Nextcloud internal server error first login

Hi,

I just did a fresh install of UCS, joined it to my windows active directory domain and installed all available updates (4.3-2 errata331). so far everything seemed to work (login with domain credentials to ucs management, list users and groups etc.)

Then I installed nextcloud from the app center

Unfortunately the installer for docker apps seems to ignore proxy settings, but after opening the firewall for the ucs system, the installation went through.

But when I try to logon with my admin account to nextcloud web UI I’m getting an internal server error. “The server was not able to complete you request” (probably an unprecise translation from German to English)

It also says that I should look into the server log. Unfortunately this is my “first contact” with docker and I have no idea where to find it ^^

Any ideas?

Kind regards
Michael

Hi @michael-hennemann,

only on the first login? If yes, then this could be related to https://github.com/nextcloud/server/issues/11474

Hi,

nope, thats not it.
Even after a refresh of the site I am still getting the error.

So I am not able to log in at all.

kind regards
Michael

Can you provide the log file? → /var/lib/univention-appcenter/apps/nextcloud/data/nextcloud-data/nextcloud.log

Hi,

thanks for you reply!

Here is the logfile

kind regards
Michaelnextcloud.log (65,5 KB)

Did an update to 4.3-2 errata344 today - no difference

Hi,
I just tossed away the UCS VM and startet with a clean fresh new one

• Installation of UCS
• Join of Windows Domain
• Update to latest update (4.3-2 errata376)
• Installation of NextCloud

-> Same error !

Am I the only one with this problem?

kind regards
Michael

OK, I finally figured it out !

(with the help of another guy in the forum and some googeling)

1. First issue: DNS
   My UCS server creates a DNS record in my windows DNS during the initial setup and the domain join (actually there are two DNS records but I don’t know what the other one is for.)
   Unfortunately it did not update the record after I changed the IP address from a DHCP to a static one.
   Nextcloud uses the fqdn to connect to the local ldap server of the UCS and therefore fails to login any users. After correcting the dns record manually I was able to log in

2. Second issue: Administrator
   I finally was able to log in to Nextcloud but only with a regular user and NOT with my builtin Administrator account. Nextcloud UI always said “wrong password”
   I was able to fix that by giving the administrator account a firstname, a lastname and a display name in my windows active directory. I’ve seen this behavior with a different linux appliance that used ldap to connect to a windows AD.

3. Third issue: Administrative rights
   Despite of what univention claims in the app catalogue, my windows domain administrator is not a pre configured nextcloud admin by default. So I was able to login with my administrator account but in nextcloud it was just a regular user with standard user rights. To fix this I logged in via SSH and looked in the admin secret file

cat /var/lib/univention-appcenter/apps/nextcloud/conf/admin.secret

This seems to contain the password for the builtin nextcloud admin (“nc_admin”) account in plain text.
With that I was able to login to nextcloud with admin rights and give my windows domain administrator also admin privileges

If you ask me, these issues will be reproducible in any UCS setup with a windows domain and nextcloud

They should be considered as BUGS
And it should be in the interest of univention to fix them.

hi,

thanks for reporting and posting the solution here, too. Great work!

It is indeed in the interest of Univention. Just to add:
First: If a user changes IP and does not take alls DNS records into account you can not call this a bug. Or at least not a bug which can be fixed by Univention…
Second: Sounds strange, indeed. If this can be reproduce I would suggest to tell Nextcloud about this issue.
Third: Same as on the second.

I assume you had the second and the third error because of the first. I could imagine (although I do not know it) all will get set up properly if the user’s configuration and installation procedure went well. So the scripts could create and sync all users as needed.

A misconfigured DNS is verly likely to cause all sort of trouble…

Despite of this there is always the possibility to create a bug.

/CV

Hi Christian,
Thanks for your reply!

I think a member server (or PC) in a windows domain should update his DNS record automatically. At least windows hosts do that. I guess for a server this is not that important (as the IPs don’t change that much) but a client pc should update its dns record after a change of ip address.
The UCS system was able to create the dns records at domain join so it should be able to change them after a change of IP address.

You might be right, maybe the second and the third issues are results of the first one…

Regards
Michael

The workaround did not work for me (UCS 4.4.0 Errata 137).
In my case I get the error message after any login, if I have no host record in UCS DNS defined. Only after defining a host-record for my UCS-server with the local IP-address (192.168.21.51)

 ucs   192.168.21.51     Host Record

in the "UCS - “Donain” - “DNS” runs Nextcloud-login without error, called from internal network or from internet.

I cannot leave the A-record, because letsencrypt cannot validate my UCS-server then.
All accounts (administrator, users) are affected, even using Nextcloud clients (Windows and Android).

I guess, that Nextcloud seems to need an internal IP-address to UCS-server itself, because the router resolves an external IP-address.
If login into Nextcloud fails, in the UCS network-settings the FritzBox-IP is set as DNS.

Nextcloud Logfile (/var/lib/univention-appcenter/apps/nextcloud/data/nextcloud-data/nextcloud.log):
ucs-nextcloud.txt (7.1 KB)