Header RSS Feed
 
If you only want to see the articles of a certain category, please click on the desired category below:
ALL Android Backup BSD Database Hacks Hardware Internet Linux Mail MySQL Monitoring Network Personal PHP Proxy Shell Solaris Unix Virtualization VMware Windows Wyse

How to solve SuSE SMT errors (Access to http URIs has been disabled)
Tuesday - Mar 6th 2012 - by - (1 comments)

Over the last few days, I suddenly started to receive SMT registration errors by e-mail. SMT is a SuSE/Novell service to register SuSE Linux clients and to create local patch mirrors. 

After some investigation, the following logfile showed the exact same errors as sent by e-mail:

# tailf /var/log/smt/smt-register.log
2012-03-06 07:35:48 SMT::NCCRegTools - [info]  Register 1 new clients.
2012-03-06 07:35:49 SMT::NCCRegTools - [error]  Invalid response:500 Access to 'http' URIs has been disabled
2012-03-06 07:50:47 SMT::NCCRegTools - [info]  Register 1 new clients.
2012-03-06 07:50:48 SMT::NCCRegTools - [error]  Invalid response:500 Access to 'http' URIs has been disabled

As one can see, the errors repeat every 15min. So there must be a cronjob launching this thing.
The cronjob was found within the /etc/cron.d folder:

# cat /etc/cron.d/novell.com-smt
*/15 * * * * root /usr/lib/SMT/bin/smt-repeated-register
0 1 * * * root /usr/lib/SMT/bin/smt-daily
0 2 * * * root /usr/lib/SMT/bin/smt-run-jobqueue-cleanup
0 5 * * 1 root /usr/lib/SMT/bin/smt-gen-report

So it is the script /usr/lib/SMT/bin/smt-repeated-register which causes troubles... This script basically checks if a proxy connection should be used and then launches the following command:

/usr/sbin/smt-register -r -L /var/log/smt/smt-register.log --mail

Once executed manually, nothing happened, it seemed to be blocked somewhere. Fortunately there is a debug mode to see what's going on:

# smt-register --debug
Register 1 new clients.
Register 'xxx'
SEND TO: https://secure-www.novell.com/center/regsvc?command=bulkop&lang=en-US&version=1.0
XML:
<?xml version="1.0" encoding="UTF-8"?>
<bulkop xmlns="http://www.novell.com/xml/center/regsvc-1_0" lang="en" client_version="1.2.3"><register force="batch"><guid>xxx</guid><host /><authuser>xxx</authuser><authpass>xxx</authpass><smtguid>xxx</smtguid><product version="11.1" release="DVD" arch="x86_64">SUSE_SLES</product><param id="ostarget">sle-11-x86_64</param><param id="ostarget-bak"><![CDATA["SUSE Linux Enterprise Server 11 (x86_64)"]]></param><param id="platform">x86_64</param><param id="processor">x86_64</param><param id="secret">xxx</param><param id="timezone">Europe/Zurich</param><param id="email">xxx@example.com</param></register></bulkop>
Result: 302 Moved Temporarily
Redirected to http://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
SEND TO: http://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
XML:
<?xml version="1.0" encoding="UTF-8"?>
<bulkop xmlns="http://www.novell.com/xml/center/regsvc-1_0" lang="en" client_version="1.2.3"><register force="batch"><guid>xxx</guid><host /><authuser>xxx</authuser><authpass>xxx</authpass><smtguid>xxx</smtguid><product version="11.1" release="DVD" arch="x86_64">SUSE_SLES</product><param id="ostarget">sle-11-x86_64</param><param id="ostarget-bak"><![CDATA["SUSE Linux Enterprise Server 11 (x86_64)"]]></param><param id="platform">x86_64</param><param id="processor">x86_64</param><param id="secret">xxx</param><param id="timezone">Europe/Zurich</param><param id="email">xxx@example.com</param></register></bulkop>
Result: 500 Access to 'http' URIs has been disabled
Invalid response:500 Access to 'http' URIs has been disabled

So the problem is that the accessed URL (https://secure-www.novell.com/center/regsvc) is forwarding the request to a non-https URL (http://www.novell.com/xml/center/regsvc-1_0). This causes a problem because the smt-register (perl-)script requires the https protocol (take a look at line 82):

81: my $useragent = SMT::Utils::createUserAgent(keep_alive => 1);
82: $useragent->protocols_allowed( [ 'https' ] );
83: $useragent->default_headers->push_header('Content-Type' => 'text/xml');

I experimented by adding the protocol http into the protocols_allowed array but this only caused another error:

2012-03-06 09:05:47 SMT::NCCRegTools - [info]  Register 1 new clients.
2012-03-06 09:05:49 SMT::NCCRegTools - [error]  Invalid response:409 Conflict

So this isn't the solution.

Then I wondered how the smt-register script knew that it should send the requests to https://secure-www.novell.com - this was nowhere marked in /etc/smt.conf. A short grep later I found this satisfying information:

# grep "secure-www.novell.com" /etc/*
/etc/smt.conf.rpmnew:NURegUrl=https://secure-www.novell.com/center/regsvc/
/etc/suseRegister.conf:url = https://secure-www.novell.com/center/regsvc
/etc/suseRegister.conf-2009-11-11:url = https://secure-www.novell.com/center/regsvc/

So in the file /etc/smt.conf.rpmnew there was a variable NURegUrl, but in the main config file /etc/smt.conf there was none. Strange... There may be several reasons for that. Maybe only since a couple of days this parameter-URL is required, or some other admin accidently removed the line from the config file... who knows.

Anyway, by adding the line into the [NU] section of /etc/smt.conf everything worked fine again:

# cat /etc/smt.conf
[NU]
NUUrl = https://nu.novell.com/
NUUser = xxx
NUPass = xxx
NURegUrl=https://secure-www.novell.com/center/regsvc/

# smt-register --debug
Register 1 new clients.
Register 'xxx'
SEND TO: https://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
...
Result: 200 OK
Registration success: 'xxx'.


 

Add a comment

Show form to leave a comment

Comments (newest first):

Sebastiaan.veld from The Netherlands wrote on May 8th, 2012:
Ran into the same problem and tried your solution and that dit not work for me.

In my case the resolution was that there was missing a forward slash at the end of the url path in /etc/suseRegister.conf

So the path in that file should be:
url=https://secure-www.novell.com/center/regsvc/


Go to Homepage home
Linux Howtos how to's
Monitoring Plugins monitoring plugins
Links links

Valid HTML 4.01 Transitional
Valid CSS!
[Valid RSS]

6979 Days
until Death of Computers
Why?