[SOLVED] Problem with UDN Replication (Error retrieving notifier ID from the UDN)

Hi, I am not able to login with any new user and changing password for any user does not work. Login from new user or old user with new password works fine if i directly login to univention from web. From system diagnostics i am getting this error (Warning: check for problems with UDN replecation. Error retrieving notifier ID from the UDN.)

From Solutions i tried:

  1. tail -1 /var/lib/univention-ldap/notify/transaction and it has no output
  2. cat /var/lib/univention-directory-listener/notifier_id and it gives some ID.
  3. /usr/lib/nagios/plugins/check_univention_replication and error (CRITICAL: no change of listener transaction id for last 0 checks (nid=Error: [Errno 111] Connection refused lid=9249))
  4. univention-directory-listener-ctrl status and tail -f /var/log/univention/listener.log gives:
    01.05.19 13:17:59.781 LISTENER ( ERROR ) : failed to connect to any notifier
    01.05.19 13:17:59.781 LISTENER ( WARN ) : can not connect any server, retrying in 30 seconds
    01.05.19 13:18:29.781 LISTENER ( WARN ) : Notifier/LDAP server is PDC.domain.local:7389
    01.05.19 13:18:29.781 LDAP ( PROCESS ) : connecting to ldap://PDC.domain.local:7389
    01.05.19 13:18:29.785 LISTENER ( ERROR ) : failed to connect to any notifier
    01.05.19 13:18:29.785 LISTENER ( WARN ) : can not connect any server, retrying in 30 seconds
    01.05.19 13:18:59.785 LISTENER ( WARN ) : Notifier/LDAP server is PDC.domain.local:7389
    01.05.19 13:18:59.785 LDAP ( PROCESS ) : connecting to ldap://PDC.domain.local:7389
    01.05.19 13:18:59.789 LISTENER ( ERROR ) : failed to connect to any notifier
    01.05.19 13:18:59.789 LISTENER ( WARN ) : can not connect any server, retrying in 30 seconds
    01.05.19 13:19:29.789 LISTENER ( WARN ) : Notifier/LDAP server is PDC.domain.local:7389
    01.05.19 13:19:29.789 LDAP ( PROCESS ) : connecting to ldap://PDC.domain.local:7389
    01.05.19 13:19:29.793 LISTENER ( ERROR ) : failed to connect to any notifier
    01.05.19 13:19:29.793 LISTENER ( WARN ) : can not connect any server, retrying in 30 seconds

systemctl status univention-directory-listener and service is active and running.

I have also search through internet and nothing worked for me. Please help.

Hi,

/CV

Hi, I have already looked in this article before posting. This is the error i am getting in first step:

/usr/lib/nagios/plugins/check_univention_replication

CRITICAL: no change of listener transaction id for last 0 checks (nid=Error: [Errno 111] Connection refused lid=9249)

It does not have NID and connection refused. I think there is no point in following next step but i did restart services as mentioned in other different articles i checked and even restart the server couple of times

Could you explain why you think there is no point in following?

I thought it is written clearly:

Repeat the check a couple of seconds later. If it still shows “CRITICAL” proceed to step 2.

So restart and check for results as described in this article… and read further.

/CV

I said so because in steps it says to go to step to for CRITICAL. Well it is saying CRITICAL but mine output does not show any NID and ends up with error for it and says connection refused.

I tried it many times and the error is always same.

My output does not says anything about “failed.ldif”

Anyway i followed the step 2 and it does not worked. In article from step 2, i tried to change the ID from “/var/lib/univention-ldap/schema/id/id”. It gave this output (02.05.19 11:22:51.659 DEBUG_INIT) and waited for some time and when i again run previous command, nothing happened.

So when i moved to old ID number then it ends up with this error:
02.05.19 11:24:41.324 DEBUG_INIT
02.05.19 11:24:41.329 LISTENER ( ERROR ) : pidfile /var/lib/univention-directory-listener/pid exists, aborting…17 File exists.

I am also following this article:

My listener service is running ok, only issue with notifier service.

  1. command “pgrep -f /usr/sbin/univention-directory-notifier” gives nothing
    and
  2. sv status univention-directory-notifier | sed -n ‘s/:.*//p’ gives “finish”
    which as per the article says that service was terminated for unknown reason.

Didn’t find any next step. Am i missing something there ?

Also this is my only server, no backups, no secondary server…

Hi,

sorry, for remote troubleshooting it is really important to do the things step-by-step. You are mixing up currently nearly everything. We are here to help but you need to follow our suggestions otherwise your might make it worse!

Please only refer to this article at the moment.
You did the steps? I want to get the output.
So in step 1 you got result 1, right?
In Step 2 you got “finished” for the notifier, right?
So did you increase debug level and restarted services as recommended in step 3?
If so, check mentioned

/var/log/univention/notifier.log

and look for ERROR. Post these lines (and some lines before and after this ERROR) here.

/CV

Hi, Really sorry for this. Here are my complete 4 steps. Kindly suggest further.

Step 1: /usr/lib/nagios/plugins/check_univention_replication
CRITICAL: no change of listener transaction id for last 0 checks (nid=Error: [Errno 111] Connection refused lid=9249)

Step 2: sv status univention-directory-notifier | sed -n ‘s/:.*//p’
finish

Step 3: ucr set notifier/debug/level=4
Setting notifier/debug/level
File: /etc/runit/univention-directory-notifier/run

Step 4: tail -f /var/log/univention/listener.log
02.05.19 15:57:55.135 LISTENER ( INFO ) : connection to 192.168.11.26 failed with errorcode 111: Connection refused
02.05.19 15:57:55.135 LISTENER ( ERROR ) : failed to connect to any notifier
02.05.19 15:57:55.135 LISTENER ( WARN ) : can not connect any server, retrying in 30 seconds
02.05.19 15:58:25.135 LISTENER ( WARN ) : Notifier/LDAP server is UCSDC.walkwel.lan:7389
02.05.19 15:58:25.135 LDAP ( PROCESS ) : connecting to ldap://UCSDC.walkwel.lan:7389
02.05.19 15:58:25.138 LDAP ( INFO ) : simple_bind as cn=admin,dc=walkwel,dc=lan
02.05.19 15:58:25.138 LISTENER ( INFO ) : connecting to notifier UCSDC.walkwel.lan:6669

tail -f /var/log/univention/notifier.log
IndexError: 9249
usage: univention-translog ldap [-h] tid [tid …]
univention-translog ldap: error: argument tid: invalid int value: ‘’
Traceback (most recent call last):
File “/usr/share/univention-directory-notifier/univention-translog”, line 1178, in
exit(main())
File “/usr/share/univention-directory-notifier/univention-translog”, line 398, in main
return opt.func(opt) or 0
File “/usr/share/univention-directory-notifier/univention-translog”, line 442, in import_all
with Index(opt.translog_file) as index, Translog(opt.translog_file, index) as translog, ldapi(opt) as ld:
File “/usr/share/univention-directory-notifier/univention-translog”, line 276, in enter
self.seek(last)
File “/usr/share/univention-directory-notifier/univention-translog”, line 347, in seek
raise IndexError(tid)

Well, we are in the case of “still not working”. What is written?

To check if the notifier/ listener files are corrupted, use this article.

Go ahead.

/CV

This article fixed the issue, Very Thanks to you Chris.

Hi,

nice to hear.
OT:
We are always keen to improve our articles. Could you explain why you did not follow these articles on first attempt? Has there been some unclear sections?

Thanks!

/CV

Now that i see it, your article is perfect.
Issue could be -> That at first steps my output was not same as that of yours mentioned on article. I was getting NID as error but yours not. So i thought it is not a solutions for my issue. And mostly, may be due to human nature, when we do not see similar issue mentioned on page then we just go looking for another solution rather than reading it all. Also may be it is me, i am habituated to scroll down to end of page directly to look for solutions and doesn’t care to read much.

Mastodon