Skip to main content

Unknown API Error when attempting to contact the remote system

Comments

28 comments

  • cPanelMichael
    Hello, You can review /usr/local/cpanel/logs/error_log to see the full error message. A resolution to ensure the specific error message is displayed in the WHM UI was published with cPanel version 60.0.8: Fixed case CPANEL-9318: Show appropriate error message in DNS Clustering. Note that generally this is the result of a firewall rule blocking connections between the two servers. Check to ensure any firewall rules on both systems allow for connections from the other server's IP address. Thank you.
    0
  • mitt
    Great thanks, i found the error: Server Error from: (the correct IP of the server i am trying to add): HTTP/1.1 404 Not Found Any ideas? thanks!
    0
  • cPanelMichael
    Hello, Do you have any firewall rules on either the cPanel server or the DNS-Only server that's restricting access? Ensure the IP address of each server is allowed in the other server's firewall configuration. Thank you.
    0
  • mitt
    Hello, Do you have any firewall rules on either the cPanel server or the DNS-Only server that's restricting access? Ensure the IP address of each server is allowed in the other server's firewall configuration. Thank you.

    There's nothing blocking in either direction. Doesn't make any sense. What port does this use?
    0
  • cPanelMichael
    There's nothing blocking in either direction. Doesn't make any sense. What port does this use?

    It uses port 2087. Could you also review "Host Access Control" in Web Host Manager to ensure that whostmgrd isn't restricted? Thank you.
    0
  • WebHostPro
    I have the same issue, other servers can connect fine but this cannot connect to one DNS server even though the IP for oth servers are in the firewall and host access. Any luck solving this? My error is just Could not connect to 123.123.1.1:2087: Connection timed out
    0
  • cPanelMichael
    I have the same issue, other servers can connect fine but this cannot connect to one DNS server even though the IP for oth servers are in the firewall and host access. Any luck solving this? My error is just Could not connect to 123.123.1.1:2087: Connection timed out

    Hello, You can review /usr/local/cpanel/logs/login_log on the destination server to look for any specific error messages about the login failure:
    tail -f /usr/local/cpanel/logs/login_log
    Also, try manually testing the connection from initial server's command line with telnet:
    telnet 123.123.1.1 2087
    If it fails, then it suggests a firewall rule (possibly from the data center) on either of the two servers is blocking traffic over port 2087. Thank you.
    0
  • WebHostPro
    Thanks cPanelMichael 1. There is no errors from the bad connection on there /usr/local/cpanel/logs/login_log 2. telnet 123.123.1.1 2087 this just hangs 3. I'm logged into port 2087 on both computers as I write this. I disabled the SSH host access blocks and the disabled the firewall. But still get the same time out. My guess now is the SSH cert has an issue.
    0
  • ethix
    Thanks cPanelMichael My guess now is the SSH cert has an issue.

    If you find the issue could you please update the thread. I seem to have the same / very similar issue.
    0
  • cPanelMichael
    . telnet 123.123.1.1 2087 this just hangs

    Hello, This suggests a potential connection issue. The output should look like this:
    # telnet 1.2.3.4 2087 Trying 1.2.3.4 ... Connected to 1.2.3.4. Escape character is '^]'.
    Are there any possible traffic filtering rules on the network/data center level that could be filtering traffic? If not, feel free to open a support ticket so we can take a closer look and see what's happening. Thank you.
    0
  • intuitivsol
    Any update on this thread? I am trying to do DNS Clustering from 2 cPanel/WHM servers. I seem to get exactly the same issue. Upon checking the logs, I also get: Server Error from 139.546.59.51: HTTP/1.1 403 Forbidden Access denied I have CSF Firewall installed on both servers and have already completely disabled then, but still getting the same results. I get "Unknown API Error" on both servers after attempting to add a new server to the cluster. Any ideas or tips will be greatly appreciated!!
    0
  • cPanelMichael
    Hello @intuitivsol, Have you tried completing the steps referenced in my earlier post to help narrow down the issue? Do you have any entries in your /etc/hosts.allow file on the server you are connecting to? Thank you.
    0
  • intuitivsol
    Hi Mike, I just checked the /etc/hosts.allow files on both servers and there are no entries, so I guess no blocked IPs. I tried the 'telnet' thing but it's not working (command not recognized it seems).
    0
  • cPanelMichael
    Hello, Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look. Thanks!
    0
  • intuitivsol
    I was able to manage to successfully complete DNS clustering with a 3rd cPanel server. So it seems this one cPanel server is the one blocking connection not allowing the 2 other cPanel servers to connect. I'm not too sure what else to try here, any suggestions or tips will greatly be appreciated!
    0
  • cPanelMichael
    I was able to manage to successfully complete DNS clustering with a 3rd cPanel server. So it seems this one cPanel server is the one blocking connection not allowing the 2 other cPanel servers to connect. I'm not too sure what else to try here, any suggestions or tips will greatly be appreciated!

    Do you notice any output to /usr/local/cpanel/logs/login_log on the server you are attempting to connect "to" when encountering the error message? Thank you.
    0
  • intuitivsol
    Hi cPanelMichael, I'm putting aside this 3rd server for now and has been focusing on 2 cPanel servers I was able to already establish connection via DNS Cluster. Again, here's the setup (which was successul the first time I did it), see below. But now, I noticed a 'forbidden access' error: vps2.example.com (newer), under 'servers in your cluster' panel I see: - hostname: vps1.example.com - username: root - type: cPanel - status: 11.64.0.33 (with a check mark = Server Active) - dns role: synchronize changes vps1.example.com (older), under 'servers in your cluster' panel I see: - hostname: vps2.example.com - username: root - type: cPanel - status: Server Error from 172.xxx.xxx.xxx: HTTP/1.1 403 Forbidden Access denied Server Error - dns role: Requires version 8.9 or later. - actions: This server is inherited. First of all, is this kind of setup correct wherein vps2 role is 'synchronize' while vps1 supposedly was 'standalone' before the issue happened? Any idea on how to fix this 'Server Error from 172.xxx.xxx.xxx: HTTP/1.1 403 Forbidden Access denied' status? The new vps2 is "CENTOS 7.3 x86_64 kvm " vps2" while the older vps1 is "CENTOS 6.9 x86_64 kvm " vps" by the way, is this differing CentOS versions problematic? Again, upon initial setup, it was successfull, no errors. But after a week and I suppose some cPanel updates occurred, this is the problem now.
    0
  • intuitivsol
    Just an updated, I think I may have fixed this issue for now.... Apparently, the 'Forbidden Access' error was showing up when I was viewing 'Managing DNS Cluster as' another user (reseller with all privileges) other that root, ex. 'another_user'. If I switch the 'Managing DNS Cluster as' to 'root', I can see everything is working, no errors. So going back to setting 'Managing DNS Cluster as' to 'another_user', I did the whole add new sever to the cluster process again, and it connected without any issues with vps2 (as standalone). So no errors now! I guess I got confused with how this 'Managing DNS Cluster as' option works in relation to the entire DNS Cluster process. Just a question.... if I add a new account under vps1 (which is setup as 'standalone'), do I have to manually do 'synchronize dns records' within vps1? or within vps2? Or is everything already being synchronized automatically because I enabled 'trust relationship'? Any tips will greatly be appreciated, thanks guys!
    0
  • cPanelMichael
    Just a question.... if I add a new account under vps1 (which is setup as 'standalone'), do I have to manually do 'synchronize dns records' within vps1? or within vps2? Or is everything already being synchronized automatically because I enabled 'trust relationship'? Any tips will greatly be appreciated, thanks guys!

    The role would need to be set to "Synchronize Changes" or "Write Only" on both servers for it to automatically sync from VPS1 to VPS2 and from VPS2 to VPS1. Keep in mind that WHM-to-WHM cluster setups are not recommended, and may cause DNS errors on your servers. This is documented at: Guide to DNS Cluster Configurations - cPanel Knowledge Base - cPanel Documentation Thank you.
    0
  • 4u123
    I'm having this same problem on four new servers. When we initially tried this, using API tokens from the DNS cluster servers we got an error so we set them up using the remote access keys instead and this worked fine. Ideally I would like to switch all of these to using the API keys instead. When we try to add or edit a nameserver using an API key we receive the error "Unknown API Error when attempting to contact the remote system". The cpanel log says Server Error from ip.ip.ip.ip: HTTP/1.1 403 Forbidden Access denied This immediately made me think it was the hosts.allow file but it isn't. The cluster works fine when using remote access keys and I can telnet to the port from the servers. So I checked the login log on the nameserver. The log says... root "GET /json-api/version? HTTP/1.1" FAILED LOGIN whostmgrd: login attempt to WHM with bad accesshash or API token However, the API token is correct and works fine with other servers. The solution mentioned above relating to the username isn't relevant to my situation as I'm already using root as the user. I have set up six other new servers recently using the API key without any issues - but these four are all the same and will not work. I presume that we can still use the remote access keys indefinitely if they are already set up this way?
    0
  • cPanelMichael
    root "GET /json-api/version? HTTP/1.1" FAILED LOGIN whostmgrd: login attempt to WHM with bad accesshash or API token

    Hi @4u123, I'm unsure what could be causing this error message since you mentioned the API token was generated by the "root" user. Would you mind opening a support ticket so we can take a closer look?
    I presume that we can still use the remote access keys indefinitely if they are already set up this way?

    The interface itself and the ability to generate a new access hash is tentatively planned for removal from the product in cPanel version 72: cPanel Deprecation Plan - cPanel Knowledge Base - cPanel Documentation However, that alone shouldn't prevent existing hashes from working. We've not made any announcements regarding a requirement to switch from existing access hashes to API tokens, but we'll be sure to announce any such requirements in the release notes. Thank you.
    0
  • headsup
    Ran into the same exact situation and just can't seem to find a viable solution. 4 servers serving in DNS cluster for a set of our cPanel servers. Boot up a new cPanel VM, was able to successfully configure 3 but unable to with 1. It's worth noting that adding the API key from the cPanelDNS server to the main server went without a hitch. But the cPanelDNS server couldn't complete the process. Just keep reloading and finally output: Unknown API Error when attempting to contact the remote system from cpanel/logs/login_log: [2018-04-12 08:32:43 +0000] info [whostmgrd] $connecting_IP_address - root "GET / HTTP/1.1" DEFERRED LOGIN whostmgrd: security token missing from cpanel/logs/error_log: Could not connect to $main_serverIP:2087: Connection timed out Could not connect to $main_serverIP:2087: Connection timed out Versions: cPanelDNS Only: ============== /etc/redhat-release:CentOS Linux release 7.4.1708 (Core) /usr/local/cpanel/version:11.68.0.36 CPANEL=stable cPanel: =============== /etc/redhat-release:CentOS Linux release 7.4.1708 (Core) /usr/local/cpanel/version:11.68.0.36 CPANEL=release Nameserver IP is cPHulk whitelisted and there is no additional firewall yet since the machine is being configured. All cPanel ports are correctly configured at the datacenter level.
    0
  • cPanelMichael
    Hi @MajorLancelot, Could you open a support ticket so we can take a closer look? You can post the ticket number here and we will update this thread with the outcome. Thank you.
    0
  • headsup
    Hi @MajorLancelot, Could you open a support ticket so we can take a closer look? You can post the ticket number here and we will update this thread with the outcome. Thank you.

    Good morning, cPanelMicheal. I have done just that and the Support Request ID is 9434291. Have a wonderful day
    0
  • cPanelMichael
    I have done just that and the Support Request ID is 9434291.

    Hello, To update, here's part the response in the support ticket regarding the resolution: As best I could tell, the API Token on [removed] for ns3 was incorrect and resulting in the 'Forbidden'/'Unknown API Error'. The only thing I did was regenerate the API token on [removed] for ns3, and the cluster configuration updated without a problem. Unfortunately I am unsure what specifically went wrong when this was tried on your end.
    Thank you.
    0
  • headsup
    Hello Micheal. I should have updated this earlier but was waiting to close the ticket before proceeding. The fact is that the API I generated that worked for other "ns" servers but didn't work for "ns". And even when 3 successive APIs where generated specifically for "ns3", they also didn't work until the analyst did. Not sure if it is because considerable time elapsed between these actions or what. Anyway, we are grateful that he was able to get it to work. Thanks to you for your help and to the cPanel team for an always incredible support.
    0
  • Glexia
    i think it is safe no issues for me

    Hello, You can review /usr/local/cpanel/logs/error_log to see the full error message. A resolution to ensure the specific error message is ed in the WHM UI was published with cPanel version 60.0.8: Fixed case CPANEL-9318: Show appropriate error message in DNS Clustering. Note that generally this is the result of a firewall rule blocking connections between the two servers. Check to ensure any firewall rules on both systems allow for connections from the other server's IP address. Thank you.

    I see this is marked as resolved via
    0
  • cPanelMichael
    Hello @Glexia, Can you let us know which cPanel & WHM version you are reproducing the behavior or? Also, if possible, can you share a screenshot of what you see when this happens? Thank you.
    0

Please sign in to leave a comment.