Univention Bugzilla – Bug 48657
Join fails due to SSH warning
Last modified: 2021-11-24 14:27:15 CET
I tried to join a UCS 4.4-0 slave for the *first time* via CLI (/usr/sbin/univention-join) against a UCS 4.4-0 master (no join at end of slave installation): ************************************************************************** * Join failed! * * Contact your system administrator * ************************************************************************** * Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to Administrator@master144.nstx.local failed with "Warning: Permanently added 'master144.nstx.local,10.200.18.144' (ECDSA) to the list of known hosts. ". Please make sure the account Administrator exists and is a member of the Domain Admins group! ************************************************************************** The second attempt via "bash -x /usr/sbin/univention-join" showed no problem.
join.log?
(In reply to Arvid Requate from comment #1) > join.log? Besides a "Tue Feb 12 14:32:00 CET 2019: starting /usr/sbin/univention-join" line, this was the content of the join.log. The console showed only ---[cut]--- Check DC Master: ************************************************************************** * Join failed! * * Contact your system administrator * ************************************************************************** * Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to Administrator@master144.nstx.local failed with "Warning: Permanently added 'master144.nstx.local,10.200.18.144' (ECDSA) to the list of known hosts. ". Please make sure the account Administrator exists and is a member of the Domain Admins group! ************************************************************************** ---[cut]--- The used univention-ssh has a timeout of 3 seconds. Maybe the master VM was too slow at that moment, which is why I cannot reproduce this error message.
Also seen during Univention-Training on 2 of 8 environments (all virtualised) Thu Sep 23 10:07:26 CEST 2021: starting /usr/sbin/univention-join ************************************************************************** * Join failed! * * Contact your system administrator * ************************************************************************** * Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to Administrator@dn1.training.ucs failed with "Warning: Permanently added 'dn1.training.ucs,10.0.0.13' (ECDSA) to the list of known hosts. ". Please make sure the account Administrator exists and is a member of the Domain Admins group!
management/univention-join/univention-join 471 ssh_out="$(univention-ssh -timeout 3 "$DCPWD" "${DCACCOUNT}@${DCNAME}" ls 2>&1)" 3s might not be enough on a busy server, especially when more entropy is needed, which is sacred in VMs where `haveged` or `ekeyd` or `rng-tools` are not installed. The timeout should be increased to 30s and the code should be merged with the following block doing the `ucs search ^version/` to reduce the number of newly created SSH connections: They all require extra entropy, take extra time and risk being blocked by some firewall doing rate limiting.
Version: 5.0-0 errata116 Error: Domain setup (this might take a while): Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to Administrador@**** failed with " ". Please make sure the account Administrador exists and is a member of the Domain Admins group! Configure 98univention-pkgdb-tools.inst Thu Oct 7 20:38:45 -03 2021 2021-10-07 20:38:46.026064258-03:00 (in joinscript_init) Cannot find service-record of _pkgdb._tcp. No DB-Server-Name found. 2021-10-07 20:38:46.426977984-03:00 (in joinscript_save_current_version) Fri Oct 8 14:35:42 -03 2021: starting /usr/share/univention-join/univention-join -dcaccount Administrador -dcpwd **** ************************************************************************** * Join failed! * * Contact your system administrator * ************************************************************************** * Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to Administrador@**** failed with "Warning: Permanently added '****' (ECDSA) to the list of known hosts. ". Please make sure the account Administrador exists and is a member of the Domain Admins group! ************************************************************************** Fri Oct 8 14:35:48 -03 2021: finish /usr/share/univention-join/univention-join Fri Oct 8 15:05:39 -03 2021: starting /usr/share/univention-join/univention-join -dcaccount Administrador -dcpwd **** ************************************************************************** * Join failed! * * Contact your system administrator * ************************************************************************** * Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to Administrador@**** failed with " ". Please make sure the account Administrador exists and is a member of the Domain Admins group! ************************************************************************** Role: domaincontroller_slave
Version: 5.0-0 errata0 Error: Domäneneinrichtung (Dies kann einige Zeit dauern): Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to Administrator@ucs.fsakap.local failed with "Warning: Permanently added '****.local,10.**.**.**' (ECDSA) to the list of known hosts. ". Please make sure the account Administrator exists and is a member of the Domain Admins group! Thu Sep 2 16:21:42 CEST 2021: starting /usr/share/univention-join/univention-join -dcaccount Administrator -dcpwd /tmp/tmp.ABwMNzSzSz ************************************************************************** * Join failed! * * Contact your system administrator * ************************************************************************** * Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- The ssh-login to Administrator@ucs.fsakap.local failed with "Warning: Permanently added '****.local,10.**.**.**' (ECDSA) to the list of known hosts. ". Please make sure the account Administrator exists and is a member of the Domain Admins group! ************************************************************************** Role: domaincontroller_slave