Article ID: 8163, created on Mar 9, 2010, last review on May 10, 2014

  • Applies to:
  • Odin Business Automation Standard 4.x
  • Panels
  • Virtuozzo containers for Windows

Symptoms

Virtuozzo for Windows server is marked as 'Offline' in PBA-S control panel at Top > Service Director > Virtuozzo Manager > Nodes. The server itself is working, all containers on it are working as well and they are available.

The problem is taking place after restarting the Service Container on the node. I.e. the node may be working well and may be shown as 'Available' in PBA-S. As soon as Service Container is restarted the whole node will be shown as 'Offline'. It is also impossible to connect to the Virtuozzo server using any tool which is working via Parallels Agent - Parallels Management Console, Parallels Infrastructure Manager.

If you try to reconnect the node in PBA-S the resulting error is "An error occurred while copying the keys to the Hardware Node".

Recreating Service Container does help to solve the problem, however it will re-appear after some period of time (two weeks or more).

Cause

PBA-S is working with Parallels Agent on Virtuozzo servers in so called compatibility mode. This means that PBA-S is communicating with Agent which is working inside Service Container via SSH protocol using the user 'vzagent0'.

Thus, Service Container on every Virtuozzo server registered in PBA-S must have SSH server running inside. Depending on the version it might be either "OpenSSHd" or "CYGWIN sshd". These services runs under corresponding system users - sshd_server or cyg_server.

Due to default Windows security policy users must change password periodically. If password is not changed after password expiration period passed Windows disables system user which is used to run SSH server. As a result if Service Container is restarted (or just SSH server inside Service Container is restarted) SSH service becomes stopped and PBA-S cannot connect to Parallels Agent via XML API and the Virtuozzo server is being marked as 'Offline'.

Resolution

To solve the problem it is needed to make sure that password of system user 'sshd_server' or 'cyg_server' does not expire.

  1. Log into Virtuozzo server using RDP and run 'cmd'.

  2. Check if firewall is running inside Service Container and stop it:

    C:\> vzctl exec 1 sc query sharedaccess 
    SERVICE_NAME: sharedaccess
            TYPE               : 20  WIN32_SHARE_PROCESS
            STATE              : 4  RUNNING
                                    (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0
    Command 'exec' is successfully finished
    
    
    C:\> vzctl exec 1 sc stop sharedaccess  
    SERVICE_NAME: sharedaccess
            TYPE               : 20  WIN32_SHARE_PROCESS
            STATE              : 1  STOPPED
                                    (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))
    
    
    
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
    
    Command 'exec' is successfully finished
  3. Create temporary user (in the example below user "sct" with password Secure*Pass) in Service Container for RDP access and add it to the local group 'administrators':

    C:\> vzctl exec 1 net user sct Secure*Pass /add
    The command completed successfully.
    
    
    C:\> vzctl exec 1 net localgroup administrators sct /add
    The command completed successfully.
    
  4. Log into Service Container using RDP under the just created user.

  5. Being logged into the Service Container via RDP change password policy for the user sshd_server (or cyg_server) and start SSH service (if it is stopped):

    • click "Start" > right click on "My Computer" > "Manage"
    • select "Services and Applications" > "Services" and find 'CYGWIN sshd' or 'OpenSSHd' in the list of services. If it is stopped try to start it. You will get error like below:

      Could not start the CYGWIN sshd service on Local Computer.
      Error 1069: The service did not start due to a logon failure.
      
    • go to "System Tools" > "Local Users and Groups" > "Users" > right click on sshd_server (or cyg_server) > "Properties". Ensure that:

      checkbox "User must change password at next logon" is disabled
      checkbox "Password never expires" is set
      checkbox "Account is disabled" is disabled
      

    It is worth to set new password for the user as well (right click on it > "Set password").

    After that go back to "Services", select corresponding SSH service, rigth click on it "Properties" > "Log On" tab - set the same password here. Start the SSH service.

    Log off form Service Container.

  6. Start firewall in Service Container back and remove temporary user:

    C:\> vzctl exec 1 sc start sharedaccess
    SERVICE_NAME: sharedaccess
            TYPE               : 20  WIN32_SHARE_PROCESS
            STATE              : 2  START_PENDING
                                    (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x7530
            PID                : 14284
            FLAGS              :
    Command 'exec' is successfully finished
    
    
    C:\> vzctl exec 1 net user sct /delete
    The command completed successfully.
    
  7. Repeat the steps above for each Virtuozzo for Windows server registered in PBA-S.

Sure, one may use solution different to the described above, the main point is to make sure that password of system user which is used to run SSH service does not expire and SSH service is up and running.

Additional information

Configuring PVC 4.5 on Windows Server 2008 to work with PBA-S

Service Container on Windows 2008 refuses connections to 22 port

Running Virtuozzo Containers are shown with status Offline in PBA-S

Search Words

Offline status

container

Virtuozzo is marked as Offline

d02f9caf3e11b191a38179103495106f 2897d76d56d2010f4e3a28f864d69223 965b49118115a610e93635d21c5694a8 caea8340e2d186a540518d08602aa065 400e18f6ede9f8be5575a475d2d6b0a6 70a5401e8b9354cd1d64d0346f2c4a3e 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF