Project

General

Profile

Bug #25262

Active Directory fails with middleware error

Added by survive - about 3 years ago. Updated about 3 years ago.

Status:
Closed: Behaves correctly
Priority:
No priority
Assignee:
John Hixson
Category:
Middleware
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Hi guys,

I just applied the FreeNAS-11.0-U2 (e417d8aa5) updates to both my filers and now I'm getting a middleware error starting Active Directory.

Boot up the system and login the giu and soon enough you get a yellow warning light warning that Active Directory has restarted more than 10 times. Restart AD by hand by ticking the "Enable" option in the AD config screen and you get this message:

[middleware.exceptions:36] [MiddlewareError: b'Active Directory failed to reload.']

Attached are debug file & syslog messages of AD service start.

-Will

History

#1 Updated by survive - about 3 years ago

  • File debug-filer-01-20170722004617.txz added

#2 Updated by survive - about 3 years ago

  • File middleware_err.txt added

#3 Updated by survive - about 3 years ago

Hi guys,

I figured it out, I had a DC die that was listed in the "Kerberos Realm" tab that was breaking things.

That said, is there a way to make this not depend on the single server?

-Will

#4 Updated by Dru Lavigne about 3 years ago

  • Assignee changed from Release Council to William Grzybowski

William: can we create an alert if a Kerberos server is not available?

#5 Updated by William Grzybowski about 3 years ago

  • Assignee changed from William Grzybowski to John Hixson

AD/Kerberos is John's domain, I think?

#6 Updated by John Hixson about 3 years ago

  • Status changed from Unscreened to Screened
  • Target version set to 11.0-U3

#7 Updated by John Hixson about 3 years ago

  • Status changed from Screened to 15

Nothing is sticking out that is immediately obvious to me. Do you have time for a teamviewer this week?

#8 Avatar?id=14398&size=24x24 Updated by Kris Moore about 3 years ago

  • Status changed from 15 to 46

Please respond if you want to investigate this further, otherwise we'll time it out in a few more days.

#9 Updated by John Hixson about 3 years ago

  • Status changed from 46 to 15

Kris Moore wrote:

Please respond if you want to investigate this further, otherwise we'll time it out in a few more days.

Survive,

You used to have to hard code the kerberos server. That hasn't been necessary for a long time now. If you create a Kerberos realm without specifying the KDC (and everything else), it will be looked up via DNS as necessary (and I'm pretty certain checked if host is up). Can you verify?

#10 Updated by John Hixson about 3 years ago

  • Target version changed from 11.0-U3 to 11.1

I don't think this problem exists anymore, but need survive to verify. Punting to 11.1 unless noted otherwise.

#11 Updated by Dru Lavigne about 3 years ago

Survive: can you contact John for a teamviewer session?

#12 Updated by John Hixson about 3 years ago

  • Status changed from 15 to Closed: Behaves correctly

#13 Updated by Dru Lavigne about 3 years ago

  • Target version changed from 11.1 to N/A
  • Private changed from Yes to No

#14 Updated by Dru Lavigne about 3 years ago

  • File deleted (debug-filer-01-20170722004617.txz)

#15 Updated by Dru Lavigne about 3 years ago

  • File deleted (middleware_err.txt)

Also available in: Atom PDF