Bug 42918 – App appliance cant join as additional ad member

Bug 42918 - App appliance cant join as additional ad member


Summary:	App appliance cant join as additional ad member

Status:	CLOSED DUPLICATE of bug 43745

Product:	UCS
Classification:	Unclassified
Component:	UMC - Setup wizard
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.2-2-errata
Assigned To:	Florian Best
QA Contact:	UMC maintainers

URL:
Keywords:

Duplicates:	43231 45246 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-11-10 12:25 CET by Florian Best
Modified:	2018-03-15 08:51 CET (History)
CC List:	1 user (show)

See Also:	42910 43006 45170 43683
What kind of report is it?:	Bug Report
What type of bug is this?:	6: Setup Problem: Issue for the setup process
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.309
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2016110921000608, 2016123021000254, 2017031721000633, 2017031521000101, 2017030821000598, 2017032021000645, 2017052521000221, 2017060121000103, 2017060121000032, 2017060621000078, 2017071321000535, 2017071821000741, 2017080921000336, 2017080921000489
Bug group (optional):	Error handling, External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2016-11-10 12:25:56 CET

***.intern: Authentication failed while contacting: [Errno 111] Verbindungsaufbau abgelehnt

Version: 4.1-3 errata234 (Vahr)
Remark: wo liegt hier das Problem ?

→ Before joining a DC Slave UCS System a check if the master has an activated license is done. If the UMC-Server of the master isn't reachable this error occurs.

This is very similar to Bug #42910 and should be solved together.

Comment 1 Florian Best

2017-01-02 18:15:22 CET

Reported again, 4.1-3 errata239 (Vahr)

win2k12.sha.local: Authentication failed while contacting: [Errno 104] Die Verbindung wurde vom Kommunikationspartner zur&uuml;ckgesetzt

Comment 2 Florian Best

2017-04-21 11:28:30 CEST

Version: 4.1-3 errata239 (Vahr)

Remark: Windows 2012 R2 Domain Controller

Authentication failed while contacting: [Errno 110] Die Wartezeit f&uuml;r die Verbindung ist abgelaufen

Comment 3 Florian Best

2017-04-21 12:00:48 CEST

Version: 4.1-3 errata239 (Vahr)

Remark: One UCS Kopano-Core system is already installed as an AD member server.
When installing the second UCS server this "connection refused/authentication error" persists.

During installation it was selected to "Join existing AD domain".
Tried even the option of "Join existing USC domain" which ended in a similar error.

Comment 4 Florian Best

2017-04-21 15:30:50 CEST

Version: 4.1-3 errata239 (Vahr)

Comment 5 Florian Best

2017-05-30 10:49:23 CEST

Reported again, 4.1-4 errata420 (Vahr)

Comment 6 Florian Best

2017-06-01 09:37:52 CEST

Reported again, 4.1-4 errata420 (Vahr)

Authentication failed while contacting: [Errno 101] Network is unreachable

Comment 7 Florian Best

2017-06-01 09:39:27 CEST

Reported again, 4.1-4 errata420 (Vahr)

Remark: Unable to finish setup due to authentication error. Account used to join server to domain is correct. Even when I press the finish button I can't even log onto the console
as it doesn't recognize the root password I've entered in?
Any help would be great.
Note: this is a VM server which is on the correct VLan network (same as all other servers). Have tried dhcp and static ip's. Not sure if this is the issue or not?

Comment 8 Florian Best

2017-06-12 14:29:48 CEST

Reported again, 4.1-4 errata420 (Vahr)

Comment 9 Florian Best

2017-06-12 19:31:30 CEST

The problem happens in domain_has_activated_license() from base/univention-system-setup/umc/python/setup/util.py.

Comment 10 Florian Best

2017-06-12 19:36:09 CEST

This error affects only UCS appliances on non-DC-Master roles during the initial configuration if e.g. the Master is not available. I think the only thing we can improove here is the error message.

Comment 11 Stefan Gohmann

2017-06-28 06:49:39 CEST

Mark all bugs with a user pain > 0.3 as errata bugs.

Comment 12 Florian Best

2017-07-14 14:06:59 CEST

Reported again, 4.1-4 errata439 (Vahr)

Comment 13 Florian Best

2017-07-20 13:32:59 CEST

This is obsolete by Bug #44995.

*** This bug has been marked as a duplicate of bug 44995 ***

Comment 14 Florian Best

2017-07-21 12:06:28 CEST

Reported again, 4.1-4 errata439 (Vahr)

Comment 15 Florian Best

2017-08-15 09:11:29 CEST

Reported again, 4.1-4 errata439 (Vahr)

Comment 16 Florian Best

2017-08-15 09:11:49 CEST

Remark: cant join domain

Comment 17 Florian Best

2017-08-15 09:12:37 CEST

Version: 4.1-4 errata439 (Vahr)

Remark: cant join owncloud boxed ;(

I tried like 10 times, different VM servers and even my local vmware workstation, no success

Comment 18 Florian Best

2017-08-15 09:13:50 CEST

Version: 4.1-4 errata439 (Vahr)
#2017080921000211

Comment 19 Jürn Brodersen

2017-08-23 10:58:08 CEST

(In reply to Florian Best from comment #3)
> Version: 4.1-3 errata239 (Vahr)
> 
> Remark: One UCS Kopano-Core system is already installed as an AD member
> server.
> When installing the second UCS server this "connection
> refused/authentication error" persists.
> 
> During installation it was selected to "Join existing AD domain".
> Tried even the option of "Join existing USC domain" which ended in a similar
> error.

This was not fixed in bug 44995 :(

The problem happens if there is already one ucs system joined into an ad domain and a user tries to join an additional ucs system (an app appliance) into that domain.

The error happens because the licence check is done against the windows dc and not against the ucs master.

Relevant file: base/univention-system-setup/umc/python/setup/util.py

The ucs master can be found with the SRV record: _domaincontroller_master._tcp.$DOMAIN. See for example is_ucs_domain(). If something like a get_ucs_master() function gets added it might make sense to fix bug 45170 as well.

As a workaround I had success using the ucs master as the dns and choosing "Join existing ucs domain".

Note: As described in bug 44995 non master app appliances aren't working that well at the moment. So that should be fixed first.

Comment 20 Jürn Brodersen

2017-08-23 11:00:29 CEST

*** Bug 43231 has been marked as a duplicate of this bug. ***

Comment 21 Jürn Brodersen

2017-08-23 11:10:39 CEST

*** Bug 45246 has been marked as a duplicate of this bug. ***

Comment 22 Florian Best

2017-09-22 17:25:52 CEST

Authentication failed while contacting: [Errno 110] Connection timed out
Version: 4.1-4 errata439 (Vahr)
#2017090421001093

Comment 23 Florian Best

2017-11-06 17:20:59 CET


*** This bug has been marked as a duplicate of bug 43745 ***

Comment 24 Stefan Gohmann

2018-03-15 08:50:54 CET

OK, duplicate

Comment 25 Stefan Gohmann

2018-03-15 08:51:10 CET

Nothing to release