Author Topic: upgrade to 6.2.5 from 6.2.4 chashed server  (Read 969 times)

kcurtis

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +5/-0
    • View Profile
upgrade to 6.2.5 from 6.2.4 chashed server
« on: December 31, 2020, 04:05:36 pm »
I upgraded to 6.2.5 this morning. At first it errored with an apt error about the certificate but I found online where to correct that and ran the update.
Now Zentyal is not running right. I have no GUI, domain control, etc.
The main error I am seeing is in the zentyal.log
Code: [Select]
EBox::WebAdmin::_CAs - Ignoring CA /var/lib/zentyal/conf/remoteservices/subscription/zdomain/cacert.pem: cannot read the file or not is a regular file

I checked the status of each module (zs module status)
The only one that shows as stopped is webadmin.

I am not an expert here but is that not saying that the only issue is the cert file (.pem) is corrupted? and if so can I reissue from CLI or is that anything to do to restore the GUI so I can issue it?


kcurtis

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +5/-0
    • View Profile
Re: upgrade to 6.2.5 from 6.2.4 chashed server
« Reply #1 on: December 31, 2020, 04:10:06 pm »
It seems the folders are not even there. there is no /remoteservices/ in /var/lib/zentyal/conf

kcurtis

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +5/-0
    • View Profile
Re: upgrade to 6.2.5 from 6.2.4 chashed server
« Reply #2 on: December 31, 2020, 05:00:26 pm »
I tried creating the folders and copying the file . I do not get that error anymore on restarting webadmin but nothing it still running.

And if I remember right there is no way to promote the additional DC and just do a fresh install of this one without going to every workstation are rejoining


chinmaycomp

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: upgrade to 6.2.5 from 6.2.4 chashed server
« Reply #3 on: January 02, 2021, 03:45:27 pm »
I upgraded to 6.2.5 this morning. At first it errored with an apt error about the certificate but I found online where to correct that and ran the update.
Now Zentyal is not running right. I have no GUI, domain control, etc.
The main error I am seeing is in the zentyal.log
Code: [Select]
EBox::WebAdmin::_CAs - Ignoring CA /var/lib/zentyal/conf/remoteservices/subscription/zdomain/cacert.pem: cannot read the file or not is a regular file

I checked the status of each module (zs module status)
The only one that shows as stopped is webadmin.

I am not an expert here but is that not saying that the only issue is the cert file (.pem) is corrupted? and if so can I reissue from CLI or is that anything to do to restore the GUI so I can issue it?



Hi,
Even I faced the same issue. Seems to be a bug with 6.2.5... The DC was functioning properly I guess (Everything loaded well on RSAT tools and I could change group memberships which reflected on the user accounts as well). Only the webadmin had an issue. The nginx server was not able to start in my case. After checking the status of zentyal.webadmin-nginx.service there was an error saying that starting the service failed with error "exit-code" The reason that it mentioned was that "start request for the service was repeated too quickly. Exiting with exit-code"

I still cannot point out to the exact cause. Maybe there was some issue with the webadmin certificate- a mismatch of the key and the cert. Had to revert to the previous version to prevent the users from facing login issues. Let me know if you get a solution to this problem.

regards

maarten256

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +1/-0
    • View Profile
Re: upgrade to 6.2.5 from 6.2.4 chashed server
« Reply #4 on: January 02, 2021, 07:12:09 pm »
I ran into the same problem - my webadmin stopped working recently, probably due to an automatic upgrade. When I manually restart the webadmin service I see errors like the following:

nginx[4584]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/var/lib/zentyal/conf/ssl/ssl.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

Indicative of some sort of issue with the certificates but I can't figure out how to fix it.

I'm not able to revert to the previous version since I don't have the earlier version of the packages at hand. Looks like both zentyal-core and zentyal-ca were updated recently (to 6.2.5 and 6.2.1, respectively).
« Last Edit: January 02, 2021, 07:30:38 pm by maarten256 »

maarten256

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +1/-0
    • View Profile
Re: upgrade to 6.2.5 from 6.2.4 chashed server
« Reply #5 on: January 02, 2021, 08:07:30 pm »
I created a bug for this issue here:

https://github.com/zentyal/zentyal/issues/2012

I had to manually change /usr/share/zentyal/stubs/core/nginx.conf.mas, line 115 to:

ssl_certificate_key <% $zentyalconfdir %>ssl/ssl.pem;

This used to state "ssl.key" rather than "ssl.pem" - with this change in place webadmin started working again.

chinmaycomp

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: upgrade to 6.2.5 from 6.2.4 chashed server
« Reply #6 on: January 04, 2021, 07:52:19 am »
I ran into the same problem - my webadmin stopped working recently, probably due to an automatic upgrade. When I manually restart the webadmin service I see errors like the following:

nginx[4584]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/var/lib/zentyal/conf/ssl/ssl.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

Indicative of some sort of issue with the certificates but I can't figure out how to fix it.

I'm not able to revert to the previous version since I don't have the earlier version of the packages at hand. Looks like both zentyal-core and zentyal-ca were updated recently (to 6.2.5 and 6.2.1, respectively).
Yes this was the same error that I had received when I dug more into the issue. I did manage to install my previous backup image but it has screwed up AD replication. Working on getting that solved out...

kcurtis

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +5/-0
    • View Profile
Re: upgrade to 6.2.5 from 6.2.4 chashed server
« Reply #7 on: January 04, 2021, 01:08:13 pm »
I ended up just making a fresh install and restoring from a backup I luckly had made that morning

chinmaycomp

  • Zen Apprentice
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: upgrade to 6.2.5 from 6.2.4 chashed server
« Reply #8 on: January 04, 2021, 06:28:58 pm »
I ended up just making a fresh install and restoring from a backup I luckly had made that morning

How did you back up the AD? Is there any backup solution available for the development edition apart from image backups?