Troubleshooting

List of relevant configuration files

/etc/httpd/conf.d/td-regserver.httpd.conf:
This configuration file loads and enables the TeamDrive Registration Server-specific Apache module mod_yvva.so. This Apache module is responsible for providing the web-based Registration Server Installer and the Registration Server API.
/etc/logrotate.d/td-regserver:
This file configures how the log files belonging to the TeamDrive Registration Server are being rotated. See the logrotate(8) manual page for details.
/etc/td-regserver.conf:
This file defines how the td-regserver background service is started using the yvvad daemon.
/etc/td-regserver.my.cnf:
This configuration file defines the MySQL credentials used to access the regdb MySQL database. It is read by the Apache module mod_yvva, the PHP-based Administration Console as well as the yvvad daemon that runs the td-hostserver background tasks and the yvva command line client.
/etc/yvva.conf:
This configuration file contains configuration settings specific to the Yvva Runtime Environment that are shared by all Yvva components, namely the mod_yyva Apache module, the yvvad daemon and the yvva command line shell.
/var/www/html/tdlibs/globals.php:
This configuration file defines the MySQL login credentials required for the TeamDrive Registration Server Administration Console.

List of relevant log files

In order to debug and analyse problems with the Registration Server configuration, there are several log files that you can consult:

  • /var/log/td-regserver.log: The log file of the mod_yvva Apache module that performs the actual Registration Server functionality (e.g. Client/Server communication and API calls) and the web-based initial setup process. The amount of logging information can be defined by changing the value YvvaSet log-level in configuration file /etc/httpd/conf.d/td-regserver.httpd.conf. The following debug levels (with increasing verbosity) can be set: error, warning, notice, trace or debug. The default is error. Changing this value requires a restart of the Apache HTTP Server.

    This log file is also used by the td-regserver background service (managed by yvvad). The amount of logging information can be defined by changing the value log-level in configuration file /etc/td-regserver.conf. The following debug levels (with increasing verbosity) can be set: error, warning, notice, trace or debug. The default is error. Changing this value requires a restart of the td-regserver service using systemctl restart td-regserver. This log file needs to be owned by the Apache user. Logging only occurs if the log file exists and is writable by the Apache user.

  • /var/log/httpd/: The Apache HTTP Server’s log files (e.g. error_log) might also contain additional relevant error messages that should be checked.

  • /var/log/td-adminconsole-api.log: A log file to track API accesses from the Admin Console. The location of this log file can be configured with the Registration Server setting RegServer/ApiLogFile via the Admin Console. The file needs to be owned by the Apache user. Logging only occurs if this file exists and is writable by the Apache user.

  • /var/log/td-adminconsole.log: A log file to keep track of various events on the Administration Console, e.g.

    • Failed logins
    • Failed two-factor-authentication attempts (only admin console logins, not client two-factor-authentication attempts)
    • Password changes
    • Changes to security-related Provider/Server settings (login timeouts, API access lists, etc.)
    • Modifications of user privileges
    • Failed session validations

Enable Logging with Syslog

As outlined in List of relevant log files, the TeamDrive Registration Server logs critical errors and other notable events in various log files by default.

Starting with Registration Server version 3.5 and Yvva 1.2, it is now possible to redirect the log output of most server components to a local syslog instance as well.

Syslog support is an essential feature for auditing, security and/or compliance reasons, as it allows you to funnel all log messages into a centralized syslog server.

This makes it easier to monitor the logs for critical events or errors and prevents tampering with the log files in case of a security breach. It also helps to maintain control over the disk space utilization on the server, as growing log files can’t accidentally fill up the file system.

To enable syslog support, the log file name in the log-file setting has to be replaced with the keyword syslog. Optionally, a custom process identifier can be supplied, by appending it to the syslog keyword, using a colon as the separator, e.g. log-file=syslog:my_process_identifier. If not used, the default process identifier will be used, which is the name of the program executable.

To enable syslog support for the Yvva-based td-regserver background service, edit the log-file setting in file /etc/td-regserver.conf as follows:

log-file=syslog:td-regserver

You need to restart the td-regserver background service via systemctl restart td-regserver in order to activate this change. If the log-level is set to debug you will now see log messages appearing in /var/log/messages:

Jun 23 14:13:43 localhost td-regserver: notice: yvvad startup
Jun 23 14:13:43 localhost td-regserver: notice: Using config file:
/etc/td-regserver.conf
Jun 23 14:13:43 localhost td-regserver: notice: No listen port
Jun 23 14:13:43 localhost td-regserver: notice: yvvad running in repeat 10
(seconds) mode

To enable syslog support for the Registration Server Client/Server communication and API, edit the YvvaSet log-file setting in file /etc/httpd/conf.d/td-regserver.httpd.conf:

YvvaSet log-file=syslog

You need to restart the Apache HTTP Server via systemctl restart httpd in order to activate this change. If the log-level is set to debug you will now see log messages appearing in /var/log/messages:

Jun 23 14:21:01 localhost mod_yvva: notice: mod_yvva 1.2.1 (May 21 2015
11:00:12) startup OK

To enable logging of security related Administration Console events to syslog instead of the log file /var/log/td-adminconsole.log, you need to change the Registration Server Setting Security/EnableSyslog to True via the Administration Console.

Click Admin -> Server Settings -> Security and change the Value for EnableSyslog to True. Click Save to apply the change. From this point on, security relevant events triggered via the Administration Console will be logged to /var/log/secure:

Jun 23 14:25:36 localhost td-adminconsole-log[4165]: 2015-23-06 14:25:36
[info] [/var/www/html/adminconsole/editSettings.php:38]: RegServer setting
'EnableSyslog' changed from '$false' to '$true' by user 'xxxx'
Jun 23 14:29:58 localhost td-adminconsole-log[4168]: 2015-23-06 14:29:58
[info] [/var/www/html/adminconsole/libs/auth.php:48]: Failed login for
user 'xxxx'
Jun 23 14:34:09 localhost td-adminconsole-log[4161]: 2015-23-06 14:34:09
[info] [/var/www/html/adminconsole/changePassword.php:54]: Password for
user 'xxxx' has been changed

Common errors

Web Installation: “500 Internal Server Error”

This error can be triggered by several error conditions. Check the log file /var/log/td-regserver.log for details.

Some common errors include:

[Error] -12036 (2002): Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (25)
[Error] "open TD2REG_WRITE dbms option '[regdb]';" (1)
[Error] "sql.pbt" SQL:openDBMSAndDB(387)
[Error] "startup.yv" (32)

The local MySQL Server’s socket file can’t be opened. This could either be a permission problem, or the MySQL Server is simply not available. Check that MySQL is actually up and running (e.g. by running systemctl status mysqld) and restart it, if necessary. If the error persists, check the MySQL error log file (usually /var/log/mysqld.log) for hints.

Similarly, an error like the following one indicates that a remote MySQL Server might not be answering (e.g. because of a firewall rule or because it’s not running):

[Error] -12036 (2003): Can't connect to MySQL server on
'mysql.yourdomain.com' (107)
[Error] "open TD2REG_WRITE dbms option '[regdb]';" (1)
[Error] "sql.pbt" SQL:openDBMSAndDB(387)
[Error] "startup.yv" (32)

If you see Access denied errors like the following one:

[Error] -12036 (1045): Access denied for user 'teamdrive'@'localhost' (using
password: YES)
[Error] "open TD2REG_WRITE dbms option '[regdb]';" (1)
[Error] "sql.pbt" SQL:openDBMSAndDB(387)
[Error] "startup.yv" (32)

Either the username or password used to connect to the MySQL Server are wrong. Double check that the MySQL username and password provided in /etc/td-regserver.my.cnf are correct, e.g. by trying to connect to the MySQL server using these credentials with the mysql command line client.

If you see the following error when connecting to a remote MySQL Server:

[Error] -12036 (1130): Host 'regserver.yourdomain.com' is not allowed to
connect to this MySQL server
[Error] "open TD2REG_WRITE dbms option '[regdb]';" (1)
[Error] "sql.pbt" SQL:openDBMSAndDB(387)
[Error] "startup.yv" (32)

Check the TeamDrive MySQL user’s privileges on the remote MySQL server, e.g. by running SHOW GRANTS FOR `teamdrive`@`regserver.yourdomain.com`; and make sure that this user is allowed to connect to the MySQL server from the Registration Server’s host.

Invitation emails are not being sent

If users don’t receive invitation emails, there are several aspects that should be checked:

  • On the Admin Console, check the “Manage Auto Tasks” page: did the task “Send Emails” succeed and was it run recently (check the value of “laststarttime”?). On the “Manage Mail Queue”, do you see emails with status “Failed”?
  • Is the service td-regserver up and running? Check with systemctl status td-regserver and use systemctl start td-regserver to start the process. Also ensure that the service is configured to be started at system bootup time. See chapter Starting and stopping the TeamDrive Registration Server components for details.
  • Check the /var/log/td-regserver.log log file for errors.
  • Does sending of email work in general? Try using the mail utility and check your MTA logs (e.g. /var/log/maillog) for delivery status notifications.

Admin console: Error connecting to the MySQL server

If you get an error like:

Error connecting to the MySQL server:
Error: connect failed

Verify that the MySQL Server is up and running and that the connection parameters like username and password in file /etc/td-regserver.my.cnf are set up correctly. See chapter Admin Console MySQL Configuration for details.

Admin console: API error code: -30000, message: Access denied to IP

If some operations on the web-based Administration Console (e.g. changing a configuration option) result in an error message API error code: -30000, message: Access denied to IP, the IP address of the server hosting the Administration Console host is likely not set correctly.

If this error occurs on login to the Admin Console then this value has to be changed directly in the MySQL database. In the TD2Settings table, search for the row where Name = "AdminConsoleIPAddress", and update the Value column, setting it to the IP address of the Admin Console host.

It may then necessary to restart Apache or wait until the settings cache is automatically updated (see CacheInterval).

In the Admin Console itself the setting can be found under: “Admin” -> “Server Settings” -> “Admin Console Security” -> “AdminConsoleIPAddress”.

Email messages sent by the registration server show encoding issues

Invitation emails and other notifications sent out by the Registration Server are encoded as UTF-8. Before they are sent out, they are first inserted into the MySQL database before the td-regserver background service delivers them to the configured MTA. If you notice encoding issues (special chars or umlauts not displayed properly), check the following:

  • Double check that your templates are UTF-8 encoded. The default templates shipped with the TeamDrive Registration Server use the correct encoding, but if you’re updating from previous versions, the encoding might be off.