MultiServer issue

[AlexJ]

Hi

I have two servers. Server A and B and they are in different datacenters.

Server A IP: 1.2.3.4
Server B IP: 5.6.7.8

I need to set up a multi-server on Server A so DNS zones could be synced with Server B. But it doesn't work.

Error message:

YOUR CONNECTION HAS TIMED OUT​

Either your request was invalid or the program hasn't completed your request.
Please notify the server admin


I've started DA in debug mode with b8000 and the log is attached.

When I add Server A to Server B everything works perfectly but I need Server A to be the primary.
The firewall on both servers is disabled and they have access to port 2222 and no SSL is configured.
MTR shows no packet loss in either direction.

Any help would be appreciated.

 

[factor]

older docs

https://help.directadmin.com/item.php?id=97

newer docs

Multi-Server Setup | Directadmin Docs

General DNS | Directadmin Docs

I need Server A to be the primary.

Primary what? DNS server?
All DA servers are Primarys (Masters) by default.

When you put in the login info click save first then click test connection. The logins on server a go in server b and server b logins go in a.

 

[AlexJ]

Yes, I've mentioned the DNS master/slave scenario in my first post.
I've done all that but I still cannot connect to server B from server A.

 

[factor]

Server A IP: 1.2.3.4
Server B IP: 5.6.7.8

Are both of these servers DA servers? If yes they are both masters. There is no native slave server in DA.

All DNS multi-server does is share the zones of each server to the other so either server can serve the records.

Let's just check everything. it hard for me to sort of see where you are blindly.

I assume all the normal stuff like hostname, /etc/host and dns A /NS records are setup.

All directadmin.conf values | Directadmin Docs

On both servers is this 1?

cd /usr/local/directadmin/conf
cat directadmin.conf |grep cluster

if yes

systemctl restart directadmin

on both servers
If no
run

/usr/local/directadmin/directadmin set cluster 1
systemctl restart directadmin

on one of more servers.

ping server A by ip and name? from server B

ping server b by ip and name? from server A

Once you have this you put in the Admin User and Pass from a in b and b in a


I don't think it should matter if the 2 boxes are in different datacenters. Unless they are blocking traffic for some reason. You might ask them if you want.

 

[factor]

And sorry I did not welcome you. I didn't realize you just joined today... Welcome to DA and the Community forum.

 

[AlexJ]

Thank you Brent.

I did all the things you've mentioned but didn't work.
tcpdump and iptraf didn't help either.

/var/log/directadmin/error.log :
Timeout (timeout=60) from 9.10.11.12 : last flagged: Command::doCommand(/CMD_MULTI_SERVER) : getlock(./data/admin/cluster.conf, 'ConfigFile::readFile') : finished

 

[factor]

Do you have support with your license? if yes at this point. You might log a ticket.

If not I can call in some more eyes.

 

[AlexJ]

No, unfortunately, the support for this license is expired.

 

[factor]

No, unfortunately, the support for this license is expired.

Ok and you know you can re up the support in the portal? it fine if you don't want to I am not a sales man..

 

[factor]

Thank you Brent.

I did all the things you've mentioned but didn't work.
tcpdump and iptraf didn't help either.

/var/log/directadmin/error.log :
Timeout (timeout=60) from 9.10.11.12 : last flagged: Command::doCommand(/CMD_MULTI_SERVER) : getlock(./data/admin/cluster.conf, 'ConfigFile::readFile') : finished

ok what am I missing here

@Richard G @smtalk start at the top...https://forum.directadmin.com/threads/multiserver-issue.62464/post-322302

 

[AlexJ]

I've done this many times before and I kind of hoped to find a solution here.

 

[Richard G]

I've followed this topic and did not see any odd things which would explain this behaviour. At least not if it's possible to just login to da via port 2222 on both servers.
So when timeouts occur in such case, then normally the reason is connection issues, so blocks somewhere, either firewall or other.

As firewalls are disabled, it could be that server A is blocked in server B in some other way, like Directadmin itself.
Check /usr/local/directadmin/data/admin/ip_blacklist if ip's are listed in there.

Next to that, you could test using telnet from server a to server B like:

telnet 5.6.7.8 2222

if you receive a timeout, then somewhere there must be some blockade between the servers somewhere.

P.s. I know you mask your ip's, but please use the correct masks used before because this:

timeout (timeout=60) from 9.10.11.12

would mean you are trying to connect to the wrong ip. Should be 5.6.7.8. So I presume you masked it wrongly.

 

[factor]

Check /usr/local/directadmin/data/admin/ip_blacklist if ip's are listed in there.

oh good one yep check that..

blockade between the servers somewhere.

yeah that is what i was thinking maybe log a ticket to both infrastructure providers and see if they have some data center firewall blocking.

 

[factor]

I've followed this topic

as always thanks my friend.

 

[Richard G]

maybe log a ticket to both infrastructure providers and see if they have some data center firewall blocking.

That's why I advised the telnet command. If that also fails with timeout, it's more argument to log a ticket to the infra provider.

 

[AlexJ]

I've done all the connection tests (telnet, mtr, ping) and there is no network issue between servers. Not even packet loss.

IP 9.10.11.12 is actually my PC's IP address.

I've submitted tickets to both datacenters and asked them about any network restrictions and they assured me there is none.

Since I can telnet to port 2222 from A to B it rolls out the underlying network issue and it must be a software/configuration problem.

There is no ip_blacklist in servers and the command #curl http:/5.6.7.8:2222 from Server A shows the following:

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8;"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>

<title>
5.6.7.8 | Login
</title>
<link rel="shortcut icon" href="/images/favicon.png" type="image/x-icon" />
<meta name="robots" content="noindex,nofollow" />
<script>
var tokens = {
LOST_PASSWORD: "no" === "yes",
TIME: {
current: 1603897004 * 1000,
offset: 86400 * 1000,
},
AUTH_METHOD: "CMD_LOGIN",
QUESTION: "|QUESTION_JSON|",
LOGIN_LANGUAGES: "default=en;en=English;",
GEO_IP_LANG: "|GEO_IP_LANG|",
trial: "|IS_TRIAL_LICENSE|",
};
</script>
<link href="/assets/css/login.css" rel="stylesheet"></head>
<body>
<div id="login"></div>
<script type="text/javascript" src="/assets/login.js"></script></body>
</html>

 

[AlexJ]

As I said both servers are fresh installation and I can provide you login information if you have the time.

 

[factor]

Have you run a ./build all
on both servers? just curious. Sometimes on fresh installs, this is needed.
What's the OS and version.

 

[Richard G]

Indeed looks like a software issue, no blocking issue as otherwise telnet and curl would also be blocked.
Maybe try waht Brent says first.
./build all d
just to be sure and try again.

Maybe also verify manually (check files) in both servers directadmin.conf that cluster=1 is present.

 

[AlexJ]

Both servers are Debian 10 x64
And yes I ran ./build all on server A but nothing changed.