The “/usr/local/cpanel/scripts/rdate” command reported error number 4 when it ended
AnsweredGetting the timeout below every day. When I ping rdate.cpanel.net it resolves no problems, so assuming it's a firewall issue, but I'm not a linux guru and can't find where to change it. It's a new install of AlmaLinux 9 and running "firewall-cmd --zone=public --list-services" says firewalld is not running.
I vaguely recall there is iptables as well, but I'm not sure what I'm doing there.
If anyone can help, but please provide exact steps, don't just say "add 37 to iptables", I need simple, clear steps on how to check there's a problem and how to resolve it.
Thanks!
[2024-04-16 03:37:20 +0930] E [/usr/local/cpanel/scripts/rdate] Failed to run due to the 10 second timeout being exceeded.
[2024-04-16 03:37:20 +0930] E [/usr/local/cpanel/scripts/rdate] The “/usr/local/cpanel/scripts/rdate” command (process 1854748) reported error number 4 when it ended.
...
[2024-04-16 03:37:37 +0930] - Processing command `/usr/local/cpanel/bin/cloudlinux_update`
[2024-04-16 03:37:37 +0930] - Finished command `/usr/local/cpanel/bin/cloudlinux_update` in 0.054 seconds
[2024-04-16 03:37:37 +0930] Processing: Updating plugins data cache
[2024-04-16 03:37:37 +0930] - Processing command `/usr/local/cpanel/bin/refresh_plugin_cache`
[2024-04-16 03:37:37 +0930] - Finished command `/usr/local/cpanel/bin/refresh_plugin_cache` in 0.025 seconds
[2024-04-16 03:37:37 +0930] Processing: Ensuring SSL certificate information for CCS is up to date.
[2024-04-16 03:37:37 +0930] - Processing command `/usr/local/cpanel/scripts/ccs-check --run --ssl`
[2024-04-16 03:37:37 +0930] - Finished command `/usr/local/cpanel/scripts/ccs-check --run --ssl` in 0.006 seconds
[2024-04-16 03:37:37 +0930] Processing: Ensure cpanel-plugins yum repo exists
[2024-04-16 03:37:38 +0930] - Finished in 0.879 seconds
[2024-04-16 03:37:38 +0930] Processing: Checking Addon Licenses
[2024-04-16 03:37:38 +0930] - Finished in 0.007 seconds
[2024-04-16 03:37:38 +0930] Processing: Updating Public Suffix List
[2024-04-16 03:37:38 +0930] Processing: Checking End Of Life for current version.
[2024-04-16 03:37:39 +0930] - Finished in 0.576 seconds
[2024-04-16 03:37:39 +0930] Processing:
[2024-04-16 03:37:39 +0930] Maintenance complete.
=> Log closed Tue Apr 16 03:37:39 2024
-
I bet it's your resolvers. Adjust your /etc/resolv.conf file to include Google's nameservers:
nameserver 8.8.8.8
nameserver 8.8.4.4Andrew N. - cPanel Plesk VMWare Certified Professional
Do you need immediate assistance? 20 minutes response time!* Open a ticket
EmergencySupport - Professional Server Management and One-time Services0 -
What happens if you manually run the rdate command on the system?
0 -
rdate doesn't appear to be installed:
rdate -s rdate.cpanel.net
bash: rdate: command not foundtimedatectl works and time & timezone is correct (Australia)
Should rdate be installed? Will it conflict with timedatectl, if so, does this need to be removed?
0 -
Yes, I would expect that to be installed on most servers. I'd just install it and that should take care of everything.
0 -
I wouldn't inspect installing rdate to fix anything. cPanel uses /usr/local/cpanel/scripts/rdate
/usr/local/cpanel/scripts/rdate -p
rdate: [rdate.cpanel.net] Wed Apr 17 06:24:51 2024So I believe rdate is accessible but that you are still blocked by your firewall.
I run CSF firewall on my servers, and in my TCP_OUT section I have 37 listed as one of the ports to allow outbound access to. In the actual /usr/local/cpanel/scripts/rdate script, it shows that it uses TCP 37 outbound.
If you are using CSF, edit the TCP_OUT line in your /etc/csf/csf.conf file to include 37 and then do a 'csf -r'. Or log into WHM --> Plugins --> ConfigServer Security & Firewall and edit the conf file and restart that way.
If you are only using IPTABLES, then I can't help you since I have no idea what all of your active IPTABLES rules look like.
0 -
Good catch, mtindor - *our* rdate package is unrelated to the system rdate package.
Please try and manually run *exactly the command that failed*
/usr/local/cpanel/scripts/rdate
0 -
Same error as the cpanel update script:
/usr/local/cpanel/scripts/rdate
Failed to run due to the 10 second timeout being exceeded.There's a hardware firewall in front of the server, but that hasn't changed since the swap from CentOS to Alma, so that shouldn't be the problem. It's not running a software firewall, so I'm expecting IP tables is the problem, however I get this:
# iptables -L output
iptables v1.8.8 (nf_tables): chain `output' in table `filter' is incompatible, use 'nft' tool.I found some doco on cpanel site that says NFT runs the iptables for AlmaLinux. It looks like the cpanel reseller didn't setup the cpanel recommended rules from this article (I will contact them and see if they know about it):
The cpanel service
Important:The
/usr/local/cpanel/scripts/configure_firewall_for_cpanel
script clears all existing rule entries from your server’siptables
utility. If you use custom rules for your firewall, export those rules before you run the script and then re-add them afterward.cPanel & WHM also includes the
cpanel
service, which manages all of the rules in the/etc/firewalld/services/cpanel.xml
file. This allows TCP access for the server’s ports.To replace your server’s existing
iptables
rules with the rules in the/etc/firewalld/services/cpanel.xml
file, perform the following steps:- Run the
yum install firewalld
command to ensure that you have installed thefirewalld
service daemon on your system. - Run the
systemctl start firewalld.service
command to start thefirewalld
service. - Run the
systemctl enable firewalld
command to start thefirewalld
service when the server starts. - Run the
iptables-save > backupfile
command to save your existing firewall rules. - Run the
/usr/local/cpanel/scripts/configure_firewall_for_cpanel
script. - Run the
iptables-restore < backupfile
command to incorporate your old firewall rules into the new firewall rules file.
1 - Run the
-
Is port 37 outbound open?
0 -
The following test would help to confirm that, if you have telnet installed:
telnet rdate.cpanel.net 37
0 -
No, it times out, but it could be return inbound that's a problem as well. Unlikely that the hardware firewall is blocking it, as cpanel updates always worked on the CentOS server that this replaced and this is using the same IP address as the old one.
# telnet rdate.cpanel.net 37
Trying 208.74.121.43...0 -
A smarter person than me told me "never come up with reasons not to test something."
There's *something* blocking the connection so something has changed, you'll just need to track down where that is.
0 -
The reseller has changed the hardware firewall and says that the test rdate cmd is now working. They say that there were no changes to the firewall, so can only assume that rdate has been added to the latest cpanel update script. Does this sound correct to you?
0 -
cpRex is more qualified to answer that than I. But I call that a bunch of hogwash. I seriously doubt the rdate script was just added. You couldn't "telnet rdate.cpanel.net 37" before and get response but I'm guessing you can now. That has nothing to do with rdate being on the server or not. that is purely a firewall thing.
0 -
100% a firewall issue, like you've already found. The rdate call has been inside cPanel for many years.
0 -
Resolved - Thank you all for your help.
0 -
You're very welcome!
0
Please sign in to leave a comment.
Comments
16 comments