Bug 42918 - App appliance cant join as additional ad member
Summary: App appliance cant join as additional ad member
Status: CLOSED DUPLICATE of bug 43745
Alias: None
Product: UCS
Classification: Unclassified
Component: UMC - Setup wizard
Version: UCS 4.1
Hardware: Other Linux
: P5 normal
Target Milestone: UCS 4.2-2-errata
Assignee: Florian Best
QA Contact: UMC maintainers
URL:
Keywords:
: 43231 45246 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-11-10 12:25 CET by Florian Best
Modified: 2018-03-15 08:51 CET (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.309
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2016110921000608, 2016123021000254, 2017031721000633, 2017031521000101, 2017030821000598, 2017032021000645, 2017052521000221, 2017060121000103, 2017060121000032, 2017060621000078, 2017071321000535, 2017071821000741, 2017080921000336, 2017080921000489
Bug group (optional): Error handling, External feedback
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2016-11-10 12:25:56 CET 
***.intern: Authentication failed while contacting: [Errno 111] Verbindungsaufbau abgelehnt

Version: 4.1-3 errata234 (Vahr)
Remark: wo liegt hier das Problem ?

→ Before joining a DC Slave UCS System a check if the master has an activated license is done. If the UMC-Server of the master isn't reachable this error occurs.

This is very similar to Bug #42910 and should be solved together.
Comment 1 Florian Best univentionstaff 2017-01-02 18:15:22 CET 
Reported again, 4.1-3 errata239 (Vahr)

win2k12.sha.local: Authentication failed while contacting: [Errno 104] Die Verbindung wurde vom Kommunikationspartner zurückgesetzt
Comment 2 Florian Best univentionstaff 2017-04-21 11:28:30 CEST 
Version: 4.1-3 errata239 (Vahr)

Remark: Windows 2012 R2 Domain Controller

Authentication failed while contacting: [Errno 110] Die Wartezeit für die Verbindung ist abgelaufen
Comment 3 Florian Best univentionstaff 2017-04-21 12:00:48 CEST 
Version: 4.1-3 errata239 (Vahr)

Remark: One UCS Kopano-Core system is already installed as an AD member server.
When installing the second UCS server this "connection refused/authentication error" persists.

During installation it was selected to "Join existing AD domain".
Tried even the option of "Join existing USC domain" which ended in a similar error.
Comment 4 Florian Best univentionstaff 2017-04-21 15:30:50 CEST 
Version: 4.1-3 errata239 (Vahr)
Comment 5 Florian Best univentionstaff 2017-05-30 10:49:23 CEST 
Reported again, 4.1-4 errata420 (Vahr)
Comment 6 Florian Best univentionstaff 2017-06-01 09:37:52 CEST 
Reported again, 4.1-4 errata420 (Vahr)

Authentication failed while contacting: [Errno 101] Network is unreachable
Comment 7 Florian Best univentionstaff 2017-06-01 09:39:27 CEST 
Reported again, 4.1-4 errata420 (Vahr)

Remark: Unable to finish setup due to authentication error. Account used to join server to domain is correct. Even when I press the finish button I can't even log onto the console
as it doesn't recognize the root password I've entered in?
Any help would be great.
Note: this is a VM server which is on the correct VLan network (same as all other servers). Have tried dhcp and static ip's. Not sure if this is the issue or not?
Comment 8 Florian Best univentionstaff 2017-06-12 14:29:48 CEST 
Reported again, 4.1-4 errata420 (Vahr)
Comment 9 Florian Best univentionstaff 2017-06-12 19:31:30 CEST 
The problem happens in domain_has_activated_license() from base/univention-system-setup/umc/python/setup/util.py.
Comment 10 Florian Best univentionstaff 2017-06-12 19:36:09 CEST 
This error affects only UCS appliances on non-DC-Master roles during the initial configuration if e.g. the Master is not available. I think the only thing we can improove here is the error message.
Comment 11 Stefan Gohmann univentionstaff 2017-06-28 06:49:39 CEST 
Mark all bugs with a user pain > 0.3 as errata bugs.
Comment 12 Florian Best univentionstaff 2017-07-14 14:06:59 CEST 
Reported again, 4.1-4 errata439 (Vahr)
Comment 13 Florian Best univentionstaff 2017-07-20 13:32:59 CEST 
This is obsolete by Bug #44995.

*** This bug has been marked as a duplicate of bug 44995 ***
Comment 14 Florian Best univentionstaff 2017-07-21 12:06:28 CEST 
Reported again, 4.1-4 errata439 (Vahr)
Comment 15 Florian Best univentionstaff 2017-08-15 09:11:29 CEST 
Reported again, 4.1-4 errata439 (Vahr)
Comment 16 Florian Best univentionstaff 2017-08-15 09:11:49 CEST 
Remark: cant join domain
Comment 17 Florian Best univentionstaff 2017-08-15 09:12:37 CEST 
Version: 4.1-4 errata439 (Vahr)

Remark: cant join owncloud boxed ;(

I tried like 10 times, different VM servers and even my local vmware workstation, no success
Comment 18 Florian Best univentionstaff 2017-08-15 09:13:50 CEST 
Version: 4.1-4 errata439 (Vahr)
#2017080921000211
Comment 19 Jürn Brodersen univentionstaff 2017-08-23 10:58:08 CEST 
(In reply to Florian Best from comment #3)
> Version: 4.1-3 errata239 (Vahr)
> 
> Remark: One UCS Kopano-Core system is already installed as an AD member
> server.
> When installing the second UCS server this "connection
> refused/authentication error" persists.
> 
> During installation it was selected to "Join existing AD domain".
> Tried even the option of "Join existing USC domain" which ended in a similar
> error.

This was not fixed in bug 44995 :(

The problem happens if there is already one ucs system joined into an ad domain and a user tries to join an additional ucs system (an app appliance) into that domain.

The error happens because the licence check is done against the windows dc and not against the ucs master.

Relevant file: base/univention-system-setup/umc/python/setup/util.py

The ucs master can be found with the SRV record: _domaincontroller_master._tcp.$DOMAIN. See for example is_ucs_domain(). If something like a get_ucs_master() function gets added it might make sense to fix bug 45170 as well.

As a workaround I had success using the ucs master as the dns and choosing "Join existing ucs domain".

Note: As described in bug 44995 non master app appliances aren't working that well at the moment. So that should be fixed first.
Comment 20 Jürn Brodersen univentionstaff 2017-08-23 11:00:29 CEST 
*** Bug 43231 has been marked as a duplicate of this bug. ***
Comment 21 Jürn Brodersen univentionstaff 2017-08-23 11:10:39 CEST 
*** Bug 45246 has been marked as a duplicate of this bug. ***
Comment 22 Florian Best univentionstaff 2017-09-22 17:25:52 CEST 
Authentication failed while contacting: [Errno 110] Connection timed out
Version: 4.1-4 errata439 (Vahr)
#2017090421001093
Comment 23 Florian Best univentionstaff 2017-11-06 17:20:59 CET 

*** This bug has been marked as a duplicate of bug 43745 ***
Comment 24 Stefan Gohmann univentionstaff 2018-03-15 08:50:54 CET 
OK, duplicate
Comment 25 Stefan Gohmann univentionstaff 2018-03-15 08:51:10 CET 
Nothing to release