I forget this problem for a while and decide to start working on the case this morning and ive found the problem
In the active directory users and computers the computer object of the Univention server wich is named “cloud” for me had the wrong password
On my dc in event viewer log in security ive found this error
The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: CLOUD$
Source Workstation: CLOUD
Error Code: 0xC000006A
0xC000006A = The username is correct but the password is wrong ( https://www.manageengine.com/products/active-directory-audit/kb/windows-security-log-event-id-4776.html )
So i check the password on the server with his command
root@cloud:/var/log/univention# more /etc/machine.secret
YLEf94FfpGLLKihVC8EH
Then i open a powershell windows and reset the password of the computer object “cloud”
Set-ADAccountPassword ‘CN=cloud,CN=Computers,DC=xxx,DC=xxx,DC=xxx,DC=xxx’ -Reset -NewPassword (ConvertTo-SecureString -AsPlainText “YLEf94FfpGLLKihVC8EH” -Force)
Then everything start to sync back again
Now when im looking at the log in /var/log/univention/connector-status.log im seing this
try to sync 14 changes from UCS
done: 1 2 3 4 5 6 7 8 9 10 11 12 13 14
Changes from UCS: 14 (0 saved rejected)
try to sync 0 changes from UCS
done:
Changes from UCS: 0 (0 saved rejected)
try to sync 3 changes from AD
done: (1) (2) (3)
Changes from AD: 0 (14 saved rejected)
- sleep 5 seconds (1/10 until resync) -
Wed Feb 12 14:52:52 2020
try to sync 0 changes from UCS
done:
Changes from UCS: 0 (0 saved rejected)
try to sync 3 changes from AD
done: (1) (2) (3)
Changes from AD: 0 (14 saved rejected)
- sleep 5 seconds (2/10 until resync) -
Wed Feb 12 14:52:57 2020
try to sync 0 changes from UCS
done:
Changes from UCS: 0 (0 saved rejected)
try to sync 3 changes from AD
done: (1) (2) (3)
Changes from AD: 0 (14 saved rejected)
- sleep 5 seconds (3/10 until resync) -
Wed Feb 12 14:53:02 2020
try to sync 0 changes from UCS
done:
Changes from UCS: 0 (0 saved rejected)
try to sync 3 changes from AD
done: (1) (2) (3)
Changes from AD: 0 (14 saved rejected)
- sleep 5 seconds (4/10 until resync) -
Wed Feb 12 14:53:07 2020
try to sync 0 changes from UCS
done:
Changes from UCS: 0 (0 saved rejected)
try to sync 3 changes from AD
done: (1) (2) (3)
Changes from AD: 0 (14 saved rejected)
- sleep 5 seconds (5/10 until resync) -
Wed Feb 12 14:53:12 2020
try to sync 0 changes from UCS
done:
Changes from UCS: 0 (0 saved rejected)
try to sync 3 changes from AD
done: (1) (2) (3)
Changes from AD: 0 (14 saved rejected)
- sleep 5 seconds (6/10 until resync) -
Wed Feb 12 14:53:17 2020
try to sync 0 changes from UCS
done:
Changes from UCS: 0 (0 saved rejected)
try to sync 3 changes from AD
done: (1) (2) (3)
Changes from AD: 0 (14 saved rejected)
- sleep 5 seconds (7/10 until resync) -
Wed Feb 12 14:53:22 2020
try to sync 0 changes from UCS
done:
Changes from UCS: 0 (0 saved rejected)
try to sync 3 changes from AD
done: (1) (2) (3)
Changes from AD: 0 (14 saved rejected)
- sleep 5 seconds (8/10 until resync) -
Wed Feb 12 14:53:27 2020
try to sync 0 changes from UCS
done:
Changes from UCS: 0 (0 saved rejected)
try to sync 3 changes from AD
done: (1) (2) (3)
Changes from AD: 0 (14 saved rejected)
- sleep 5 seconds (9/10 until resync) -
Wed Feb 12 14:53:32 2020
try to sync 0 changes from UCS
done:
Changes from UCS: 0 (0 saved rejected)
try to sync 3 changes from AD
done: (1) (2) (3)
Changes from AD: 0 (14 saved rejected)
On the file /var/log/univention/connector.log isee some errors like that
12.02.2020 15:01:10.704 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=JUR - Secrétaires Direction,OU=Juridiques_Security_Groups,OU=Juridiques,OU=xxx,OU=Ville De xxx,DC=ville,DC=xxx,DC=qc,DC=ca
12.02.2020 15:01:10.711 LDAP (PROCESS): sync to ucs: [ group] [ modify] cn=JUR - Secrétaires Direction,ou=juridiques_security_groups,ou=juridiques,ou=xxx,ou=ville de xxx,dc=ville,dc=xxx,dc=qc,dc=ca
12.02.2020 15:01:10.713 LDAP (ERROR ): Unknown Exception during sync_to_ucs
12.02.2020 15:01:10.713 LDAP (ERROR ): Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/univention/connector/init.py”, line 1293, in sync_to_ucs
result = self.modify_in_ucs(property_type, object, module, position)
File “/usr/lib/python2.7/dist-packages/univention/connector/init.py”, line 1133, in modify_in_ucs
return bool(ucs_object.modify())
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/init.py”, line 651, in modify
dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/init.py”, line 1312, in _modify
self._ldap_pre_modify()
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/groups/group.py”, line 470, in _ldap_pre_modify
self.check_ad_group_type_change()
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/groups/group.py”, line 929, in check_ad_group_type_change
raise univention.admin.uexceptions.adGroupTypeChangeDomainLocalToGlobal
adGroupTypeChangeDomainLocalToGlobal
12.02.2020 15:01:10.714 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=VB Distribution - Tous,OU=Ville De xxx,DC=ville,DC=xxx,DC=qc,DC=ca
12.02.2020 15:01:10.735 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=VB Distribution - Tous,ou=ville de xxx,dc=ville,dc=xxx,dc=qc,dc=ca
12.02.2020 15:01:10.842 LDAP (ERROR ): Unknown Exception during sync_to_ucs
12.02.2020 15:01:10.843 LDAP (ERROR ): Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/univention/connector/init.py”, line 1278, in sync_to_ucs
result = self.add_in_ucs(property_type, object, module, position)
File “/usr/lib/python2.7/dist-packages/univention/connector/init.py”, line 1124, in add_in_ucs
return bool(ucs_object.create())
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/init.py”, line 558, in create
dn = self._create(response=response, serverctrls=serverctrls)
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/init.py”, line 1241, in _create
al = self._ldap_addlist()
File “/usr/lib/python2.7/dist-packages/univention/admin/handlers/groups/group.py”, line 489, in _ldap_addlist
raise univention.admin.uexceptions.mailAddressUsed
mailAddressUsed
Any ideas ?
Thanks hope it can help someone