smith/audittools/templates
so might not be this the issue...
could you give us the output of
tail -f /var/log/httpd/error_log
also the output of
tail -f /var/log/dhcpd/dhcpd.log -n50
-
Egun on.
Here are the results of the orders. In attachments.
Certificate and subnetwork problems obviously.
Thanks in advance for your help.
-
Well seems that the cookie is for James Wilson, as certificates it is.
certificate it is, we fool proofed it by checking that files exists, but not by testing they are actual SSL server certificates and keys....
what were you using for your SSL certificates ? Let's encrypt or do you import them from an external CA ?
if you imported a key forme xternal CA, it could be that the order inside the pem file is wrong see https://stackoverflow.com/questions/4658484/ssl-install-problem-key-value-mismatch-but-they-do-match
a quick workaround would be :
config show modSSL
config delprop modSSL crt key CertificateChainFile
signal-event ssl-update
you then would have a httpd working with the default self signed certificate.
for dhcp you did not show the output of the command asked.
-
Oups. Sorry for the attachment.
I will test your code tomorrow.
Then thanks and also to James Wilson
-
Well seems that the cookie is for James Wilson, as certificates it is.
certificate it is, we fool proofed it by checking that files exists, but not by testing they are actual SSL server certificates and keys....
:-) Free chicken dinner to James, well picked.....
-
Oups. Sorry for the attachment.
I will test your code tomorrow.
Then thanks and also to James Wilson
not realy readable but I imagine I read something like
Not configured to listen to any interface
...
No subnet declaration for eth0 (noIPv4 addresses)
so there is no template custom as per previous output...
and you have a reference to eth0 while it is highly imporbable that on SME10 you have a eth0, it will more likely be called ens1 or something else.
what gives :
systemctl cat dhcpd
also
config show InternalInterface
do a simple
signal-event e-smith-base-update
helps ?
-
Whoa too much credit
Just something that caught me and stopped apache starting. Had it on affa rise when the certs were not added to the backup.
But I'll take it lol
-
Bonjour.
Concerning the DHCP your command worked well. I will put the captures of your commands tonight if it helps.
On the other hand I still have an error accessing the server-manager. Can I try to recreate them with these command : https://wiki.contribs.org/Useful_Commands#Certificates?
Thanks
-
Use the command as per JPs post above
https://forums.contribs.org/index.php/topic,54441.msg285046.html#msg285046
Terry, that probably needs updating on the wiki - useful commands & letsencrypt?
-
Use the command as per JPs post above
https://forums.contribs.org/index.php/topic,54441.msg285046.html#msg285046
Terry, that probably needs updating on the wiki - useful commands & letsencrypt?
Does this wiki entry in effect do the same?
https://wiki.contribs.org/Useful_Commands#How_to_simply_recreate_the_certificate_for_SME_Server
and for letsencrypt
https://wiki.contribs.org/Letsencrypt#Authorization_Errors
-
Letsencrypt one doesn't use ssl-update?
-
as per the wiki
config delprop modSSL CertificateChainFile
config delprop modSSL crt
config delprop modSSL key
signal-event console-save
-
Inconsistent then :-)
-
USB mouse connect/disconnect log noise in messages log.
I've submitted a bug report: https://bugs.koozali.org/show_bug.cgi?id=11536
See bug for fix that works for me but as yet untested/unconfirmed.
-
Excellent, thank you
-
Bonjour.
Unfortunately, after several attempts, I still can't access the server-manager despite your help and the help of the wiki https://wiki.koozali.org/Useful_Commands#Certificates.
I also tested the completed installation, the import of the backup with the admin console (number 9) and recreate the certificate but still nothing.
Thank you for everything, I will start from scratch and reassemble the user data, accounts ... manually.
-
Hmmm.
You really ought to try and nail your issue as it might happen all over again.
Show us:
/sbin/e-smith/audittools/templates
/sbin/e-smith/audittools/newrpms
What do your logs say?
Look in:
/var/log/messages
/var/log/httpd/error_log
/var/log/httpd/admin_error_log
https://wiki.koozali.org/Useful_Commands#Parse_Log_files_to_search_for_errors
There should be something in there to give you a clue.
-
Thank you for your encouragement. I am attaching the screenshots but I don't see anything that can inform us unfortunately.
Some kernel errors in the /var/log/messages and nothing in the other.
-
Hmmmm. It doesn't make sense.
There has to be something, somewhere.
Those screenshots were taken AFTER a restore and while you have the issue?
The assumption is there is a problem with server-manager, but I am wondering if you actually have network issues.
What error do you get in your browser trying to access the server manager?
Can you ping the server?
Can you ping from the server to your router or internet?
Can you ssh to the server?
What is your network configuration?
-
I know it a bit basic but you have shut down the old sme, ie the new one is booting when the IP it wants is available
-
In summary.
The current server, v9.2 is a domain controller, 2 sata disks in raid1, running the administrative part in a small school set, 40 users and 50 workstations.
The contribs dhcpmanager, dhcpdns and sme9admin are installed.
2 Ethernets cards, one to the fixed IP router, one to the local network distributing DHCP addresses.
Almost no files, no ibays, the storage is done on a Nas.
The new server is a DellT110, 16go ram, 3 sata disks. I'm testing on a separate network, with a windows 10 pro client.
In reply to ReetP
- all screenshots are taken after the restore,
After the restore :
- internet access works from server and client,
- access to the server-manager does not work,
- I haven't tested to mount the client to the domain yet. I'll do it tomorrow.
Thanks for your help.
-
So you are accessing the new server manager using Windows 10 on the internal network?
What does the browser say?
What do the /var/log/httpd/access & error logs say - there should be something when you try to connect?
Tail them both as you try.
You definitely removed all custom templates and reset the certificates after restore?
-
I saw that you were able to update a few times so you have network access apart from the dhcp issue which is now fixed with signal-event e-smith-base-update.
I would really suggest you to do the following commands using putty or any means to access using ssh to your server, as it will be easier to avoid a typo and would of greater help for us and latter to be able to read copy pasted text than poor quality pics.
So to debug httpd
we already had
httpd -t
Syntax OK
no custom template as /sbin/e-smith/audittools/templates returns nothing
also I am assuming that we have the following
config show modSSL
modSSL=service
Country=CA
TCPPort=443
access=public
status=enabled
If you see key, crt or CertificateChainFile properties do:
config delprop modSSL CertificateChainFile crt key
signal-event ssl-update
systemctl restart httpd-e-smith
systemctl is-active httpd-e-smith
we are assuming the issue is httpd-e-smith as the erorrs we get about certs in one of your pics, but you only speak about server-manager does not work, which we have interpreted as is not reachable.
What exactly you mean as does not work ??? what are you seeing ?
Are you able to see the content of your primary ebay using http ? what do you see if you try ? error message ?
can you access (at least seeing the login page ) the manager from the server doing
elinks http://localhost:980/server-manager
are you able to login ?
and doing this way :
elinks http://localhost:80/server-manager
assuming this works using port 980 but not 80; could you try those 2 commands
openssl rsa -noout -modulus -in /home/e-smith/ssl.key/$HOSTNAME.key |openssl md5
openssl x509 -noout -modulus -in /home/e-smith/ssl.crt/$HOSTNAME.crt |openssl md5
you do not need to paste here the actual result but please check that the content of those two command is eaxctly the same, letter by letter amd no error message is provided before this line
(stdin)= sometexthere
if they are different please delete or move those two files and do
signal-event ssl-update
systemctl restart httpd-e-smith
systemctl is-active httpd-e-smith
finally, if still not working getting the result of the following would help
ll /var/log/httpd/error_log*
tail -f /var/log/httpd/error_log
systemctl cat httpd-e-smith
systemctl status httpd-e-smith
-
Bonjour.
Yes, the command return (Capture from Putty)
[root@smeserveur ~]# httpd -t
Syntax OK
[root@smeserveur ~]# /sbin/e-smith/audittools/templates
[root@smeserveur ~]#
Then
[root@smeserveur ~]# config show modSSL
modSSL=service
TCPPort=443
access=public
status=enabled
[root@smeserveur ~]#
After
[root@smeserveur ~]# config delprop modSSL CertificateChainFile crt key
[root@smeserveur ~]# signal-event ssl-update
[root@smeserveur ~]# systemctl restart httpd-e-smith
Job for httpd-e-smith.service failed because the control process exited with error code. See "systemctl status httpd-e-smith.service" and "journalctl -xe" for details.
[root@smeserveur ~]# systemctl is-active httpd-e-smith failed
-
Suite
elinks http://localhost:980/server-manager
are you able to login ?
and doing this way :
Code: [Select]
elinks http://localhost:80/server-manager
Both aren't working, or from the admin console
in case i put the command. Md5 sum is different but it's maybe normal since the elink don't work
[root@smeserveur ~]# openssl rsa -noout -modulus -in /home/e-smith/ssl.key/$HOSTNAME.key |openssl md5
(stdin)= 7493fb457087917da69a16ab3e998b87
[root@smeserveur ~]# openssl x509 -noout -modulus -in /home/e-smith/ssl.crt/$HOSTNAME.crt |openssl md5
(stdin)= 63e4ae38feabb8cde40b1ce5ac
-
Next, after erasing the key and crt files
[root@smeserveur ~]# signal-event ssl-update
[root@smeserveur ~]# systemctl restart httpd-e-smith
Job for httpd-e-smith.service failed because the control process exited with error code. See "systemctl status httpd-e-smith.service" and "journalctl -xe" for details.
If i do a systemctl status httpd-e-smith.service as asked
[root@smeserveur ~]# systemctl status httpd-e-smith.service
● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Service
Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since lun. 2021-04-12 16:09:26 CEST; 1min 58s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 16599 ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND (code=exited, status=1/FAILURE)
Process: 16596 ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare (code=exited, status=0/SUCCESS)
Process: 16593 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf (code=exited, status=0/SUCCESS)
Process: 16586 ExecStartPre=/sbin/e-smith/service-status httpd-e-smith (code=exited, status=0/SUCCESS)
Main PID: 16599 (code=exited, status=1/FAILURE)
avril 12 16:09:26 smeserveur.esh systemd[1]: Starting httpd-e-smith The Koozali SME Server Apache HTTP Service...
avril 12 16:09:26 smeserveur.esh httpd[16599]: AH00526: Syntax error on line 146 of /etc/httpd/conf/httpd.conf:
avril 12 16:09:26 smeserveur.esh httpd[16599]: SSLCertificateFile: file '/home/e-smith/ssl.crt/smeserveur.esh.cr...empty
avril 12 16:09:26 smeserveur.esh systemd[1]: httpd-e-smith.service: main process exited, code=exited, status=1/FAILURE
avril 12 16:09:26 smeserveur.esh systemd[1]: Failed to start httpd-e-smith The Koozali SME Server Apache HTTP Service.
avril 12 16:09:26 smeserveur.esh systemd[1]: Unit httpd-e-smith.service entered failed state.
avril 12 16:09:26 smeserveur.esh systemd[1]: httpd-e-smith.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@smeserveur ~]#
-
To finish
[root@smeserveur ~]# ll /var/log/httpd/error_log*
lrwxrwxrwx 1 root root 39 12 avril 15:13 /var/log/httpd/error_log -> /var/log/httpd/error_log.20210412151302
-rw-r--r-- 1 root root 1354 12 avril 15:10 /var/log/httpd/error_log.20210412145843
-rw-r--r-- 1 root root 2031 12 avril 15:39 /var/log/httpd/error_log.20210412151302
[root@smeserveur ~]# tail -f /var/log/httpd/error_log
[Mon Apr 12 15:39:49.253599 2021] [ssl:warn] [pid 9305] AH01906: RSA server certificate is a CA certificate (BasicConstr aints: CA == TRUE !?)
[Mon Apr 12 15:39:49.253667 2021] [ssl:warn] [pid 9305] AH01909: RSA certificate configured for esh:443 does NOT include an ID which matches the server name
[Mon Apr 12 15:39:49.253682 2021] [ssl:emerg] [pid 9305] AH02238: Unable to configure RSA server private key
[Mon Apr 12 15:39:49.253697 2021] [ssl:emerg] [pid 9305] SSL Library Error: error:0B080074:x509 certificate routines:X50 9_check_private_key:key values mismatch
[Mon Apr 12 15:39:49.253701 2021] [ssl:emerg] [pid 9305] AH02312: Fatal error initialising mod_ssl, exiting.
[Mon Apr 12 15:39:49.783941 2021] [ssl:warn] [pid 9383] AH01906: RSA server certificate is a CA certificate (BasicConstr aints: CA == TRUE !?)
[Mon Apr 12 15:39:49.784006 2021] [ssl:warn] [pid 9383] AH01909: RSA certificate configured for esh:443 does NOT include an ID which matches the server name
[Mon Apr 12 15:39:49.784022 2021] [ssl:emerg] [pid 9383] AH02238: Unable to configure RSA server private key
[Mon Apr 12 15:39:49.784037 2021] [ssl:emerg] [pid 9383] SSL Library Error: error:0B080074:x509 certificate routines:X50 9_check_private_key:key values mismatch
[Mon Apr 12 15:39:49.784040 2021] [ssl:emerg] [pid 9383] AH02312: Fatal error initialising mod_ssl, exiting.
and
[root@smeserveur ~]# systemctl cat httpd-e-smith
# /usr/lib/systemd/system/httpd-e-smith.service
[Unit]
Description=httpd-e-smith The Koozali SME Server Apache HTTP Service
After=network.target remote-fs.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)
[Service]
Type=notify
EnvironmentFile=/etc/sysconfig/httpd
ExecStartPre=/sbin/e-smith/service-status httpd-e-smith
ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare
ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND
ExecReload=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -k graceful
ExecStop=/bin/kill -WINCH ${MAINPID}
# We want systemd to give httpd some time to finish gracefully, but still want
# it to kill httpd after TimeoutStopSec if something went wrong during the
# graceful stop. Normally, Systemd sends SIGTERM signal right after the
# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
# httpd time to finish.
KillSignal=SIGCONT
PrivateTmp=true
[Install]
WantedBy=sme-server.target
and then
[root@smeserveur ~]# systemctl status httpd-e-smith
● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Service
Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since lun. 2021-04-12 16:09:26 CEST; 7min ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 16599 ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREGROUND (code=exited, status=1/FAILURE)
Process: 16596 ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare (code=exited, status=0/SUCCESS)
Process: 16593 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf (code=exited, status=0/SUCCESS)
Process: 16586 ExecStartPre=/sbin/e-smith/service-status httpd-e-smith (code=exited, status=0/SUCCESS)
Main PID: 16599 (code=exited, status=1/FAILURE)
avril 12 16:09:26 smeserveur.esh systemd[1]: Starting httpd-e-smith The Koozali SME Server Apache HTTP Service...
avril 12 16:09:26 smeserveur.esh httpd[16599]: AH00526: Syntax error on line 146 of /etc/httpd/conf/httpd.conf:
avril 12 16:09:26 smeserveur.esh httpd[16599]: SSLCertificateFile: file '/home/e-smith/ssl.crt/smeserveur.esh.crt' does not ... empty
avril 12 16:09:26 smeserveur.esh systemd[1]: httpd-e-smith.service: main process exited, code=exited, status=1/FAILURE
avril 12 16:09:26 smeserveur.esh systemd[1]: Failed to start httpd-e-smith The Koozali SME Server Apache HTTP Service.
avril 12 16:09:26 smeserveur.esh systemd[1]: Unit httpd-e-smith.service entered failed state.
avril 12 16:09:26 smeserveur.esh systemd[1]: httpd-e-smith.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
[root@smeserveur ~]#
-
So sorry to waste your time. :-(
-
do not be sorry.
so both httpd-admin and httpd-e-smith are not running becaus you can not join on port 980 from the command line.
smeserveur.esh httpd[16599]: SSLCertificateFile: file '/home/e-smith/ssl.crt/smeserveur.esh.cr...empty
shows that cert has not been renewed.
and error log shows a mismatch between keys and crt.
also at the openssl test you had different output so there is an issue there
try
rm /home/e-smith/ssl.*/* -f
signal-event ssl-update
systemctl restart httpd-e-smith
systemctl status -l httpd-e-smith
also as httpd-admin seems to have an issue please do
systemctl status -l httpd-admin
is it a bare metal machine or vm?
-
Hi
[[root@smeserveur ~]# rm /home/e-smith/ssl.*/* -f
[root@smeserveur ~]# signal-event ssl-update
[root@smeserveur ~]# systemctl restart httpd-e-smith
Job for httpd-e-smith.service failed because the control process exited with err or code. See "systemctl status httpd-e-smith.service" and "journalctl -xe" for d etails.
[root@smeserveur ~]# systemctl status -l httpd-e-smith
● httpd-e-smith.service - httpd-e-smith The Koozali SME Server Apache HTTP Servi ce
Loaded: loaded (/usr/lib/systemd/system/httpd-e-smith.service; enabled; vendo r preset: enabled)
Active: failed (Result: exit-code) since mar. 2021-04-13 08:53:38 CEST; 11s a go
Docs: man:httpd(8)
man:apachectl(8)
Process: 14768 ExecStart=/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -DFOREG ROUND (code=exited, status=1/FAILURE)
Process: 14765 ExecStartPre=/sbin/e-smith/systemd/httpd-e-smith-prepare (code= exited, status=0/SUCCESS)
Process: 14742 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/conf/http d.conf (code=exited, status=0/SUCCESS)
Process: 14733 ExecStartPre=/sbin/e-smith/service-status httpd-e-smith (code=e xited, status=0/SUCCESS)
Main PID: 14768 (code=exited, status=1/FAILURE)
avril 13 08:53:38 smeserveur.esh systemd[1]: Starting httpd-e-smith The Koozali SME Server Apache HTTP Service...
avril 13 08:53:38 smeserveur.esh httpd[14768]: AH00526: Syntax error on line 146 of /etc/httpd/conf/httpd.conf:
avril 13 08:53:38 smeserveur.esh httpd[14768]: SSLCertificateFile: file '/home/e -smith/ssl.crt/smeserveur.esh.crt' does not exist or is empty
avril 13 08:53:38 smeserveur.esh systemd[1]: httpd-e-smith.service: main process exited, code=exited, status=1/FAILURE
avril 13 08:53:38 smeserveur.esh systemd[1]: Failed to start httpd-e-smith The K oozali SME Server Apache HTTP Service.
avril 13 08:53:38 smeserveur.esh systemd[1]: Unit httpd-e-smith.service entered failed state.
avril 13 08:53:38 smeserveur.esh systemd[1]: httpd-e-smith.service failed.
/i]
And
[root@smeserveur ~]# systemctl status -l httpd-admin
● httpd-admin.service - httpd-admin The Koozali SME Server Server-Manager web service
Loaded: loaded (/usr/lib/systemd/system/httpd-admin.service; enabled; vendor preset: enabled)
Active: active (running) since lun. 2021-04-12 16:45:05 CEST; 16h ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 1465 ExecStartPre=/sbin/e-smith/expand-template /etc/httpd/admin-conf/httpd.conf (code=exited, status=0/SUCCESS)
Process: 1374 ExecStartPre=/sbin/e-smith/service-status httpd-admin (code=exited, status=0/SUCCESS)
Main PID: 1496 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
Memory: 2.7M
CGroup: /system.slice/httpd-admin.service
├─1496 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
└─1709 /usr/sbin/httpd -f /etc/httpd/admin-conf/httpd.conf -DFOREGROUND
avril 12 16:45:00 smeserveur.esh systemd[1]: Starting httpd-admin The Koozali SME Server Server-Manager web service...
avril 12 16:45:05 smeserveur.esh systemd[1]: Started httpd-admin The Koozali SME Server Server-Manager web service.
[root@smeserveur ~]#
And
[root@smeserveur ~]# ls /home/e-smith/ssl.crt
[root@smeserveur ~]# ls /home/e-smith/ssl.key
smeserveur.esh.key
[root@smeserveur ~]#
It's a baremetal
-
So for whatever good reason ssl-update does not appear to be recreating your server certificates correctly.
avril 13 08:53:38 smeserveur.esh httpd[14768]: AH00526: Syntax error on line 146 of /etc/httpd/conf/httpd.conf:
avril 13 08:53:38 smeserveur.esh httpd[14768]: SSLCertificateFile: file '/home/e-smith/ssl.crt/smeserveur.esh.crt' does not exist or is empty
Can you try this:
rm /home/e-smith/ssl.crt/*
rm /home/e-smith/ssl.key/*
rm /home/e-smith/ssl.pem/*
signal-event post-upgrade
signal-event reboot
-
Hello
Sorry for my English (French)
I had the same problem as you to access server-manager on a backup restore (French) on a SME 10 French installation)
After reading you, I managed to work around the problem in the following way:
- SME 10 installation without restoring the backup
- Server configuration
Modification of the smeserver.tgz backup file with 7-Zip:
Delete files contained in these directories
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.crt \
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.key \
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.pem \
- Restore the backup from the console
- reboot
- Server configuration (restoring the backup crashed it after the reboot)
And it's good we can access server-manager
Restoring contributions, updating, and more than just testing
-
Perfect. Like your English!!
Yes it really needs a reboot I think.
-
Yull
thanks for your post
Hello
Sorry for my English (French)
I had the same problem as you to access server-manager on a backup restore (French) on a SME 10 French installation)
After reading you, I managed to work around the problem in the following way:
- SME 10 installation without restoring the backup
- Server configuration
Modification of the smeserver.tgz backup file with 7-Zip:
Delete files contained in these directories
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.crt \
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.key \
smeserver.tgz \ smeserver.tar \ home \ e-smith \ ssl.pem \
thanks you pointed one element that was not tested: importation of old keys....
we now use a size of 4096, which is what a lot of security audit now ask for
on sme 9 the key was lower, and it seems that the test to delete it and recreate is not at the right place.
so here is a bug, that you both suffered as you use the self signed certificate, and you found a really nice workaround
- Restore the backup from the console
- reboot
- Server configuration (restoring the backup crashed it after the reboot)
And it's good we can access server-manager
Restoring contributions, updating, and more than just testing
yes as Reetp pointed out after a restore a reboot is mandatory, for two reasons :
- only services planned to be started after installation are up at the end, systemd was not aware he needs to start services that have been enabled during the restore.
- mysql restore process also still depends on a backup
I have however tested the ssl-update event after deleting the old keys of a server, and this is working
I am able to restart httpd-e-smith, so there is something strange there with Raphaël
rm /home/e-smith/ssl.*/* -f
signal-event ssl-update
systemctl restart httpd-e-smith
curious to see with the signal-event post-upgrade ; signal-event reboot
-
Bonjour.
Merci Yull pour tes informations. Je suis dans le même cas, avec une installation de sme en français.
Je me permet de résumer mes tests.
Installation of sme10.
Server : update, internet access--> Ok
Client :
- DHCP : not working--> signal-event e-smith-base-update-->DHCP : Ok
- Internet : OK
- Sme-manager : OK
- //smeserver/primary : Ok
- Joining the domain : Ok
I try to restore v9.2 through the admin console: no 9 restoration, maybe the signal-event e-smith-base-update remove this possibility.
For JPP, Reinstallation of sme10, restoration during installation,
Server : update, internet access--> Ok
Client:
- signal-event e-smith-base-update-->Dhcp not working
- signal-event post-upgrade ; signal-event reboot -->Dhcp : Ok
After rebooting
- Internet: OK
- Sme-manager not working
- //smeserver/primary : not working
- Joining the domain : not working
rm /home/e-smith/ssl.*/* -f
signal-event ssl-update
systemctl restart httpd-e-smith
signal-event post-upgrade ; signal-event reboot
- Sme-manager : Not working
- //smeserver/primary : Not working
- Join domain : Not working
- ls /home/e-smith/ssl.key-->a key was create
- ls /home/e-smith/ssl.crt-->nothing
I will try yull's method this afternoon or tomorrow.
Have a nice day.
-
would you be able to open a second putty terminal and start a
tail -f /var/log/messages
juste before issuing the signal-event ssl-update
then post the result to try to debug that. you could post that as attachement in a bug it would be great
https://bugs.koozali.org/show_bug.cgi?id=11552
-
Hello.
In answer to Jean Pierre, I have also posted the answer file in the bugzilla.
[root@smeserveur ~]# tail -f /var/log/messages
Apr 16 12:07:55 smeserveur mysql.init:
Apr 16 12:07:55 smeserveur mysql.init: Fatal Error:
Apr 16 12:07:55 smeserveur mysql.init: Calendar is not activated.
Apr 16 12:07:55 smeserveur mysql.init: In /usr/share/pear/Horde/Registry.php on line 340
Apr 16 12:07:55 smeserveur mysql.init:
Apr 16 12:07:55 smeserveur mysql.init: 1. Horde_Registry::appInit() /usr/bin/kronolith-convert-to-utc:15
Apr 16 12:07:55 smeserveur mysql.init:
Apr 16 12:07:55 smeserveur mysql.init:
Apr 16 12:07:55 smeserveur /sbin/e-smith/db[4209]: /home/e-smith/db/configuration: OLD horde=service|DbPassword|neo6OloXX0NnD1Zvpd9CnbQcqsjju9HbIWW36VfKDm4oXSA8yhlht0EgVv4Xe8H3uRKGuxuupPPM|SecretKey|J50hffRSvOdrk0a2fX1bbdiWHmBq+1HTIIg+tUjTvyeT3m3rMS+BZuSaPKYJneJvB8ADoTca2znI|access|public|freebusy|enabled|imp|installed|status|enabled
Apr 16 12:07:55 smeserveur /sbin/e-smith/db[4209]: /home/e-smith/db/configuration: NEW horde=service|DbPassword|neo6OloXX0NnD1Zvpd9CnbQcqsjju9HbIWW36VfKDm4oXSA8yhlht0EgVv4Xe8H3uRKGuxuupPPM|KronolithUTC|yes|SecretKey|J50hffRSvOdrk0a2fX1bbdiWHmBq+1HTIIg+tUjTvyeT3m3rMS+BZuSaPKYJneJvB8ADoTca2znI|access|public|freebusy|enabled|imp|installed|status|enabled
Apr 16 12:11:59 smeserveur esmith::event[5237]: Processing event: ssl-update
Apr 16 12:11:59 smeserveur esmith::event[5237]: Running event handler: /etc/e-smith/events/actions/generic_template_expand
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /etc/dovecot/dovecot.conf
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /etc/httpd/conf/httpd.conf
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /var/service/qpsmtpd/config/tls_before_auth
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /var/service/qpsmtpd/config/tls_ciphers
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /var/service/qpsmtpd/config/tls_protocols
Apr 16 12:11:59 smeserveur esmith::event[5237]: expanding /var/service/qpsmtpd/ssl/cert.pem
Apr 16 12:11:59 smeserveur esmith::event[5237]: 12667 semi-random bytes loaded
Apr 16 12:11:59 smeserveur esmith::event[5237]: Generating RSA private key, 4096 bit long modulus
Apr 16 12:12:00 smeserveur esmith::event[5237]: ...++
Apr 16 12:12:01 smeserveur esmith::event[5237]: ...++
Apr 16 12:12:01 smeserveur esmith::event[5237]: e is 65537 (0x10001)
Apr 16 12:12:01 smeserveur esmith::event[5237]: problems making Certificate Request
Apr 16 12:12:01 smeserveur esmith::event[5237]: 139673335326608:error:0D07A098:asn1 encoding routines:ASN1_mbstring_ncopy:string too short:a_mbstr.c:151:minsize=1
Apr 16 12:12:01 smeserveur esmith::event[5237]: ERROR in /etc/e-smith/templates//home/e-smith/ssl.crt: Program fragment delivered error <<Closing openssl pipe reported: at /etc/e-smith/templates//home/e-smith/ssl.crt line 114.>> at template line 1
Apr 16 12:12:01 smeserveur esmith::event[5237]: WARNING in /etc/e-smith/templates//home/e-smith/ssl.pem/40crt: ERROR: Template processing failed for //home/e-smith/ssl.crt/smeserveur.esh.crt: 1 fragment generated errors
Apr 16 12:12:01 smeserveur esmith::event[5237]: at /etc/e-smith/templates//home/e-smith/ssl.pem/40crt line 10.
Apr 16 12:12:01 smeserveur esmith::event[5237]: ERROR in /etc/e-smith/templates//home/e-smith/ssl.pem/40crt: Program fragment delivered error <<Could not open crt file: Aucun fichier ou dossier de ce type at /etc/e-smith/templates//home/e-smith/ssl.pem/40crt line 15.>> at template line 1
Apr 16 12:12:01 smeserveur esmith::event[5237]: ERROR: Template processing failed for //var/service/qpsmtpd/ssl/cert.pem: 1 fragment generated warnings, 1 fragment generated errors
Apr 16 12:12:01 smeserveur esmith::event[5237]: at /etc/e-smith/events/actions/generic_template_expand line 56.
Apr 16 12:12:01 smeserveur esmith::event[5237]: Can't opendir(./home): Aucun fichier ou dossier de ce type
Apr 16 12:12:01 smeserveur esmith::event[5237]: at /etc/e-smith/events/actions/generic_template_expand line 38.
Apr 16 12:12:01 smeserveur esmith::event[5237]: generic_template_expand=action|Event|ssl-update|Action|generic_template_expand|Start|1618567919 57404|End|1618567921 641968|Elapsed|2.584564
Apr 16 12:12:01 smeserveur esmith::event[5237]: Running event handler: /etc/e-smith/events/actions/adjust-services
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised dovecot (start)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Warning: dovecot.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised dovecot (sigusr1)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Warning: dovecot.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised dovecot (sighup)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Warning: dovecot.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised qpsmtpd (start)
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised qpsmtpd (sighup)
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised sqpsmtpd (start)
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised sqpsmtpd (sighup)
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised ldap (start)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Job for ldap.service failed because the control process exited with error code. See "systemctl status ldap.service" and "journalctl -xe" for details.
Apr 16 12:12:01 smeserveur esmith::event[5237]: serviceControl: Couldn't system( /usr/bin/systemctl start ldap.service): Aucun fichier ou dossier de ce type
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised ldap (reload)
Apr 16 12:12:01 smeserveur esmith::event[5237]: Failed to reload ldap.service: Job type reload is not applicable for unit ldap.service.
Apr 16 12:12:01 smeserveur esmith::event[5237]: See system logs and 'systemctl status ldap.service' for details.
Apr 16 12:12:01 smeserveur esmith::event[5237]: serviceControl: Couldn't system( /usr/bin/systemctl reload ldap.service): Aucun fichier ou dossier de ce type
Apr 16 12:12:01 smeserveur esmith::event[5237]: adjusting non-supervised httpd-e-smith (start)
Apr 16 12:12:02 smeserveur esmith::event[5237]: Job for httpd-e-smith.service failed because the control process exited with error code. See "systemctl status httpd-e-smith.service" and "journalctl -xe" for details.
Apr 16 12:12:02 smeserveur esmith::event[5237]: serviceControl: Couldn't system( /usr/bin/systemctl start httpd-e-smith.service): Aucun fichier ou dossier de ce type
Apr 16 12:12:02 smeserveur esmith::event[5237]: adjusting non-supervised httpd-e-smith (reload)
Apr 16 12:12:02 smeserveur esmith::event[5237]: Job for httpd-e-smith.service invalid.
Apr 16 12:12:02 smeserveur esmith::event[5237]: serviceControl: Couldn't system( /usr/bin/systemctl reload httpd-e-smith.service): Aucun fichier ou dossier de ce type
Apr 16 12:12:02 smeserveur esmith::event[5237]: adjust-services=action|Event|ssl-update|Action|adjust-services|Start|1618567921 642145|End|1618567922 447084|Elapsed|0.804939
-
https://github.com/davidmoten/jenkins-ec2-https/issues/1
suggests one of the needed field to generate a csr is too short or empty
check your /etc/openssl.conf. all fields are mandatory.
-
Sorry, but I don't have /etc/openssl.conf file
-
Sorry, but I don't have /etc/openssl.conf file
which points toward a missing field.
i guess this one will display error
expand-template /etc/openssl.conf
and this would should show the culprite
config show ldap
-
Good evening.
Jean-Pierre, you were right again : not all LDAP fields were filled.
I do it with Configuration-->LDAP of the server manager
One reinstallation and restoration of the new backup later, the access to the server-manager works.
I continue my tests:
- Test of access by samba to the Primary Ibay : not working
- Test to join the domain : not working
- In case I do a yum update e-smith-samba and everything works, or almost: I can't join the domain because the pc name already exists (normal for me, it's a pc that is already mounted to the V9.2 domain).
- I don't know if this has something to do with it but I had downgraded samba on V9.2
https://forums.contribs.org/index.php/topic,54360.0.html
To be continued:
- signal-event user-delete and db accounts delete to delete the machines and test the mounting to the domain
And everything should be fine after that.
Thanks again to all of you.
-
Good job mate - Winner :-)
-
will have to bug and fix that
thanks for taking the time to report and help us debug.
-
Bug 11569 https://bugs.koozali.org/show_bug.cgi?id=11569
-
Hello.
As expected, after removing the machine name from the server I was able to join the domain.
Next problem, the netlogon does not work for users, only for the SmeServer Admin account.
- I was able to fix this by changing the security settings of the bat files in the Netlogon folder from Read to Read and Execute
-
known fixed bug.
please help verify it to allow faster release
list of bugs to verify and procedure here
https://wiki.koozali.org/Verification_Queue
just need to create an account on bugzila
and comment direct on the bug, not here
https://bugs.koozali.org/show_bug.cgi?id=11566
if you are using a contrib to esit your netlogon, there is also a fix needing verification and is listed in the first link for smeserver-tw-logonscript
I know also an old contrib not imported in cvs that is smeserver-loginscript that would need a fix also for that if few are still using it.