Several problems with UCS DNS, DHCP and WAN connectivity after kernel restore

The_Preacher · July 26, 2022, 8:50am

Hello,

after the kernel was recovered by UCS support after a failed build during the update (probably caused by openvmtools), there are some problems I can’t make sense of:

I get DNS errors from nagios (CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds).
DHCP doesn’t work.
UCS itself doesn’t have WAN connectivity (other devices in LAN have).

What I have done:

root@ucs:~# univention-check-join-status
Joined successfully

univention-ldapsearch -b cn=dhcp,$(ucr get ldap/base) -LLL
(Output seems to be OK, no errors, all devices and fixed leases listed. It is very long and contains a lot of sensitive information, so I didn’t want to redact and post it here unless it’s needed.)

root@ucs:~# univention-ldapsearch -b cn=dhcp,$(ucr get ldap/base) '(!(objectClass=univentionDhcpHost))'
# extended LDIF
#
# LDAPv3
# base <cn=dhcp,dc=domain,dc=local> with scope subtree
# filter: (!(objectClass=univentionDhcpHost))
# requesting: ALL
#

# dhcp, domain.local
dn: cn=dhcp,dc=domain,dc=local
univentionObjectType: container/cn
description: Containing all DHCP Objects as per default Settings
cn: dhcp
dhcpOption: ntp-servers 192.168.78.3
objectClass: organizationalRole
objectClass: univentionObject
objectClass: dhcpOptions

# domain.local, dhcp, domain.local
dn: cn=domain.local,cn=dhcp,dc=domain,dc=local
objectClass: top
objectClass: univentionDhcpService
objectClass: dhcpOptions
objectClass: univentionObject
univentionObjectType: dhcp/service
cn: domain.local

# ucs, domain.local, dhcp, domain.local
dn: cn=ucs,cn=domain.local,cn=dhcp,dc=domain,dc=local
objectClass: top
objectClass: dhcpServer
objectClass: univentionObject
dhcpServiceDN: cn=domain.local,cn=dhcp,dc=domain,dc=local
univentionObjectType: dhcp/server
cn: ucs

# 192.168.78.0, domain.local, dhcp, domain.local
dn: cn=192.168.78.0,cn=domain.local,cn=dhcp,dc=domain,dc=local
objectClass: top
objectClass: univentionDhcpSubnet
objectClass: univentionObject
univentionObjectType: dhcp/subnet
cn: 192.168.78.0
dhcpNetMask: 24
dhcpRange: 192.168.78.10 192.168.78.200

# search result
search: 3
result: 0 Success

# numResponses: 5
# numEntries: 4

[domain name redacted]
(seems good)

root@ucs:~# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 127.0.0.53
options timeout:2

(can’t tell if this is ok)

root@ucs:~# cat /etc/dhcp/dhcpd.conf
# Warning: This file is auto-generated and might be overwritten by
#          univention-config-registry.
#          Please edit the following file(s) instead:
# Warnung: Diese Datei wurde automatisch generiert und kann durch
#          univention-config-registry ueberschrieben werden.
#          Bitte bearbeiten Sie an Stelle dessen die folgende(n) Datei(en):
#
#       /etc/univention/templates/files/etc/dhcp/dhcpd.conf
#

include "/etc/dhcp/univention.conf";
include "/etc/dhcp/local.conf";

option ldap-servers code 128 = array of ip-address;
option ldap-base code 129 = string;



ldap-server "ucs.domain.local";
ldap-dhcp-server-cn "ucs";
ldap-username "cn=ucs,cn=dc,cn=computers,dc=domain,dc=local";
ldap-password-file "/etc/machine.secret";
ldap-port 7389;
ldap-base-dn "cn=dhcp,dc=domain,dc=local";
ldap-method dynamic;

# ldap debug logging can be enabled or disabled with the UCR variable dhcpd/ldap/debug
# ldap-debug-file "/var/log/dhcp-ldap-startup.log";


# dynamic DNS: with external name server only!

[domain name redacted]

root@ucs:~# cat /etc/dhcp/univention.conf

root@ucs:~# cat /etc/dhcp/local.conf
# This can be used to modify local DHCP configuration options

(nothing in there really)

root@ucs:~# systemctl status univention-dhcp.service
● univention-dhcp.service - LSB: DHCP server
   Loaded: loaded (/etc/init.d/univention-dhcp; generated; vendor preset: enabled)
   Active: active (exited) since Tue 2022-07-26 08:43:15 CEST; 17min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 2217 ExecStart=/etc/init.d/univention-dhcp start (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 19660)
   Memory: 0B
      CPU: 0
   CGroup: /system.slice/univention-dhcp.service

Jul 26 08:43:15 ucs univention-dhcp[2217]: Configuration file errors encountered -- exiting
Jul 26 08:43:15 ucs univention-dhcp[2217]: If you think you have received this message due to a bug rather
Jul 26 08:43:15 ucs univention-dhcp[2217]: than a configuration issue please read the section on submitting
Jul 26 08:43:15 ucs univention-dhcp[2217]: bugs on either our web page at www.isc.org or in the README file
Jul 26 08:43:15 ucs univention-dhcp[2217]: before submitting a bug.  These pages explain the proper
Jul 26 08:43:15 ucs univention-dhcp[2217]: process and the information we find helpful for debugging..
Jul 26 08:43:15 ucs univention-dhcp[2217]: exiting.
Jul 26 08:43:15 ucs univention-dhcp[2217]: Starting DHCP server: dhcpdok: run: univention-dhcp: (pid 2805) 0s, normally down
Jul 26 08:43:15 ucs univention-dhcp[2217]: .
Jul 26 08:43:15 ucs systemd[1]: Started LSB: DHCP server.

(Ok, configuration file errors, but which specifically?)

univention-run-join-scripts
(all “skipped (already executed)”)

/var/log/daemon.log anomalies

Jul 26 08:42:55 ucs samba4[1114]: rndc: connect failed: 127.0.0.1#953: connection refused
...
Jul 26 08:42:56 ucs kopano-search[560]: [error  ] Logon to file:///var/run/kopano/server.sock: Remote side closed connection.
Jul 26 08:42:56 ucs kopano-search[560]: [error  ] HrLogon server "default:" user "SYSTEM": network error
...
Jul 26 08:43:06 ucs univention-maintenance[2362]: Checking network for Univention maintenance...ldap[ucs.domain.local]...repository[updates.software-univention.de]...failed.
Jul 26 08:43:06 ucs systemd[1]: univention-maintenance.service: Control process exited, code=exited status=1
Jul 26 08:43:06 ucs systemd[1]: Failed to start LSB: Univention Updater.
Jul 26 08:43:06 ucs systemd[1]: univention-maintenance.service: Unit entered failed state.
Jul 26 08:43:06 ucs systemd[1]: univention-maintenance.service: Failed with result 'exit-code'.
...
Jul 26 08:43:05 ucs freshclam[1099]: Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Jul 26 08:43:05 ucs freshclam[1099]: WARNING: remote_cvdhead: Download failed (6) WARNING:  Message: Couldn't resolve host name
Jul 26 08:43:05 ucs freshclam[1099]: WARNING: Failed to get daily database version information from server: https://database.clamav.net
Jul 26 08:43:05 ucs freshclam[1099]: ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Jul 26 08:43:05 ucs freshclam[1099]: Trying again in 5 secs...

/var/log/univention/dhcp.log is full of

26.07.22 07:32:31.073  DEBUG_INIT
26.07.22 07:32:41.082  POLICY      ( ERROR   ) : Failed to get namingContexts: Can't contact LDAP server

As you can see, once again I’m fishing in the dark as I don’t know where to start.
Unfortunately, a reboot does not fix the problem…

Best regards,
TP

The_Preacher · July 26, 2022, 10:04am

Hello,
it looks like I was actually able to fix the problem myself:

I simply had to overwrite the network settings of eth0 (I did it via the GUI). To do this I added a 2nd internal DNS server, saved, deleted and saved again.

Obviously something was wrong with eth0 after the reboot.

Best regards,
TP