Unknown API Error when attempting to contact the remote system

[mitt]

Hi All,

I have a DNS cluster setup between a primary WHM cpanel machine and two WHM DNS Only machines that run as ns1 and ns2.

Recently my vps provider changed the IP of my NS1 machine. Now i am attempting to re-add NS1 to the cluster but keep getting this error message:

"Unknown API Error when attempting to contact the remote system"

NS2 is working fine. But if i attempt to modify the entry i get the same error. Any help is appreciated. thanks.

 

[cPanelMichael]

Hello,

You can review /usr/local/cpanel/logs/error_log to see the full error message. A resolution to ensure the specific error message is displayed in the WHM UI was published with cPanel version 60.0.8:

Fixed case CPANEL-9318: Show appropriate error message in DNS Clustering.

Note that generally this is the result of a firewall rule blocking connections between the two servers. Check to ensure any firewall rules on both systems allow for connections from the other server's IP address.

Thank you.

 

[mitt]

Great thanks, i found the error:

Server Error from: (the correct IP of the server i am trying to add): HTTP/1.1 404 Not Found


Any ideas? thanks!

 

[cPanelMichael]

Hello,

Do you have any firewall rules on either the cPanel server or the DNS-Only server that's restricting access? Ensure the IP address of each server is allowed in the other server's firewall configuration.

Thank you.

 

[mitt]

Hello,

Do you have any firewall rules on either the cPanel server or the DNS-Only server that's restricting access? Ensure the IP address of each server is allowed in the other server's firewall configuration.

Thank you.

There's nothing blocking in either direction. Doesn't make any sense. What port does this use?

 

[cPanelMichael]

There's nothing blocking in either direction. Doesn't make any sense. What port does this use?

It uses port 2087. Could you also review "Host Access Control" in Web Host Manager to ensure that whostmgrd isn't restricted?

Thank you.

 

[WebHostPro]

I have the same issue, other servers can connect fine but this cannot connect to one DNS server even though the IP for oth servers are in the firewall and host access.

Any luck solving this?

My error is just Could not connect to 123.123.1.1:2087: Connection timed out

 

[cPanelMichael]

I have the same issue, other servers can connect fine but this cannot connect to one DNS server even though the IP for oth servers are in the firewall and host access.

Any luck solving this?

My error is just Could not connect to 123.123.1.1:2087: Connection timed out

Hello,

You can review /usr/local/cpanel/logs/login_log on the destination server to look for any specific error messages about the login failure:

tail -f /usr/local/cpanel/logs/login_log

Also, try manually testing the connection from initial server's command line with telnet:

telnet 123.123.1.1 2087

If it fails, then it suggests a firewall rule (possibly from the data center) on either of the two servers is blocking traffic over port 2087.

Thank you.

 

[WebHostPro]

Thanks cPanelMichael

1. There is no errors from the bad connection on there /usr/local/cpanel/logs/login_log

2. telnet 123.123.1.1 2087 this just hangs

3. I'm logged into port 2087 on both computers as I write this.

I disabled the SSH host access blocks and the disabled the firewall. But still get the same time out.

My guess now is the SSH cert has an issue.

 

[ethix]

Thanks cPanelMichael
My guess now is the SSH cert has an issue.

If you find the issue could you please update the thread.
I seem to have the same / very similar issue.

 

[cPanelMichael]

2. telnet 123.123.1.1 2087 this just hangs

Hello,

This suggests a potential connection issue. The output should look like this:

# telnet 1.2.3.4 2087
Trying 1.2.3.4 ...
Connected to 1.2.3.4.
Escape character is '^]'.

Are there any possible traffic filtering rules on the network/data center level that could be filtering traffic? If not, feel free to open a support ticket so we can take a closer look and see what's happening.

Thank you.

 

[intuitivsol]

Any update on this thread?

I am trying to do DNS Clustering from 2 cPanel/WHM servers. I seem to get exactly the same issue. Upon checking the logs, I also get:

Server Error from 139.546.59.51: HTTP/1.1 403 Forbidden Access denied

I have CSF Firewall installed on both servers and have already completely disabled then, but still getting the same results. I get "Unknown API Error" on both servers after attempting to add a new server to the cluster.

Any ideas or tips will be greatly appreciated!!

 

[cPanelMichael]

Hello @intuitivsol,

Have you tried completing the steps referenced in my earlier post to help narrow down the issue? Do you have any entries in your /etc/hosts.allow file on the server you are connecting to?

Thank you.

 

[intuitivsol]

Hi Mike, I just checked the /etc/hosts.allow files on both servers and there are no entries, so I guess no blocked IPs. I tried the 'telnet' thing but it's not working (command not recognized it seems).

 

[cPanelMichael]

Hello,

Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look.

Thanks!

 

[intuitivsol]

I was able to manage to successfully complete DNS clustering with a 3rd cPanel server. So it seems this one cPanel server is the one blocking connection not allowing the 2 other cPanel servers to connect. I'm not too sure what else to try here, any suggestions or tips will greatly be appreciated!

 

[cPanelMichael]

I was able to manage to successfully complete DNS clustering with a 3rd cPanel server. So it seems this one cPanel server is the one blocking connection not allowing the 2 other cPanel servers to connect. I'm not too sure what else to try here, any suggestions or tips will greatly be appreciated!

Do you notice any output to /usr/local/cpanel/logs/login_log on the server you are attempting to connect "to" when encountering the error message?

Thank you.

 

[intuitivsol]

Hi cPanelMichael, I'm putting aside this 3rd server for now and has been focusing on 2 cPanel servers I was able to already establish connection via DNS Cluster. Again, here's the setup (which was successul the first time I did it), see below. But now, I noticed a 'forbidden access' error:

vps2.example.com (newer), under 'servers in your cluster' panel I see:
- hostname: vps1.example.com
- username: root
- type: cPanel
- status: 11.64.0.33 (with a check mark = Server Active)
- dns role: synchronize changes

vps1.example.com (older), under 'servers in your cluster' panel I see:
- hostname: vps2.example.com
- username: root
- type: cPanel
- status: Server Error from 172.xxx.xxx.xxx: HTTP/1.1 403 Forbidden Access denied Server Error
- dns role: Requires version 8.9 or later.
- actions: This server is inherited.

First of all, is this kind of setup correct wherein vps2 role is 'synchronize' while vps1 supposedly was 'standalone' before the issue happened?

Any idea on how to fix this 'Server Error from 172.xxx.xxx.xxx: HTTP/1.1 403 Forbidden Access denied' status? The new vps2 is "CENTOS 7.3 x86_64 kvm – vps2" while the older vps1 is "CENTOS 6.9 x86_64 kvm – vps" by the way, is this differing CentOS versions problematic? Again, upon initial setup, it was successfull, no errors. But after a week and I suppose some cPanel updates occurred, this is the problem now.

 

[intuitivsol]

Just an updated, I think I may have fixed this issue for now....

Apparently, the 'Forbidden Access' error was showing up when I was viewing 'Managing DNS Cluster as' another user (reseller with all privileges) other that root, ex. 'another_user'. If I switch the 'Managing DNS Cluster as' to 'root', I can see everything is working, no errors.

So going back to setting 'Managing DNS Cluster as' to 'another_user', I did the whole add new sever to the cluster process again, and it connected without any issues with vps2 (as standalone). So no errors now! I guess I got confused with how this 'Managing DNS Cluster as' option works in relation to the entire DNS Cluster process.

Just a question.... if I add a new account under vps1 (which is setup as 'standalone'), do I have to manually do 'synchronize dns records' within vps1? or within vps2? Or is everything already being synchronized automatically because I enabled 'trust relationship'? Any tips will greatly be appreciated, thanks guys!

 

[cPanelMichael]

Just a question.... if I add a new account under vps1 (which is setup as 'standalone'), do I have to manually do 'synchronize dns records' within vps1? or within vps2? Or is everything already being synchronized automatically because I enabled 'trust relationship'? Any tips will greatly be appreciated, thanks guys!

The role would need to be set to "Synchronize Changes" or "Write Only" on both servers for it to automatically sync from VPS1 to VPS2 and from VPS2 to VPS1. Keep in mind that WHM-to-WHM cluster setups are not recommended, and may cause DNS errors on your servers. This is documented at:

Guide to DNS Cluster Configurations - cPanel Knowledge Base - cPanel Documentation

Thank you.