Troubleshooting¶
List of relevant configuration files¶
/etc/httpd/conf.d/td-regserver.httpd.conf
:- This configuration file loads and enables the TeamDrive Registration
Server-specific Apache module
mod_yvva.so
. This Apache module is responsible for providing the web-based Registration Server Installer and the Registration Server API. /etc/logrotate.d/td-regserver
:- This file configures how the log files belonging to the TeamDrive
Registration Server are being rotated. See the
logrotate(8)
manual page for details. /etc/td-regserver.conf
:- This file defines how the
td-regserver
background service is started using theyvvad
daemon. /etc/td-regserver.my.cnf
:- This configuration file defines the MySQL credentials used to access the
regdb
MySQL database. It is read by the Apache modulemod_yvva
, the PHP-based Administration Console as well as theyvvad
daemon that runs thetd-hostserver
background tasks and theyvva
command line client. /etc/yvva.conf
:- This configuration file contains configuration settings specific to the Yvva
Runtime Environment that are shared by all Yvva components, namely the
mod_yyva
Apache module, theyvvad
daemon and theyvva
command line shell. /var/www/html/tdlibs/globals.php
:- This configuration file defines the MySQL login credentials required for the TeamDrive Registration Server Administration Console.
List of relevant log files¶
In order to debug and analyse problems with the Registration Server configuration, there are several log files that you can consult:
/var/log/td-regserver.log
: The log file of themod_yvva
Apache module that performs the actual Registration Server functionality (e.g. Client/Server communication and API calls) and the web-based initial setup process. The amount of logging information can be defined by changing the valueYvvaSet log-level
in configuration file/etc/httpd/conf.d/td-regserver.httpd.conf
. The following debug levels (with increasing verbosity) can be set:error
,warning
,notice
,trace
ordebug
. The default iserror
. Changing this value requires a restart of the Apache HTTP Server.This log file is also used by the
td-regserver
background service (managed byyvvad
). The amount of logging information can be defined by changing the valuelog-level
in configuration file/etc/td-regserver.conf
. The following debug levels (with increasing verbosity) can be set:error
,warning
,notice
,trace
ordebug
. The default iserror
. Changing this value requires a restart of thetd-regserver
service usingservice td-regserver restart
. This log file needs to be owned by the Apache user. Logging only occurs if the log file exists and is writable by the Apache user./var/log/httpd/
: The Apache HTTP Server’s log files (e.g.error_log
) might also contain additional relevant error messages that should be checked./var/log/td-adminconsole-api.log
: A log file to track API accesses from the Admin Console. The location of this log file can be configured with the Registration Server settingRegServer/ApiLogFile
via the Admin Console. The file needs to be owned by the Apache user. Logging only occurs if this file exists and is writable by the Apache user./var/log/td-adminconsole.log
: A log file to keep track of various events on the Administration Console, e.g.- Failed logins
- Failed two-factor-authentication attempts
- Password changes
- Changes to security-related Provider/Server settings (login timeouts, API access lists, etc.)
- Modifications of user account privileges
- Failed session validations
Enable Logging with Syslog¶
As outlined in List of relevant log files, the TeamDrive Registration Server logs critical errors and other notable events in various log files by default.
Starting with Registration Server version 3.5 and Yvva 1.2, it is now possible
to redirect the log output of most server components to a local syslog
instance as well.
Syslog support is an essential feature for auditing, security and/or compliance reasons, as it allows you to funnel all log messages into a centralized syslog server.
This makes it easier to monitor the logs for critical events or errors and prevents tampering with the log files in case of a security breach. It also helps to maintain control over the disk space utilization on the server, as growing log files can’t accidentally fill up the file system.
To enable syslog support, the log file name in the log-file
setting has to
be replaced with the keyword syslog
. Optionally, a custom process
identifier can be supplied, by appending it to the syslog
keyword, using a
colon as the separator, e.g. log-file=syslog:my_process_identifier
. If not
used, the default process identifier will be used, which is the name of the
program executable.
To enable syslog support for the Yvva-based td-regserver
background
service, edit the log-file
setting in file /etc/td-regserver.conf
as
follows:
log-file=syslog:td-regserver
You need to restart the td-regserver
background service via service
td-regserver restart
in order to activate this change. If the log-level
is set to debug
you will now see log messages appearing in
/var/log/messages
:
Jun 23 14:13:43 localhost td-regserver: notice: yvvad startup
Jun 23 14:13:43 localhost td-regserver: notice: Using config file:
/etc/td-regserver.conf
Jun 23 14:13:43 localhost td-regserver: notice: No listen port
Jun 23 14:13:43 localhost td-regserver: notice: yvvad running in repeat 10
(seconds) mode
To enable syslog support for the Registration Server Client/Server
communication and API, edit the YvvaSet log-file
setting in file
/etc/httpd/conf.d/td-regserver.httpd.conf
:
YvvaSet log-file=syslog
You need to restart the Apache HTTP Server via service httpd restart
in
order to activate this change. If the log-level
is set to debug
you
will now see log messages appearing in /var/log/messages
:
Jun 23 14:21:01 localhost mod_yvva: notice: mod_yvva 1.2.1 (May 21 2015
11:00:12) startup OK
To enable logging of security related Administration Console events to syslog
instead of the log file /var/log/td-adminconsole.log
, you need to change
the Registration Server Setting Security/EnableSyslog
to True
via the
Administration Console.
Click Server Management -> Registration Server Settings ->
Security and change the Value for EnableSyslog
to True
. Click
Save to apply the change. From this point on, security relevant events
triggered via the Administration Console will be logged to
/var/log/secure
:
Jun 23 14:25:36 localhost td-adminconsole-log[4165]: 2015-23-06 14:25:36
[info] [/var/www/html/adminconsole/editSettings.php:38]: RegServer setting
'EnableSyslog' changed from '$false' to '$true' by user 'xxxx'
Jun 23 14:29:58 localhost td-adminconsole-log[4168]: 2015-23-06 14:29:58
[info] [/var/www/html/adminconsole/libs/auth.php:48]: Failed login for
account 'xxxx'
Jun 23 14:34:09 localhost td-adminconsole-log[4161]: 2015-23-06 14:34:09
[info] [/var/www/html/adminconsole/changePassword.php:54]: Password for
account 'xxxx' has been changed
Common errors¶
Web Installation: “500 Internal Server Error”¶
This error can be triggered by several error conditions. Check the log file
/var/log/td-regserver.log
for details.
Some common errors include:
[Error] -12036 (2002): Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (25)
[Error] "open TD2REG_WRITE dbms option '[regdb]';" (1)
[Error] "sql.pbt" SQL:openDBMSAndDB(387)
[Error] "startup.yv" (32)
The local MySQL Server’s socket file can’t be opened. This could either be a
permission problem, or the MySQL Server is simply not available. Check that
MySQL is actually up and running (e.g. by running service mysqld status
)
and restart it, if necessary. If the error persists, check the MySQL error log
file (usually /var/log/mysqld.log
) for hints.
Similarly, an error like the following one indicates that a remote MySQL Server might not be answering (e.g. because of a firewall rule or because it’s not running):
[Error] -12036 (2003): Can't connect to MySQL server on
'mysql.yourdomain.com' (107)
[Error] "open TD2REG_WRITE dbms option '[regdb]';" (1)
[Error] "sql.pbt" SQL:openDBMSAndDB(387)
[Error] "startup.yv" (32)
If you see Access denied
errors like the following one:
[Error] -12036 (1045): Access denied for user 'teamdrive'@'localhost' (using
password: YES)
[Error] "open TD2REG_WRITE dbms option '[regdb]';" (1)
[Error] "sql.pbt" SQL:openDBMSAndDB(387)
[Error] "startup.yv" (32)
Either the username or password used to connect to the MySQL Server are wrong.
Double check that the MySQL username and password provided in
/etc/td-regserver.my.cnf
are correct, e.g. by trying to connect to the
MySQL server using these credentials with the mysql
command line client.
If you see the following error when connecting to a remote MySQL Server:
[Error] -12036 (1130): Host 'regserver.yourdomain.com' is not allowed to
connect to this MySQL server
[Error] "open TD2REG_WRITE dbms option '[regdb]';" (1)
[Error] "sql.pbt" SQL:openDBMSAndDB(387)
[Error] "startup.yv" (32)
Check the TeamDrive MySQL user’s privileges on the remote MySQL server, e.g.
by running SHOW GRANTS FOR `teamdrive`@`regserver.yourdomain.com`;
and
make sure that this user is allowed to connect to the MySQL server from the
Registration Server’s host.
Invitation emails are not being sent¶
If users don’t receive invitation emails, there are several aspects that should be checked:
- On the Admin Console, check the “Manage Auto Tasks” page: did the task “Send Emails” succeed and was it run recently (check the value of “laststarttime”?). On the “Manage Email Queue”, do you see emails with status “Failed”?
- Is the service
td-regserver
up and running? Check withservice td-regserver status
and useservice td-regserver start
to start the process. Also ensure that the service is configured to be started at system bootup time. See chapter Starting and stopping the TeamDrive Registration Server components for details. - Check the
/var/log/td-regserver.log
log file for errors. - Does sending of email work in general? Try using the
mail
utility and check your MTA logs (e.g./var/log/maillog
) for delivery status notifications.
Admin console: Error connecting to the MySQL server¶
If you get an error like:
Error connecting to the MySQL server:
MDB2 Error: connect failed
Verify that the MySQL Server is up and running and that the connection
parameters like username and password in file /etc/td-regserver.my.cnf
are
set up correctly. See chapter Administration Console MySQL Configuration for details.
Admin console: API error code: -30000, message: Access denied¶
If some operations on the web-based Administration Console (e.g. changing a
configuration option) result in an error message API error code: -30000,
message: Access denied
, the IP address of the server hosting the
Administration Console host is likely not on the white list of IPs that are
allowed to perform API calls.
Check the content of the Registration Server setting API_IP_ACCESS
(“Edit
Provider Settings” -> “API” -> “API_IP_ACCESS”) and make sure that the
external IP address of the server running the Administraton Console is
included in the list. If necessary, add the missing address in a new line and
click Save.
Email messages sent by the registration server show encoding issues¶
Invitation emails and other notifications sent out by the Registration Server
are encoded as UTF-8. Before they are sent out, they are first inserted into
the MySQL database before the td-regserver
background service delivers
them to the configured MTA. If you notice encoding issues (special chars or
umlauts not displayed properly), check the following:
- Double check that your templates are UTF-8 encoded. The default templates shipped with the TeamDrive Registration Server use the correct encoding, but if you’re updating from previous versions, the encoding might be off.