Problem rejoining slave DC

UCS - Univention Corporate Server
1

Hi,

I try to rejoin a slave server without any luck. It fails on 03univention-directory-listener.inst. As far as I understand, the problem is related to the machine password. I have followed the instrutions to alter it in LDAP according to Problem: Unable to (re-)join: 03univention-directory-listener.inst failed

Still I cannot get the server to sucessfully join. Does anybody have any further tips to provide?

many thanks in advance.

best regards
Harald

2

Have you checked the join.log?

3

Hi, Christian

Thanks for replying. Yes I have looked at the join.log, but until now I have not been able to interpret it properly.

However, I now try to join with this command:

univention-join -dcaccount -type domaincontroller_slave -verbose

which looks more promising. Unlike before, the problem now is downloading host certificate due to permission problems:

Could not chdir to home directory /dev/null: Not a directory
scp: /etc/univention/ssl/DEBFIL: Permission denied
Could not chdir to home directory /dev/null: Not a directory
scp: /etc/univention/ssl/DEBFIL.ad.obib.no: Permission denied

  • ‘[’ -d /etc/univention/ssl/DEBFIL ‘]’
  • ‘[’ 5 -gt 30 ‘]’
  • echo -n .
  • sleep 20
  • true
  • (( counter++ ))
  • univention-scp /etc/machine.secret -q -r ‘DEBFIL$@dc01.ad.obib.no:/etc/univention/ssl/DEBFIL’ ‘DEBFIL$@dc01.ad.obib.no:/etc/univention/ssl/DEBFIL.ad.obib.no’ /etc/univention/ssl/
    Could not chdir to home directory /dev/null: Not a directory
    scp: /etc/univention/ssl/DEBFIL: Permission denied
    Could not chdir to home directory /dev/null: Not a directory
    scp: /etc/univention/ssl/DEBFIL.ad.obib.no: Permission denied
  • ‘[’ -d /etc/univention/ssl/DEBFIL ‘]’
  • ‘[’ 6 -gt 30 ‘]’
  • echo -n .
  • sleep 20
    ^C

This surely should be easily solveable?

Best regards
Harald

4

OK, I changed the group to “DC Slave Hosts”, and now I am able to download the certs at least, but still no luck with the listener-install.

ln -snf /etc/runit/univention-directory-listener /etc/runit/univention/univention-directory-listener

  • service univention-directory-listener stop
  • ‘[’ -e /var/lib/univention-directory-listener ‘]’
  • rm -Rf ‘/var/lib/univention-directory-listener/*’
  • ‘[’ -e /var/lib/univention-directory-replication ‘]’
  • rm -Rf ‘/var/lib/univention-directory-replication/*’
  • ‘[’ -e /var/lib/univention-ldap/listener/listener ‘]’
  • chown listener /var/lib/univention-ldap/listener/listener /var/lib/univention-ldap/listener/listener.lock
  • write_translog=1
  • case “$server_role” in
  • dn=cn=DEBFIL,cn=dc,cn=computers,dc=ad,dc=obib,dc=no
  • secret=/etc/machine.secret
  • ‘[’ -n ‘’ ‘]’
  • notifierid_master=
  • mode=-i
  • /usr/sbin/univention-directory-listener -i -d 4 -h dc01.ad.obib.no -b dc=ad,dc=obib,dc=no -m /usr/lib/univention-directory-listener/system -c /var/lib/univention-directory-listener -o -ZZ -x -D cn=DEBFIL,cn=dc,cn=computers,dc=ad,dc=obib,dc=no -y /etc/machine.secret
    01.11.19 14:46:42.169 DEBUG_INIT
    01.11.19 14:46:42.174 LISTENER ( INFO ) : purging cache
    01.11.19 14:46:42.174 LDAP ( PROCESS ) : connecting to ldap://dc01.ad.obib.no:7389
    01.11.19 14:46:42.182 LDAP ( INFO ) : simple_bind as cn=DEBFIL,cn=dc,cn=computers,dc=ad,dc=obib,dc=no
    01.11.19 14:46:42.189 LISTENER ( INFO ) : connecting to notifier dc01.ad.obib.no:6669
    01.11.19 14:46:42.190 LISTENER ( INFO ) : connection to 10.172.2.15 failed with errorcode 111: Connection refused
    01.11.19 14:46:42.190 LISTENER ( ERROR ) : failed to connect to any notifier
    01.11.19 14:46:42.190 LISTENER ( ERROR ) : can not connect any server, exit
  • exit_status=1
  • ‘[’ -f ‘’ ‘]’
  • command -v slapd
  • service slapd restart
    Warning: slapd.service changed on disk. Run ‘systemctl daemon-reload’ to reload units.
  • ‘[’ 1 = 0 ‘]’
  • die ‘Failed to start Listener’
  • echo ‘03univention-directory-listener.inst: Failed to start Listener’
    03univention-directory-listener.inst: Failed to start Listener
  • exit 1
  • ‘[’ 1 -ne 0 ‘]’
  • echo -e ‘\033[60Gfailed’
    ++ basename /usr/lib/univention-install/03univention-directory-listener.inst
  • failed_message ‘FAILED: 03univention-directory-listener.inst’
  • echo ‘’
  • echo ‘’
  • tee -a /var/log/univention/join.log
  • echo ‘**************************************************************************’
  • echo ‘* Join failed! *’
  • echo ‘* Contact your system administrator *’
  • echo ‘**************************************************************************’
  • echo ‘* Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them – FAILED: 03univention-directory-listener.inst’
  • echo ‘**************************************************************************’
  • Join failed! *
  • Contact your system administrator *

++ ucr get hostname

  • /usr/sbin/univention-admin-diary-entry-create --event JOIN_FINISHED_FAILURE --arg hostname=DEBFIL --context-id 9b36e870-4ad1-48bc-a258-64e77fa09556
  • exit 1
  • trapOnExit
  • rm -rf /tmp/tmp.rrbxQ9Pb6m
  • joinscript_remove_credentialfiles
  • test -e /var/run/univention-join/bindpwd
  • rm /var/run/univention-join/bindpwd
  • test -e /var/run/univention-join/binddn
  • rm /var/run/univention-join/binddn
  • ‘[’ -n true -a true = true ‘]’
  • ‘[’ -n 2 ‘]’
  • ucr set listener/debug/level=2
    Setting listener/debug/level
    ++ LC_ALL=C
    ++ date
  • echo ‘Fri Nov 1 14:46:42 CET 2019: finish /usr/sbin/univention-join’
5

Hi,

I am still not ready to let my slave DC go, as I am having trouble getting the shares on it up on other servers at the moment. I would appreciate any tips on ways to attempt joining the computer to the domain. Could it for instance be possible to join it as a backup controller instead of slave?

best regards
Harald