Topic: Server manager cannot access

[smnirosh]

Recently we update root certificate as per the discussion of following link
https://forums.contribs.org/index.php/topic,52674.msg271443.html#msg271443

Now i cannot access the server-manager via remote computer. Open Vpn bridge works better perfectly, but server-manager doesn't.

Do i have to update something also to work the server-manager?

[Stefano]

please define "remote computer" (do you mean from WAN side? or from remote pcs connected via VPN?) and "I cannot access" (what error? anything in the related logs?)

[smnirosh]

yes a computer connected via openvpn bridge.
which log do i have to refer?

[Stefano]

so a computer on a different subnet, right?

if so, Server-manager -> security -> remote  access -> Remote Management

[Daniel B.]

If the computer is connected on the VPN, it should be seen as being local (the same subnet as the local network). You should explain what you mean by "cannot access"

[smnirosh]

I have used this computer for connect from my home to office all the time. But today i found this error
Cannot access= Seems this address not exists!

[Daniel B.]

Please tell us exactly the error message you have

[smnirosh]

Unable to connect

Firefox can’t establish a connection to the server at 192.168.XXX.XXX.

    .The site could be temporarily unavailable or too busy. Try again in a few moments.
    .If you are unable to load any pages, check your computer’s network connection.
    .If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

[Daniel B.]

So either your VPN is not working correctly (can you ping the private IP of your server ?). This can be for example a mismatch of the cipher configured, or of the copression settings between the client and the server. Or the httpd daemon is not running (can you access the server-manager from the lan ?)

[Daniel B.]

Also check your proxy settings on your Firefox

[smnirosh]

my vpn is working properly. I can access ibays, account server web-gui, and printers.
I also cannot access webmail to view admin emails. (same error appears)
the question i cannot answer is "(can you access the server-manager from the lan ?)". Because these days i am in leave.
I didn't change any settings on firefox.
I can ping the server's private ip.
I can access command through putty.
I tried to login as admin and access server manager, but it gave me error;

     Unable to retrieve http://localhost/server-manager:
                  connection rifused

I think the big clue is "Or the httpd daemon is not running" to find our problem. But i don't know how to track it.

[Daniel B.]

So, your web erver is not running most likely. Have you changed anything recently ? Check:

Code: [Select]

sv s /service/httpd-e-smith
httpd -t


[smnirosh]

nothing changed. Only thing was renewed openvpn license as per linked i had added above.

sv s /service/httpd-e-smith  =   down: /service/httpd-e-smith: 1s, want up

httpd -t    =  Syntax error on line 136 of /etc/httpd/conf/httpd.conf:
SSLCertificateFile: file '/home/e-smith/ssl.crt/hostname.domain.it.crt' does not exist or is empty

[Stefano]

Then you found your problemi
Search here and the wiki for solution

[smnirosh]

good clue. Why this type of problem occurs?

[smnirosh]

ohh. good exercise for me. thanks for bringing me to the track.
https://forums.contribs.org/index.php/topic,50154.msg251731.html#msg251731

[DanB35]

...or you could set up Let's Encrypt using John Crisp's contrib (see https://wiki.contribs.org/Letsencrypt#Install_with_John_Crisp_contrib), and you'll have a valid, trusted cert that will renew itself automatically pretty much forever.

[smnirosh]

Hi friends here i am again on same post,
without doing "Let's Encrypt using John Crisp's contrib", do i have to update certificates eventually? Because today i found that again the certificates are expired on server and httpd was not working. thanks

[Stefano]

if you're not using any external certificate (IOW you're using self signed ones) the certificate renewal is automagically managed by SME

if something isn't working as expected out of the box (and this is the case), you'd open a bug giving us all the details to understand what's wrong

[DanB35]

...or at least give some indication of what you are doing.  Are you using Let's Encrypt at all?  If so, how?  If not, what have you done for a TLS certificate?  What changes have you made to your system?

[smnirosh]

Dear DanB35,
I am not using Let's Encrypt. I have no idea of TLS certificate.
only thing i done recently to the server is https://forums.contribs.org/index.php/topic,52674.msg271443.html#msg271443.

i ran httpd -t
Syntax error on line 136 of /etc/httpd/conf/httpd.conf:
SSLCertificateFile: file '/home/e-smith/ssl.crt/mech.mechdesing.it.crt' does not exist or is empty.

then i followed https://forums.contribs.org/index.php/topic,50154.msg251731.html#msg251731 link to re-enable the certificate, but today i saw that httpd -t is giving me same error.

[DanB35]

A TLS certificate is what you're having trouble with.  You need one, even if it's only one you made yourself (a self-signed one), to enable HTTPS communications.  What's the output of 'config show modSSL'?

Edit:  After you did 'signal-event domain-modify', did /home/e-smith/ssl.crt.mech.mechdesing.it.crt exist?

[smnirosh]

config show modSSL:
modSSL=service
    CipherSuite=ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
    TCPPort=443
    access=public
    status=enabled

"After you did 'signal-event domain-modify', did /home/e-smith/ssl.crt.mech.mechdesing.it.crt exist?" YES
(and when the httpd -t gives an error, i checked the /home/e-smith/ssl.crt.mech.mechdesing.it.crt, it existed but 0bytes in size.)

[Stefano]

assuming you did not modify your server and you're not using some kind of customization, this seems a bug, then please go to bugzilla, thank you

[DanB35]

Strange, there should be something in that file.  What's the output of '/sbin/e-smith/audittools/templates'?

[smnirosh]

Strange but after i ran following commands, there are some codes in it.

cd /home/e-smith
rm -f ssl.key/*.key
rm -f ssl.pem/*.pem
rm -f ssl.crt/*.crt
signal-event domain-modify



output of /sbin/e-smith/audittools/templates------
/etc/e-smith/templates-custom/etc/dhcpd.conf/25LeaseTimeDefault: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/dhcpd.conf/25Routers: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/dhcpd.conf/25DomainNameServers: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates-custom/etc/dhcpd.conf/25LeaseTimeMax: OWNED_BY_RPM, OVERRIDE
/etc/e-smith/templates/home/e-smith/openvpn/www/serial: MANUALLY_ADDED
/etc/e-smith/templates/home/e-smith/openvpn/www/server.key: MANUALLY_ADDED
/etc/e-smith/templates/home/e-smith/openvpn/www/index.txt: MANUALLY_ADDED
/etc/e-smith/templates/var/service/dnscache.forwarder/root/servers/@: MODIFIED e-smith-dnscache-2.2.0-2.el5.sme

[smnirosh]

this time I also restarted the server using signal-event reboot command as per another forum.
Let's wait couple of days then get back to the same forum again.