Troubleshooting

List of relevant configuration files

/etc/httpd/conf.d/td-regserver.httpd.conf:
This configuration file loads and enables the TeamDrive Registration Server-specific Apache module mod_yvva.so. This Apache module is responsible for providing the web-based Registration Server Installer and the Registration Server API.
/etc/logrotate.d/td-regserver:
This file configures how the log files belonging to the TeamDrive Registration Server are being rotated. See the logrotate(8) manual page for details.
/etc/td-regserver.conf:
This file defines how the td-regserver background service is started using the yvvad daemon.
/etc/td-regserver.my.cnf:
This configuration file defines the MySQL credentials used to access the regdb MySQL database. It is read by the Apache module mod_yvva, the PHP-based Administration Console as well as the yvvad daemon that runs the td-hostserver background tasks and the yvva command line client.
/etc/yvva.conf:
This configuration file contains configuration settings specific to the Yvva Runtime Environment that are shared by all Yvva components, namely the mod_yyva Apache module, the yvvad daemon and the yvva command line shell.
/var/www/html/tdlibs/globals.php:
This configuration file defines the MySQL login credentials required for the TeamDrive Registration Server Administration Console.

List of relevant log files

In order to debug and analyse problems with the Registration Server configuration, there are several log files that you can consult:

  • /var/log/td-regserver.log: The log file of the mod_yvva Apache module that performs the actual Registration Server functionality (e.g. Client/Server communication and API calls) and the web-based initial setup process. The amount of logging information can be defined by changing the value YvvaSet log-level in configuration file /etc/httpd/conf.d/td-regserver.httpd.conf. The following debug levels (with increasing verbosity) can be set: error, warning, notice, trace or debug. The default is error. Changing this value requires a restart of the Apache HTTP Server.

    This log file is also used by the td-regserver background service (managed by yvvad). The amount of logging information can be defined by changing the value log-level in configuration file /etc/td-regserver.conf. The following debug levels (with increasing verbosity) can be set: error, warning, notice, trace or debug. The default is error. Changing this value requires a restart of the td-regserver service using service td-regserver restart. This log file needs to be owned by the Apache user. Logging only occurs if the log file exists and is writable by the Apache user.

  • /var/log/httpd/: The Apache HTTP Server’s log files (e.g. error_log) might also contain additional relevant error messages that should be checked.

  • /var/log/td-adminconsole-api.log: A log file to track API accesses from the Admin Console. The location of this log file can be configured with the Registration Server setting RegServer/ApiLogFile via the Admin Console. The file needs to be owned by the Apache user. Logging only occurs if this file exists and is writable by the Apache user.

  • /var/log/td-adminconsole.log: A log file to keep track of various events on the Administration Console, e.g.

    • Failed logins
    • Failed two-factor-authentication attempts
    • Password changes
    • Changes to security-related Provider/Server settings (login timeouts, API access lists, etc.)
    • Modifications of user account privileges
    • Failed session validations

Enable Logging with Syslog

As outlined in List of relevant log files, the TeamDrive Registration Server logs critical errors and other notable events in various log files by default.

Starting with Registration Server version 3.5 and Yvva 1.2, it is now possible to redirect the log output of most server components to a local syslog instance as well.

Syslog support is an essential feature for auditing, security and/or compliance reasons, as it allows you to funnel all log messages into a centralized syslog server.

This makes it easier to monitor the logs for critical events or errors and prevents tampering with the log files in case of a security breach. It also helps to maintain control over the disk space utilization on the server, as growing log files can’t accidentally fill up the file system.

To enable syslog support, the log file name in the log-file setting has to be replaced with the keyword syslog. Optionally, a custom process identifier can be supplied, by appending it to the syslog keyword, using a colon as the separator, e.g. log-file=syslog:my_process_identifier. If not used, the default process identifier will be used, which is the name of the program executable.

To enable syslog support for the Yvva-based td-regserver background service, edit the log-file setting in file /etc/td-regserver.conf as follows:

log-file=syslog:td-regserver

You need to restart the td-regserver background service via service td-regserver restart in order to activate this change. If the log-level is set to debug you will now see log messages appearing in /var/log/messages:

Jun 23 14:13:43 localhost td-regserver: notice: yvvad startup
Jun 23 14:13:43 localhost td-regserver: notice: Using config file:
/etc/td-regserver.conf
Jun 23 14:13:43 localhost td-regserver: notice: No listen port
Jun 23 14:13:43 localhost td-regserver: notice: yvvad running in repeat 10
(seconds) mode

To enable syslog support for the Registration Server Client/Server communication and API, edit the YvvaSet log-file setting in file /etc/httpd/conf.d/td-regserver.httpd.conf:

YvvaSet log-file=syslog

You need to restart the Apache HTTP Server via service httpd restart in order to activate this change. If the log-level is set to debug you will now see log messages appearing in /var/log/messages:

Jun 23 14:21:01 localhost mod_yvva: notice: mod_yvva 1.2.1 (May 21 2015
11:00:12) startup OK

To enable logging of security related Administration Console events to syslog instead of the log file /var/log/td-adminconsole.log, you need to change the Registration Server Setting Security/EnableSyslog to True via the Administration Console.

Click Server Management -> Registration Server Settings -> Security and change the Value for EnableSyslog to True. Click Save to apply the change. From this point on, security relevant events triggered via the Administration Console will be logged to /var/log/secure:

Jun 23 14:25:36 localhost td-adminconsole-log[4165]: 2015-23-06 14:25:36
[info] [/var/www/html/adminconsole/editSettings.php:38]: RegServer setting
'EnableSyslog' changed from '$false' to '$true' by user 'xxxx'
Jun 23 14:29:58 localhost td-adminconsole-log[4168]: 2015-23-06 14:29:58
[info] [/var/www/html/adminconsole/libs/auth.php:48]: Failed login for
account 'xxxx'
Jun 23 14:34:09 localhost td-adminconsole-log[4161]: 2015-23-06 14:34:09
[info] [/var/www/html/adminconsole/changePassword.php:54]: Password for
account 'xxxx' has been changed

Common errors

Web Installation: “500 Internal Server Error”

This error can be triggered by several error conditions. Check the log file /var/log/td-regserver.log for details.

Some common errors include:

[Error] -12036 (2002): Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (25)
[Error] "open TD2REG_WRITE dbms option '[regdb]';" (1)
[Error] "sql.pbt" SQL:openDBMSAndDB(387)
[Error] "startup.yv" (32)

The local MySQL Server’s socket file can’t be opened. This could either be a permission problem, or the MySQL Server is simply not available. Check that MySQL is actually up and running (e.g. by running service mysqld status) and restart it, if necessary. If the error persists, check the MySQL error log file (usually /var/log/mysqld.log) for hints.

Similarly, an error like the following one indicates that a remote MySQL Server might not be answering (e.g. because of a firewall rule or because it’s not running):

[Error] -12036 (2003): Can't connect to MySQL server on
'mysql.yourdomain.com' (107)
[Error] "open TD2REG_WRITE dbms option '[regdb]';" (1)
[Error] "sql.pbt" SQL:openDBMSAndDB(387)
[Error] "startup.yv" (32)

If you see Access denied errors like the following one:

[Error] -12036 (1045): Access denied for user 'teamdrive'@'localhost' (using
password: YES)
[Error] "open TD2REG_WRITE dbms option '[regdb]';" (1)
[Error] "sql.pbt" SQL:openDBMSAndDB(387)
[Error] "startup.yv" (32)

Either the username or password used to connect to the MySQL Server are wrong. Double check that the MySQL username and password provided in /etc/td-regserver.my.cnf are correct, e.g. by trying to connect to the MySQL server using these credentials with the mysql command line client.

If you see the following error when connecting to a remote MySQL Server:

[Error] -12036 (1130): Host 'regserver.yourdomain.com' is not allowed to
connect to this MySQL server
[Error] "open TD2REG_WRITE dbms option '[regdb]';" (1)
[Error] "sql.pbt" SQL:openDBMSAndDB(387)
[Error] "startup.yv" (32)

Check the TeamDrive MySQL user’s privileges on the remote MySQL server, e.g. by running SHOW GRANTS FOR `teamdrive`@`regserver.yourdomain.com`; and make sure that this user is allowed to connect to the MySQL server from the Registration Server’s host.

Invitation emails are not being sent

If users don’t receive invitation emails, there are several aspects that should be checked:

  • On the Admin Console, check the “Manage Auto Tasks” page: did the task “Send Emails” succeed and was it run recently (check the value of “laststarttime”?). On the “Manage Email Queue”, do you see emails with status “Failed”?
  • Is the service td-regserver up and running? Check with service td-regserver status and use service td-regserver start to start the process. Also ensure that the service is configured to be started at system bootup time. See chapter Starting and stopping the TeamDrive Registration Server components for details.
  • Check the /var/log/td-regserver.log log file for errors.
  • Does sending of email work in general? Try using the mail utility and check your MTA logs (e.g. /var/log/maillog) for delivery status notifications.

Admin console: Error connecting to the MySQL server

If you get an error like:

Error connecting to the MySQL server:
MDB2 Error: connect failed

Verify that the MySQL Server is up and running and that the connection parameters like username and password in file /etc/td-regserver.my.cnf are set up correctly. See chapter Administration Console MySQL Configuration for details.

Admin console: API error code: -30000, message: Access denied

If some operations on the web-based Administration Console (e.g. changing a configuration option) result in an error message API error code: -30000, message: Access denied, the IP address of the server hosting the Administration Console host is likely not on the white list of IPs that are allowed to perform API calls.

Check the content of the Registration Server setting API_IP_ACCESS (“Edit Provider Settings” -> “API” -> “API_IP_ACCESS”) and make sure that the external IP address of the server running the Administraton Console is included in the list. If necessary, add the missing address in a new line and click Save.

Email messages sent by the registration server show encoding issues

Invitation emails and other notifications sent out by the Registration Server are encoded as UTF-8. Before they are sent out, they are first inserted into the MySQL database before the td-regserver background service delivers them to the configured MTA. If you notice encoding issues (special chars or umlauts not displayed properly), check the following:

  • Double check that your templates are UTF-8 encoded. The default templates shipped with the TeamDrive Registration Server use the correct encoding, but if you’re updating from previous versions, the encoding might be off.