Univention Bugzilla – Bug 45127
The transport connection is now disconnected
Last modified: 2020-11-25 16:20:48 CET
From https://help.univention.com/t/possible-bug-in-ad-sync-connector/4916 I think there may be a bug in the connection to a 2008 AD. We are running a mirror off the main AD, as a test measure. yesterday we had a non-graceful C&B (crash & burn) loss of a UPS, this took the 2008 AD server down hard. After the system was brought back up and functioning, we noticed the Uni. could not re-connect and was filling the error logs it seems that once a connection is made to a MS AD , there is not any real checking to see if the connection goes down, instead the log files just fill with PY errors, even after the remote system comes backup. a stopping of the AD connection at univention & a restarting, fixes the log errors and catches up on the domain syncs. it seems the error routines need to be made a bit more robust & try re-forming the connection if the code is producing connection errors. 26.01.2017 09:44:37,729 LDAP (ERROR ): failed in post_con_modify_functions 26.01.2017 09:44:37,730 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1326, in sync_to_ucs f(self, property_type, object) File "/usr/lib/pymodules/python2.7/univention/connector/ad/password.py", line 381, in password_sync res = get_password_from_ad(connector, univention.connector.ad.compatible_modstring(object['dn'])) File "/usr/lib/pymodules/python2.7/univention/connector/ad/password.py", line 180, in get_password_from_ad (level, ctr) = connector.drs.DsGetNCChanges(connector.drsuapi_handle, 8, req8) NTSTATUSError: (-1073741300, 'The transport connection is now disconnected.') then after re-connecting: File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1326, in sync_to_ucs f(self, property_type, object) File "/usr/lib/pymodules/python2.7/univention/connector/ad/password.py", line 381, in password_sync res = get_password_from_ad(connector, univention.connector.ad.compatible_modstring(object['dn'])) File "/usr/lib/pymodules/python2.7/univention/connector/ad/password.py", line 180, in get_password_from_ad (level, ctr) = connector.drs.DsGetNCChanges(connector.drsuapi_handle, 8, req8) NTSTATUSError: (-1073741300, 'The transport connection is now disconnected.') 26.01.2017 09:45:18,218 MAIN (------ ): DEBUG_INIT 26.01.2017 09:45:18,237 LDAP (ERROR ): Failed to lookup AD LDAP base, using UCR value. 26.01.2017 09:45:18,270 LDAP (PROCESS): Building internal group membership cache 26.01.2017 09:45:18,411 LDAP (PROCESS): Internal group membership cache was created 26.01.2017 09:45:18,449 LDAP (PROCESS): Using GP01 as AD Netbios domain name 26.01.2017 09:45:18,521 LDAP (PROCESS): sync from ucs: Resync rejected file: /var/lib/univention-connector/ad/1485393377.000030 26.01.2017 09:45:18,548 LDAP (PROCESS): sync from ucs: [ user] [ modify] cn=xxxxxx,ou=hk office,DC=xx,DC=xx,DC=xxx,DC=xx and everything is fine with the world until next time
Created attachment 9086 [details] password_reconnect.patch.txt
(In reply to Stefan Gohmann from comment #1) > Created attachment 9086 [details] > password_reconnect.patch.txt The user confirmed that the patch fixed the problem.
*** Bug 48266 has been marked as a duplicate of this bug. ***
Still applies to 4.3.
Patch seems not to work with UCS 4.3-2 Errata 344 in a customers environment.
(In reply to Nico Stöckigt from comment #5) > Patch seems not to work with UCS 4.3-2 Errata 344 in a customers environment. UCS 4.3-2 e376 'password.py' has changes so the patch is "miss-lined" and needs to be adopted to be applied in UCS 4.3.
Is there a reason why this patch has not been included in any release up to now? Happened on customer site causing a lot of troubles.
The reason is, that the priority was lower than other issues. Now you raised it and it will enter the sprint planing.
d1d72131214702487630eb7bbb3d689b04c9f50a - univention-ad-connector 3bcc8e111fd571396de7939c6de65b357d4d8d3a - yaml
Verified: * Code review * Package is built * Advisory
<http://errata.software-univention.de/ucs/4.4/59.html>