1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

updated key yesterday (SUS) now psa refuses to start!

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by David Cottle, Mar 25, 2010.

  1. David Cottle

    David Cottle New Pleskian

    20
    40%
    Joined:
    Apr 29, 2009
    Messages:
    16
    Likes Received:
    0
    IgorG,

    I purchased 2 years of SUS. I had to open a ticket as I only got 1 year, its been resolved.

    However this morning I went to log into plesk to mark some spam messages and found I can't connect to port 8443.

    Luckily ftp / http / dns / mail still seem to be running.

    I try to restart psa and all I get is failed.

    Rebooted the server and its the same. Luckily other services came back up.

    I am at a loss as nothing has been touched since the key update and how the GUI has quit.

    I found one thread here that talks about the owners and permissions in /etc/sw these all seem fine.

    Can someone help me?

    Thanks!
     
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,564
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    It is very difficult to say what is wrong there without any error messages, logs, etc. I'm not usual supporter and I can't login to your server and check and fix all there, right? :) Therefore I need more details as forum's resident.
    First of all check that you have enough free disk space there. Then try to start /etc/init.d/psa service and find any related errors in /var/log/sw-cp-server/error_log
     
  3. David Cottle

    David Cottle New Pleskian

    20
    40%
    Joined:
    Apr 29, 2009
    Messages:
    16
    Likes Received:
    0
    Hi IgorG,

    Thanks for the reply. Looks like I got another bug. Fedora update openssl from 0.9.8k to 0.9.8m and now also 0.9.8n

    Its this stopping plesk. I filled a bugzilla but its not much help. Is plesk compiled hard against openssl version?

    Somehow I need to get fedora + parallels together to fix this as there are some mahor CVS security issues so updating openssl is now critical.

    https://bugzilla.redhat.com/show_bug.cgi?id=577082

    2010-03-26 05:14:04: (log.c.135) server stopped
    2010-03-26 05:14:04: (log.c.75) server started
    2010-03-26 05:14:04: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 05:14:05: (log.c.75) server started
    2010-03-26 05:14:05: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 05:19:07: (log.c.75) server started
    2010-03-26 05:19:07: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 05:19:07: (log.c.75) server started
    2010-03-26 05:19:07: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 05:24:09: (log.c.75) server started
    2010-03-26 05:24:09: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 05:24:09: (log.c.75) server started
    2010-03-26 05:24:09: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 05:29:11: (log.c.75) server started
    2010-03-26 05:29:11: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 05:29:11: (log.c.75) server started
    2010-03-26 05:29:11: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 05:34:14: (log.c.75) server started
    2010-03-26 05:34:14: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 05:34:14: (log.c.75) server started
    2010-03-26 05:34:14: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 09:56:13: (log.c.75) server started
    2010-03-26 09:56:13: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 09:56:13: (log.c.75) server started
    2010-03-26 09:56:13: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 09:56:34: (log.c.75) server started
    2010-03-26 09:56:34: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 09:56:34: (log.c.75) server started
    2010-03-26 09:56:34: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 09:57:41: (log.c.75) server started
    2010-03-26 09:57:41: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 09:57:41: (log.c.75) server started
    2010-03-26 09:57:41: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 10:03:05: (log.c.75) server started
    2010-03-26 10:03:05: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)
    2010-03-26 10:03:05: (log.c.75) server started
    2010-03-26 10:03:05: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)

    Rollback openssl

    Give up final rollback (give it starts and stops)

    2010-03-26 14:29:33: (log.c.75) server started
    2010-03-26 14:29:42: (log.c.135) server stopped
    2010-03-26 14:29:43: (log.c.75) server started
    2010-03-26 14:29:45: (log.c.135) server stopped
    2010-03-26 14:29:45: (log.c.75) server started
     
  4. thewolf

    thewolf Regular Pleskian

    25
    57%
    Joined:
    Mar 11, 2004
    Messages:
    231
    Likes Received:
    0
    It looks like we hit the same issue with the latest updates for Red Hat Enterprise Linux 5: the Plesk 9.3 control panel won't start anyone.

    Is a Plesk hotfix coming out soon?

    Thanks.
     
  5. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    IgorG,

    psa-proftpd needs to be recompiled it's built against the old OpenSSL library directly.

    I think a workaround needs to be mentioned all references to tls needs to be removed out of /etc/proftpd.conf as if tls is mentioned plesk fails to start.

    As OpenSSL now has 3 CVE flaws updating OpenSSL is a priority.

    ARTS package is the same. Also can you get psa-proftpd updated it's also got vulnerabilitys in CVE also.

    Thanks!
     
  6. Ionut

    Ionut Guest

    0
     
    I too have this problem. Any fixes?
     
  7. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    I can't get it stable with an updated OpenSSL. Damn this will take parallels a while as binaries need to be recompiled.

    Why are they built specific to a exact version, If every package was like this update something like php and rebuild 50 packages?

    Hope for a temp fast fix would be putting in symlinks from the old name to the new library.

    So wonderful have to run abversion of OpenSSL containing 4 CVE or update and the plesk GUI.

    I see if I can towards a fix.

    is there anyway knowing what libraries it's looking for?

    This case it's simply 0.9.8k-5 going to 0.9.8n-1
     
  8. thewolf

    thewolf Regular Pleskian

    25
    57%
    Joined:
    Mar 11, 2004
    Messages:
    231
    Likes Received:
    0
    The workaround doesn't seem to apply to my Plesk 9.3.0 installation on RHEL5: I'm running the stock psa-proftpd-1.3.1-rhel5.build93091230.06 package and there are no tls references in the /etc/proftpd.conf file. Still, I cannot start the Plesk control panel.

    Anyone from Parallels?
     
  9. C4talyst

    C4talyst Guest

    0
     
    Same problem...I wouldn't expect much in the way of support here since every forum post is moderated. This discussion along could take a month.
     
  10. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    The issue is openssl - parallels have compiled directly against the version.

    All you can do is wait for a fix and prey its fast, soon newer packages will start failing to update due to older libraries.

    I suspect every OS is effected, certainly RPM based.

    In future don't build stuff hard against library versions!
     
  11. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    While digging around in the /var/log/sw-cp-server I see these every single time I open phpMyAdmin:

    2010-03-28 11:59:26: (mod_fastcgi.c.2582) FastCGI-stderr: PHP Notice: Undefined index: pma_fontsize in /usr/local/psa/admin/htdocs/domains/databases/phpMyAdmin/libraries/Config.class.php on line 555

    2010-03-28 11:59:26: (mod_fastcgi.c.2582) FastCGI-stderr: PHP Notice: Undefined index: pma_fontsize in /usr/local/psa/admin/htdocs/domains/databases/phpMyAdmin/libraries/Config.class.php on line 555

    2010-03-28 11:59:26: (mod_fastcgi.c.2582) FastCGI-stderr: PHP Notice: Undefined index: pma_fontsize in /usr/local/psa/admin/htdocs/domains/databases/phpMyAdmin/phpmyadmin.css.php on line 42

    2010-03-28 11:59:52: (mod_fastcgi.c.2582) FastCGI-stderr: PHP Notice: Undefined index: pma_fontsize in /usr/local/psa/admin/htdocs/domains/databases/phpMyAdmin/phpmyadmin.css.php on line 42

    2010-03-28 11:59:52: (mod_fastcgi.c.2582) FastCGI-stderr: PHP Notice: Undefined index: pma_fontsize in /usr/local/psa/admin/htdocs/domains/databases/phpMyAdmin/phpmyadmin.css.php on line 42
     
  12. sunshine123

    sunshine123 Guest

    0
     
    Hello,

    Anyone from Parallels?

    Still, I cannot start the Plesk control panel too.
     
  13. Saif Bechan

    Saif Bechan Guest

    0
     
    Solution to this problem that worked for me

    @thewolf I had the same problem as you this evening. I couldn't get into my
    plesk pannel after installing various updates such as openssl and proftpd.

    My system is CentOS 5.4 tho, but i do have plesk 9.3. My errors where exactly
    like yours:

    I have the following errors in the /var/log/sw-cp-server/error_log file:
    2010-03-26 15:59:20: (log.c.75) server started
    2010-03-26 15:59:20: (network.c.336) SSL:
    error:00000000:lib(0):func(0):reason(0)

    I checked my proftpd.conf file for any tls values but there were none.

    I tried the following:

    /etc/init.d/xinetd stop
    /etc/init.d/psa start

    No success there either.

    After painstaking hours of searching on the internet I was just planning on
    letting my host do a complete reinstall of the system. Then I thought i can
    mess up the system now.

    The first thing i did was:

    # yum downgrade psa-proftpd
    > Only Upgrade available on package: psa-proftpd-1.3.2-6.el5.art.i386

    So i tried openssl

    #yum downgrade openssl
    ---> Package openssl.i686 0:0.9.8e-12.el5_4.1 set to be updated
    ---> Package openssl.i686 0:0.9.8e-12.el5_4.6 set to be erased

    This downgraded openssl to version 4.1. After that I tried to restart psa and
    everything was online again.

    I recommend you try to downgrade the openssl version, i bet that will do the
    trick. I still have the newest versions of all the packages available,
    including proftpd. Only the openssl package was giving me problems.

    Regards
     
  14. Juan JoseS

    Juan JoseS New Pleskian

    19
    85%
    Joined:
    Jan 6, 2010
    Messages:
    10
    Likes Received:
    0

    Thanks thanks thanks.

    It's also works ok for me. :)
     
  15. ideasmultiples

    ideasmultiples Basic Pleskian

    25
    73%
    Joined:
    May 19, 2004
    Messages:
    83
    Likes Received:
    0
    I had the same problem after update openssl.

    yum downgrade no work some times due some plesk required packages....
     
  16. Saif Bechan

    Saif Bechan Guest

    0
     
    @ideasmultiples

    Maybe try and just uninstall opensll, and then reinstall the version before. I got it to work with version openssl.i686 0:0.9.8e-12.el5_4.1

    Maybe the manual install will do the trick for you.

    good luck
     
  17. sunshine123

    sunshine123 Guest

    0
     
    Thank you very much - Now it works ;-))))
     
  18. BlaineH

    BlaineH Guest

    0
     
    For those of you running RHEL4 the problem is fixed by downgrading to the following packages:

    httpd-2.0.52-41.ent.6.i386.rpm
    httpd-suexec-2.0.52-41.ent.6.i386.rpm
    mod_ssl-2.0.52-41.ent.6.i386.rpm
    openssl-0.9.7a-43.17.el4_7.2.i386.rpm
    openssl-devel-0.9.7a-43.17.el4_7.2.i386.rpm

    I know it's uncomfortable downgrading when there's a known security vulnerability in these packages. But until they can fix the underlying dependency on these packages we really don't have a choice.
     
  19. Ross Annetts

    Ross Annetts New Pleskian

    22
    57%
    Joined:
    Mar 2, 2009
    Messages:
    10
    Likes Received:
    0
    steps for fixing manually for CentOS 5 x86_64:

    wget ftp://ftp.pbone.net/mirror/ftp.centos.org/5.4/updates/x86_64/RPMS/openssl-0.9.8e-12.el5_4.1.i686.rpm
    wget ftp://ftp.pbone.net/mirror/ftp.cent..._64/RPMS/openssl-0.9.8e-12.el5_4.1.x86_64.rpm
    rpm -e --nodeps openssl.i386
    rpm -e --nodeps openssl.x86_64
    rpm -Uvh openssl-0.9.8e-12.el5_4.1.i686.rpm
    rpm -Uvh openssl-0.9.8e-12.el5_4.1.x86_64.rpm
    service psa stopall
    service psa start

    also for those using Virtuozzo don't update the cache for your CentOS 5 ez templates until its fixed unless you want to do this for all new CentOS containers.
     
  20. David Cottle

    David Cottle New Pleskian

    20
    40%
    Joined:
    Apr 29, 2009
    Messages:
    16
    Likes Received:
    0
    BlaineH,

    Why are you downgrading httpd and mod_ssl these are NOT the cause.

    Only openssl

    I would upgrade your httpd / mod_ssl if I were you..
     
Loading...