The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DNS Clustering - port 2087 problem

Discussion in 'Bind / DNS / Nameserver Issues' started by chzelle, Jan 18, 2005.

  1. chzelle

    chzelle Active Member

    Joined:
    Jul 30, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    I am clustering with my ns2 server, but it cannot proceed as Im getting the following error message:

    There was an error while processing your request: Cpanel::Accounting returned [HTTP/1.0 900 NET OR SSL ERROR ./cgi/trustclustermaster.cgi 16015: open_tcp_connection: failed `xxx.xxx.xxx.xx', 2087 (Connection timed out) ]

    Anyone who encountered this issue before?

    Thanks.
     
  2. jdarow

    jdarow Well-Known Member
    PartnerNOC

    Joined:
    May 30, 2003
    Messages:
    88
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Michigan, US
    cPanel Access Level:
    DataCenter Provider
    Answer

    Assure port 2087 egress is not blocked by your firewall.
     
  3. MeddlePAL

    MeddlePAL Member

    Joined:
    Aug 7, 2004
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Having the same problem, APF is allowing 2087.
     
  4. silversurfer

    silversurfer Well-Known Member

    Joined:
    Dec 29, 2002
    Messages:
    274
    Likes Received:
    0
    Trophy Points:
    18
    Having same problem. Anyone?
     
  5. chzelle

    chzelle Active Member

    Joined:
    Jul 30, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    port 2087 is not blocked on apf. any insights?
     
  6. silversurfer

    silversurfer Well-Known Member

    Joined:
    Dec 29, 2002
    Messages:
    274
    Likes Received:
    0
    Trophy Points:
    18
    It's not firewall. I tested with firewall off even. No go.
     
  7. eXite

    eXite Well-Known Member

    Joined:
    May 16, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    Run this:

    # /usr/bin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf
     
  8. silversurfer

    silversurfer Well-Known Member

    Joined:
    Dec 29, 2002
    Messages:
    274
    Likes Received:
    0
    Trophy Points:
    18
    I forgot to update the thread. Yes it was Stunnel, but it was because a service was using one of the SSL ports, and that prevents stunnel from starting. Based on that, just have to shut down the service and restart stunnel.

    ps -aux | grep stunnel to check if it is running. If it is not,

    /usr/local/cpanel/startstunnel

    Then tail /var/log/messages and see what's preventing it from starting.
     
  9. pctechmaster

    pctechmaster Registered

    Joined:
    Sep 12, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    please help

    There was an error while processing your request: Cpanel::Accounting returned [HTTP/1.0 900 NET OR SSL ERROR ./cgi/trustclustermaster.cgi 893: open_tcp_connection: failed `69.57.132.66', 2087 (Connection refused) ]

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    here is what i have tried

    i have tried w/ apf down and made sure egress is correct


    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    Interesting ports on localhost (127.0.0.1):
    (The 1585 ports scanned but not shown below are in state: closed)
    Port State Service
    1/tcp open tcpmux
    21/tcp open ftp
    22/tcp open ssh
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    110/tcp open pop-3
    111/tcp open sunrpc
    143/tcp open imap2
    443/tcp open https
    465/tcp open smtps
    631/tcp open ipp
    783/tcp open hp-alarm-mgr
    953/tcp open rndc
    3306/tcp open mysql
    6666/tcp open irc-serv
    Remote operating system guess: Linux 2.4.7 (X86)

    Nmap run completed -- 1 IP address (1 host up) scanned in 5 seconds
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


    root@host [~]# ps -aux | grep stunnel
    root 17283 0.0 0.0 3680 664 pts/0 S 21:19 0:00 grep stunnel


    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    tail /var/log/messages

    Feb 26 21:00:25 host stunnel[15100]: stunnel 4.04 on i686-pc-linux-gnu PTHREAD+L
    IBWRAP with OpenSSL 0.9.7a Feb 19 2003
    Feb 26 21:00:25 host stunnel[15100]: error stack: 140B3009 : error:140B3009:SSL
    routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib
    Feb 26 21:00:25 host stunnel[15100]: SSL_CTX_use_RSAPrivateKey_file: 906D06C: er
    ror:0906D06C:PEM routines:PEM_read_bio:no start line

    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    on this server i do have ssl certs installed but i dont have a server wide one

    any help would be appreciated
     
  10. dgillard

    dgillard Registered

    Joined:
    Aug 11, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I'm having exactly the same problem since I tried to setup SSL on a virtual site yesterday.

    I've been through the fixes shown above but still get the same error - has anyone completely solved this yet?
     
  11. pctechmaster

    pctechmaster Registered

    Joined:
    Sep 12, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I think so

    yeah i know it doesnt sound real covincing

    It seems that after all my dily crons run it stops stunnel on my main box

    all i do is run

    /usr/local/apache/bin/apachectl stop
    /usr/local/apache/bin/apachectl start
    /usr/sbin/stunnel /usr/local/cpanel/etc/stunnel/default/stunnel.conf
    /scripts/restartsrv_apache

    and it works fine again

    i will be running this from cron chained, i wanted to find the real fix first bit its been a month or so time to put on a bandaid
     
  12. northtrex

    northtrex Active Member

    Joined:
    Feb 26, 2005
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    I don't know if we got the same issue as you in the past, but ports 2083 and 2087 were disabled. Finally, The Planet has just restarted Cpanel and those ports were fine after. I couldn't explain why, probably a Cpanel reboot just refresh the server.

    Hope it could help.

    http://northtrex.com
     
  13. chzelle

    chzelle Active Member

    Joined:
    Jul 30, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    vi /etc/apf/conf.apf

    Make sure to add port 2087 on the egress: (thanks jdarow ^_^)

    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS="21,25,37,53,80,110,113,123,443,43,873,953,2089,2703,3306,2087"


    /etc/init.d/apf restart

    Stopping APF: [ OK ]
    Starting APF: [ OK ]
     
  14. troxalias

    troxalias Well-Known Member

    Joined:
    Nov 21, 2001
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Athens - Greece
    Solved

    Well i had the exact same issues. The problem seems to be <cr><lf> characters when you copy/paste the remote access key. So...

    1. Ssh as root to the box you want to set clustering
    2. cd /var/cpanel/cluster/root/config
    3. vi <remote server ip>
    4. Insert the following

    root
    <server fqdn>

    <remote access key>

    5. Save the file, return to whm and.. Voila ;-)
     
  15. fastom

    fastom Member

    Joined:
    Mar 16, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    i have soliution for it. Maybe little less secure but works 100%


    // write in your shell
    locate trustclustermaster.cgi
    // u will see file location

    /usr/local/cpanel/whostmgr/docroot/cgi/trustclustermaster.cgi

    // then
    vi /usr/local/cpanel/whostmgr/docroot/cgi/trustclustermaster.cgi

    // and edit here line
    $whm=>{usessl} = 1; // change 1 to 0

    now save and close

    now do the same in file
    /usr/local/cpanel/whostmgr/docroot/cgi/clusterstatus.cgi

    find 'ssl' change 1 to 0

    now you can add cluster
     
    #15 fastom, Nov 18, 2005
    Last edited: Nov 18, 2005
  16. bazzi

    bazzi Well-Known Member

    Joined:
    May 23, 2004
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    I have also problems with this:

    Hostname Ip Address Username Status Dns Role
    calimero.xxx.nl xxx.xxx.xxx.xxx root HTTP/1.0 900 NET OR SSL ERROR ./cgi/clusterstatus.cgi 12068: open_tcp_connection: failed `xxx.xxx.xxx.xxx', 2087 (Connection refused) Requires version 8.9 or later
    adriaan.xxx.nl xxx.xxx.xxx.xxx root HTTP/1.0 900 NET OR SSL ERROR ./cgi/clusterstatus.cgi 12068: open_tcp_connection: failed `xxx.xxx.xxx.xxx', 2087 (Connection refused) Requires version 8.9 or later

    I have tryed everything, but nothing works. I also have problems with perl, with both servers, but there are looking cpanel engereers to fix that bug, yes it is a bug.

    Is it possible that those problems connect, or do I have a different problem?
     
  17. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    I have been playing around with this on a VPS as well, tried all the suggestions in this post and all the others I searched for (past threads). No luck Same error you have, but only one way.

    (Create Trust Relationship via the DNS Clustering)
    Create Trust Relationship Test Server ---> Production Server works fine BUT
    Create Trust Relationship Production Server ----> Test Server fails even with all the different suggestions.

    I can connect https:testserver:2087, no firewall installed, Iptables dropped, flushed etc... Cert reset 15 times, upcp --forced many times, stop this service start that one nothing seems to make a difference.

    Did you ever file a support ticket on this? Just wondering...
     
    #17 rhenderson, May 16, 2006
    Last edited: May 16, 2006
  18. bazzi

    bazzi Well-Known Member

    Joined:
    May 23, 2004
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    No I fixed it myself:

    copy the stunnel config dir's from a working server to te cluster server.
    Then edit the stunnel.conf so it looks like:
    PHP:
    # Sample stunnel configuration file
    # Copyright by Michal Trojnara 2002

    # Comment it out on Win32
    cert = /usr/local/cpanel/etc/cpanel.pem
    chroot 
    = /usr/local/cpanel/var/run/stunnel/
    # PID is created inside chroot jail
    pid = /stunnel.pid
    setuid 
    cpanel
    setgid 
    cpanel

    # Authentication stuff
    #verify = 2
    # don't forget about c_rehash CApath
    # it is located inside chroot jail:
    #CApath = /certs
    # or simply use CAfile instead:
    #CAfile = /usr/local/etc/stunnel/certs.pem

    # Some debugging stuff
    #debug = 7
    #output = stunnel.log

    # Use it for client mode
    #client = yes

    # Service-level configuration

    #[pop3s]
    #accept  = 995
    #connect = 110

    #[imaps]
    #accept  = 993
    #connect = 143

    #[ssmtp]
    #accept  = 465
    #exec = /usr/sbin/sendmail
    #execargs = -bs

    #[cpanelhttps]
    #accept  = 2083
    #connect = 2082
    #TIMEOUTclose = 0

    [whmhttps]
    accept  2087
    connect 
    2086
    TIMEOUTclose 
    0

    #[webmailhttps]
    #accept  = 2096
    #connect = 2095
    #TIMEOUTclose = 0

    So commandout the cpanel, webmail, imap and pop3

    Then it works!

    Good luck!
     
Loading...

Share This Page