SipX not starting anymore.

Discussion:

p***@epo.org

2012-08-16 15:55:54 UTC

I got back from holiday and discovered my primary server was not OK.
It showed the following:

/usr/lib/ruby/1.8/net/http.rb:586:in `connect': certificate verify failed
(OpenSSL::SSL::SSLError)

(the rest is gone because of user error :( )

I tried a sipxproc -R, this did not work.
Then I rebooted the machine and now I have this:

[***@gssipx02 ~]# sipxproc -l
/usr/lib/ruby/1.8/net/http.rb:560:in `initialize': Connection refused -
connect(2) (Errno::ECONNREFUSED)
from /usr/lib/ruby/1.8/net/http.rb:560:in `open'
from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
from /usr/lib/ruby/1.8/timeout.rb:56:in `timeout'
from /usr/lib/ruby/1.8/timeout.rb:76:in `timeout'
from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
from /usr/lib/ruby/1.8/net/http.rb:992:in `post2'
from /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc'
from /usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'
from /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
from /usr/bin/sipxproc:294

Does anybody have any good ideas?

Paul

Douglas Hubler

2012-08-16 16:00:37 UTC

Permalink

On Thu, Aug 16, 2012 at 11:55 AM, <***@epo.org> wrote:
> I got back from holiday and discovered my primary server was not OK.
> It showed the following:
>
> /usr/lib/ruby/1.8/net/http.rb:586:in `connect': certificate verify failed
> (OpenSSL::SSL::SSLError)
>
> (the rest is gone because of user error :( )
>
> I tried a sipxproc -R, this did not work.
> Then I rebooted the machine and now I have this:
>
> [***@gssipx02 ~]# sipxproc -l
> /usr/lib/ruby/1.8/net/http.rb:560:in `initialize': Connection refused -
> connect(2) (Errno::ECONNREFUSED)
> from /usr/lib/ruby/1.8/net/http.rb:560:in `open'
> from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> from /usr/lib/ruby/1.8/timeout.rb:56:in `timeout'
> from /usr/lib/ruby/1.8/timeout.rb:76:in `timeout'
> from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
> from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
> from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
> from /usr/lib/ruby/1.8/net/http.rb:992:in `post2'
> from /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc'
> from /usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'
> from /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
> from /usr/bin/sipxproc:294
>
> Does anybody have any good ideas?

expired cert?

p***@epo.org

2012-08-16 16:06:40 UTC

Permalink

I use the standard certs, I thought they would not expire tht soon.

I am running 4.4.0-287.gb0a66 btw.

Can you give me a quick hint how to check?

Paul

Douglas Hubler <***@ezuce.com> wrote on 16-08-2012 18:00:37:

> On Thu, Aug 16, 2012 at 11:55 AM, <***@epo.org> wrote:
> > I got back from holiday and discovered my primary server was not OK.
> > It showed the following:
> >
> > /usr/lib/ruby/1.8/net/http.rb:586:in `connect': certificate verify
failed
> > (OpenSSL::SSL::SSLError)
> >
> > (the rest is gone because of user error :( )
> >
> > I tried a sipxproc -R, this did not work.
> > Then I rebooted the machine and now I have this:
> >
> > [***@gssipx02 ~]# sipxproc -l
> > /usr/lib/ruby/1.8/net/http.rb:560:in `initialize': Connection refused
-
> > connect(2) (Errno::ECONNREFUSED)
> > from /usr/lib/ruby/1.8/net/http.rb:560:in `open'
> > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > from /usr/lib/ruby/1.8/timeout.rb:56:in `timeout'
> > from /usr/lib/ruby/1.8/timeout.rb:76:in `timeout'
> > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
> > from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
> > from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
> > from /usr/lib/ruby/1.8/net/http.rb:992:in `post2'
> > from /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc'
> > from /usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'
> > from /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
> > from /usr/bin/sipxproc:294
> >
> > Does anybody have any good ideas?
>
> expired cert?
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

Douglas Hubler

2012-08-16 16:08:20 UTC

Permalink

On Thu, Aug 16, 2012 at 12:06 PM, <***@epo.org> wrote:
> I use the standard certs, I thought they would not expire tht soon.
>
> I am running 4.4.0-287.gb0a66 btw.
>
> Can you give me a quick hint how to check?

files in /etc/sipxpbx/ssl are text based and would show expire date

p***@epo.org

2012-08-16 16:14:40 UTC

Permalink

Thanks,

Expired indeed:
Validity
Not Before: Jun 29 08:31:15 2009 GMT
Not After : Jun 28 08:31:15 2012 GMT

So I need to generate new keys, should I just follow this:
http://wiki.sipfoundry.org/display/sipXecs/SSL+Keys+and+Keystores

Paul

Douglas Hubler <***@ezuce.com> wrote on 16-08-2012 18:08:20:

>
> On Thu, Aug 16, 2012 at 12:06 PM, <***@epo.org> wrote:
> > I use the standard certs, I thought they would not expire tht soon.
> >
> > I am running 4.4.0-287.gb0a66 btw.
> >
> > Can you give me a quick hint how to check?
>
> files in /etc/sipxpbx/ssl are text based and would show expire date
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

Michael Picher

2012-08-16 16:15:59 UTC

Permalink

just regenerate them...

http://wiki.sipfoundry.org/display/sipXecs/SSL+Certificates

On Thu, Aug 16, 2012 at 12:06 PM, <***@epo.org> wrote:

> I use the standard certs, I thought they would not expire tht soon.
>
> I am running 4.4.0-287.gb0a66 btw.
>
> Can you give me a quick hint how to check?
>
> Paul
>
> Douglas Hubler <***@ezuce.com> wrote on 16-08-2012 18:00:37:
>
>
> > On Thu, Aug 16, 2012 at 11:55 AM, <***@epo.org> wrote:
> > > I got back from holiday and discovered my primary server was not OK.
> > > It showed the following:
> > >
> > > /usr/lib/ruby/1.8/net/http.rb:586:in `connect': certificate verify
> failed
> > > (OpenSSL::SSL::SSLError)
> > >
> > > (the rest is gone because of user error :( )
> > >
> > > I tried a sipxproc -R, this did not work.
> > > Then I rebooted the machine and now I have this:
> > >
> > > [***@gssipx02 ~]# sipxproc -l
> > > /usr/lib/ruby/1.8/net/http.rb:560:in `initialize': Connection refused -
> > > connect(2) (Errno::ECONNREFUSED)
> > > from /usr/lib/ruby/1.8/net/http.rb:560:in `open'
> > > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > > from /usr/lib/ruby/1.8/timeout.rb:56:in `timeout'
> > > from /usr/lib/ruby/1.8/timeout.rb:76:in `timeout'
> > > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > > from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
> > > from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
> > > from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
> > > from /usr/lib/ruby/1.8/net/http.rb:992:in `post2'
> > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc'
> > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'
> > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
> > > from /usr/bin/sipxproc:294
> > >
> > > Does anybody have any good ideas?
> >
> > expired cert?
> > _______________________________________________
> > sipx-users mailing list
> > sipx-***@list.sipfoundry.org
> > List Archive:
> http://list.sipfoundry.org/archive/sipx-users/
>
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>

--
Michael Picher, Director of Technical Services
eZuce, Inc.

300 Brickstone Square****

Suite 201****

Andover, MA. 01810
O.978-296-1005 X2015
M.207-956-0262
@mpicher <http://twitter.com/mpicher>
linkedin <http://www.linkedin.com/profile/view?id=35504760&trk=tab_pro>
www.ezuce.com

------------------------------------------------------------------------------------------------------------
There are 10 kinds of people in the world, those who understand binary and
those who don't.

p***@epo.org

2012-08-16 16:37:51 UTC

Permalink

Done that, that solves everything for the Primary server.
I think I can do the same on my 2 secondaries or should I use this:
libexec/sipXecs/initial-config secondaryServerHostName ,
mentioned in
http://wiki.sipfoundry.org/display/sipXecs/SSL+Keys+and+Keystores

Paul

Michael Picher <***@ezuce.com> wrote on 16-08-2012 18:15:59:

>
> just regenerate them...
>
> http://wiki.sipfoundry.org/display/sipXecs/SSL+Certificates

> On Thu, Aug 16, 2012 at 12:06 PM, <***@epo.org> wrote:

> I use the standard certs, I thought they would not expire tht soon.
>
> I am running 4.4.0-287.gb0a66 btw.
>
> Can you give me a quick hint how to check?
>
> Paul
>
> Douglas Hubler <***@ezuce.com> wrote on 16-08-2012 18:00:37:
>
>
> > On Thu, Aug 16, 2012 at 11:55 AM, <***@epo.org> wrote:
> > > I got back from holiday and discovered my primary server was not OK.
> > > It showed the following:
> > >
> > > /usr/lib/ruby/1.8/net/http.rb:586:in `connect': certificate verify
failed
> > > (OpenSSL::SSL::SSLError)
> > >
> > > (the rest is gone because of user error :( )
> > >
> > > I tried a sipxproc -R, this did not work.
> > > Then I rebooted the machine and now I have this:
> > >
> > > [***@gssipx02 ~]# sipxproc -l
> > > /usr/lib/ruby/1.8/net/http.rb:560:in `initialize': Connection
refused -
> > > connect(2) (Errno::ECONNREFUSED)
> > > from /usr/lib/ruby/1.8/net/http.rb:560:in `open'
> > > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > > from /usr/lib/ruby/1.8/timeout.rb:56:in `timeout'
> > > from /usr/lib/ruby/1.8/timeout.rb:76:in `timeout'
> > > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > > from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
> > > from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
> > > from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
> > > from /usr/lib/ruby/1.8/net/http.rb:992:in `post2'
> > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc'
> > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'
> > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
> > > from /usr/bin/sipxproc:294
> > >
> > > Does anybody have any good ideas?
> >
> > expired cert?
> > _______________________________________________
> > sipx-users mailing list
> > sipx-***@list.sipfoundry.org
> > List Archive:
> http://list.sipfoundry.org/archive/sipx-users/
>
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>

>
> --
> Michael Picher, Director of Technical Services
> eZuce, Inc.
> 300 Brickstone Square
> Suite 201
> Andover, MA. 01810
> O.978-296-1005 X2015
> M.207-956-0262
> @mpicher <http://twitter.com/mpicher>
> linkedin
> www.ezuce.com
>
>
------------------------------------------------------------------------------------------------------------
> There are 10 kinds of people in the world, those who understand
> binary and those who don't.
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

Michael Picher

2012-08-16 16:45:12 UTC

Permalink

ayuh

On Thu, Aug 16, 2012 at 12:37 PM, <***@epo.org> wrote:

> Done that, that solves everything for the Primary server.
> I think I can do the same on my 2 secondaries or should I use this: libexec/sipXecs/initial-config
> secondaryServerHostName ,
> mentioned in *
> http://wiki.sipfoundry.org/display/sipXecs/SSL+Keys+and+Keystores*<http://wiki.sipfoundry.org/display/sipXecs/SSL+Keys+and+Keystores>
>
> Paul
>
> Michael Picher <***@ezuce.com> wrote on 16-08-2012 18:15:59:
>
> >
> > just regenerate them...
> >
> > http://wiki.sipfoundry.org/display/sipXecs/SSL+Certificates
>
>
> > On Thu, Aug 16, 2012 at 12:06 PM, <***@epo.org> wrote:
>
> > I use the standard certs, I thought they would not expire tht soon.
> >
> > I am running 4.4.0-287.gb0a66 btw.
> >
> > Can you give me a quick hint how to check?
> >
> > Paul
> >
> > Douglas Hubler <***@ezuce.com> wrote on 16-08-2012 18:00:37:
> >
> >
> > > On Thu, Aug 16, 2012 at 11:55 AM, <***@epo.org> wrote:
> > > > I got back from holiday and discovered my primary server was not OK.
> > > > It showed the following:
> > > >
> > > > /usr/lib/ruby/1.8/net/http.rb:586:in `connect': certificate verify
> failed
> > > > (OpenSSL::SSL::SSLError)
> > > >
> > > > (the rest is gone because of user error :( )
> > > >
> > > > I tried a sipxproc -R, this did not work.
> > > > Then I rebooted the machine and now I have this:
> > > >
> > > > [***@gssipx02 ~]# sipxproc -l
> > > > /usr/lib/ruby/1.8/net/http.rb:560:in `initialize': Connection
> refused -
> > > > connect(2) (Errno::ECONNREFUSED)
> > > > from /usr/lib/ruby/1.8/net/http.rb:560:in `open'
> > > > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > > > from /usr/lib/ruby/1.8/timeout.rb:56:in `timeout'
> > > > from /usr/lib/ruby/1.8/timeout.rb:76:in `timeout'
> > > > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > > > from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
> > > > from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
> > > > from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
> > > > from /usr/lib/ruby/1.8/net/http.rb:992:in `post2'
> > > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc'
> > > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'
> > > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
> > > > from /usr/bin/sipxproc:294
> > > >
> > > > Does anybody have any good ideas?
> > >
> > > expired cert?
> > > _______________________________________________
> > > sipx-users mailing list
> > > sipx-***@list.sipfoundry.org
> > > List Archive:
> > http://list.sipfoundry.org/archive/sipx-users/
> >
> > _______________________________________________
> > sipx-users mailing list
> > sipx-***@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> >
>
> >
> > --
> > Michael Picher, Director of Technical Services
> > eZuce, Inc.
> > 300 Brickstone Square
> > Suite 201
> > Andover, MA. 01810
> > O.978-296-1005 X2015
> > M.207-956-0262
> > @mpicher <http://twitter.com/mpicher>
> > linkedin
> > www.ezuce.com
> >
> >
> ------------------------------------------------------------------------------------------------------------
> > There are 10 kinds of people in the world, those who understand
> > binary and those who don't.
> > _______________________________________________
> > sipx-users mailing list
> > sipx-***@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
>
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>

--
Michael Picher, Director of Technical Services
eZuce, Inc.

300 Brickstone Square****

Suite 201****

Andover, MA. 01810
O.978-296-1005 X2015
M.207-956-0262
@mpicher <http://twitter.com/mpicher>
linkedin <http://www.linkedin.com/profile/view?id=35504760&trk=tab_pro>
www.ezuce.com

------------------------------------------------------------------------------------------------------------
There are 10 kinds of people in the world, those who understand binary and
those who don't.

p***@epo.org

2012-08-16 18:17:46 UTC

Permalink

I am a bit stuck now.
I generated keys with /usr/bin/ssl-cert/gen-ssl-keys.sh for secondary on
primary.
Copied them over and installed them with /usr/bin/ssl-cert/install-cert.sh
Then tried to push profiles, doesn't work.
and tried restart services, doesn't work.

How should I install new keys on secondaries?

Paul

Michael Picher <***@ezuce.com> wrote on 16-08-2012 18:45:12:

> ayuh

> On Thu, Aug 16, 2012 at 12:37 PM, <***@epo.org> wrote:
> Done that, that solves everything for the Primary server.
> I think I can do the same on my 2 secondaries or should I use this:
> libexec/sipXecs/initial-config secondaryServerHostName ,
> mentioned in
http://wiki.sipfoundry.org/display/sipXecs/SSL+Keys+and+Keystores
>
> Paul
>
> Michael Picher <***@ezuce.com> wrote on 16-08-2012 18:15:59:
>
> >
> > just regenerate them...
> >
> > http://wiki.sipfoundry.org/display/sipXecs/SSL+Certificates
>
>
> > On Thu, Aug 16, 2012 at 12:06 PM, <***@epo.org> wrote:
>
> > I use the standard certs, I thought they would not expire tht soon.
> >
> > I am running 4.4.0-287.gb0a66 btw.
> >
> > Can you give me a quick hint how to check?
> >
> > Paul
> >
> > Douglas Hubler <***@ezuce.com> wrote on 16-08-2012 18:00:37:
> >
> >
> > > On Thu, Aug 16, 2012 at 11:55 AM, <***@epo.org> wrote:
> > > > I got back from holiday and discovered my primary server was not
OK.
> > > > It showed the following:
> > > >
> > > > /usr/lib/ruby/1.8/net/http.rb:586:in `connect': certificate
> verify failed
> > > > (OpenSSL::SSL::SSLError)
> > > >
> > > > (the rest is gone because of user error :( )
> > > >
> > > > I tried a sipxproc -R, this did not work.
> > > > Then I rebooted the machine and now I have this:
> > > >
> > > > [***@gssipx02 ~]# sipxproc -l
> > > > /usr/lib/ruby/1.8/net/http.rb:560:in `initialize': Connection
refused -
> > > > connect(2) (Errno::ECONNREFUSED)
> > > > from /usr/lib/ruby/1.8/net/http.rb:560:in `open'
> > > > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > > > from /usr/lib/ruby/1.8/timeout.rb:56:in `timeout'
> > > > from /usr/lib/ruby/1.8/timeout.rb:76:in `timeout'
> > > > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > > > from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
> > > > from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
> > > > from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
> > > > from /usr/lib/ruby/1.8/net/http.rb:992:in `post2'
> > > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc'
> > > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'
> > > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
> > > > from /usr/bin/sipxproc:294
> > > >
> > > > Does anybody have any good ideas?
> > >
> > > expired cert?
> > > _______________________________________________
> > > sipx-users mailing list
> > > sipx-***@list.sipfoundry.org
> > > List Archive:
> > http://list.sipfoundry.org/archive/sipx-users/
> >
> > _______________________________________________
> > sipx-users mailing list
> > sipx-***@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> >
>
> >
> > --
> > Michael Picher, Director of Technical Services
> > eZuce, Inc.
> > 300 Brickstone Square
> > Suite 201
> > Andover, MA. 01810
> > O.978-296-1005 X2015
> > M.207-956-0262
> > @mpicher <http://twitter.com/mpicher>
> > linkedin
> > www.ezuce.com
> >
> >
>
------------------------------------------------------------------------------------------------------------
> > There are 10 kinds of people in the world, those who understand
> > binary and those who don't.
> > _______________________________________________
> > sipx-users mailing list
> > sipx-***@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
>
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>

>
> --
> Michael Picher, Director of Technical Services
> eZuce, Inc.
> 300 Brickstone Square
> Suite 201
> Andover, MA. 01810
> O.978-296-1005 X2015
> M.207-956-0262
> @mpicher <http://twitter.com/mpicher>
> linkedin
> www.ezuce.com
>
>
------------------------------------------------------------------------------------------------------------
> There are 10 kinds of people in the world, those who understand
> binary and those who don't.
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

p***@epo.org

2012-08-16 19:05:09 UTC

Permalink

Any help is greatly appreciated, I have now a working primary and 2
secondaries that don't talk to the primary.
How and where do I generate keys for the secondaries (on primary?)
How and where do I install these keys (on secondary?)

Paul

***@epo.org wrote on 16-08-2012 20:17:46:

> I am a bit stuck now.
> I generated keys with /usr/bin/ssl-cert/gen-ssl-keys.sh for
> secondary on primary.
> Copied them over and installed them with
/usr/bin/ssl-cert/install-cert.sh
> Then tried to push profiles, doesn't work.
> and tried restart services, doesn't work.
>
> How should I install new keys on secondaries?
>
> Paul
>
> Michael Picher <***@ezuce.com> wrote on 16-08-2012 18:45:12:
>
>
> > ayuh
>
> > On Thu, Aug 16, 2012 at 12:37 PM, <***@epo.org> wrote:
> > Done that, that solves everything for the Primary server.
> > I think I can do the same on my 2 secondaries or should I use this:
> > libexec/sipXecs/initial-config secondaryServerHostName ,
> > mentioned in http://wiki.sipfoundry.org/display/sipXecs/SSL+Keys
> +and+Keystores
> >
> > Paul
> >
> > Michael Picher <***@ezuce.com> wrote on 16-08-2012 18:15:59:
> >
> > >
> > > just regenerate them...
> > >
> > > http://wiki.sipfoundry.org/display/sipXecs/SSL+Certificates
> >
> >
> > > On Thu, Aug 16, 2012 at 12:06 PM, <***@epo.org> wrote:
> >
> > > I use the standard certs, I thought they would not expire tht soon.
> > >
> > > I am running 4.4.0-287.gb0a66 btw.
> > >
> > > Can you give me a quick hint how to check?
> > >
> > > Paul
> > >
> > > Douglas Hubler <***@ezuce.com> wrote on 16-08-2012 18:00:37:
> > >
> > >
> > > > On Thu, Aug 16, 2012 at 11:55 AM, <***@epo.org> wrote:
> > > > > I got back from holiday and discovered my primary server was not
OK.
> > > > > It showed the following:
> > > > >
> > > > > /usr/lib/ruby/1.8/net/http.rb:586:in `connect': certificate
> > verify failed
> > > > > (OpenSSL::SSL::SSLError)
> > > > >
> > > > > (the rest is gone because of user error :( )
> > > > >
> > > > > I tried a sipxproc -R, this did not work.
> > > > > Then I rebooted the machine and now I have this:
> > > > >
> > > > > [***@gssipx02 ~]# sipxproc -l
> > > > > /usr/lib/ruby/1.8/net/http.rb:560:in `initialize':
> Connection refused -
> > > > > connect(2) (Errno::ECONNREFUSED)
> > > > > from /usr/lib/ruby/1.8/net/http.rb:560:in `open'
> > > > > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > > > > from /usr/lib/ruby/1.8/timeout.rb:56:in `timeout'
> > > > > from /usr/lib/ruby/1.8/timeout.rb:76:in `timeout'
> > > > > from /usr/lib/ruby/1.8/net/http.rb:560:in `connect'
> > > > > from /usr/lib/ruby/1.8/net/http.rb:553:in `do_start'
> > > > > from /usr/lib/ruby/1.8/net/http.rb:542:in `start'
> > > > > from /usr/lib/ruby/1.8/net/http.rb:1035:in `request'
> > > > > from /usr/lib/ruby/1.8/net/http.rb:992:in `post2'
> > > > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:535:in `do_rpc'
> > > > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:420:in `call2'
> > > > > from /usr/lib/ruby/1.8/xmlrpc/client.rb:410:in `call'
> > > > > from /usr/bin/sipxproc:294
> > > > >
> > > > > Does anybody have any good ideas?
> > > >
> > > > expired cert?
> > > > _______________________________________________
> > > > sipx-users mailing list
> > > > sipx-***@list.sipfoundry.org
> > > > List Archive:
> > > http://list.sipfoundry.org/archive/sipx-users/
> > >
> > > _______________________________________________
> > > sipx-users mailing list
> > > sipx-***@list.sipfoundry.org
> > > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> > >
> >
> > >
> > > --
> > > Michael Picher, Director of Technical Services
> > > eZuce, Inc.
> > > 300 Brickstone Square
> > > Suite 201
> > > Andover, MA. 01810
> > > O.978-296-1005 X2015
> > > M.207-956-0262
> > > @mpicher <http://twitter.com/mpicher>
> > > linkedin
> > > www.ezuce.com
> > >
> > >
> >
>
------------------------------------------------------------------------------------------------------------
> > > There are 10 kinds of people in the world, those who understand
> > > binary and those who don't.
> > > _______________________________________________
> > > sipx-users mailing list
> > > sipx-***@list.sipfoundry.org
> > > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> >
> > _______________________________________________
> > sipx-users mailing list
> > sipx-***@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> >
>
> >
> > --
> > Michael Picher, Director of Technical Services
> > eZuce, Inc.
> > 300 Brickstone Square
> > Suite 201
> > Andover, MA. 01810
> > O.978-296-1005 X2015
> > M.207-956-0262
> > @mpicher <http://twitter.com/mpicher>
> > linkedin
> > www.ezuce.com
> >
> >
>
------------------------------------------------------------------------------------------------------------
> > There are 10 kinds of people in the world, those who understand
> > binary and those who don't.
> > _______________________________________________
> > sipx-users mailing list
> > sipx-***@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

George Niculae

2012-08-16 19:11:29 UTC

Permalink

On Thu, Aug 16, 2012 at 10:05 PM, <***@epo.org> wrote:
> Any help is greatly appreciated, I have now a working primary and 2
> secondaries that don't talk to the primary.
> How and where do I generate keys for the secondaries (on primary?)
> How and where do I install these keys (on secondary?)
>

Paul,

there could be an easier way for, but as far as I remember last time I
hit this I had to remove / readd slaves from config UI and rerun
sipxecs-setup on secondaries

George

p***@epo.org

2012-08-16 21:28:30 UTC

Permalink

Hi George,

Sorry for the late response but I first went home to have a look at my 16
year old son who has over 40deg celsius fever probably because of food
poisoning from a French road restaurant.

Thanks for the tip, but it doesnt work completely, I cant send profiles,
the jobs fail:

File replication: domain-config
16-8-12 23:18
16-8-12 23:18
Failed

File replication: sipxsupervisor-config
16-8-12 23:18
16-8-12 23:18
Failed

File replication: alarm-config.xml
16-8-12 23:18
16-8-12 23:18
Failed

File replication: alarm-groups.xml
16-8-12 23:18
16-8-12 23:18
Failed

Data replication: alias
16-8-12 23:18
16-8-12 23:18
Failed

File replication: validusers.xml
16-8-12 23:18
16-8-12 23:18
Failed

Data replication: credential
16-8-12 23:18
16-8-12 23:18
Failed

Data replication: permission
16-8-12 23:18
16-8-12 23:18
Failed

Data replication: caller-alias
16-8-12 23:18
16-8-12 23:18
Failed

Data replication: userlocation
16-8-12 23:18
16-8-12 23:18
Failed

Data replication: userforward
16-8-12 23:18
16-8-12 23:18
Failed

Data replication: userstatic
16-8-12 23:18
16-8-12 23:18
Failed

File replication: mappingrules.xml
16-8-12 23:18
16-8-12 23:18
Failed

File replication: authrules.xml
16-8-12 23:18
16-8-12 23:18
Failed

File replication: fallbackrules.xml
16-8-12 23:18
16-8-12 23:18
Failed

File replication: forwardingrules.xml
16-8-12 23:18
16-8-12 23:18
Failed

File replication: autoattendants.xml
16-8-12 23:18
16-8-12 23:18
Completed

File replication: registrar-config
16-8-12 23:18
16-8-12 23:18
Failed

File replication: presencerouting-prefs.xml
16-8-12 23:18
16-8-12 23:18
Failed

File replication: sipXproxy-config
16-8-12 23:18
16-8-12 23:18
Failed

File replication: peeridentities.xml
16-8-12 23:18
16-8-12 23:18
Failed

File replication: nattraversalrules.xml
16-8-12 23:18
16-8-12 23:18
Failed

Maybe its because of the keys on the secondary, will try to delete them
and try again.

Paul

George Niculae <***@ezuce.com> wrote on 16-08-2012 21:11:29:

>
> On Thu, Aug 16, 2012 at 10:05 PM, <***@epo.org> wrote:
> > Any help is greatly appreciated, I have now a working primary and 2
> > secondaries that don't talk to the primary.
> > How and where do I generate keys for the secondaries (on primary?)
> > How and where do I install these keys (on secondary?)
> >
>
> Paul,
>
> there could be an easier way for, but as far as I remember last time I
> hit this I had to remove / readd slaves from config UI and rerun
> sipxecs-setup on secondaries
>
> George
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

George Niculae

2012-08-16 21:32:00 UTC

Permalink

On Fri, Aug 17, 2012 at 12:28 AM, <***@epo.org> wrote:

> Hi George,
>
> Sorry for the late response but I first went home to have a look at my 16
> year old son who has over 40deg celsius fever probably because of food
> poisoning from a French road restaurant.
>

Sorry to hear this, hope he gets well quick.

>
> Thanks for the tip, but it doesnt work completely, I cant send profiles,
> the jobs fail:
> File replication: domain-config 16-8-12 23:18 16-8-12 23:18 Failed File
> replication: sipxsupervisor-config 16-8-12 23:18 16-8-12 23:18 Failed File
> replication: alarm-config.xml 16-8-12 23:18 16-8-12 23:18 Failed File
> replication: alarm-groups.xml 16-8-12 23:18 16-8-12 23:18 Failed Data
> replication: alias 16-8-12 23:18 16-8-12 23:18 Failed File replication:
> validusers.xml 16-8-12 23:18 16-8-12 23:18 Failed Data replication:
> credential 16-8-12 23:18 16-8-12 23:18 Failed Data replication:
> permission 16-8-12 23:18 16-8-12 23:18 Failed Data replication:
> caller-alias 16-8-12 23:18 16-8-12 23:18 Failed Data replication:
> userlocation 16-8-12 23:18 16-8-12 23:18 Failed Data replication:
> userforward 16-8-12 23:18 16-8-12 23:18 Failed Data replication:
> userstatic 16-8-12 23:18 16-8-12 23:18 Failed File replication:
> mappingrules.xml 16-8-12 23:18 16-8-12 23:18 Failed File replication:
> authrules.xml 16-8-12 23:18 16-8-12 23:18 Failed File replication:
> fallbackrules.xml 16-8-12 23:18 16-8-12 23:18 Failed File replication:
> forwardingrules.xml 16-8-12 23:18 16-8-12 23:18 Failed File replication:
> autoattendants.xml 16-8-12 23:18 16-8-12 23:18 Completed File
> replication: registrar-config 16-8-12 23:18 16-8-12 23:18 Failed File
> replication: presencerouting-prefs.xml 16-8-12 23:18 16-8-12 23:18 Failed File
> replication: sipXproxy-config 16-8-12 23:18 16-8-12 23:18 Failed File
> replication: peeridentities.xml 16-8-12 23:18 16-8-12 23:18 Failed File
> replication: nattraversalrules.xml 16-8-12 23:18 16-8-12 23:18 Failed
>
> Maybe its because of the keys on the secondary, will try to delete them
> and try again.
>

Yes, remove them prior to re-add servers / rerun sipxecs-setup. If still
fails post back sipxconfig.log file

George

p***@epo.org

2012-08-16 22:05:14 UTC

Permalink

Hi George,

Here the sipxconfig log.
I browsed through it and saw that "PKIX validation failed" and "signature
check failed"
so there are probably still issues with old certificates.
If you dont see a fix then I will do a complete rebuild of the secondaries
(tomorrow morning), that should kill it hopefully.

Paul

BTW Teenagers are still strong and he is now on antibiotics so he should
feel better soon hopefully....

George Niculae <***@ezuce.com>g wrote on 16-08-2012 23:32:00:

> Hi George,
>
> Sorry for the late response but I first went home to have a look at
> my 16 year old son who has over 40deg celsius fever probably because
> of food poisoning from a French road restaurant.
>
> Sorry to hear this, hope he gets well quick.
>
>
> Thanks for the tip, but it doesnt work completely, I cant send
> profiles, the jobs fail:
>
> File replication: domain-config
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: sipxsupervisor-config
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: alarm-config.xml
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: alarm-groups.xml
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> Data replication: alias
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: validusers.xml
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> Data replication: credential
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> Data replication: permission
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> Data replication: caller-alias
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> Data replication: userlocation
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> Data replication: userforward
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> Data replication: userstatic
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: mappingrules.xml
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: authrules.xml
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: fallbackrules.xml
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: forwardingrules.xml
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: autoattendants.xml
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Completed
>
> File replication: registrar-config
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: presencerouting-prefs.xml
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: sipXproxy-config
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: peeridentities.xml
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
> File replication: nattraversalrules.xml
>
> 16-8-12 23:18
>
> 16-8-12 23:18
>
> Failed
>
>
>
> Maybe its because of the keys on the secondary, will try to delete
> them and try again.
>
> Yes, remove them prior to re-add servers / rerun sipxecs-setup. If
> still fails post back sipxconfig.log file
>
> George_______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

George Niculae

2012-08-16 22:17:03 UTC

Permalink

On Fri, Aug 17, 2012 at 1:05 AM, <***@epo.org> wrote:
> Hi George,
>
> Here the sipxconfig log.
> I browsed through it and saw that "PKIX validation failed" and "signature
> check failed"
> so there are probably still issues with old certificates.
> If you dont see a fix then I will do a complete rebuild of the secondaries
> (tomorrow morning), that should kill it hopefully.
>

Yes, still key mismatch, you should delete all files from

/etc/sipxpbx/ssl
/etc/sipxpbx/ssl/authorities
/var/sipxdata/certdb

on secondaries prior to rerun sipxecs-setup

> Paul
>
> BTW Teenagers are still strong and he is now on antibiotics so he should
> feel better soon hopefully....

All the best wishes!

p***@epo.org

2012-08-17 08:06:22 UTC

Permalink

Hi George, here it is.

Seems OK but I don't know whether it needs/puts the (new or old) keys from
the primary in the tar as well.
In the /var/sipxdata/certdb are still the old primary keys that expired
(gssipx02.internal.epo.org.crt).
In the /etc/sipxpbx/ssl directory is the new ssl.crt that is valid.
If it packs gssipx02.internal.epo.org then it packs old stuff........
.........checked the file, there are only valid certs for the ca and the
box itself, file attached.

Paul

George Niculae <***@ezuce.com> wrote on 17-08-2012 09:12:45:

> > Hi George, still not ok...
> >
> > I deleted the contents of the first 2 directories on the secondaries.
> > The /var/sipxdata/certdb only exists on the master.
> > First I only deleted the certs of the secondaries there, no success,
still
> > error when sending profiles.
> > Then I deleted (backed up) also the rest of the files, no success.
> > The secondary could no longer download the tar.
> > Then I copied the new ca files (found in the directory where the keys
for
> > the secondary were generated by me) into the certdb directory
> > I had only 4 files instead of 5, the .der file was missing (crt, csr,
ser
> > and key are the others)
> > Again tar not downloadable:
> > Invalid configuration returned from
> > https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org
> > exception tarfile.ReadError
> > file could not be opened successfully
> > headers
> > Date: Thu, 16 Aug 2012 23:46:38 GMT
> > Server: Jetty/5.1.4 (Linux/2.6.18-238.19.1.el5 i386
> > java/1.6.0_19^M
> > Expires: 0^M
> > Set-Cookie: JSESSIONID=2efdq0f0031sd;Path=/sipxconfig^M
> > Cache-Control: must-revalidate, post-check=0, pre-check=0^M
> > Pragma: public^M
> > Content-Disposition: attachment;
> > filename="th.internal.epo.org.tar.gz"^M
> > Content-Type: text/html^M
> > Content-Length: 1282^M
> > Connection: close^M
> >
> > #OK#
> >
> > Contact gssipx02.internal.epo.org
> >
> > I added sipxconfig.log again.
> > If you have a suggestion then I would be happy.
> >
>
> That's a problem with initial archive configuration could you manually
run
>
> /usr/libexec/sipXecs/initial-config {location.fqdn}
>
> and check output? (make sure that you don't have any space in
> hostnames after re adding servers, you could hit
> http://track.sipfoundry.org/browse/XX-10183)
>
> George
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

George Niculae

2012-08-17 08:29:19 UTC

Permalink

On Fri, Aug 17, 2012 at 11:06 AM, <***@epo.org> wrote:
> Hi George, here it is.
>
> Seems OK but I don't know whether it needs/puts the (new or old) keys from
> the primary in the tar as well.
> In the /var/sipxdata/certdb are still the old primary keys that expired
> (gssipx02.internal.epo.org.crt).

Ah, this seems to be the issue, how did you regenerate keys on
primary? That should be the correct procedure (noticed on step 2
deleting certdb as well):

1. stop all sipXecs services
2. delete all files in
/etc/sipxpbx/ssl
/etc/sipxpbx/ssl/authorities
/var/sipxdata/certdb
3. In directory /var/sipxdata/certdb
/usr/bin/ssl-cert/gen-ssl-keys.sh
chown sipxchange:sipxchange *
/usr/bin/ssl-cert/install-cert.sh
4. start sipXecs services

> In the /etc/sipxpbx/ssl directory is the new ssl.crt that is valid.
> If it packs gssipx02.internal.epo.org then it packs old stuff........
> .........checked the file, there are only valid certs for the ca and the box
> itself, file attached.
>
>
> Paul
>
> George Niculae <***@ezuce.com> wrote on 17-08-2012 09:12:45:
>
>
>> > Hi George, still not ok...
>> >
>> > I deleted the contents of the first 2 directories on the secondaries.
>> > The /var/sipxdata/certdb only exists on the master.
>> > First I only deleted the certs of the secondaries there, no success,
>> > still
>> > error when sending profiles.
>> > Then I deleted (backed up) also the rest of the files, no success.
>> > The secondary could no longer download the tar.
>> > Then I copied the new ca files (found in the directory where the keys
>> > for
>> > the secondary were generated by me) into the certdb directory
>> > I had only 4 files instead of 5, the .der file was missing (crt, csr,
>> > ser
>> > and key are the others)
>> > Again tar not downloadable:
>> > Invalid configuration returned from
>> >
> https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org
>
>> > exception tarfile.ReadError
>> > file could not be opened successfully
>> > headers
>> > Date: Thu, 16 Aug 2012 23:46:38 GMT
>> > Server: Jetty/5.1.4 (Linux/2.6.18-238.19.1.el5 i386
>> > java/1.6.0_19^M
>> > Expires: 0^M
>> > Set-Cookie: JSESSIONID=2efdq0f0031sd;Path=/sipxconfig^M
>> > Cache-Control: must-revalidate, post-check=0, pre-check=0^M
>> > Pragma: public^M
>> > Content-Disposition: attachment;
>> > filename="th.internal.epo.org.tar.gz"^M
>> > Content-Type: text/html^M
>> > Content-Length: 1282^M
>> > Connection: close^M
>> >
>> > #OK#
>> >
>> > Contact gssipx02.internal.epo.org
>> >
>> > I added sipxconfig.log again.
>> > If you have a suggestion then I would be happy.
>> >
>>
>> That's a problem with initial archive configuration could you manually run
>>
>> /usr/libexec/sipXecs/initial-config {location.fqdn}
>>
>> and check output? (make sure that you don't have any space in
>> hostnames after re adding servers, you could hit
>> http://track.sipfoundry.org/browse/XX-10183
> )
>>
>> George
>
>> _______________________________________________
>> sipx-users mailing list
>> sipx-***@list.sipfoundry.org
>> List Archive:
> http://list.sipfoundry.org/archive/sipx-users/
>
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

p***@epo.org

2012-08-17 11:49:07 UTC

Permalink

Hi George,

Here is the log file, at 2012-08-17T11:24:03.130000 the initial-config
starts, the next message is
RequestExceptionReporter:"Unable to process client request: Script
finished with exit code: 1"
So indeed not good.

With my knowledge I don't see what's going wrong, maybe you can :)

Paul

George Niculae <***@ezuce.com> wrote on 17-08-2012 12:26:25:

> On Fri, Aug 17, 2012 at 1:15 PM, <***@epo.org> wrote:
> > Hi George,
> >
> > I'm still struggling. The sipxecs-setup on the secondary still can't
load
> > the initialisation file.
> > This is of course (when you look at it for the 6th time) just an https
> > connection.
> > I pasted
> > https://10.12.48.43:8443/sipxconfig/initial-config/
> th.internal.epo.org.tar.gz
> > in a browser and then I get a login box saying "the server
10.12.48.43:8443
> > requires a username and password. The server says:
th.internal.epo.org."
> >
> > Do you know what the userid and password should be (the password is
probably
> > the password from the "Add Server" menu?)
>
> Right, the password is the one from Server page assigned to that
> location, the username is fqdn of the location
>
> > and why this transfer just won't start?
>
> There is a problem with running initial-config script, please edit
> /etc/sipxpbx/log4j.properties and change
> log4j.logger.org.sipfoundry.sipxconfig=info
> to
> log4j.logger.org.sipfoundry.sipxconfig=debug
>
> then restart config and try again. Then in sipxconfig.log the command
> issued for generating archive will be displayed, something like:
> Executing: initial-config {locationName}
>
> George
>
> >
> > Invalid configuration returned from
> > https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org
> > exception tarfile.ReadError
> > file could not be opened successfully
> > headers
> > Date: Thu, 16 Aug 2012 23:46:38 GMT
> > Server: Jetty/5.1.4 (Linux/2.6.18-238.19.1.el5 i386
> > java/1.6.0_19^M
> > Expires: 0^M
> > Set-Cookie: JSESSIONID=2efdq0f0031sd;Path=/sipxconfig^M
> > Cache-Control: must-revalidate, post-check=0, pre-check=0^M
> > Pragma: public^M
> > Content-Disposition: attachment;
> > filename="th.internal.epo.org.tar.gz"^M
> > Content-Type: text/html^M
> > Content-Length: 1282^M
> > Connection: close^M
> >
> >
> > Best regards / Mit freundlichen Grüßen / Sincères salutations
> >
> > Paul Scheepens
> > Administrator Network Engineering | Dir. 2.7.3.2
> > European Patent Office
> > Patentlaan 3-9 | 2288 EE Rijswijk | The Netherlands
> > Tel. +31 (0)70 340 3331
> > Mobile +31 (0)642724894
> > ***@epo.org
> > http://www.epo.org
> >
> >
> > sipx-users-***@list.sipfoundry.org wrote on 17-08-2012 10:29:19:
> >
> >> From:
> >>
> >> George Niculae <***@ezuce.com>
> >>
> >> To:
> >>
> >> Discussion list for users of sipXecs software
> >> <sipx-***@list.sipfoundry.org>
> >>
> >> Date:
> >>
> >> 17-08-2012 10:29
> >>
> >> Subject:
> >>
> >> Re: [sipx-users] SipX not starting anymore.
> >>
> >> Sent by:
> >>
> >> sipx-users-***@list.sipfoundry.org
> >>
> >> On Fri, Aug 17, 2012 at 11:06 AM, <***@epo.org> wrote:
> >> > Hi George, here it is.
> >> >
> >> > Seems OK but I don't know whether it needs/puts the (new or old)
keys
> >> > from
> >> > the primary in the tar as well.
> >> > In the /var/sipxdata/certdb are still the old primary keys that
expired
> >> > (gssipx02.internal.epo.org.crt).
> >>
> >> Ah, this seems to be the issue, how did you regenerate keys on
> >> primary? That should be the correct procedure (noticed on step 2
> >> deleting certdb as well):
> >>
> >> 1. stop all sipXecs services
> >> 2. delete all files in
> >> /etc/sipxpbx/ssl
> >> /etc/sipxpbx/ssl/authorities
> >> /var/sipxdata/certdb
> >> 3. In directory /var/sipxdata/certdb
> >> /usr/bin/ssl-cert/gen-ssl-keys.sh
> >> chown sipxchange:sipxchange *
> >> /usr/bin/ssl-cert/install-cert.sh
> >> 4. start sipXecs services
> >>
> >> > In the /etc/sipxpbx/ssl directory is the new ssl.crt that is
valid.
> >> > If it packs gssipx02.internal.epo.org then it packs old
stuff........
> >> > .........checked the file, there are only valid certs for the ca
and the
> >> > box
> >> > itself, file attached.
> >> >
> >> >
> >> > Paul
> >> >
> >> > George Niculae <***@ezuce.com> wrote on 17-08-2012 09:12:45:
> >> >
> >> >
> >> >> > Hi George, still not ok...
> >> >> >
> >> >> > I deleted the contents of the first 2 directories on the
secondaries.
> >> >> > The /var/sipxdata/certdb only exists on the master.
> >> >> > First I only deleted the certs of the secondaries there, no
success,
> >> >> > still
> >> >> > error when sending profiles.
> >> >> > Then I deleted (backed up) also the rest of the files, no
success.
> >> >> > The secondary could no longer download the tar.
> >> >> > Then I copied the new ca files (found in the directory where the
keys
> >> >> > for
> >> >> > the secondary were generated by me) into the certdb directory
> >> >> > I had only 4 files instead of 5, the .der file was missing (crt,
csr,
> >> >> > ser
> >> >> > and key are the others)
> >> >> > Again tar not downloadable:
> >> >> > Invalid configuration returned from
> >> >> >
> >> >
https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org
> >> >
> >> >> > exception tarfile.ReadError
> >> >> > file could not be opened successfully
> >> >> > headers
> >> >> > Date: Thu, 16 Aug 2012 23:46:38 GMT
> >> >> > Server: Jetty/5.1.4 (Linux/2.6.18-238.19.1.el5 i386
> >> >> > java/1.6.0_19^M
> >> >> > Expires: 0^M
> >> >> > Set-Cookie: JSESSIONID=2efdq0f0031sd;Path=/sipxconfig^M
> >> >> > Cache-Control: must-revalidate, post-check=0, pre-check=0^M
> >> >> > Pragma: public^M
> >> >> > Content-Disposition: attachment;
> >> >> > filename="th.internal.epo.org.tar.gz"^M
> >> >> > Content-Type: text/html^M
> >> >> > Content-Length: 1282^M
> >> >> > Connection: close^M
> >> >> >
> >> >> > #OK#
> >> >> >
> >> >> > Contact gssipx02.internal.epo.org
> >> >> >
> >> >> > I added sipxconfig.log again.
> >> >> > If you have a suggestion then I would be happy.
> >> >> >
> >> >>
> >> >> That's a problem with initial archive configuration could you
manually
> >> >> run
> >> >>
> >> >> /usr/libexec/sipXecs/initial-config {location.fqdn}
> >> >>
> >> >> and check output? (make sure that you don't have any space in
> >> >> hostnames after re adding servers, you could hit
> >> >> http://track.sipfoundry.org/browse/XX-10183
> >> > )
> >> >>
> >> >> George
> >> >
> >> >> _______________________________________________
> >> >> sipx-users mailing list
> >> >> sipx-***@list.sipfoundry.org
> >> >> List Archive:
> >> > http://list.sipfoundry.org/archive/sipx-users/
> >> >
> >> > _______________________________________________
> >> > sipx-users mailing list
> >> > sipx-***@list.sipfoundry.org
> >> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> >> _______________________________________________
> >> sipx-users mailing list
> >> sipx-***@list.sipfoundry.org
> >> List Archive: http://list.sipfoundry.org/archive/sipx-users/
> >
> > _______________________________________________
> > sipx-users mailing list
> > sipx-***@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

George Niculae

2012-08-17 11:57:35 UTC

Permalink

On Fri, Aug 17, 2012 at 2:49 PM, <***@epo.org> wrote:
> Hi George,
>
> Here is the log file, at 2012-08-17T11:24:03.130000 the initial-config
> starts, the next message is
> RequestExceptionReporter:"Unable to process client request: Script finished
> with exit code: 1"
> So indeed not good.
>
> With my knowledge I don't see what's going wrong, maybe you can :)
>
> Paul
>

Hm is the same command you manually run and completed successfully,
the only difference is that you execute it as root. Check if any
archive in /var/sipxdata/tmp and if so delete it, then rerun script as
sipxchange

George

p***@epo.org

2012-08-17 00:20:15 UTC

Permalink

Hi George, still not ok...

I deleted the contents of the first 2 directories on the secondaries.
The /var/sipxdata/certdb only exists on the master.
First I only deleted the certs of the secondaries there, no success, still
error when sending profiles.
Then I deleted (backed up) also the rest of the files, no success.
The secondary could no longer download the tar.
Then I copied the new ca files (found in the directory where the keys for
the secondary were generated by me) into the certdb directory
I had only 4 files instead of 5, the .der file was missing (crt, csr, ser
and key are the others)
Again tar not downloadable:
Invalid configuration returned from
https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org
exception tarfile.ReadError
file could not be opened successfully
headers
Date: Thu, 16 Aug 2012 23:46:38 GMT
Server: Jetty/5.1.4 (Linux/2.6.18-238.19.1.el5 i386
java/1.6.0_19^M
Expires: 0^M
Set-Cookie: JSESSIONID=2efdq0f0031sd;Path=/sipxconfig^M
Cache-Control: must-revalidate, post-check=0, pre-check=0^M
Pragma: public^M
Content-Disposition: attachment;
filename="th.internal.epo.org.tar.gz"^M
Content-Type: text/html^M
Content-Length: 1282^M
Connection: close^M

#OK#

Contact gssipx02.internal.epo.org

I added sipxconfig.log again.
If you have a suggestion then I would be happy.

Paul

George Niculae <***@ezuce.com> wrote on 17-08-2012 00:17:03:
> > Hi George,
> >
> > Here the sipxconfig log.
> > I browsed through it and saw that "PKIX validation failed" and
"signature
> > check failed"
> > so there are probably still issues with old certificates.
> > If you dont see a fix then I will do a complete rebuild of the
secondaries
> > (tomorrow morning), that should kill it hopefully.
> >
>
> Yes, still key mismatch, you should delete all files from
>
> /etc/sipxpbx/ssl
> /etc/sipxpbx/ssl/authorities
> /var/sipxdata/certdb
>
> on secondaries prior to rerun sipxecs-setup
>
> > Paul
> >
> > BTW Teenagers are still strong and he is now on antibiotics so he
should
> > feel better soon hopefully....
>
> All the best wishes!
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

George Niculae

2012-08-17 07:12:45 UTC

Permalink

On Fri, Aug 17, 2012 at 3:20 AM, <***@epo.org> wrote:
> Hi George, still not ok...
>
> I deleted the contents of the first 2 directories on the secondaries.
> The /var/sipxdata/certdb only exists on the master.
> First I only deleted the certs of the secondaries there, no success, still
> error when sending profiles.
> Then I deleted (backed up) also the rest of the files, no success.
> The secondary could no longer download the tar.
> Then I copied the new ca files (found in the directory where the keys for
> the secondary were generated by me) into the certdb directory
> I had only 4 files instead of 5, the .der file was missing (crt, csr, ser
> and key are the others)
> Again tar not downloadable:
> Invalid configuration returned from
> https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org
> exception tarfile.ReadError
> file could not be opened successfully
> headers
> Date: Thu, 16 Aug 2012 23:46:38 GMT
> Server: Jetty/5.1.4 (Linux/2.6.18-238.19.1.el5 i386
> java/1.6.0_19^M
> Expires: 0^M
> Set-Cookie: JSESSIONID=2efdq0f0031sd;Path=/sipxconfig^M
> Cache-Control: must-revalidate, post-check=0, pre-check=0^M
> Pragma: public^M
> Content-Disposition: attachment;
> filename="th.internal.epo.org.tar.gz"^M
> Content-Type: text/html^M
> Content-Length: 1282^M
> Connection: close^M
>
> #OK#
>
> Contact gssipx02.internal.epo.org
>
> I added sipxconfig.log again.
> If you have a suggestion then I would be happy.
>

That's a problem with initial archive configuration could you manually run

/usr/libexec/sipXecs/initial-config {location.fqdn}

and check output? (make sure that you don't have any space in
hostnames after re adding servers, you could hit
http://track.sipfoundry.org/browse/XX-10183)

George

p***@epo.org

2012-08-17 10:15:56 UTC

Permalink

Hi George,

I'm still struggling. The sipxecs-setup on the secondary still can't load
the initialisation file.
This is of course (when you look at it for the 6th time) just an https
connection.
I pasted
https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org
.tar.gz
in a browser and then I get a login box saying "the server
10.12.48.43:8443 requires a username and password. The server says:
th.internal.epo.org."

Do you know what the userid and password should be (the password is
probably the password from the "Add Server" menu?)
and why this transfer just won't start?

Invalid configuration returned from
https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org
exception tarfile.ReadError
file could not be opened successfully
headers
Date: Thu, 16 Aug 2012 23:46:38 GMT
Server: Jetty/5.1.4 (Linux/2.6.18-238.19.1.el5 i386
java/1.6.0_19^M
Expires: 0^M
Set-Cookie: JSESSIONID=2efdq0f0031sd;Path=/sipxconfig^M
Cache-Control: must-revalidate, post-check=0, pre-check=0^M
Pragma: public^M
Content-Disposition: attachment;
filename="th.internal.epo.org.tar.gz"^M
Content-Type: text/html^M
Content-Length: 1282^M
Connection: close^M

Best regards / Mit freundlichen Grüßen / Sincères salutations

Paul Scheepens
Administrator Network Engineering | Dir. 2.7.3.2
European Patent Office
Patentlaan 3-9 | 2288 EE Rijswijk | The Netherlands
Tel. +31 (0)70 340 3331
Mobile +31 (0)642724894
***@epo.org
http://www.epo.org

sipx-users-***@list.sipfoundry.org wrote on 17-08-2012 10:29:19:

> From:
>
> George Niculae <***@ezuce.com>
>
> To:
>
> Discussion list for users of sipXecs software
<sipx-***@list.sipfoundry.org>
>
> Date:
>
> 17-08-2012 10:29
>
> Subject:
>
> Re: [sipx-users] SipX not starting anymore.
>
> Sent by:
>
> sipx-users-***@list.sipfoundry.org
>
> On Fri, Aug 17, 2012 at 11:06 AM, <***@epo.org> wrote:
> > Hi George, here it is.
> >
> > Seems OK but I don't know whether it needs/puts the (new or old) keys
from
> > the primary in the tar as well.
> > In the /var/sipxdata/certdb are still the old primary keys that
expired
> > (gssipx02.internal.epo.org.crt).
>
> Ah, this seems to be the issue, how did you regenerate keys on
> primary? That should be the correct procedure (noticed on step 2
> deleting certdb as well):
>
> 1. stop all sipXecs services
> 2. delete all files in
> /etc/sipxpbx/ssl
> /etc/sipxpbx/ssl/authorities
> /var/sipxdata/certdb
> 3. In directory /var/sipxdata/certdb
> /usr/bin/ssl-cert/gen-ssl-keys.sh
> chown sipxchange:sipxchange *
> /usr/bin/ssl-cert/install-cert.sh
> 4. start sipXecs services
>
> > In the /etc/sipxpbx/ssl directory is the new ssl.crt that is valid.
> > If it packs gssipx02.internal.epo.org then it packs old stuff........
> > .........checked the file, there are only valid certs for the ca and
the box
> > itself, file attached.
> >
> >
> > Paul
> >
> > George Niculae <***@ezuce.com> wrote on 17-08-2012 09:12:45:
> >
> >
> >> > Hi George, still not ok...
> >> >
> >> > I deleted the contents of the first 2 directories on the
secondaries.
> >> > The /var/sipxdata/certdb only exists on the master.
> >> > First I only deleted the certs of the secondaries there, no
success,
> >> > still
> >> > error when sending profiles.
> >> > Then I deleted (backed up) also the rest of the files, no success.
> >> > The secondary could no longer download the tar.
> >> > Then I copied the new ca files (found in the directory where the
keys
> >> > for
> >> > the secondary were generated by me) into the certdb directory
> >> > I had only 4 files instead of 5, the .der file was missing (crt,
csr,
> >> > ser
> >> > and key are the others)
> >> > Again tar not downloadable:
> >> > Invalid configuration returned from
> >> >
> > https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org
> >
> >> > exception tarfile.ReadError
> >> > file could not be opened successfully
> >> > headers
> >> > Date: Thu, 16 Aug 2012 23:46:38 GMT
> >> > Server: Jetty/5.1.4 (Linux/2.6.18-238.19.1.el5 i386
> >> > java/1.6.0_19^M
> >> > Expires: 0^M
> >> > Set-Cookie: JSESSIONID=2efdq0f0031sd;Path=/sipxconfig^M
> >> > Cache-Control: must-revalidate, post-check=0, pre-check=0^M
> >> > Pragma: public^M
> >> > Content-Disposition: attachment;
> >> > filename="th.internal.epo.org.tar.gz"^M
> >> > Content-Type: text/html^M
> >> > Content-Length: 1282^M
> >> > Connection: close^M
> >> >
> >> > #OK#
> >> >
> >> > Contact gssipx02.internal.epo.org
> >> >
> >> > I added sipxconfig.log again.
> >> > If you have a suggestion then I would be happy.
> >> >
> >>
> >> That's a problem with initial archive configuration could you
manually run
> >>
> >> /usr/libexec/sipXecs/initial-config {location.fqdn}
> >>
> >> and check output? (make sure that you don't have any space in
> >> hostnames after re adding servers, you could hit
> >> http://track.sipfoundry.org/browse/XX-10183
> > )
> >>
> >> George
> >
> >> _______________________________________________
> >> sipx-users mailing list
> >> sipx-***@list.sipfoundry.org
> >> List Archive:
> > http://list.sipfoundry.org/archive/sipx-users/
> >
> > _______________________________________________
> > sipx-users mailing list
> > sipx-***@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

George Niculae

2012-08-17 10:26:25 UTC

Permalink

On Fri, Aug 17, 2012 at 1:15 PM, <***@epo.org> wrote:
> Hi George,
>
> I'm still struggling. The sipxecs-setup on the secondary still can't load
> the initialisation file.
> This is of course (when you look at it for the 6th time) just an https
> connection.
> I pasted
> https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org.tar.gz
> in a browser and then I get a login box saying "the server 10.12.48.43:8443
> requires a username and password. The server says: th.internal.epo.org."
>
> Do you know what the userid and password should be (the password is probably
> the password from the "Add Server" menu?)

Right, the password is the one from Server page assigned to that
location, the username is fqdn of the location

> and why this transfer just won't start?

There is a problem with running initial-config script, please edit
/etc/sipxpbx/log4j.properties and change
log4j.logger.org.sipfoundry.sipxconfig=info
to
log4j.logger.org.sipfoundry.sipxconfig=debug

then restart config and try again. Then in sipxconfig.log the command
issued for generating archive will be displayed, something like:
Executing: initial-config {locationName}

George

>
> Invalid configuration returned from
> https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org
> exception tarfile.ReadError
> file could not be opened successfully
> headers
> Date: Thu, 16 Aug 2012 23:46:38 GMT
> Server: Jetty/5.1.4 (Linux/2.6.18-238.19.1.el5 i386
> java/1.6.0_19^M
> Expires: 0^M
> Set-Cookie: JSESSIONID=2efdq0f0031sd;Path=/sipxconfig^M
> Cache-Control: must-revalidate, post-check=0, pre-check=0^M
> Pragma: public^M
> Content-Disposition: attachment;
> filename="th.internal.epo.org.tar.gz"^M
> Content-Type: text/html^M
> Content-Length: 1282^M
> Connection: close^M
>
>
> Best regards / Mit freundlichen Grüßen / Sincères salutations
>
> Paul Scheepens
> Administrator Network Engineering | Dir. 2.7.3.2
> European Patent Office
> Patentlaan 3-9 | 2288 EE Rijswijk | The Netherlands
> Tel. +31 (0)70 340 3331
> Mobile +31 (0)642724894
> ***@epo.org
> http://www.epo.org
>
>
> sipx-users-***@list.sipfoundry.org wrote on 17-08-2012 10:29:19:
>
>> From:
>>
>> George Niculae <***@ezuce.com>
>>
>> To:
>>
>> Discussion list for users of sipXecs software
>> <sipx-***@list.sipfoundry.org>
>>
>> Date:
>>
>> 17-08-2012 10:29
>>
>> Subject:
>>
>> Re: [sipx-users] SipX not starting anymore.
>>
>> Sent by:
>>
>> sipx-users-***@list.sipfoundry.org
>>
>> On Fri, Aug 17, 2012 at 11:06 AM, <***@epo.org> wrote:
>> > Hi George, here it is.
>> >
>> > Seems OK but I don't know whether it needs/puts the (new or old) keys
>> > from
>> > the primary in the tar as well.
>> > In the /var/sipxdata/certdb are still the old primary keys that expired
>> > (gssipx02.internal.epo.org.crt).
>>
>> Ah, this seems to be the issue, how did you regenerate keys on
>> primary? That should be the correct procedure (noticed on step 2
>> deleting certdb as well):
>>
>> 1. stop all sipXecs services
>> 2. delete all files in
>> /etc/sipxpbx/ssl
>> /etc/sipxpbx/ssl/authorities
>> /var/sipxdata/certdb
>> 3. In directory /var/sipxdata/certdb
>> /usr/bin/ssl-cert/gen-ssl-keys.sh
>> chown sipxchange:sipxchange *
>> /usr/bin/ssl-cert/install-cert.sh
>> 4. start sipXecs services
>>
>> > In the /etc/sipxpbx/ssl directory is the new ssl.crt that is valid.
>> > If it packs gssipx02.internal.epo.org then it packs old stuff........
>> > .........checked the file, there are only valid certs for the ca and the
>> > box
>> > itself, file attached.
>> >
>> >
>> > Paul
>> >
>> > George Niculae <***@ezuce.com> wrote on 17-08-2012 09:12:45:
>> >
>> >
>> >> > Hi George, still not ok...
>> >> >
>> >> > I deleted the contents of the first 2 directories on the secondaries.
>> >> > The /var/sipxdata/certdb only exists on the master.
>> >> > First I only deleted the certs of the secondaries there, no success,
>> >> > still
>> >> > error when sending profiles.
>> >> > Then I deleted (backed up) also the rest of the files, no success.
>> >> > The secondary could no longer download the tar.
>> >> > Then I copied the new ca files (found in the directory where the keys
>> >> > for
>> >> > the secondary were generated by me) into the certdb directory
>> >> > I had only 4 files instead of 5, the .der file was missing (crt, csr,
>> >> > ser
>> >> > and key are the others)
>> >> > Again tar not downloadable:
>> >> > Invalid configuration returned from
>> >> >
>> > https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org
>> >
>> >> > exception tarfile.ReadError
>> >> > file could not be opened successfully
>> >> > headers
>> >> > Date: Thu, 16 Aug 2012 23:46:38 GMT
>> >> > Server: Jetty/5.1.4 (Linux/2.6.18-238.19.1.el5 i386
>> >> > java/1.6.0_19^M
>> >> > Expires: 0^M
>> >> > Set-Cookie: JSESSIONID=2efdq0f0031sd;Path=/sipxconfig^M
>> >> > Cache-Control: must-revalidate, post-check=0, pre-check=0^M
>> >> > Pragma: public^M
>> >> > Content-Disposition: attachment;
>> >> > filename="th.internal.epo.org.tar.gz"^M
>> >> > Content-Type: text/html^M
>> >> > Content-Length: 1282^M
>> >> > Connection: close^M
>> >> >
>> >> > #OK#
>> >> >
>> >> > Contact gssipx02.internal.epo.org
>> >> >
>> >> > I added sipxconfig.log again.
>> >> > If you have a suggestion then I would be happy.
>> >> >
>> >>
>> >> That's a problem with initial archive configuration could you manually
>> >> run
>> >>
>> >> /usr/libexec/sipXecs/initial-config {location.fqdn}
>> >>
>> >> and check output? (make sure that you don't have any space in
>> >> hostnames after re adding servers, you could hit
>> >> http://track.sipfoundry.org/browse/XX-10183
>> > )
>> >>
>> >> George
>> >
>> >> _______________________________________________
>> >> sipx-users mailing list
>> >> sipx-***@list.sipfoundry.org
>> >> List Archive:
>> > http://list.sipfoundry.org/archive/sipx-users/
>> >
>> > _______________________________________________
>> > sipx-users mailing list
>> > sipx-***@list.sipfoundry.org
>> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
>> _______________________________________________
>> sipx-users mailing list
>> sipx-***@list.sipfoundry.org
>> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

p***@epo.org

2012-08-17 12:24:16 UTC

Permalink

Hi george, I deleted everything in /var/sipxdata/tmp
Then the initialconfig is not run anymore, so that is not good.
Put everything back except tar.gz's, then it still does not work.
These were the tar's:
sipx-configuration.tar.gz
sipx-snapshot-gmsipx02.internal.epo.org.tar.gz
sipx-snapshot-gssipx02.internal.epo.org.tar.gz
sipx-snapshot-th.internal.epo.org.tar.gz

Paul

BTW: I have to go now because of my son (has to go to hospital).

George Niculae wrote on 17-08-2012 13:57:35:

> From:
>
>
>
> On Fri, Aug 17, 2012 at 2:49 PM, <***@epo.org> wrote:
> > Hi George,
> >
> > Here is the log file, at 2012-08-17T11:24:03.130000 the initial-config
> > starts, the next message is
> > RequestExceptionReporter:"Unable to process client request: Script
finished
> > with exit code: 1"
> > So indeed not good.
> >
> > With my knowledge I don't see what's going wrong, maybe you can :)
> >
> > Paul
> >
>
> Hm is the same command you manually run and completed successfully,
> the only difference is that you execute it as root. Check if any
> archive in /var/sipxdata/tmp and if so delete it, then rerun script as
> sipxchange
>
> George
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

p***@epo.org

2012-08-20 12:34:27 UTC

Permalink

Hi George,

Back at work, trying to solve the initialconfig problem.
I started with a restart this morning with all the files in the
/var/sipxdata/tmp/ in place (restored them friday).
Then added a server through the GUI
This resulted in a run of initialconfig with an exit code 1. (09:55:44.821
in log file)
I then deleted all the tar.gz's in /var/sipxdata/tmp (or should I delete
something else?)
Restarted services again.
Added a server again through the GUI.
Then the initial-config did not run anymore, in the log file I see a
"Connection refused" around that time, 10:14:14.754
I put all the tar.gz's back in place, restarted services, but still
initialconfig won't run.
All I see is a replicationBean error around 10:29:44.211
After some time this will probably work again because of some
synchronisation (because it also worked this morning).
But then I will run into the exit code 1 problem again.
Any clue how to solve this, because if I am not mistaken I am otherwise
looking at a complete rebuild of all the servers.

Paul

Paul Scheepens wrote on 17-08-2012 14:24:16:

> Hi george, I deleted everything in /var/sipxdata/tmp
> Then the initialconfig is not run anymore, so that is not good.
> Put everything back except tar.gz's, then it still does not work.
> These were the tar's:
> sipx-configuration.tar.gz
> sipx-snapshot-gmsipx02.internal.epo.org.tar.gz
> sipx-snapshot-gssipx02.internal.epo.org.tar.gz
> sipx-snapshot-th.internal.epo.org.tar.gz
>
> Paul
>
> BTW: I have to go now because of my son (has to go to hospital).
>
> George Niculae wrote on 17-08-2012 13:57:35:
>
> > From:
> >
> >
> >
> > On Fri, Aug 17, 2012 at 2:49 PM, <***@epo.org> wrote:
> > > Hi George,
> > >
> > > Here is the log file, at 2012-08-17T11:24:03.130000 the
initial-config
> > > starts, the next message is
> > > RequestExceptionReporter:"Unable to process client request:
> Script finished
> > > with exit code: 1"
> > > So indeed not good.
> > >
> > > With my knowledge I don't see what's going wrong, maybe you can :)
> > >
> > > Paul
> > >
> >
> > Hm is the same command you manually run and completed successfully,
> > the only difference is that you execute it as root. Check if any
> > archive in /var/sipxdata/tmp and if so delete it, then rerun script as
> > sipxchange
> >
> > George
> > _______________________________________________
> > sipx-users mailing list
> > sipx-***@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

George Niculae

2012-08-20 13:29:14 UTC

Permalink

On Mon, Aug 20, 2012 at 3:34 PM, <***@epo.org> wrote:
> Hi George,
>
> Back at work, trying to solve the initialconfig problem.
> I started with a restart this morning with all the files in the
> /var/sipxdata/tmp/ in place (restored them friday).
> Then added a server through the GUI
> This resulted in a run of initialconfig with an exit code 1. (09:55:44.821
> in log file)
> I then deleted all the tar.gz's in /var/sipxdata/tmp (or should I delete
> something else?)
> Restarted services again.
> Added a server again through the GUI.
> Then the initial-config did not run anymore, in the log file I see a
> "Connection refused" around that time, 10:14:14.754

I think you see this because there is another server configured, can
you start from the beginning one more time and leave only master? that
is gssipx02.internal.epo.org I assume. Then add slave in UI, run
sipxecs-setup on slave and see if still same error. If you get the
error try to manually run intial-config script and see if archive gets
generated inside /var/sipxdata/tmp/
No need to manually delete any archive from /var/sipxdata/tmp/

> I put all the tar.gz's back in place, restarted services, but still
> initialconfig won't run.
> All I see is a replicationBean error around 10:29:44.211
> After some time this will probably work again because of some
> synchronisation (because it also worked this morning).
> But then I will run into the exit code 1 problem again.
> Any clue how to solve this, because if I am not mistaken I am otherwise
> looking at a complete rebuild of all the servers.

Let's give it one more try before doing this

George

p***@epo.org

2012-08-21 15:27:03 UTC

Permalink

I did sipx-setup on the secondary and then initialconfig is run on the
primary, but it fails.
And although an archive is there from the manual run of initialconfig the
get of the file fails as well.
If I try a manual get in a browser like this:
https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org.tar.gz

then I get a "file not found".

Attached the log file of the failed run of initialconfig after the
sipx-setup.

Paul

George Niculae <***@ezuce.com> wrote on 20-08-2012 20:33:22:

> On Mon, Aug 20, 2012 at 6:06 PM, <***@epo.org> wrote:
> >
> >
> > I had a look into the initialconfig directory and there I found the
archive:
> > [***@gssipx02 initial-config]# ls -al
/var/sipxdata/tmp/initial-config/
> > total 44
> > drwxr-xr-x 4 root root 4096 Aug 20 16:37 .
> > drwxr-xr-x 15 sipxchange sipxchange 20480 Aug 20 16:37 ..
> > drwxr-xr-x 4 root root 4096 Aug 20 16:37 etc
> > -rw-r--r-- 1 root root 3973 Aug 20 16:37 .tar.gz
> > drwxr-xr-x 3 root root 4096 Aug 20 16:37
th.internal.epo.org
> > -rw-r--r-- 1 root root 3952 Aug 20 16:37
> > th.internal.epo.org.tar.gz
>
> Ah, right Sorry about, that should be the proper directory
> /var/sipxdata/tmp/initial-config/
>
> > [***@gssipx02 initial-config]#
> >
> > So with a manual run it is being created.
> > I then tried to add a server (at around 16:40, so 14:40 in the logfile
> > (GMT+2) through the GUI, nothing in the sipxconfig.log relating
to"initial"
> > or the servername.
>
> The entry regarding initial-config will appear after sipxecs-setup
> performed on secondary (that is not registered, check UI before)
>
> >
> > Looking through the files a bit more I found it a bit strange that
> > /etc/sipxpbx/ssl/th/ca.gssipx02.internal.epo.org.crt
> > [***@gssipx02 ssl]# ls -al
> > /etc/sipxpbx/ssl/th/ca.gssipx02.internal.epo.org.crt
> > -rw-r--r-- 1 root root 2377 Aug 16 20:02
> > /etc/sipxpbx/ssl/th/ca.gssipx02.internal.epo.org.crt
> > is different from
> >
> > /var/sipxdata/tmp/initial-config/etc/sipxpbx/ssl/authorities/
> ca.gssipx02.internal.epo.org.crt
> > [***@gssipx02 ssl]# ls -al
> > /var/sipxdata/tmp/initial-config/etc/sipxpbx/ssl/authorities/
> > total 12
> > drwx------ 2 sipxchange root 4096 Aug 20 16:37 .
> > drwx------ 3 sipxchange root 4096 Aug 20 16:37 ..
> > lrwxrwxrwx 1 root root 32 Aug 20 16:37 c6310ad2.0 ->
> > ca.gssipx02.internal.epo.org.crt
> > -rw-r--r-- 1 sipxchange root 2377 Aug 20 16:37
> > ca.gssipx02.internal.epo.org.crt
> >
> > I don't know whether that is important, but it looked suspicious to
me, why
> > would there be a different ca certificate?.
> >
> >
>
> That's the way it generates afaik, related to machine hostname
>
> >
> > Paul
> >
> > sipx-users-***@list.sipfoundry.org wrote on 20-08-2012 15:29:14:
> >
> >> From:
> >>
> >> George Niculae <***@ezuce.com>
> >>
> >> To:
> >>
> >> Discussion list for users of sipXecs software
> >> <sipx-***@list.sipfoundry.org>
> >>
> >> Date:
> >>
> >> 20-08-2012 15:29
> >>
> >> Subject:
> >>
> >> Re: [sipx-users] SipX not starting anymore.
> >>
> >> Sent by:
> >>
> >> sipx-users-***@list.sipfoundry.org
> >>
> >> On Mon, Aug 20, 2012 at 3:34 PM, <***@epo.org> wrote:
> >> > Hi George,
> >> >
> >> > Back at work, trying to solve the initialconfig problem.
> >> > I started with a restart this morning with all the files in the
> >> > /var/sipxdata/tmp/ in place (restored them friday).
> >> > Then added a server through the GUI
> >> > This resulted in a run of initialconfig with an exit code 1.
> >> > (09:55:44.821
> >> > in log file)
> >> > I then deleted all the tar.gz's in /var/sipxdata/tmp (or should I
delete
> >> > something else?)
> >> > Restarted services again.
> >> > Added a server again through the GUI.
> >> > Then the initial-config did not run anymore, in the log file I see
a
> >> > "Connection refused" around that time, 10:14:14.754
> >>
> >> I think you see this because there is another server configured, can
> >> you start from the beginning one more time and leave only master?
that
> >> is gssipx02.internal.epo.org I assume. Then add slave in UI, run
> >> sipxecs-setup on slave and see if still same error. If you get the
> >> error try to manually run intial-config script and see if archive
gets
> >> generated inside /var/sipxdata/tmp/
> >> No need to manually delete any archive from /var/sipxdata/tmp/
> >>
> >> > I put all the tar.gz's back in place, restarted services, but still
> >> > initialconfig won't run.
> >> > All I see is a replicationBean error around 10:29:44.211
> >> > After some time this will probably work again because of some
> >> > synchronisation (because it also worked this morning).
> >> > But then I will run into the exit code 1 problem again.
> >> > Any clue how to solve this, because if I am not mistaken I am
otherwise
> >> > looking at a complete rebuild of all the servers.
> >>
> >> Let's give it one more try before doing this
> >>
> >> George
> >> _______________________________________________
> >> sipx-users mailing list
> >> sipx-***@list.sipfoundry.org
> >> List Archive:
> > http://list.sipfoundry.org/archive/sipx-users/
> >
> > _______________________________________________
> > sipx-users mailing list
> > sipx-***@list.sipfoundry.org
> > List Archive: http://list.sipfoundry.org/archive/sipx-users/
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

George Niculae

2012-08-21 15:34:18 UTC

Permalink

On Tue, Aug 21, 2012 at 6:27 PM, <***@epo.org> wrote:
> I did sipx-setup on the secondary and then initialconfig is run on the
> primary, but it fails.
> And although an archive is there from the manual run of initialconfig the
> get of the file fails as well.
> If I try a manual get in a browser like this:
> https://10.12.48.43:8443/sipxconfig/initial-config/th.internal.epo.org.tar.gz
> then I get a "file not found".
>
Is it correct that it happens also when you run sipx-setup on
secondary without already having the archive from the manual run?
(archive generation could fail if file already there)

George

p***@epo.org

2012-08-20 15:06:13 UTC

Permalink

I am sorry to say, but I already deleted both secondaries, so when I added
"th.internal.epo.org" the only other server around was
the primary (indeed "gssipx02.internal.epo.org").

I ran initialconfig manually and could not find any archives in
/var/sipxdata/tmp:
[***@gssipx02 freeswitch]# ls -al /var/sipxdata/tmp/
total 69520
drwxr-xr-x 15 sipxchange sipxchange 20480 Aug 20 16:37 .
drwxr-xr-x 19 sipxchange sipxchange 4096 Aug 15 2011 ..
-rw-r--r-- 1 root root 45025280 Aug 17 14:08 all.tar
-rw-r--r-- 1 root root 4874240 Aug 20 12:10 allzips.tar
drwxr-xr-x 2 root root 4096 Aug 17 14:01 bkup
drwxr-xr-x 2 root sipxchange 4096 Apr 21 2010 cache_sbinet
-rw-r--r-- 1 sipxchange sipxchange 505 Jan 26 2011
cdr-active-callers-graph.csv
-rw-r--r-- 1 sipxchange sipxchange 15592 Jan 26 2011
cdr-active-callers-graph.html
drwxr-xr-x 2 sipxchange sipxchange 4096 Jan 26 2011
cdr-active-callers-graph.html_files
-rw-r--r-- 1 sipxchange sipxchange 79999 Jan 26 2011
cdr-active-callers-graph.pdf
-rw-r--r-- 1 sipxchange sipxchange 91648 Jan 26 2011
cdr-active-callers-graph.xls
-rw-r--r-- 1 sipxchange sipxchange 110010 Mar 3 2011
cdr-extension-report.csv
-rw-r--r-- 1 sipxchange sipxchange 2015047 Mar 3 2011
cdr-extension-report.html
drwxr-xr-x 2 sipxchange sipxchange 4096 Mar 3 2011
cdr-extension-report.html_files
-rw-r--r-- 1 sipxchange sipxchange 92695 Mar 3 2011
cdr-extension-report.pdf
-rw-r--r-- 1 sipxchange sipxchange 1114112 Mar 3 2011
cdr-extension-report.xls
-rw-r--r-- 1 sipxchange sipxchange 213 Jul 2 2010
cdr-longdistance-report.csv
-rw-r--r-- 1 sipxchange sipxchange 8230 Jul 2 2010
cdr-longdistance-report.html
drwxr-xr-x 2 sipxchange sipxchange 4096 Jul 2 2010
cdr-longdistance-report.html_files
-rw-r--r-- 1 sipxchange sipxchange 11465 Jul 2 2010
cdr-longdistance-report.pdf
-rw-r--r-- 1 sipxchange sipxchange 11776 Jul 2 2010
cdr-longdistance-report.xls
-rw-r--r-- 1 sipxchange sipxchange 250 Jul 2 2010
cdr-minutes-outgoing-graph.csv
-rw-r--r-- 1 sipxchange sipxchange 8138 Jul 2 2010
cdr-minutes-outgoing-graph.html
drwxr-xr-x 2 sipxchange sipxchange 4096 Jul 2 2010
cdr-minutes-outgoing-graph.html_files
-rw-r--r-- 1 sipxchange sipxchange 63036 Jul 2 2010
cdr-minutes-outgoing-graph.pdf
-rw-r--r-- 1 sipxchange sipxchange 68608 Jul 2 2010
cdr-minutes-outgoing-graph.xls
-rw-r--r-- 1 sipxchange sipxchange 122010 Mar 3 2011
cdr-table-report.csv
-rw-r--r-- 1 sipxchange sipxchange 2966822 Mar 3 2011
cdr-table-report.html
drwxr-xr-x 2 sipxchange sipxchange 4096 May 26 2010
cdr-table-report.html_files
-rw-r--r-- 1 sipxchange sipxchange 159373 Mar 3 2011
cdr-table-report.pdf
-rw-r--r-- 1 sipxchange sipxchange 1575936 Mar 3 2011
cdr-table-report.xls
-rw-r--r-- 1 sipxchange sipxchange 10 Apr 20 2010 check-update.err
-rw-r--r-- 1 sipxchange sipxchange 175 Apr 20 2010
check-update.output
-rw-r--r-- 1 sipxchange sipxchange 818 Jan 11 2011
csv_import5493224017210895546.tmp
-rw-r--r-- 1 sipxchange sipxchange 838 Jan 11 2011
csv_import6078836245117277261.tmp
-rw-r--r-- 1 sipxchange sipxchange 23419 Aug 29 2011
export784065652261213252.csv
-rw-r--r-- 1 sipxchange sipxchange 25837 Mar 29 14:05
export969323880305342283.csv
drwxr-xr-x 2 sipxchange sipxchange 4096 Aug 20 16:41 freeswitch
drwxr-xr-x 3 sipxchange sipxchange 4096 Jun 6 2011
ftpBackup2366148402684858945dir
-rw-r--r-- 1 sipxchange sipxchange 0 Jan 26 2010 generateDns.err
-rw-r--r-- 1 sipxchange sipxchange 0 Jan 26 2010
generateDns.output
-rwxr-xr-x 1 sipxchange sipxchange 0 Aug 20 12:28 imdb.bce
-rwxr-xr-x 1 sipxchange sipxchange 0 Aug 20 12:28 imdb.cs
-rwxr-xr-x 1 sipxchange sipxchange 0 Aug 20 12:28 imdb.dm
-rwxr-xr-x 1 sipxchange sipxchange 0 Aug 20 12:28 imdb.in
-rw-r--r-- 1 sipxchange sipxchange 8388608 Aug 20 16:41 imdb.odb
-rwxr-xr-x 1 sipxchange sipxchange 0 Aug 20 12:28 imdb.rs
-rwxr-xr-x 1 sipxchange sipxchange 0 Aug 20 12:28 imdb.us
-rwxr-xr-x 1 sipxchange sipxchange 0 Aug 20 12:28 imdb.ws
drwxr-xr-x 2 sipxchange sipxchange 4096 Aug 16 20:03 index
drwxr-xr-x 4 root root 4096 Aug 20 16:37 initial-config
drwxr-xr-x 3 sipxchange sipxchange 4096 Aug 20 12:28
Jetty__8443__cmcprov
drwxr-xr-x 3 sipxchange sipxchange 4096 Aug 20 12:28
Jetty__8443__sipxconfig
-rw-r--r-- 1 sipxchange sipxchange 10 Nov 13 2009 restart.err
-rw-r--r-- 1 sipxchange sipxchange 796 Nov 13 2009 restart.output
-rw-r--r-- 1 sipxchange sipxchange 1478199 May 12 2011
sipx-configuration.tar.gz
-rw-r--r-- 1 root sipxchange 20 Aug 20 12:28
sipxopenfire.version
-rw-r--r-- 1 sipxchange sipxchange 1057356 May 12 2011
sipx-snapshot-gmsipx02.internal.epo.org.tar.gz
-rw-r--r-- 1 sipxchange sipxchange 1478199 May 12 2011
sipx-snapshot-gssipx02.internal.epo.org.tar.gz
-rw-r--r-- 1 sipxchange sipxchange 848144 May 12 2011
sipx-snapshot-th.internal.epo.org.tar.gz
-rw-r--r-- 1 sipxchange sipxchange 0 Aug 20 12:28 ssl_scache.dir
-rw-r--r-- 1 sipxchange sipxchange 0 Aug 20 12:28 ssl_scache.pag
-rw-r--r-- 1 root root 4874240 Aug 17 14:10 tars.tar
-rw-r--r-- 1 sipxchange sipxchange 20 Dec 4 2009 update.err
-rw-r--r-- 1 sipxchange sipxchange 11515 Dec 4 2009 update.output
-rw-r--r-- 1 sipxchange sipxchange 10 Jan 12 2010 version.err
-rw-r--r-- 1 sipxchange sipxchange 74 Jan 12 2010 version.output

I had a look into the initialconfig directory and there I found the
archive:
[***@gssipx02 initial-config]# ls -al /var/sipxdata/tmp/initial-config/
total 44
drwxr-xr-x 4 root root 4096 Aug 20 16:37 .
drwxr-xr-x 15 sipxchange sipxchange 20480 Aug 20 16:37 ..
drwxr-xr-x 4 root root 4096 Aug 20 16:37 etc
-rw-r--r-- 1 root root 3973 Aug 20 16:37 .tar.gz
drwxr-xr-x 3 root root 4096 Aug 20 16:37 th.internal.epo.org
-rw-r--r-- 1 root root 3952 Aug 20 16:37
th.internal.epo.org.tar.gz
[***@gssipx02 initial-config]#

So with a manual run it is being created.
I then tried to add a server (at around 16:40, so 14:40 in the logfile
(GMT+2) through the GUI, nothing in the sipxconfig.log relating to
"initial" or the servername.

Looking through the files a bit more I found it a bit strange that
/etc/sipxpbx/ssl/th/ca.gssipx02.internal.epo.org.crt
[***@gssipx02 ssl]# ls -al
/etc/sipxpbx/ssl/th/ca.gssipx02.internal.epo.org.crt
-rw-r--r-- 1 root root 2377 Aug 16 20:02
/etc/sipxpbx/ssl/th/ca.gssipx02.internal.epo.org.crt
is different from

/var/sipxdata/tmp/initial-config/etc/sipxpbx/ssl/authorities/ca.gssipx02.internal.epo.org.crt
[***@gssipx02 ssl]# ls -al
/var/sipxdata/tmp/initial-config/etc/sipxpbx/ssl/authorities/
total 12
drwx------ 2 sipxchange root 4096 Aug 20 16:37 .
drwx------ 3 sipxchange root 4096 Aug 20 16:37 ..
lrwxrwxrwx 1 root root 32 Aug 20 16:37 c6310ad2.0 ->
ca.gssipx02.internal.epo.org.crt
-rw-r--r-- 1 sipxchange root 2377 Aug 20 16:37
ca.gssipx02.internal.epo.org.crt

I don't know whether that is important, but it looked suspicious to me,
why would there be a different ca certificate?.

Paul

sipx-users-***@list.sipfoundry.org wrote on 20-08-2012 15:29:14:

> From:
>
> George Niculae <***@ezuce.com>
>
> To:
>
> Discussion list for users of sipXecs software
<sipx-***@list.sipfoundry.org>
>
> Date:
>
> 20-08-2012 15:29
>
> Subject:
>
> Re: [sipx-users] SipX not starting anymore.
>
> Sent by:
>
> sipx-users-***@list.sipfoundry.org
>
> On Mon, Aug 20, 2012 at 3:34 PM, <***@epo.org> wrote:
> > Hi George,
> >
> > Back at work, trying to solve the initialconfig problem.
> > I started with a restart this morning with all the files in the
> > /var/sipxdata/tmp/ in place (restored them friday).
> > Then added a server through the GUI
> > This resulted in a run of initialconfig with an exit code 1.
(09:55:44.821
> > in log file)
> > I then deleted all the tar.gz's in /var/sipxdata/tmp (or should I
delete
> > something else?)
> > Restarted services again.
> > Added a server again through the GUI.
> > Then the initial-config did not run anymore, in the log file I see a
> > "Connection refused" around that time, 10:14:14.754
>
> I think you see this because there is another server configured, can
> you start from the beginning one more time and leave only master? that
> is gssipx02.internal.epo.org I assume. Then add slave in UI, run
> sipxecs-setup on slave and see if still same error. If you get the
> error try to manually run intial-config script and see if archive gets
> generated inside /var/sipxdata/tmp/
> No need to manually delete any archive from /var/sipxdata/tmp/
>
> > I put all the tar.gz's back in place, restarted services, but still
> > initialconfig won't run.
> > All I see is a replicationBean error around 10:29:44.211
> > After some time this will probably work again because of some
> > synchronisation (because it also worked this morning).
> > But then I will run into the exit code 1 problem again.
> > Any clue how to solve this, because if I am not mistaken I am
otherwise
> > looking at a complete rebuild of all the servers.
>
> Let's give it one more try before doing this
>
> George
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

George Niculae

2012-08-20 18:33:22 UTC

Permalink

On Mon, Aug 20, 2012 at 6:06 PM, <***@epo.org> wrote:
>
>
> I had a look into the initialconfig directory and there I found the archive:
> [***@gssipx02 initial-config]# ls -al /var/sipxdata/tmp/initial-config/
> total 44
> drwxr-xr-x 4 root root 4096 Aug 20 16:37 .
> drwxr-xr-x 15 sipxchange sipxchange 20480 Aug 20 16:37 ..
> drwxr-xr-x 4 root root 4096 Aug 20 16:37 etc
> -rw-r--r-- 1 root root 3973 Aug 20 16:37 .tar.gz
> drwxr-xr-x 3 root root 4096 Aug 20 16:37 th.internal.epo.org
> -rw-r--r-- 1 root root 3952 Aug 20 16:37
> th.internal.epo.org.tar.gz

Ah, right Sorry about, that should be the proper directory
/var/sipxdata/tmp/initial-config/

> [***@gssipx02 initial-config]#
>
> So with a manual run it is being created.
> I then tried to add a server (at around 16:40, so 14:40 in the logfile
> (GMT+2) through the GUI, nothing in the sipxconfig.log relating to "initial"
> or the servername.

The entry regarding initial-config will appear after sipxecs-setup
performed on secondary (that is not registered, check UI before)

>
> Looking through the files a bit more I found it a bit strange that
> /etc/sipxpbx/ssl/th/ca.gssipx02.internal.epo.org.crt
> [***@gssipx02 ssl]# ls -al
> /etc/sipxpbx/ssl/th/ca.gssipx02.internal.epo.org.crt
> -rw-r--r-- 1 root root 2377 Aug 16 20:02
> /etc/sipxpbx/ssl/th/ca.gssipx02.internal.epo.org.crt
> is different from
>
> /var/sipxdata/tmp/initial-config/etc/sipxpbx/ssl/authorities/ca.gssipx02.internal.epo.org.crt
> [***@gssipx02 ssl]# ls -al
> /var/sipxdata/tmp/initial-config/etc/sipxpbx/ssl/authorities/
> total 12
> drwx------ 2 sipxchange root 4096 Aug 20 16:37 .
> drwx------ 3 sipxchange root 4096 Aug 20 16:37 ..
> lrwxrwxrwx 1 root root 32 Aug 20 16:37 c6310ad2.0 ->
> ca.gssipx02.internal.epo.org.crt
> -rw-r--r-- 1 sipxchange root 2377 Aug 20 16:37
> ca.gssipx02.internal.epo.org.crt
>
> I don't know whether that is important, but it looked suspicious to me, why
> would there be a different ca certificate?.
>
>

That's the way it generates afaik, related to machine hostname

>
> Paul
>
> sipx-users-***@list.sipfoundry.org wrote on 20-08-2012 15:29:14:
>
>> From:
>>
>> George Niculae <***@ezuce.com>
>>
>> To:
>>
>> Discussion list for users of sipXecs software
>> <sipx-***@list.sipfoundry.org>
>>
>> Date:
>>
>> 20-08-2012 15:29
>>
>> Subject:
>>
>> Re: [sipx-users] SipX not starting anymore.
>>
>> Sent by:
>>
>> sipx-users-***@list.sipfoundry.org
>>
>> On Mon, Aug 20, 2012 at 3:34 PM, <***@epo.org> wrote:
>> > Hi George,
>> >
>> > Back at work, trying to solve the initialconfig problem.
>> > I started with a restart this morning with all the files in the
>> > /var/sipxdata/tmp/ in place (restored them friday).
>> > Then added a server through the GUI
>> > This resulted in a run of initialconfig with an exit code 1.
>> > (09:55:44.821
>> > in log file)
>> > I then deleted all the tar.gz's in /var/sipxdata/tmp (or should I delete
>> > something else?)
>> > Restarted services again.
>> > Added a server again through the GUI.
>> > Then the initial-config did not run anymore, in the log file I see a
>> > "Connection refused" around that time, 10:14:14.754
>>
>> I think you see this because there is another server configured, can
>> you start from the beginning one more time and leave only master? that
>> is gssipx02.internal.epo.org I assume. Then add slave in UI, run
>> sipxecs-setup on slave and see if still same error. If you get the
>> error try to manually run intial-config script and see if archive gets
>> generated inside /var/sipxdata/tmp/
>> No need to manually delete any archive from /var/sipxdata/tmp/
>>
>> > I put all the tar.gz's back in place, restarted services, but still
>> > initialconfig won't run.
>> > All I see is a replicationBean error around 10:29:44.211
>> > After some time this will probably work again because of some
>> > synchronisation (because it also worked this morning).
>> > But then I will run into the exit code 1 problem again.
>> > Any clue how to solve this, because if I am not mistaken I am otherwise
>> > looking at a complete rebuild of all the servers.
>>
>> Let's give it one more try before doing this
>>
>> George
>> _______________________________________________
>> sipx-users mailing list
>> sipx-***@list.sipfoundry.org
>> List Archive:
> http://list.sipfoundry.org/archive/sipx-users/
>
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/

p***@epo.org

2012-08-21 16:11:47 UTC

Permalink

I cleared everything under /var/sipxdata/tmp/initial-config
Then ran the GUI, and ran sipx-setup on the secondary, still failed to get
file, the whole initial-config directory was still empty.
I then ran a manual sipx-setup and all files were created again.

In the attached log at 16:07:02.379 the GUI-run fails while the directory
is empty.

Paul

George Niculae <***@ezuce.com> wrote on 21-08-2012 17:34:18:

> On Tue, Aug 21, 2012 at 6:27 PM, <***@epo.org> wrote:
> > I did sipx-setup on the secondary and then initialconfig is run on the
> > primary, but it fails.
> > And although an archive is there from the manual run of initialconfig
the
> > get of the file fails as well.
> > If I try a manual get in a browser like this:
> > https://10.12.48.43:8443/sipxconfig/initial-config/
> th.internal.epo.org.tar.gz
> > then I get a "file not found".
> >
> Is it correct that it happens also when you run sipx-setup on
> secondary without already having the archive from the manual run?
> (archive generation could fail if file already there)
>
> George
> _______________________________________________
> sipx-users mailing list
> sipx-***@list.sipfoundry.org
> List Archive: http://list.sipfoundry.org/archive/sipx-users/