Domain join failed due to the error 'FAILED: 18pyton-univention-directory-manager.inst'

Hello all,

I want to install a new univention server. During the domain join phase after several minutes I got this error Message:

Message text:

Domäneneinrichtung (Dies kann einige Zeit dauern): Please visit https://help.univention.com/t/8842 for common problem during the join and how to fix them -- FAILED: 18pyton-univention-directory-manager.inst
Configure 18python-univention-directory-manager.inst Tue Dec  7 00:42:36 CET 2021
2021-1-07 00:42:37.028812400+01:00 (in joinscript_init)
E: Can't find running daemon after 50.0 seconds. (No socketfile)


**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message: Please visit https://help.univention.com/t/8842 for common problem during the join and how to fix them -- FAILED: 18pyton-univention-directory-manager.inst
**************************************************************************

After the installtion is finished and the server rebooted, then it is reachable via SSH or HTTPS but the majority of join script was not executed. Any more trial to execute these join scripts fails.

root@server:~# univention-check-join-status
Warning: 'python-univention-directory-manager' is not configured.
Warning: 'univention-directory-policy' is not configured.
Warning: 'univention-join' is not configured.
Warning: 'univention-nagios-common' is not configured.
Warning: 'univention-appcenter' is not configured.
Warning: 'univention-nagios-client' is not configured.
Warning: 'univention-portal' is not configured.
Warning: 'univention-management-console-server' is not configured.
Warning: 'univention-appcenter-docker' is not configured.
Warning: 'univention-management-console-module-appcenter' is not configured.
Warning: 'univention-management-console-module-diagnostic' is not configured.
Warning: 'univention-management-console-module-join' is not configured.
Warning: 'univention-management-console-module-lib' is not configured.
Warning: 'univention-management-console-module-mrtg' is not configured.
Warning: 'univention-management-console-module-quota' is not configured.
Warning: 'univention-management-console-module-reboot' is not configured.
Warning: 'univention-management-console-module-services' is not configured.
Warning: 'univention-management-console-module-setup' is not configured.
Warning: 'univention-management-console-module-sysinfo' is not configured.
Warning: 'univention-management-console-module-top' is not configured.
Warning: 'univention-management-console-module-ucr' is not configured.
Warning: 'univention-management-console-module-updater' is not configured.
Warning: 'univention-management-console-module-apps' is not configured.
Warning: 'univention-nfs-server' is not configured.
Warning: 'univention-management-console-web-server' is not configured.
Warning: 'univention-pkgdb-tools' is not configured.
Error: Not all install files configured: 26 missing

Well I tried to join again by issuing the command univention-run-join-scripts and find this output in join.log:

univention-run-join-scripts started
Di 7. Dez 20:47:15 CET 2021

univention-join-hooks: looking for hook type "join/pre-joinscripts" on dc01.mydomain.local
Traceback (most recent call last):
  File "/usr/share/univention-join/univention-join-hooks", line 170, in <module>
    main()
  File "/usr/share/univention-join/univention-join-hooks", line 113, in main
    udm_modules.update()
  File "/usr/lib/pymodules/python2.7/univention/admin/modules.py", line 93, in update
    os.path.walk(dir, _walk, p)
  File "/usr/lib/python2.7/posixpath.py", line 239, in walk
    walk(name, func, arg)
  File "/usr/lib/python2.7/posixpath.py", line 231, in walk
    func(arg, top, names)
  File "/usr/lib/pymodules/python2.7/univention/admin/modules.py", line 78, in _walk
    m = __import__(mod, globals(), locals(), name)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/uvmm/profile.py", line 315, in <module>
    identify = object.identify
AttributeError: type object 'object' has no attribute 'identify'


**************************************************************************
* Running join scripts failed!                                           *
**************************************************************************
* Message:  join/pre-joinscripts failed, see /var/log/univention/join.log
**************************************************************************

Unfortunately for now I’m not that familar with python so I have no idea were I can proceed here to got one idea more.
Do anyone have the idea how to proceed here?

Thank you very much in advance.

With kind regards

Hendrik Dreyer

you should go into:

/var/log/univention
then go thru each of the log files.

Hello and thank you!

I alreday did this but the only actualized file with a fitting timestamp is the join.log .
All other files are untouched since longer time. The only file 5 mins older contains the output I’ve gotten with the command univention-check-join-status .

I think the message in the join.log is most likely clear if you understand python. Exactly this is my problem.
In the mentioned files I see a lot of commands and they sounds pretty cool. But what does they mean?

With kind regards
Hendrik Dreyer

Hi,
That may well be part of your problem…
SOMETHING happened in the PAST that did not match your timestamp.
and that is affecting the “join”
but you discounted the past because it does not fit your world view.
Crack those files open…

Hello talleyrand,

sorry, at this point you lost me. Because of an assumed time gap grater than 5 minutes, related to kerberos, I’m very sure that this can not be the case. When I do the domain join the server is fresh installed and exist since maybe 15 minutes. Also later after several reboots the join failes.
Because the server is a virtual machine I assume the time is in all VMs exacly the same. When I check the time by issuing the command date, in the CLI I see a time difference of less than one second.

I did a test with a fresh installed domain master. Here the domain join was successfull without any trouble.

I assume there is a incompatibility between my active in use environment 4.8 and the old 4.4 version.

[EDIT] One point I have forgotten to mention. A rejoin of an existing server with the same UCS version works also without problems.

With kind regards
Hendrik Dreyer

it is totally irrelevant if the server is 1 second ,1 minute or 1 hour old.
during the install and TOTALLY unrelated to the join, you may have had an error.

this is an error you did not see.

So along you come after this error and run “join” and it fails.

and then you totally convince yourself that the problem is join. , but when you check the logs on join you cannot find the error.

join is NOT a time machine, it can have no idea on past event before it was run, it only reports event from the time the script was started , until the script finished.

Things that happen BEFORE & AFTER this event WILL NOT be in the join log files.

if you flatly refuse to check all the log files, irreverent of the time stamps, then you are in for one hell of a difficult debugging session.
and since this is a VM, it might actually be outside of your VM shell.

• also I just saw this!!!
  NOT ALL THE JOIN LOG IS SHOWN…

https://forge.univention.org/bugzilla/show_bug.cgi?id=53941

Hello talleyrand,

I took a look to the logs and found some messages.
The external name resolution doesn’t work because of no internet connection or several messages for errors in .py files especialy in relation to the domain join.
Until the join has not started I found some messages that the machine.secret was not found but this stopped afer the join was partially done.

Do you have an idea for what a message I can look for?
Maybe you can be so kindly and take also a look into the log files I have attached to this post.
logs.tar.gz (83,1 KB)

I’m sorry but many of the error messages I have seen are phyton related and so I can only take a look into the mentioned py-files but understand hardly something.

Thank you in advanced.

With kind regards
Hendrik Dreyer

Please note,

when I use a domain master with the release DISTRIB_RELEASE=“4.4-8 errata1118” while the new to join server has the release DISTRIB_RELEASE=“4.4-0 errata0”, the join failes or is only partcially done.

When both servers, the domain master and the new server are installed from scratch, means both have the release DISTRIB_RELEASE=“4.4-0 errata0”, the domain join is successfull.

With kind regards
Hendrik Dreyer

Hi,
All due respect, you have barely a working system before you even start.
you must get ALL name resolution working, and must be able to run & receive the eratta updates.

No point in even trying to do a join, if your DNS cannot resolve everything.
That join script , relies on DHCP & DNS so heavily, that you will not even get close to success, if you base system is not 100% correct.

and that means being able to connect to other systems, including the one you are trying to join into.
specifically their LDAP ports.

But really you should be onto 5.0 by now

Well, the DNS servers actually works and the internal DNS resolution works but because of blocked internet traffic the DNS root servers or any other external was not available. Now I have allowed all internet traffic. External names can be resolved now, domain join is still not possible but I cantupdate the server.
I got the following error message:

Starting univention-upgrade. Current UCS version is 4.4-0 errata0

Checking for package updates:                           none
Checking for app updates:                               none
Checking for release updates:                           found: UCS 4.4-1
Please rerun command without --check argument to install.
10.12.21 00:07:26.201  DEBUG_INIT
**** Starting univention-updater with parameter=['/usr/share/univention-updater/univention-updater', 'net', '--updateto', '4.4-8', '--ignoressh', '--ignoreterm']
Version=4.4
Patchlevel=0
starting net mode
--->DBG:update_available(mode=net, cdrom_mount_point=/media/cdrom, iso=None)
Checking network repository
Update to = 4.4-1
**** Downloading scripts at Fri Dec 10 00:07:27 2021
Error: Update aborted due to verification error:
Verification error: Invalid signature: gpgv: Signature made Mo 28 Jun 2021 15:31:40 CEST
gpgv:                using RSA key D293E501A055F562
gpgv: Can't check signature: Kein öffentlicher Schlüssel

This can and should only be disabled temporarily using the UCR
variable 'repository/online/verify'.

After I have disabled the signature check by setting anything in repository/online/verify I got this:

**** Starting univention-updater with parameter=['/usr/share/univention-updater/univention-updater', 'net', '--updateto', '4.4-8', '--ignoressh', '--ignoreterm']
Version=4.4
Patchlevel=0
starting net mode
--->DBG:update_available(mode=net, cdrom_mount_point=/media/cdrom, iso=None)
Checking network repository
Update to = 4.4-1
**** Downloading scripts at Fri Dec 10 00:07:27 2021
Error: Update aborted due to verification error:
Verification error: Invalid signature: gpgv: Signature made Mo 28 Jun 2021 15:31:40 CEST
gpgv:                using RSA key D293E501A055F562
gpgv: Can't check signature: Kein öffentlicher Schlüssel

This can and should only be disabled temporarily using the UCR
variable 'repository/online/verify'.
10.12.21 00:12:49.394  DEBUG_INIT
**** Starting univention-updater with parameter=['/usr/share/univention-updater/univention-updater', 'net', '--updateto', '4.4-8', '--ignoressh', '--ignoreterm']
Version=4.4
Patchlevel=0
starting net mode
--->DBG:update_available(mode=net, cdrom_mount_point=/media/cdrom, iso=None)
Checking network repository
Update to = 4.4-1
**** Downloading scripts at Fri Dec 10 00:12:53 2021
**** Starting actual update at Fri Dec 10 00:12:56 2021
Running preup.sh script
Fr 10. Dez 00:12:56 CET 2021
...
!!! MISSED LINES YOU WILL FIND IN THE ATTACHED update.log.tar.gz

...
**** Starting univention-updater with parameter=['/usr/share/univention-updater/univention-updater', 'net', '--updateto', '4.4-8', '--ignoressh', '--ignoreterm']
Version=4.4
Patchlevel=0
starting net mode
--->DBG:update_available(mode=net, cdrom_mount_point=/media/cdrom, iso=None)
Checking network repository
Update to = 4.4-1
**** Downloading scripts at Fri Dec 10 00:07:27 2021
Error: Update aborted due to verification error:
Verification error: Invalid signature: gpgv: Signature made Mo 28 Jun 2021 15:31:40 CEST
gpgv:                using RSA key D293E501A055F562
gpgv: Can't check signature: Kein öffentlicher Schlüssel

This can and should only be disabled temporarily using the UCR
variable 'repository/online/verify'.
10.12.21 00:12:49.394  DEBUG_INIT
**** Starting univention-updater with parameter=['/usr/share/univention-updater/univention-updater', 'net', '--updateto', '4.4-8', '--ignoressh', '--ignoreterm']
Version=4.4
Patchlevel=0
starting net mode
--->DBG:update_available(mode=net, cdrom_mount_point=/media/cdrom, iso=None)
Checking network repository
Update to = 4.4-1
**** Downloading scripts at Fri Dec 10 00:12:53 2021
**** Starting actual update at Fri Dec 10 00:12:56 2021
Running preup.sh script
Fr 10. Dez 00:12:56 CET 2021

*complete Log-file you will find here update.log.tar.gz (5,4 KB)

Well, I understand why UCS can’t download updates, but how I can resolve this?

With kind regards
Hendrik Dreyer

Stop wasting your time on 4.4 and go to 5.0
becasue even if you get 4.4 working , you will still have to go to 5.0.

but it is very clear in your log …

Error: Failed to execute “apt-get update”

which is a linux deb. app.
so drop down to “var/log” and take a look at the log files.

Hello talleyrand,

actually i would like to go this way but for now there are several dependencies and I can’t update to UCS 5.0 . Unfortunately I need to reinstall this server as fast as possible possibly because the old server has some problems with updates and a bunch of other problems and so I want to reinstall it.
Do you have an idea how to make known the latest repositories or update keys or how I can find the right idea? This would help to come one step next.
In the log files I found no additional information except parts of this i can find in the update.log.

One information I will send tomorrow. When I issue the command apt-get update I see some other but similar messages.

Thank you very much.

With kind regards
Hendrik Dreyer

Hello,

when I issue the command apt-get update I got messages like this several times:

W: GPG-Fehler: https://updates.software-univention.de/4.4/maintained 4.4-1/all/ Release: Die folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher Schlüssel nicht verfügbar ist: NO_PUBKEY D293E501A055F562
E: The repository 'https://updates.software-univention.de/4.4/maintained 4.4-1/all/ Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

putty.log.tar.gz (2,4 KB)

At the moment I try to understand apt-secure or from were I can import the public key.
It would be most appricated to get assitance on this.

Thank you very much.

With kind regards
Hendrik Dreyer

Hello,

because I found no possibility to actualize the keys to check the signature of new packagages, I have exported them by using the command apt-key exportall from one of my running (prod) servers and import them on my problem server by issuing the command apt-key add.

Now I was able to update the server and then finish the domain join.

Please be aware: import such keys from trusted sources only!

Perhaps someone can confirm what I have done is ok or, if not, why it should be discouraged.
For now, it’s working for me.

EDIT: The server is now updated up to the latest release 4.4-8.x and running.

Thank you very much!

With kind regards
Hendrik Dreyer