system journal fills with errors: _VmDirConsumePartner failed, error code (51) #39
Comments
|
additional logging seems to reveal that this error is caused by a failure of CLDAP queries, aka "LDAP Pings". For reference, https://ldapwiki.com/wiki/LDAP%20ping.
the OID in the above log extract is the one OpenLDAP uses for these CLDAP messages. From what I understand, these are meant to be done over UDP. However, it appears that on my lightwave installation, nothing is listening on UDP/389. So, it appears as if any functions that depend on the status of these CLDAP pings fail because nothing is listending on UDP/389. is there a way to get vmdird to listen on UDP? |
|
a packet capture that shows a SRV DNS querie for _ldap._tcp.dc._msdcs., followed by a series of A and AAAA lookups for the listed DCs, then a connection attempt from the client trying to join to both of the DCs on UDP/389, followed by ICMP unreachable messages indicating that there's nothing accepting connections on the DC's on UDP/389. so, I guess it's a likewise problem rather than a lightwave / vmdir issue? not sure where to go from here... |
Hi Oddboy: If you upgrade to latest Lightwave version, this problem no longer exits. Thanks. |
|
"
|
|
I can see that the commands
I'm not sure what other effect this might be having |
Describe the bug
Once lightwave is installed on two domain controllers, the logs fill with errors like:
Dec 31 21:53:49 dc01 vmdird[1532]: t@139860643936000: _VmDirConsumePartner failed, error code (51) Dec 31 21:54:10 dc01 vmdird[1532]: t@139860643936000: _VmDirConsumePartner failed, error code (51) Dec 31 21:54:34 dc01 vmdird[1532]: t@139860643936000: _VmDirConsumePartner failed, error code (51) Dec 31 21:54:36 dc01 vmdird[1532]: t@139860643936000: _VmDirConsumePartner failed, error code (51) Dec 31 21:55:38 dc01 vmdird[1532]: t@139860643936000: _VmDirConsumePartner failed, error code (51)From looking at the source code, it appears that error code 51 is "LDAP SERVER BUSY". I have found some references to this pertaining to OpenLDAP and Microsoft's AD LDAP implementation. However, neither domain controller is overly busy, CPU utilization less than 5% generally with 0.2 load average.
Impact
Expected behavior
Unclear. I can't tell if there is a problem or not. Changes to the directory (like create a user) seem to work correctly and get replicated to peers.
Observed behavior
The error seems to imply that there is a communication problem between domain controller nodes. The by product of this is that the logs are filled with these messages about every 40 seconds or so. There are times during which this message is not logged, but those often occur when the systems (in the "lab") are not being used for much of anything, so I'm not sure if these log lines are indication of an actual problem.
To Reproduce
Steps to reproduce the behavior:
Environment:
Additional context
As noted above, the only deviation from a very default install in my case was that I replaced the default certificate on the first node with one signed by our enterprise CA. Note however that the same problem occurs even with a fully default configuration, that is, with no customizations at all.
The text was updated successfully, but these errors were encountered: