Thank you Dave.

Also for the quick solution.

Here is the bug report on Gitlab: https://gitlab.com/clearos/clearfoundation/app-certificate-manager/issues/18
Here is the latest build: http://koji.clearos.com/koji/taskinfo?taskID=24878

I did them on BDC because there was the problem. When I now check the Certificate Manager all certificates are imported and when I check the Flexshares they are also working. Nice job!

I should have clarified, those changes only need to be done on the PDC, but we will be pushing them to all installations.

Ports are okay I checked yesterday but just double checked.

I executed the permission commands and tried to restarted the service then I found out the service was not running a bit strange because we saw the messages in the logs. Maybe it stopped. I'm restarting the server to see if everything is fixed.

I am just doing things with Dave. Can you do:

usermod -a -G ssl-cert clearsync

chgrp ssl-cert /etc/pki/CA/private

chmod g+rx /etc/pki/CA/private

systemctl restart clearsync

Then see if this gets your clearsync of certificates going?

Please also check the port being used in both the PDC and BDC in /etc/clearsync.d/filesync-accounts.conf, and please let us know if they are different. They should both be using 8155.

I don't think so. I used 0644 and root:root as I did not know what the default was. At lease that way it gave access to anyone. 0640 and root:clearsync is fine is the clearsync user is running the app as the clearsync user belongs to the clearsync group.

"ps aux" shows the clearsync user running clearsync:

[root@server ~]# ps aux | grep clearsync

clearsy+  2337  0.1  0.0 1260284 8476 ?        Ssl  Jul29  49:15 /usr/sbin/clearsyncd -c /etc/clearsync.conf

root      9320  0.0  0.0 112712   980 pts/3    S+   15:19   0:00 grep --color=auto clearsync

Is this what you meant by probably a bug?

Probably also a bug?

This are the permission on PDB and BDC:

[root@enterprise clearsync.d]# ls -al

total 116

drwxr-xr-x.  2 root root      4096 Aug 17 19:53 .

drwxr-xr-x. 88 root root      8192 Aug 18 03:03 ..

-rw-r--r--.  1 root root       468 May 10  2016 csplugin-audit.conf

-rw-r--r--.  1 root root      2596 Apr  9 18:41 csplugin-events.conf

-rw-r-----   1 root clearsync  538 Aug 17 19:50 filesync-accounts.conf

-rw-r-----   1 root clearsync  722 Aug 17 19:53 filesync-certificate-manager.conf

-rw-r--r--.  1 root root       708 May 24  2018 filewatch-accounts-event.conf

-rw-r--r--.  1 root root       535 May 24  2018 filewatch-accounts-initialized-event.conf

-rw-r--r--.  1 root root       497 May 24  2018 filewatch-accounts-ready-event.conf

-rw-r--r--   1 root root       722 Jul  2 18:38 filewatch-base-clearsync.conf

-rw-r--r--   1 root root      1106 Jul  2 18:38 filewatch-base-webconfig.conf

-rw-r--r--.  1 root root       645 Aug 30  2018 filewatch-certificate-manager-event.conf

-rw-r--r--.  1 root root       592 Jun  8 14:25 filewatch-date-event.conf

-rw-r--r--.  1 root root       594 Jun 18 10:38 filewatch-events-configuration.conf

-rw-r--r--.  1 root root      1936 May 30 10:08 filewatch-firewall.conf

-rw-r--r--.  1 root root       451 Mar  2  2017 filewatch-mode-event.conf

-rw-r--r--.  1 root root      1142 Mar 15 20:11 filewatch-network-configuration-event.conf

-rw-r--r--.  1 root root       611 Mar 15 20:11 filewatch-network-connected-event.conf

-rw-r--r--.  1 root root       652 Mar 15 20:11 filewatch-network-peerdns-event.conf

-rw-r--r--   1 root root       669 Jul 29 19:19 filewatch-openldap-configuration-event.conf

-rw-r--r--   1 root root       503 Jul 29 19:19 filewatch-openldap-online-event.conf

-rw-r--r--   1 root root       627 Jun 18 10:52 filewatch-samba-configuration-event.conf

-rw-r--r--.  1 root root       539 Aug 15  2018 filewatch-smtp-event.conf

-rw-r--r--.  1 root root       595 May 16  2018 filewatch-software-updates-event.conf

-rw-r--r--   1 root root       555 Jun 20 17:29 filewatch-storage-event.conf

-rw-r--r--   1 root root       601 Jul  2 18:38 filewatch-system-database-event.conf

-rw-r--r--.  1 root root       851 Mar 15 20:11 procwatch-network-proxy-event.conf

Hmm. I am not sure at this point. I have just fixed it on another system which was missing the /etc/clearsync.d/filesync-certificate-manager.conf. I copied it across and gave it 0644 permissions and restarted the clearsync service. I am not sure if the permissions thing is correct as it may be that I should have set the owner to root:clearsync instead.

PBD:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!-- ClearSync Filesync: accounts -->

<plugin name="AccountsFileSync" library="libcsplugin-filesync.so" stack-size="65536">



<authkey>ebde100afecb8dae2153061f1e5c779ec4cf67f5430fb44bb1fed319665257a8</authkey>



<master bind="0.0.0.0" port="8155">

  <file name="accounts-state">/var/clearos/accounts/transaction.state</file>

</master>



</plugin>

<!--

  vi: syntax=xml expandtab shiftwidth=2 softtabstop=2 tabstop=2

-->

BDC:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!-- ClearSync Filesync: accounts -->

<plugin name="AccountsFileSync" library="libcsplugin-filesync.so" stack-size="65536">



<authkey>ebde100afecb8dae2153061f1e5c779ec4cf67f5430fb44bb1fed319665257a8</authkey>



<slave host="voyager.xxxxxx.lan" port="8155" interval="60">

  <file name="accounts-state" presync="" postsync="sudo /usr/sbin/trigger accounts">/var/clearos/accounts/transaction.state</file>

</slave>



</plugin>

<!--

  vi: syntax=xml expandtab shiftwidth=2 softtabstop=2 tabstop=2

-->

Port on both is 8155. Only the ip address on the PBD is 0.0.0.0. Is that normal?

Can you check that /etc/clearsync.d/filesync-accounts.conf on both PDC and BDC point to port 8155? I think this was the fix Dave did.

@Andrew thank you for your input. Let's hope this thread helps to resolve your issue.

I have that file on my BDC.

<?xml version="1.0" encoding="ISO-8859-1"?>

<!-- ClearSync Certificate Manager FileSync Plugin Configuration -->

<plugin name="CertificateManagerFileSync" library="libcsplugin-filesync.so" stack-size="65536">



<authkey>ebde100afecb8dae2153061f1e5c779ec4cf67f5430fb44bb1fed319665257a8</authkey>



<slave host="voyager.xxxxxxx.lan" port="8154" interval="60">

  <file name="certificate-authority" presync="" postsync="">/etc/pki/CA/ca-cert.pem</file>

  <file name="default-certificate" presync="" postsync="">/etc/pki/CA/sys-0-cert.pem</file>

  <file name="default-key" presync="" postsync="">/etc/pki/CA/private/sys-0-key.pem</file>

</slave>



</plugin>

<!--

  vi: syntax=xml expandtab shiftwidth=2 softtabstop=2 tabstop=2

-->

I'm correct saying that sys-0-cert.pem and sys-0-key.pem are not imported?


Checked the log again and found the following:

grep clearsyncd.*Sync /var/log/messages

[root@enterprise clearsync.d]# grep clearsyncd.*Sync /var/log/messages

Aug 17 13:37:35 localhost clearsyncd[6080]: ClearSync initialized.

Aug 17 20:00:38 enterprise clearsyncd[6008]: ClearSync initialized.

Aug 17 20:00:42 enterprise clearsyncd[6008]: AccountsFileSync: File synchronized: accounts-state

Aug 17 20:00:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: File synchronized: certificate-authority

Aug 17 20:00:42 enterprise clearsyncd[6008]: AccountsFileSync: Post-sync command failed for: accounts-state

Aug 17 20:00:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Session exception: write: Broken pipe

Aug 17 20:01:42 enterprise clearsyncd[6008]: AccountsFileSync: Remote file exception: accounts-state

Aug 17 20:01:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Error reading packet header: recv: ?

Aug 17 20:01:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Unexpected packet id: 0x00

Aug 17 20:01:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Session exception: send: Broken pipe

Aug 17 20:02:42 enterprise clearsyncd[6008]: AccountsFileSync: Remote file exception: accounts-state

Aug 17 20:02:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Error reading packet header: recv: #033#016

Aug 17 20:02:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Unexpected packet id: 0x00

Aug 17 20:02:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Session exception: send: Broken pipe

Aug 17 20:03:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Remote file exception: certificate-authority

Aug 17 20:03:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Session exception: send: Broken pipe

Aug 17 20:04:42 enterprise clearsyncd[6008]: AccountsFileSync: Remote file exception: accounts-state

Aug 17 20:04:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Error reading packet header: recv: k#017

Aug 17 20:04:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Unexpected packet id: 0x00

Aug 17 20:04:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Session exception: send: Broken pipe

Aug 17 20:05:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Error reading packet header: Hang-up

Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Hang-up

Aug 17 20:05:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Unexpected packet id: 0x00

Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Hang-up

Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Hang-up

Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Hang-up

Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: ?#023

Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: {#021

Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: {#021

Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: {#021

Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: {#021

Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: {#021

Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: {#021

On your BDC, are you by any chance missing a file /etc/clearsync.d/filesync-certificate-manager.conf? If you are, taking a bit of a flyer, perhaps try creating one with the following in it:

<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>

<!-- ClearSync Certificate Manager FileSync Plugin Configuration -->

<plugin name=\"CertificateManagerFileSync\" library=\"libcsplugin-filesync.so\" stack-size=\"65536\">



<authkey>$file_sync_key</authkey>



<slave host=\"$master_hostname\" port=\"8154\" interval=\"60\">

  <file name=\"certificate-authority\" presync=\"\" postsync=\"\">/etc/pki/CA/ca-cert.pem</file>

  <file name=\"default-certificate\" presync=\"\" postsync=\"\">/etc/pki/CA/sys-0-cert.pem</file>

  <file name=\"default-key\" presync=\"\" postsync=\"\">/etc/pki/CA/private/sys-0-key.pem</file>

</slave>



</plugin>

<!--

  vi: syntax=xml expandtab shiftwidth=2 softtabstop=2 tabstop=2

-->

But replace $file_sync_key with the value in /var/clearos/mode/mode.conf, and $master_hostname from the same file.

I am not sure how to trigger the synchronisation or if it will just happen. Perhaps try adding a carriage return or space at the end of one or all of the certificate files on the PDC. Real hacking here, but I've tried to look at the code in /usr/clearos/apps/certificate_manager/libraries/SSL.php which mentions CertificateManagerFileSync.

I'm in the middle of setting up a PDC/BDC setup for a client. Basically, I've reached she same point as Marcel, with the BDC certificate manager stuck with the message "The system is waiting for a connection to the master node". I've got a handful of other clients with remote BDC servers, and have never previously had any issues setting them up. The only difference is all the PDC's in these configurations are COS6 servers; the BDC's are a mix of COS6 and COS7.

Sorry I'm not contributing anything to fix this, but just wanted to confirm that this issue is not unique to Marcel's setup.


Cheers...... Andy

Dave knows the fix for the filesync error. To my knowledge he has not yet investigated the CertificateManagerFileSync error. I'll have to try to get him. I think the FileSync is fixed by switching ports for something in the PDC. Ir would not surprise me if the certificate error were something similar.

Must I create a external certificate? That is the only option I have. External certificate --> import or create CSR Key /Pair

Okay first were you asked for.

PDC:

[root@voyager ~]# grep clearsyncd.*Sync /var/log/messages

Aug 17 12:41:05 localhost clearsyncd[5243]: ClearSync initialized.

Aug 17 19:58:04 voyager clearsyncd[5304]: ClearSync initialized.

Aug 17 20:00:42 voyager clearsyncd[5304]: CertificateManagerFileSync: Error reading packet header: recv: #033#022

BDC:

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out

Aug 17 20:53:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Error reading packet header: Time-out

Aug 17 20:53:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Unexpected packet id: 0x00

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: [#021

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: +#021

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: +#021

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: +#021

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: +#021

Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: +#021

The last copy and past is a snippet.

There is certainly a sync error!

Nick Howitt wrote:

The BDC should get its ca-cert.pem from the PDC, but I don't know about the other certificates and the BDC is not allowed to create its own certificates. I am pretty sure there is a clearcync job which should sync the certificates, otherwise I done see how you can get certificates to the BDC. Do you have a sys-0-cert.pem and /etc/pki/CA/private/sys-0-key.pem on the BDC?

Yes the BDC indeed did get it's certificates from the PBC. I did not install any certificate on the BDC.

I have the "ca-cert.pem" on the BDC. I do not have the certificates on the BDC you mention.

Your screenshot shows a CA. You probably don't have the sys-0-cert and sys-0-key system certificates, so, if you can, go ahead and create them.

Can you try the:

grep clearsyncd.*Sync /var/log/messages

on bith the PDC and BDC. The BDC should get its ca-cert.pem from the PDC, but I don't know about the other certificates and the BDC is not allowed to create its own certificates. I am pretty sure there is a clearcync job which should sync the certificates, otherwise I done see how you can get certificates to the BDC. Do you have a sys-0-cert.pem and /etc/pki/CA/private/sys-0-key.pem on the BDC?

When I tick configure certificates I'll go to the certificate manager. So that is working now but what must I do then? There is already a certificate....

Okay, forget everything I said before this post.

I did a re-install (third time). Everything is working expect the flexshares on the BDC. I made some screenshots to make it clear.

What you suggested I already tried that.

The strange part the time on both systems is correct. To be sure I entered the "timesync" command on the system with the issue. After that I removed a package and then checked /var/log/messages. Time stil off!

[root@discovery log]# date
Sat Aug 17 11:40:18 CEST 2019
[root@discovery log]# timesync
[root@discovery log]# date
Sat Aug 17 11:41:05 CEST 2019

ug 17 05:40:41 localhost nmbd[4377]: This response was from IP 192.168.100.1, reporting an IP address of 192.168.100.1.
Aug 17 05:42:10 localhost yum[10711]: Erased: 1:app-services-2.5.0-1.v7.noarch
Aug 17 05:42:11 localhost yum[10711]: Erased: 1:app-services-core-2.5.0-1.v7.noarch

What is the output of "date" on the two systems? If they are widely different, check the timezones and then run the command "timesync". This should run every night automatically.

Installed a app on the server with the issue. You can see the time it is 6 hours off. Time according to log 5:26AM local time 11:26AM.

Aug 17 05:26:01 localhost yum[25927]: Installed: 1:app-services-core-2.5.0-1.v7.noarch
Aug 17 05:26:02 localhost yum[25927]: Installed: 1:app-services-2.5.0-1.v7.noarch

On a other server you can see the time shift in /var/log/messages:

Aug 16 09:51:41 voyager yum[14949]: Installed: 1:app-network-visualiser-2.1.7-1.v7.noarch
Aug 16 09:51:41 voyager yum[14949]: Installed: 1:app-disk-usage-2.1.15-1.v7.noarch
Aug 16 09:58:09 voyager clearsyncd[5472]: System Events: Socket hang-up: 27
Aug 16 09:58:09 voyager clearsyncd[5472]: System Events: Socket hang-up: 27
Aug 16 11:59:23 voyager clearsyncd[5472]: System Events: Socket hang-up: 26
Aug 16 11:59:23 voyager clearsyncd[5472]: System Events: Socket hang-up: 26
Aug 16 12:01:39 voyager yum[6011]: Installed: python2-pyasn1-0.1.9-7.el7.noarch
Aug 16 12:01:39 voyager yum[6011]: Installed: python-ipaddress-1.0.16-2.el7.noarch
Aug 16 12:01:39 voyager yum[6011]: Installed: pyOpenSSL-0.13.1-4.el7.x86_64

You can see the jump of 2 hours. That happened 6 hours after installing the server.

It looks like messages is still reporting the wrong time. This is the latest rule:

Aug 17 04:55:11 localhost nmbd[4377]: This response was from IP 192.168.100.1, reporting an IP address of 192.168.100.1.

My time is now 10:59AM the message log is showing 04:55:11. That is a big gap or not?

Word missing --> some time later.

You can see the time shift in "yum.log"

What is was trying to say is that the system was not installed on that time but I know what happend. Setting the correct timezone happened some later. You can see it happening in "yum.log".

Aug 16 16:48:28 Updated: 1:app-base-core-2.7.4-1.v7.noarch
Aug 16 16:48:29 Updated: 1:app-base-2.7.4-1.v7.noarch
Aug 16 16:48:29 Updated: openldap-2.4.44-21.v7.x86_64
Aug 16 16:48:29 Installed: openldap-clients-2.4.44-21.v7.x86_64
Aug 16 16:48:29 Installed: 1:app-performance-tuning-core-2.3.0-1.v7.noarch
Aug 16 16:48:29 Installed: 1:app-performance-tuning-2.3.0-1.v7.noarch
Aug 16 16:48:29 Installed: 1:app-master-slave-core-2.3.0-1.v7.noarch
Aug 16 16:48:29 Updated: 1:app-configuration-backup-core-2.5.4-1.v7.noarch
Aug 16 16:48:29 Updated: 1:app-dhcp-core-2.5.23-2.v7.noarch
Aug 16 16:48:29 Installed: libtool-ltdl-2.4.2-22.el7_3.x86_64
Aug 16 16:48:30 Installed: openldap-servers-2.4.44-21.v7.x86_64
Aug 16 16:48:30 Installed: 1:app-ldap-core-2.3.23-1.v7.noarch
Aug 16 16:48:31 Installed: 1:app-openldap-core-2.5.7-1.v7.noarch
Aug 16 16:48:31 Installed: 1:app-central-management-2.2.2-1.v7.noarch
Aug 16 16:48:31 Installed: 1:app-master-slave-2.3.0-1.v7.noarch
Aug 16 16:48:31 Installed: 1:app-central-management-core-2.2.2-1.v7.noarch
Aug 16 16:48:31 Updated: 1:app-dhcp-2.5.23-2.v7.noarch
Aug 16 16:48:31 Updated: 1:app-configuration-backup-2.5.4-1.v7.noarch
Aug 16 16:48:32 Updated: 1:app-storage-core-2.6.15-1.v7.noarch
Aug 16 16:48:32 Erased: 1:app-simple-mode-core-2.3.22-1.v7.noarch
Aug 16 22:51:34 Installed: libtalloc-2.1.13-1.el7.x86_64
Aug 16 22:51:34 Installed: libtevent-0.9.36-1.el7.x86_64
Aug 16 22:51:34 Installed: samba-common-4.8.3-4.4.v7.noarch
Aug 16 22:51:34 Installed: libtdb-1.3.15-1.el7.x86_64
Aug 16 22:51:34 Installed: libldb-1.3.4-1.el7.x86_64
Aug 16 22:51:34 Installed: samba-common-libs-4.8.3-4.4.v7.x86_64
Aug 16 22:51:35 Installed: samba-client-libs-4.8.3-4.4.v7.x86_64
Aug 16 22:51:35 Installed: libwbclient-4.8.3-4.4.v7.x86_64
Aug 16 22:51:35 Installed: 1:app-certificate-manager-2.5.1-1.v7.noarch
Aug 16 22:51:35 Installed: libsmbclient-4.8.3-4.4.v7.x86_64
Aug 16 22:51:35 Installed: tdb-tools-1.3.15-1.el7.x86_64
Aug 16 22:51:35 Installed: pytalloc-2.1.13-1.el7.x86_64
Aug 16 22:51:35 Installed: samba-libs-4.8.3-4.4.v7.x86_64
Aug 16 22:51:35 Installed: samba-common-tools-4.8.3-4.4.v7.x86_64
Aug 16 22:51:37 Installed: samba-4.8.3-4.4.v7.x86_64
Aug 16 22:51:37 Installed: samba-winbind-modules-4.8.3-4.4.v7.x86_64
Aug 16 22:51:39 Installed: samba-winbind-4.8.3-4.4.v7.x86_64
Aug 16 22:51:39 Installed: samba-winbind-clients-4.8.3-4.4.v7.x86_64
Aug 16 22:51:40 Installed: 1:app-flexshare-core-2.4.14-1.v7.noarch
Aug 16 22:51:40 Installed: nss-pam-ldapd-0.8.13-16.el7_6.1.x86_64
Aug 16 22:51:40 Installed: 1:app-samba-common-core-2.5.1-1.v7.noarch
Aug 16 22:51:40 Installed: 1:app-user-certificates-plugin-core-2.1.6-1.v7.noarch
Aug 16 22:51:40 Installed: 1:app-user-certificates-core-2.2.0-1.v7.noarch
Aug 16 22:51:40 Installed: libarchive-3.1.2-10.el7_2.x86_64
Aug 16 22:51:40 Installed: samba-client-4.8.3-4.4.v7.x86_64
Aug 16 22:51:40 Installed: 1:app-openldap-directory-core-2.5.1-1.v7.noarch
Aug 16 22:51:40 Installed: 1:app-samba-extension-core-2.5.0-1.v7.noarch
Aug 16 22:51:56 Installed: 1:app-samba-core-3.5.3-1.v7.noarch
Aug 16 22:51:56 Installed: 1:app-samba-3.5.3-1.v7.noarch
Aug 16 22:51:56 Installed: 1:app-user-certificates-2.2.0-1.v7.noarch
Aug 16 22:51:56 Installed: 1:app-flexshare-2.4.14-1.v7.noarch
Aug 17 05:59:17 Updated: 32:bind-license-9.9.4-74.el7_6.2.noarch
Aug 17 05:59:17 Updated: tzdata-2019b-1.el7.noarch
Aug 17 05:59:20 Updated: glibc-common-2.17-260.el7_6.6.x86_64
Aug 17 05:59:21 Updated: glibc-2.17-260.el7_6.6.x86_64
Aug 17 05:59:21 Updated: systemd-libs-219-62.el7_6.9.x86_64
Aug 17 05:59:21 Updated: libteam-1.27-6.el7_6.1.x86_64
Aug 17 05:59:21 Updated: kernel-tools-libs-3.10.0-957.21.3.v7.x86_64
Aug 17 05:59:21 Updated: 32:bind-libs-9.9.4-74.el7_6.2.x86_64
Aug 17 05:59:21 Updated: python-perf-3.10.0-957.21.3.v7.x86_64
Aug 17 05:59:21 Updated: libssh2-1.4.3-12.el7_6.3.x86_64
Aug 17 05:59:21 Updated: libcurl-7.29.0-51.el7_6.3.x86_64
Aug 17 05:59:22 Updated: systemd-219-62.el7_6.9.x86_64
Aug 17 05:59:22 Updated: 7:device-mapper-1.02.149-10.el7_6.8.x86_64

Logging at 16.32 is fine. Clearsyncd is a background service which does all sorts of things and starts at boot. I don't see any events associated with the file sync or certificate sync I'd expece to see on a slave/BDC system, but I don know it very well.

grep clearsyncd /var/log/messages

[root@discovery ~]# grep clearsyncd /var/log/messages 

Aug 16 16:32:34 localhost clearsyncd[6134]: Network Proxy Watch: Started

Aug 16 16:32:34 localhost clearsyncd[6134]: ClearSync initialized.

Aug 16 16:32:34 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:32:34 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:35:16 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:35:16 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:35:39 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:35:39 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:35:41 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:35:41 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:40:02 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:40:02 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:40:04 localhost clearsyncd[6134]: System Events: Socket hang-up: 27

Aug 16 16:40:04 localhost clearsyncd[6134]: System Events: Socket hang-up: 27

Aug 16 16:40:08 localhost clearsyncd[6134]: System Events: Socket hang-up: 27

Aug 16 16:40:08 localhost clearsyncd[6134]: System Events: Socket hang-up: 27

Aug 16 16:40:11 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:40:11 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:41:27 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:41:27 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:41:42 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:41:42 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:41:44 localhost clearsyncd[6134]: System Events: Socket hang-up: 27

Aug 16 16:41:44 localhost clearsyncd[6134]: System Events: Socket hang-up: 27

Aug 16 16:42:04 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:42:04 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:42:06 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:42:06 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:42:10 localhost clearsyncd[6134]: System Events: Socket hang-up: 27

Aug 16 16:42:10 localhost clearsyncd[6134]: System Events: Socket hang-up: 27

Aug 16 16:42:13 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:42:13 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:44:32 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:44:32 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:44:38 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:44:38 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:44:40 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:44:40 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:45:00 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:45:00 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:45:02 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:45:02 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:45:06 localhost clearsyncd[6134]: System Events: Socket hang-up: 27

Aug 16 16:45:06 localhost clearsyncd[6134]: System Events: Socket hang-up: 27

Aug 16 16:45:09 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:45:10 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:47:05 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:47:05 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:47:07 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:47:07 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:48:46 localhost clearsyncd[6134]: System Events: Socket hang-up: 27

Aug 16 16:48:46 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:48:48 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:48:48 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:49:09 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:49:09 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 16 16:49:11 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 16:49:11 localhost clearsyncd[6134]: System Events: Socket hang-up: 28

Aug 16 23:59:17 localhost clearsyncd[6134]: DateWatch: Inotify read: Invalid argument

Aug 17 00:01:59 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

Aug 17 00:01:59 localhost clearsyncd[6134]: System Events: Socket hang-up: 26

One thing I noticed seeing this log that is the time is not correct. This system was installed after 16.32. So logging on 16:32 is not possible.

Can you do a:

grep clearsyncd /var/log/messages

We have seen another system possibly with this sort of issue.

Okay, did a re-install. This was the quickest way!

Account synchronisation is working, Windows networking is starting.

The issues: Certificate manager is waiting for connection:

The system is waiting for a connection to the master node.

Flexshares are complaining about certificates but...

Before you can start using this app, you first need to configure Security Certificates.

...if I tick "configure security certificates" I get the message "The system is waiting for a connection to the master node".

Error --> doesn't work! Can't edit posts...

Found this document. This command don't work "ldapsetup". Maybe this is outdated documentation???

Account synchronisation is also not working anymore...

Another thing I didn't notice till now samba is not running (BDC). It is in stopped modus and for some reason it won't start.

Yes, I did but when I want to access the certificate manager is see the following error:

The system is waiting for a connection to the master node.

Marcel,
Did you setup up the certicates in certificate manager in Security ?
I’m familiar with PDC etc, but maybe this helps you to find a solution