List of relevant configuration files¶
- This configuration file loads and enables the TeamDrive Registration
Server-specific Apache module
mod_yvva.so. This Apache module is responsible for providing the web-based Registration Server Installer and the Registration Server API.
- This file configures how the log files belonging to the TeamDrive
Registration Server are being rotated. See the
logrotate(8)manual page for details.
- This file defines how the
td-regserverbackground service is started using the
- This configuration file defines the MySQL credentials used to access the
regdbMySQL database. It is read by the Apache module
mod_yvva, the PHP-based Administration Console as well as the
yvvaddaemon that runs the
td-hostserverbackground tasks and the
yvvacommand line client.
- This configuration file contains configuration settings specific to the Yvva
Runtime Environment that are shared by all Yvva components, namely the
mod_yyvaApache module, the
yvvaddaemon and the
yvvacommand line shell.
- This configuration file defines the MySQL login credentials required for the TeamDrive Registration Server Administration Console.
List of relevant log files¶
In order to debug and analyse problems with the Registration Server configuration, there are several log files that you can consult:
/var/log/td-regserver.log: The log file of the
mod_yvvaApache module that performs the actual Registration Server functionality (e.g. Client/Server communication and API calls) and the web-based initial setup process. The amount of logging information can be defined by changing the value
YvvaSet log-levelin configuration file
/etc/httpd/conf.d/td-regserver.httpd.conf. The following debug levels (with increasing verbosity) can be set:
debug. The default is
error. Changing this value requires a restart of the Apache HTTP Server.
This log file is also used by the
td-regserverbackground service (managed by
yvvad). The amount of logging information can be defined by changing the value
log-levelin configuration file
/etc/td-regserver.conf. The following debug levels (with increasing verbosity) can be set:
debug. The default is
error. Changing this value requires a restart of the
service td-regserver restart. This log file needs to be owned by the Apache user. Logging only occurs if the log file exists and is writable by the Apache user.
/var/log/httpd/: The Apache HTTP Server’s log files (e.g.
error_log) might also contain additional relevant error messages that should be checked.
/var/log/td-adminconsole-api.log: A log file to track API accesses from the Admin Console. The location of this log file can be configured with the Registration Server setting
RegServer/ApiLogFilevia the Admin Console. The file needs to be owned by the Apache user. Logging only occurs if this file exists and is writable by the Apache user.
/var/log/td-adminconsole.log: A log file to keep track of various events on the Administration Console, e.g.
- Failed logins
- Failed two-factor-authentication attempts
- Password changes
- Changes to security-related Provider/Server settings (login timeouts, API access lists, etc.)
- Modifications of user account privileges
- Failed session validations
Enable Logging with Syslog¶
As outlined in List of relevant log files, the TeamDrive Registration Server logs critical errors and other notable events in various log files by default.
Starting with Registration Server version 3.5 and Yvva 1.2, it is now possible
to redirect the log output of most server components to a local
instance as well.
Syslog support is an essential feature for auditing, security and/or compliance reasons, as it allows you to funnel all log messages into a centralized syslog server.
This makes it easier to monitor the logs for critical events or errors and prevents tampering with the log files in case of a security breach. It also helps to maintain control over the disk space utilization on the server, as growing log files can’t accidentally fill up the file system.
To enable syslog support, the log file name in the
log-file setting has to
be replaced with the keyword
syslog. Optionally, a custom process
identifier can be supplied, by appending it to the
syslog keyword, using a
colon as the separator, e.g.
log-file=syslog:my_process_identifier. If not
used, the default process identifier will be used, which is the name of the
To enable syslog support for the Yvva-based
service, edit the
log-file setting in file
You need to restart the
td-regserver background service via
td-regserver restart in order to activate this change. If the
is set to
debug you will now see log messages appearing in
Jun 23 14:13:43 localhost td-regserver: notice: yvvad startup Jun 23 14:13:43 localhost td-regserver: notice: Using config file: /etc/td-regserver.conf Jun 23 14:13:43 localhost td-regserver: notice: No listen port Jun 23 14:13:43 localhost td-regserver: notice: yvvad running in repeat 10 (seconds) mode
To enable syslog support for the Registration Server Client/Server
communication and API, edit the
YvvaSet log-file setting in file
You need to restart the Apache HTTP Server via
service httpd restart in
order to activate this change. If the
log-level is set to
will now see log messages appearing in
Jun 23 14:21:01 localhost mod_yvva: notice: mod_yvva 1.2.1 (May 21 2015 11:00:12) startup OK
To enable logging of security related Administration Console events to syslog
instead of the log file
/var/log/td-adminconsole.log, you need to change
the Registration Server Setting
True via the
Click Server Management -> Registration Server Settings ->
Security and change the Value for
Save to apply the change. From this point on, security relevant events
triggered via the Administration Console will be logged to
Jun 23 14:25:36 localhost td-adminconsole-log: 2015-23-06 14:25:36 [info] [/var/www/html/adminconsole/editSettings.php:38]: RegServer setting 'EnableSyslog' changed from '$false' to '$true' by user 'xxxx' Jun 23 14:29:58 localhost td-adminconsole-log: 2015-23-06 14:29:58 [info] [/var/www/html/adminconsole/libs/auth.php:48]: Failed login for account 'xxxx' Jun 23 14:34:09 localhost td-adminconsole-log: 2015-23-06 14:34:09 [info] [/var/www/html/adminconsole/changePassword.php:54]: Password for account 'xxxx' has been changed
Web Installation: “500 Internal Server Error”¶
This error can be triggered by several error conditions. Check the log file
/var/log/td-regserver.log for details.
Some common errors include:
[Error] -12036 (2002): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (25) [Error] "open TD2REG_WRITE dbms option '[regdb]';" (1) [Error] "sql.pbt" SQL:openDBMSAndDB(387) [Error] "startup.yv" (32)
The local MySQL Server’s socket file can’t be opened. This could either be a
permission problem, or the MySQL Server is simply not available. Check that
MySQL is actually up and running (e.g. by running
service mysqld status)
and restart it, if necessary. If the error persists, check the MySQL error log
/var/log/mysqld.log) for hints.
Similarly, an error like the following one indicates that a remote MySQL Server might not be answering (e.g. because of a firewall rule or because it’s not running):
[Error] -12036 (2003): Can't connect to MySQL server on 'mysql.yourdomain.com' (107) [Error] "open TD2REG_WRITE dbms option '[regdb]';" (1) [Error] "sql.pbt" SQL:openDBMSAndDB(387) [Error] "startup.yv" (32)
If you see
Access denied errors like the following one:
[Error] -12036 (1045): Access denied for user 'teamdrive'@'localhost' (using password: YES) [Error] "open TD2REG_WRITE dbms option '[regdb]';" (1) [Error] "sql.pbt" SQL:openDBMSAndDB(387) [Error] "startup.yv" (32)
Either the username or password used to connect to the MySQL Server are wrong.
Double check that the MySQL username and password provided in
/etc/td-regserver.my.cnf are correct, e.g. by trying to connect to the
MySQL server using these credentials with the
mysql command line client.
If you see the following error when connecting to a remote MySQL Server:
[Error] -12036 (1130): Host 'regserver.yourdomain.com' is not allowed to connect to this MySQL server [Error] "open TD2REG_WRITE dbms option '[regdb]';" (1) [Error] "sql.pbt" SQL:openDBMSAndDB(387) [Error] "startup.yv" (32)
Check the TeamDrive MySQL user’s privileges on the remote MySQL server, e.g.
SHOW GRANTS FOR `teamdrive`@`regserver.yourdomain.com`; and
make sure that this user is allowed to connect to the MySQL server from the
Registration Server’s host.
Invitation emails are not being sent¶
If users don’t receive invitation emails, there are several aspects that should be checked:
- On the Admin Console, check the “Manage Auto Tasks” page: did the task “Send Emails” succeed and was it run recently (check the value of “laststarttime”?). On the “Manage Email Queue”, do you see emails with status “Failed”?
- Is the service
td-regserverup and running? Check with
service td-regserver statusand use
service td-regserver startto start the process. Also ensure that the service is configured to be started at system bootup time. See chapter Starting and stopping the TeamDrive Registration Server components for details.
- Check the
/var/log/td-regserver.loglog file for errors.
- Does sending of email work in general? Try using the
/var/log/maillog) for delivery status notifications.
Admin console: Error connecting to the MySQL server¶
If you get an error like:
Error connecting to the MySQL server: MDB2 Error: connect failed
Verify that the MySQL Server is up and running and that the connection
parameters like username and password in file
set up correctly. See chapter Administration Console MySQL Configuration for details.
Admin console: API error code: -30000, message: Access denied¶
If some operations on the web-based Administration Console (e.g. changing a
configuration option) result in an error message
API error code: -30000,
message: Access denied, the IP address of the server hosting the
Administration Console host is likely not on the white list of IPs that are
allowed to perform API calls.
Check the content of the Registration Server setting
Provider Settings” -> “API” -> “API_IP_ACCESS”) and make sure that the
external IP address of the server running the Administraton Console is
included in the list. If necessary, add the missing address in a new line and
Email messages sent by the registration server show encoding issues¶
Invitation emails and other notifications sent out by the Registration Server
are encoded as UTF-8. Before they are sent out, they are first inserted into
the MySQL database before the
td-regserver background service delivers
them to the configured MTA. If you notice encoding issues (special chars or
umlauts not displayed properly), check the following:
- Double check that your templates are UTF-8 encoded. The default templates shipped with the TeamDrive Registration Server use the correct encoding, but if you’re updating from previous versions, the encoding might be off.