Problem: The joinscript 92univention-management-console-web-server.inst fails

Knowledge Base Community
, , , ,
#1

Problem:

Rejoining or just running univention-run-join-scripts the joinscript 92univention-management-console-web-server.inst fails.

Investigation:

/var/log/univention/join.log shows:

Object exists: SAMLServiceProviderIdentifier=https://real-member.schein.ig/univention/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=schein,dc=ig
+ /usr/share/univention-management-console/saml/update_metadata --binddn uid=Administrator,cn=users,dc=schein,dc=ig --bindpwdfile /tmp/tmp.RQtsLK4CCY
No modification: SAMLServiceProviderIdentifier=https://real-member.schein.ig/univention/saml/metadata,cn=saml-serviceprovider,cn=univention,dc=schein,dc=ig
+ ucr set ucs/server/sso/fqdn?ucs-sso.schein.ig
Not updating ucs/server/sso/fqdn
+ ucr shell ucs/server/sso/fqdn
+ eval ucs_server_sso_fqdn=ucs-sso.schein.ig
+ ucs_server_sso_fqdn=ucs-sso.schein.ig
+ /etc/init.d/apache2 reload
Reloading apache2 configuration (via systemctl): apache2.service.
+ is_ucr_false umc/web/sso/enabled
+ local value
+ /usr/sbin/univention-config-registry get umc/web/sso/enabled
+ value=true
+ echo -n true
+ tr [:upper:] [:lower:]
+ return 1
+ rm /usr/share/univention-management-console/saml/idp/*.xml
rm: das Entfernen von '/usr/share/univention-management-console/saml/idp/*.xml' ist nicht möglich: Datei oder Verzeichnis nicht gefunden
+ ucr set umc/saml/idp-server=https://ucs-sso.schein.ig/simplesamlphp/saml2/idp/metadata.php
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

^M  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0^M  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

curl: (22) The requested URL returned error: 500 Internal Server Error

Trying to download the metadata manually:

root@real-member:~# curl http://ucs-sso.schein.ig/simplesamlphp/saml2/idp/metadata.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an igal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at
 webmaster@ad-master.schein.ig to inform them of the time this error occurred,
 and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>
<hr>
<address>Apache/2.4.25 (Univention) Server at ucs-sso.schein.ig Port 80</address>
</body></html>

Testing the download on the master shows the same.

Lokking into the apache2 error log on the master:

/var/log/apache2/error.log
Jun 28 09:39:06.107593 2019] [cgi:error] [pid 2363] [client 10.200.43.3:46796] AH01215: Fri Jun 28 09:39:06 2019 (26042): : /var/www/saml/php-cgi
[Fri Jun 28 09:39:06.107688 2019] [cgi:error] [pid 2363] [client 10.200.43.3:46796] AH01215: Fatal Error : /var/www/saml/php-cgi
[Fri Jun 28 09:39:06.107774 2019] [cgi:error] [pid 2363] [client 10.200.43.3:46796] AH01215: Unable to create lock file: Bad file descriptor (9): /var/www/saml/php-cgi
[Fri Jun 28 09:39:06.107823 2019] [cgi:error] [pid 2363] [client 10.200.43.3:46796] AH01215: : /var/www/saml/php-cgi
[Fri Jun 28 09:39:06.109454 2019] [cgi:error] [pid 2363] [client 10.200.43.3:46796] End of script output before headers: php-cgi

According to the IP these messages come from the joining member.

Solution:

At the moment it is not clear why, but

service apache2 restart

solves the problem

#2
Mastodon