Virtuozzo for Windows server is marked as 'Offline' in PBA-S control panel at
Top > Service Director > Virtuozzo Manager > Nodes. The server itself is working, all containers on it are working as well and they are available.
The problem is taking place after restarting the Service Container on the node. I.e. the node may be working well and may be shown as '
Available' in PBA-S. As soon as Service Container is restarted the whole node will be shown as '
Offline'. It is also impossible to connect to the Virtuozzo server using any tool which is working via Parallels Agent - Parallels Management Console, Parallels Infrastructure Manager.
If you try to reconnect the node in PBA-S the resulting error is "
An error occurred while copying the keys to the Hardware Node".
Recreating Service Container does help to solve the problem, however it will re-appear after some period of time (two weeks or more).
PBA-S is working with Parallels Agent on Virtuozzo servers in so called compatibility mode. This means that PBA-S is communicating with Agent which is working inside Service Container via SSH protocol using the user '
Thus, Service Container on every Virtuozzo server registered in PBA-S must have SSH server running inside. Depending on the version it might be either "
OpenSSHd" or "
CYGWIN sshd". These services runs under corresponding system users -
Due to default Windows security policy users must change password periodically. If password is not changed after password expiration period passed Windows disables system user which is used to run SSH server. As a result if Service Container is restarted (or just SSH server inside Service Container is restarted) SSH service becomes stopped and PBA-S cannot connect to Parallels Agent via XML API and the Virtuozzo server is being marked as '
To solve the problem it is needed to make sure that password of system user '
sshd_server' or '
cyg_server' does not expire.
Log into Virtuozzo server using RDP and run '
Check if firewall is running inside Service Container and stop it:
C:\> vzctl exec 1 sc query sharedaccess SERVICE_NAME: sharedaccess TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 Command 'exec' is successfully finished C:\> vzctl exec 1 sc stop sharedaccess SERVICE_NAME: sharedaccess TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))
Command 'exec' is successfully finished
WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
Create temporary user (in the example below user "
sct" with password
Secure*Pass) in Service Container for RDP access and add it to the local group '
C:\> vzctl exec 1 net user sct Secure*Pass /add The command completed successfully. C:\> vzctl exec 1 net localgroup administrators sct /add The command completed successfully.
Log into Service Container using RDP under the just created user.
Being logged into the Service Container via RDP change password policy for the user
cyg_server) and start SSH service (if it is stopped):
"Start" >right click on
"My Computer" > "Manage"
"Services and Applications" > "Services"and find '
CYGWIN sshd' or '
OpenSSHd' in the list of services. If it is stopped try to start it. You will get error like below:
Could not start the CYGWIN sshd service on Local Computer. Error 1069: The service did not start due to a logon failure.
"System Tools" > "Local Users and Groups" > "Users" >right click on
> "Properties". Ensure that:
checkbox "User must change password at next logon" is disabled checkbox "Password never expires" is set checkbox "Account is disabled" is disabled
It is worth to set new password for the user as well (right click on it
> "Set password").
After that go back to "
Services", select corresponding SSH service, rigth click on it
"Properties" > "Log On"tab - set the same password here. Start the SSH service.
Log off form Service Container.
Start firewall in Service Container back and remove temporary user:
C:\> vzctl exec 1 sc start sharedaccess SERVICE_NAME: sharedaccess TYPE : 20 WIN32_SHARE_PROCESS STATE : 2 START_PENDING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x7530 PID : 14284 FLAGS : Command 'exec' is successfully finished C:\> vzctl exec 1 net user sct /delete The command completed successfully.
Repeat the steps above for each Virtuozzo for Windows server registered in PBA-S.
Sure, one may use solution different to the described above, the main point is to make sure that password of system user which is used to run SSH service does not expire and SSH service is up and running.