Bug 45127 - The transport connection is now disconnected
The transport connection is now disconnected
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-0-errata
Assigned To: Felix Botner
Arvid Requate
:
: 48266 (view as bug list)
Depends on:
Blocks: 52432 48266 51501
  Show dependency treegraph
 
Reported: 2017-08-03 07:03 CEST by Stefan Gohmann
Modified: 2020-11-25 16:20 CET (History)
5 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.429
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018120321000551, 2019032821000412
Bug group (optional): Large environments
Max CVSS v3 score:
gohmann: Patch_Available+


Attachments
password_reconnect.patch.txt (1.17 KB, patch)
2017-08-03 07:03 CEST, Stefan Gohmann
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2017-08-03 07:03:11 CEST
From https://help.univention.com/t/possible-bug-in-ad-sync-connector/4916

I think there may be a bug in the connection to a 2008 AD.

We are running a mirror off the main AD, as a test measure.
yesterday we had a non-graceful C&B (crash & burn) loss of a UPS, this took the 2008 AD server down hard.

After the system was brought back up and functioning, we noticed the Uni. could not re-connect and was filling the error logs

it seems that once a connection is made to a MS AD , there is not any real checking to see if the connection goes down, instead the log files just fill with PY errors, even after the remote system comes backup.

a stopping of the AD connection at univention & a restarting, fixes the log errors and catches up on the domain syncs.

it seems the error routines need to be made a bit more robust & try re-forming the connection if the code is producing connection errors.

    26.01.2017 09:44:37,729 LDAP (ERROR ): failed in post_con_modify_functions
    26.01.2017 09:44:37,730 LDAP (ERROR ): Traceback (most recent call last):
    File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1326, in sync_to_ucs
    f(self, property_type, object)
    File "/usr/lib/pymodules/python2.7/univention/connector/ad/password.py", line 381, in password_sync
    res = get_password_from_ad(connector, univention.connector.ad.compatible_modstring(object['dn']))
    File "/usr/lib/pymodules/python2.7/univention/connector/ad/password.py", line 180, in get_password_from_ad
    (level, ctr) = connector.drs.DsGetNCChanges(connector.drsuapi_handle, 8, req8)
    NTSTATUSError: (-1073741300, 'The transport connection is now disconnected.')

then after re-connecting:

    File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1326, in sync_to_ucs
    f(self, property_type, object)
    File "/usr/lib/pymodules/python2.7/univention/connector/ad/password.py", line 381, in password_sync
    res = get_password_from_ad(connector, univention.connector.ad.compatible_modstring(object['dn']))
    File "/usr/lib/pymodules/python2.7/univention/connector/ad/password.py", line 180, in get_password_from_ad
    (level, ctr) = connector.drs.DsGetNCChanges(connector.drsuapi_handle, 8, req8)
    NTSTATUSError: (-1073741300, 'The transport connection is now disconnected.')

    26.01.2017 09:45:18,218 MAIN (------ ): DEBUG_INIT
    26.01.2017 09:45:18,237 LDAP (ERROR ): Failed to lookup AD LDAP base, using UCR value.
    26.01.2017 09:45:18,270 LDAP (PROCESS): Building internal group membership cache
    26.01.2017 09:45:18,411 LDAP (PROCESS): Internal group membership cache was created
    26.01.2017 09:45:18,449 LDAP (PROCESS): Using GP01 as AD Netbios domain name
    26.01.2017 09:45:18,521 LDAP (PROCESS): sync from ucs: Resync rejected file: /var/lib/univention-connector/ad/1485393377.000030
    26.01.2017 09:45:18,548 LDAP (PROCESS): sync from ucs: [ user] [ modify] cn=xxxxxx,ou=hk office,DC=xx,DC=xx,DC=xxx,DC=xx

and everything is fine with the world until next time
Comment 1 Stefan Gohmann univentionstaff 2017-08-03 07:03:57 CEST
Created attachment 9086 [details]
password_reconnect.patch.txt
Comment 2 Stefan Gohmann univentionstaff 2017-08-03 07:05:12 CEST
(In reply to Stefan Gohmann from comment #1)
> Created attachment 9086 [details]
> password_reconnect.patch.txt

The user confirmed that the patch fixed the problem.
Comment 3 Arvid Requate univentionstaff 2018-12-04 16:01:07 CET
*** Bug 48266 has been marked as a duplicate of this bug. ***
Comment 4 Arvid Requate univentionstaff 2018-12-04 16:01:47 CET
Still applies to 4.3.
Comment 5 Nico Stöckigt univentionstaff 2018-12-05 17:22:09 CET
Patch seems not to work with UCS 4.3-2 Errata 344 in a customers environment.
Comment 6 Nico Stöckigt univentionstaff 2018-12-13 11:13:06 CET
(In reply to Nico Stöckigt from comment #5)
> Patch seems not to work with UCS 4.3-2 Errata 344 in a customers environment.

UCS 4.3-2 e376
'password.py' has changes so the patch is "miss-lined" and needs to be adopted to be applied in UCS 4.3.
Comment 7 Christian Völker univentionstaff 2019-03-28 13:18:44 CET
Is there a reason why this patch has not been included in any release up to now?

Happened on customer site causing a lot of troubles.
Comment 8 Arvid Requate univentionstaff 2019-03-28 14:52:14 CET
The reason is, that the priority was lower than other issues. Now you raised it and it will enter the sprint planing.
Comment 9 Felix Botner univentionstaff 2019-04-23 16:46:56 CEST
d1d72131214702487630eb7bbb3d689b04c9f50a - univention-ad-connector 
3bcc8e111fd571396de7939c6de65b357d4d8d3a - yaml
Comment 10 Arvid Requate univentionstaff 2019-04-24 11:43:04 CEST
Verified:
* Code review
* Package is built
* Advisory
Comment 11 Arvid Requate univentionstaff 2019-04-24 13:12:59 CEST
<http://errata.software-univention.de/ucs/4.4/59.html>