Unable to Replicate to Slave DC's or Join a New Server


#1

I’m having a hell of a time figuring out how to fix this issue and have a deadline of a few hours on getting a slave joined to this domain. Replication is broken across all slaves from the master after upgrading to 4.4.

In the listener log, I turned debugging to 4 and I think it’s because of an incorrect bind user that is being used. (listener.log taken from Master Domain controller)

29.05.19 14:04:20.897  LISTENER    ( WARN    ) : Notifier/LDAP server is ucs-master.int.exampledomain.com:7389
29.05.19 14:04:20.897  LDAP        ( PROCESS ) : connecting to ldap://ucs-master.int.exampledomain.com:7389
29.05.19 14:04:20.905  LDAP        ( INFO    ) : simple_bind as cn=admin,dc=int,dc=exampledomain,dc=com
29.05.19 14:04:20.907  LISTENER    ( INFO    ) : connecting to notifier ucs-master.int.exampledomain.com:6669
29.05.19 14:04:20.908  LISTENER    ( INFO    ) : connection to 10.5.35.10 failed with errorcode 111: Connection refused
29.05.19 14:04:20.908  LISTENER    ( ERROR   ) : failed to connect to any notifier
29.05.19 14:04:20.909  LISTENER    ( WARN    ) : can not connect any server, retrying in 30 seconds

In LDAP, the ‘cn=admin,dc=int,dc=exampledomain,dc=com’ DN does not exist. How do I resolve this issue?

Thanks


#2

Followed this guide: How to reset Listener / Notifier replication and have a bit more luck. When I rejoin on the slaves, it fails on 97univention-s4-connector.inst

Configure 97univention-s4-connector.inst Wed May 29 16:55:32 PDT 2019
2019-05-29 16:55:33.083900984-07:00 (in joinscript_init)
29.05.19 16:55:34.880  DEBUG_INIT
UNIVENTION_DEBUG_BEGIN  : uldap.__open host=ucs-master.int.exampledomain.com port=7389 base=dc=int,dc=exampledomain,dc=com
UNIVENTION_DEBUG_END    : uldap.__open host=ucs-master.int.exampledomain.com port=7389 base=dc=int,dc=exampledomain,dc=com
Not updating connector/s4/ldap/host
Not updating connector/s4/ldap/base
Not updating connector/s4/ldap/ssl
Not updating connector/s4/mapping/group/language
Not updating connector/s4/ldap/protocol
Not updating connector/s4/ldap/socket
W: Missing value for config registry variable 'set'
W: Missing value for config registry variable 'set'
Not updating connector/ldap/bindpw
Not updating connector/ldap/binddn
Not updating connector/ldap/server
Object exists: cn=gPLink,cn=custom attributes,cn=univention,dc=int,dc=exampledomain,dc=com
Object exists: cn=Builtin,dc=int,dc=exampledomain,dc=com
Object exists: cn=System,dc=int,dc=exampledomain,dc=com
Object exists: cn=Policies,cn=System,dc=int,dc=exampledomain,dc=com
Object exists: ou=Domain Controllers,dc=int,dc=exampledomain,dc=com
Object exists: cn=WMIPolicy,cn=System,dc=int,dc=exampledomain,dc=com
Object exists: cn=SOM,cn=WMIPolicy,cn=System,dc=int,dc=exampledomain,dc=com
Object exists: cn=ldapschema,cn=univention,dc=int,dc=exampledomain,dc=com
INFO: No change of core data of object msgpo.
INFO: No change of core data of object mswmi.
Object exists: cn=udm_module,cn=univention,dc=int,dc=exampledomain,dc=com
INFO: No change of core data of object container/msgpo.
No modification: cn=msgpo,cn=ldapschema,cn=univention,dc=int,dc=exampledomain,dc=com

No modification: cn=mswmi,cn=ldapschema,cn=univention,dc=int,dc=exampledomain,dc=com

No modification: cn=container/msgpo,cn=udm_module,cn=univention,dc=int,dc=exampledomain,dc=com

Waiting for activation of the extension object msgpo:.................................................ERROR: Master did not mark the extension object active within 180 seconds.
ERROR
ucs_registerLDAPExtension: registraton of /usr/share/univention-s4-connector/ldap/msgpo.schema failed.

#3

I would recommend doing this:

shell# udm settings/udm_module modify \
  --dn "cn=container/msgpo,cn=udm_module,cn=univention,$(ucr get ldap/base)" \
  --set active=TRUE
shell# udm settings/udm_module modify \
  --dn "cn=container/msgpo,cn=udm_module,cn=univention,$(ucr get ldap/base)" \
  --set active=FALSE

This toggle operation should trigger the Listener module to re-register the the UDM module. Depending on the load of your system you may want to wait about 2 min and then check again, that the object has been marked active again by the Listener module, like this:

udm settings/udm_module list --filter "cn=container/msgpo" | grep active

After that you can just run the joinscript again:

univention-run-join-scripts

I hope this helps.