Unknown API Error when attempting to contact the remote system
Hi All,
I have a DNS cluster setup between a primary WHM cpanel machine and two WHM DNS Only machines that run as ns1 and ns2.
Recently my vps provider changed the IP of my NS1 machine. Now i am attempting to re-add NS1 to the cluster but keep getting this error message:
"Unknown API Error when attempting to contact the remote system"
NS2 is working fine. But if i attempt to modify the entry i get the same error. Any help is appreciated. thanks.
-
Hello, You can review /usr/local/cpanel/logs/error_log to see the full error message. A resolution to ensure the specific error message is displayed in the WHM UI was published with cPanel version 60.0.8: Fixed case CPANEL-9318: Show appropriate error message in DNS Clustering. Note that generally this is the result of a firewall rule blocking connections between the two servers. Check to ensure any firewall rules on both systems allow for connections from the other server's IP address. Thank you. 0 -
Great thanks, i found the error: Server Error from: (the correct IP of the server i am trying to add): HTTP/1.1 404 Not Found Any ideas? thanks! 0 -
Hello, Do you have any firewall rules on either the cPanel server or the DNS-Only server that's restricting access? Ensure the IP address of each server is allowed in the other server's firewall configuration. Thank you. 0 -
Hello, Do you have any firewall rules on either the cPanel server or the DNS-Only server that's restricting access? Ensure the IP address of each server is allowed in the other server's firewall configuration. Thank you.
There's nothing blocking in either direction. Doesn't make any sense. What port does this use?0 -
There's nothing blocking in either direction. Doesn't make any sense. What port does this use?
It uses port 2087. Could you also review "Host Access Control" in Web Host Manager to ensure that whostmgrd isn't restricted? Thank you.0 -
I have the same issue, other servers can connect fine but this cannot connect to one DNS server even though the IP for oth servers are in the firewall and host access. Any luck solving this? My error is just Could not connect to 123.123.1.1:2087: Connection timed out 0 -
I have the same issue, other servers can connect fine but this cannot connect to one DNS server even though the IP for oth servers are in the firewall and host access. Any luck solving this? My error is just Could not connect to 123.123.1.1:2087: Connection timed out
Hello, You can review /usr/local/cpanel/logs/login_log on the destination server to look for any specific error messages about the login failure:tail -f /usr/local/cpanel/logs/login_log
Also, try manually testing the connection from initial server's command line with telnet:telnet 123.123.1.1 2087
If it fails, then it suggests a firewall rule (possibly from the data center) on either of the two servers is blocking traffic over port 2087. Thank you.0 -
Thanks cPanelMichael 1. There is no errors from the bad connection on there /usr/local/cpanel/logs/login_log 2. telnet 123.123.1.1 2087 this just hangs 3. I'm logged into port 2087 on both computers as I write this. I disabled the SSH host access blocks and the disabled the firewall. But still get the same time out. My guess now is the SSH cert has an issue. 0 -
Thanks cPanelMichael My guess now is the SSH cert has an issue.
If you find the issue could you please update the thread. I seem to have the same / very similar issue.0 -
. telnet 123.123.1.1 2087 this just hangs
Hello, This suggests a potential connection issue. The output should look like this:# telnet 1.2.3.4 2087 Trying 1.2.3.4 ... Connected to 1.2.3.4. Escape character is '^]'.
Are there any possible traffic filtering rules on the network/data center level that could be filtering traffic? If not, feel free to open a support ticket so we can take a closer look and see what's happening. Thank you.0 -
Any update on this thread? I am trying to do DNS Clustering from 2 cPanel/WHM servers. I seem to get exactly the same issue. Upon checking the logs, I also get: Server Error from 139.546.59.51: HTTP/1.1 403 Forbidden Access denied I have CSF Firewall installed on both servers and have already completely disabled then, but still getting the same results. I get "Unknown API Error" on both servers after attempting to add a new server to the cluster. Any ideas or tips will be greatly appreciated!! 0 -
Hello @intuitivsol, Have you tried completing the steps referenced in my earlier post to help narrow down the issue? Do you have any entries in your /etc/hosts.allow file on the server you are connecting to? Thank you. 0 -
Hi Mike, I just checked the /etc/hosts.allow files on both servers and there are no entries, so I guess no blocked IPs. I tried the 'telnet' thing but it's not working (command not recognized it seems). 0 -
Hello, Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look. Thanks! 0 -
I was able to manage to successfully complete DNS clustering with a 3rd cPanel server. So it seems this one cPanel server is the one blocking connection not allowing the 2 other cPanel servers to connect. I'm not too sure what else to try here, any suggestions or tips will greatly be appreciated! 0 -
I was able to manage to successfully complete DNS clustering with a 3rd cPanel server. So it seems this one cPanel server is the one blocking connection not allowing the 2 other cPanel servers to connect. I'm not too sure what else to try here, any suggestions or tips will greatly be appreciated!
Do you notice any output to /usr/local/cpanel/logs/login_log on the server you are attempting to connect "to" when encountering the error message? Thank you.0 -
Hi cPanelMichael, I'm putting aside this 3rd server for now and has been focusing on 2 cPanel servers I was able to already establish connection via DNS Cluster. Again, here's the setup (which was successul the first time I did it), see below. But now, I noticed a 'forbidden access' error: vps2.example.com (newer), under 'servers in your cluster' panel I see: - hostname: vps1.example.com - username: root - type: cPanel - status: 11.64.0.33 (with a check mark = Server Active) - dns role: synchronize changes vps1.example.com (older), under 'servers in your cluster' panel I see: - hostname: vps2.example.com - username: root - type: cPanel - status: Server Error from 172.xxx.xxx.xxx: HTTP/1.1 403 Forbidden Access denied Server Error - dns role: Requires version 8.9 or later. - actions: This server is inherited. First of all, is this kind of setup correct wherein vps2 role is 'synchronize' while vps1 supposedly was 'standalone' before the issue happened? Any idea on how to fix this 'Server Error from 172.xxx.xxx.xxx: HTTP/1.1 403 Forbidden Access denied' status? The new vps2 is "CENTOS 7.3 x86_64 kvm " vps2" while the older vps1 is "CENTOS 6.9 x86_64 kvm " vps" by the way, is this differing CentOS versions problematic? Again, upon initial setup, it was successfull, no errors. But after a week and I suppose some cPanel updates occurred, this is the problem now. 0 -
Just an updated, I think I may have fixed this issue for now.... Apparently, the 'Forbidden Access' error was showing up when I was viewing 'Managing DNS Cluster as' another user (reseller with all privileges) other that root, ex. 'another_user'. If I switch the 'Managing DNS Cluster as' to 'root', I can see everything is working, no errors. So going back to setting 'Managing DNS Cluster as' to 'another_user', I did the whole add new sever to the cluster process again, and it connected without any issues with vps2 (as standalone). So no errors now! I guess I got confused with how this 'Managing DNS Cluster as' option works in relation to the entire DNS Cluster process. Just a question.... if I add a new account under vps1 (which is setup as 'standalone'), do I have to manually do 'synchronize dns records' within vps1? or within vps2? Or is everything already being synchronized automatically because I enabled 'trust relationship'? Any tips will greatly be appreciated, thanks guys! 0 -
Just a question.... if I add a new account under vps1 (which is setup as 'standalone'), do I have to manually do 'synchronize dns records' within vps1? or within vps2? Or is everything already being synchronized automatically because I enabled 'trust relationship'? Any tips will greatly be appreciated, thanks guys!
The role would need to be set to "Synchronize Changes" or "Write Only" on both servers for it to automatically sync from VPS1 to VPS2 and from VPS2 to VPS1. Keep in mind that WHM-to-WHM cluster setups are not recommended, and may cause DNS errors on your servers. This is documented at: Guide to DNS Cluster Configurations - cPanel Knowledge Base - cPanel Documentation Thank you.0 -
I'm having this same problem on four new servers. When we initially tried this, using API tokens from the DNS cluster servers we got an error so we set them up using the remote access keys instead and this worked fine. Ideally I would like to switch all of these to using the API keys instead. When we try to add or edit a nameserver using an API key we receive the error "Unknown API Error when attempting to contact the remote system". The cpanel log says Server Error from ip.ip.ip.ip: HTTP/1.1 403 Forbidden Access denied This immediately made me think it was the hosts.allow file but it isn't. The cluster works fine when using remote access keys and I can telnet to the port from the servers. So I checked the login log on the nameserver. The log says... root "GET /json-api/version? HTTP/1.1" FAILED LOGIN whostmgrd: login attempt to WHM with bad accesshash or API token However, the API token is correct and works fine with other servers. The solution mentioned above relating to the username isn't relevant to my situation as I'm already using root as the user. I have set up six other new servers recently using the API key without any issues - but these four are all the same and will not work. I presume that we can still use the remote access keys indefinitely if they are already set up this way? 0 -
root "GET /json-api/version? HTTP/1.1" FAILED LOGIN whostmgrd: login attempt to WHM with bad accesshash or API token
Hi @4u123, I'm unsure what could be causing this error message since you mentioned the API token was generated by the "root" user. Would you mind opening a support ticket so we can take a closer look?I presume that we can still use the remote access keys indefinitely if they are already set up this way?
The interface itself and the ability to generate a new access hash is tentatively planned for removal from the product in cPanel version 72: cPanel Deprecation Plan - cPanel Knowledge Base - cPanel Documentation However, that alone shouldn't prevent existing hashes from working. We've not made any announcements regarding a requirement to switch from existing access hashes to API tokens, but we'll be sure to announce any such requirements in the release notes. Thank you.0 -
Ran into the same exact situation and just can't seem to find a viable solution. 4 servers serving in DNS cluster for a set of our cPanel servers. Boot up a new cPanel VM, was able to successfully configure 3 but unable to with 1. It's worth noting that adding the API key from the cPanelDNS server to the main server went without a hitch. But the cPanelDNS server couldn't complete the process. Just keep reloading and finally output: Unknown API Error when attempting to contact the remote system from cpanel/logs/login_log: [2018-04-12 08:32:43 +0000] info [whostmgrd] $connecting_IP_address - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing from cpanel/logs/error_log: Could not connect to $main_serverIP:2087: Connection timed out Could not connect to $main_serverIP:2087: Connection timed out Versions: cPanelDNS Only: ============== /etc/redhat-release:CentOS Linux release 7.4.1708 (Core) /usr/local/cpanel/version:11.68.0.36 CPANEL=stable cPanel: =============== /etc/redhat-release:CentOS Linux release 7.4.1708 (Core) /usr/local/cpanel/version:11.68.0.36 CPANEL=release Nameserver IP is cPHulk whitelisted and there is no additional firewall yet since the machine is being configured. All cPanel ports are correctly configured at the datacenter level. 0 -
Hi @MajorLancelot, Could you open a support ticket so we can take a closer look? You can post the ticket number here and we will update this thread with the outcome. Thank you. 0 -
Hi @MajorLancelot, Could you open a support ticket so we can take a closer look? You can post the ticket number here and we will update this thread with the outcome. Thank you.
Good morning, cPanelMicheal. I have done just that and the Support Request ID is 9434291. Have a wonderful day0 -
I have done just that and the Support Request ID is 9434291.
Hello, To update, here's part the response in the support ticket regarding the resolution: As best I could tell, the API Token on [removed] for ns3 was incorrect and resulting in the 'Forbidden'/'Unknown API Error'. The only thing I did was regenerate the API token on [removed] for ns3, and the cluster configuration updated without a problem. Unfortunately I am unsure what specifically went wrong when this was tried on your end.
Thank you.0 -
Hello Micheal. I should have updated this earlier but was waiting to close the ticket before proceeding. The fact is that the API I generated that worked for other "ns" servers but didn't work for "ns". And even when 3 successive APIs where generated specifically for "ns3", they also didn't work until the analyst did. Not sure if it is because considerable time elapsed between these actions or what. Anyway, we are grateful that he was able to get it to work. Thanks to you for your help and to the cPanel team for an always incredible support. 0 -
i think it is safe no issues for me
Hello, You can review /usr/local/cpanel/logs/error_log to see the full error message. A resolution to ensure the specific error message is ed in the WHM UI was published with cPanel version 60.0.8: Fixed case CPANEL-9318: Show appropriate error message in DNS Clustering. Note that generally this is the result of a firewall rule blocking connections between the two servers. Check to ensure any firewall rules on both systems allow for connections from the other server's IP address. Thank you.
I see this is marked as resolved via0 -
Hello @Glexia, Can you let us know which cPanel & WHM version you are reproducing the behavior or? Also, if possible, can you share a screenshot of what you see when this happens? Thank you. 0
Please sign in to leave a comment.
Comments
28 comments