Problem: Internal server error: The service is temporarily not available

Knowledge Base Community
, ,
#1

Problem:

Internal server error: The service is temporarily not available.
Bildschirmfoto%20vom%202019-09-20%2012-21-27

Investigation:

Step 1

Check the adjusted self-service limits

umc/self-service/passwordreset/limit/per_user/.*: <empty>
umc/self-service/passwordreset/limit/per_user/day: 120
umc/self-service/passwordreset/limit/per_user/hour: 60
umc/self-service/passwordreset/limit/per_user/minute: 10
umc/self-service/passwordreset/limit/total/.*: <empty>
umc/self-service/passwordreset/limit/total/day: 1000
umc/self-service/passwordreset/limit/total/hour: 200
umc/self-service/passwordreset/limit/total/minute: 120

Step 2

Check the statistics:

 /usr/lib/univention-self-service/univention-self-service-request-count 
t:c_day:            1 / 1000      expiration in 86116 seconds (at 17.09.2019 16:38:30)
t:c_hour:          59 /  200      expiration in  3316 seconds (at 16.09.2019 17:38:30)
t:c_minute:         1 /  120      expiration in    46 seconds (at 16.09.2019 16:44:00)
[...]

Step 3

If these numbers in the statistic rise extremely fast, then you might check for a dos attack.

Within 6 minutes 59 trials are completed
 Active: active (running) since Mon 2019-09-16 16:38:12 CEST; 6min ago

t:c_day:            1 / 1000      expiration in 86116 seconds (at 17.09.2019 16:38:30)
t:c_hour:          59 /  200      expiration in  3316 seconds (at 16.09.2019 17:38:30)
t:c_minute:         1 /  120      expiration in    46 seconds (at 16.09.2019 16:44:00)

With a restart of the service you reset the statistic and can use the self-service untill the limit is reached again.
systemctl status univention-self-service-passwordreset-umc.service

Step 4

Check if self-service invitation is activatet and there are some deactivated users:

ucr get umc/self-service/invitation/enabled
univention-ldapsearch uid=user1 sambaAcctFlags
→ sambaAcctFlags: [UD         ] → "D" Account is disabled

Step 5

Check the self-service invitation cache:

 ls -lah /var/cache/univention-directory-listener/selfservice-invitation/
-rw------- 1 listener nogroup    0 Sep 11 12:09 user1.send

Solution:

Move the cache files or delete them and restart the services:

mv /var/cache/univention-directory-listener/selfservice-invitation/* ~/somewhere/
systemctl restart univention-self-service-invitation.service
systemctl status univention-self-service-passwordreset-umc.service

See also Bug 50230

#2
Mastodon