Cannot Connect to Asterisk - Time Sensitive

General Help
1

Hello,

Any help here is critically appreciated. Came in this morning and our FreePBX could not connect to Asterisk.
FreePBX 14.0.13.17 (12.7.6-1910-1.sng7)
Asterisk 14.7.3

Seeing this error when running asterisk -cvvvvv:

FRACK!, Failed assertion Excessive refcount 100000 reached on ao2 object 0x29b10a0 (0) at line 335 in update_file_format_info of media_index.c
[2019-12-20 08:10:36] ERROR[4878]: media_index.c:335 update_file_format_info: Excessive refcount 100000 reached on ao2 object 0x29b10a0
[2019-12-20 08:10:36] ERROR[4878]: media_index.c:335 update_file_format_info: FRACK!, Failed assertion Excessive refcount 100000 reached on ao2 object 0x29b10a0 (0)

[2019-12-20 08:19:12] NOTICE[6720]: acl.c:715 ast_apply_acl: Manager User ACL: Rejecting '127.0.0.1' due to a failure to pass ACL '(BASELINE)'
[2019-12-20 08:19:12] NOTICE[6720]: manager.c:3392 authenticate: 127.0.0.1 failed to pass IP ACL as 'admin'
[2019-12-20 08:19:12] NOTICE[6720]: manager.c:3426 authenticate: 127.0.0.1 failed to authenticate as 'admin'

Not sure what is causing this nothing has been touched, I believe. We need this server operation in 3 hours or we will miss reminding customers of critical appointments.

Tried so far:

- fwconsole ma update all

- yum update

- fwconsole reload

Reloading FreePBX
Error(s) have occured, the following is the retrieve_conf output:
exit: 1

- fwconsole restart

Hangs at Starting Asterisk

- Checked manager.conf, which we never touch, it has entries for 127.0.0.1/255.255.255.0

    [admin]
    secret = REALLY GOOD ONE
    deny=0.0.0.0/0.0.0.0
    permit=127.0.0.1/255.255.255.0
    read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
    write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
    writetimeout = 5000

    [admin]
    secret = REALLY GOOD ONE
    deny=0.0.0.0/0.0.0.0
    permit=SERVER STATIC IP/255.255.255.0
    read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
    ;write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
    ;writetimeout = 5000

Any ideas on what is happening?

2

Your edits to /etc/asterisk/manager.conf have broken things. The second [admin] account supersedes the first, so they conflict. This file should only look like this:

[admin]
secret = REALLY GOOD ONE
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
writetimeout = 5000
3

Thanks @lgaetz,

I commented out the second entry completely (I need to find out who entered it). Asterisk is connecting, but now is saying:

Can't find 'firewall' user in /etc/asterisk/manager_additional.conf. Firewall m
onitoring broken! (Did you forget to click 'Reload'?)

Does something else need to be added? I am also noticing the server is running incredibly slow on the FreePBX GUI. Thanks again!

4

I added the second permit line to the first. That fixed firewall, but broke the connection to asterisk again. How do I add the second permit line?

[admin]
secret = SECRET
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
permit=Server Static IP/255.255.255.0
read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
writetimeout = 5000
5

Also noticigin the “Live Network Usage” does not show a graphic either, it just shows “Loading Interface eth0…”

6

the manager.conf file should have a single permit line and it should be:

permit=127.0.0.1/255.255.255.0

The firewall manager account is managed in another file, and it’s not working because you appear to be missing the two required include lines at the bottom of manager.conf

#include manager_additional.conf
#include manager_custom.conf

Once that’s all done, you need to confirm that the AMI password for the admin account matches what you have in advanced settings for ‘Asterisk Manager User’ and ‘Asterisk Manager Password’. Until the admin account is set up properly and the AMI credentials match, you will have to do all reloads manually at the bash prompt using:

asterisk -x "core reload"
7

I did confirm the user/pass match under advanced settings and the manager.conf match for admin

This is what the full manager.conf file looks like:

;
; AMI - Asterisk Manager interface
;
; FreePBX needs this to be enabled. Note that if you enable it on a different IP, you need
; to assure that this can't be reached from un-authorized hosts with the ACL settings (permit/deny).
; Also, remember to configure non-default port or IP-addresses in amportal.conf.
;
; The AMI connection is used both by the portal and the operator's panel in FreePBX.
;
; FreePBX assumes an AMI connection to localhost:5038 by default.
;
[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0
displayconnects=no ;only effects 1.6+

[admin]
secret = secret
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
writetimeout = 5000

;[admin]
;secret = secret
;deny=0.0.0.0/0.0.0.0
;permit=static/255.255.255.0
;read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
;write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
;writetimeout = 5000

#include manager_additional.conf
#include manager_custom.conf

This is manager_additional.conf

;--------------------------------------------------------------------------------;
;          Do NOT edit this file as it is auto-generated by FreePBX.             ;
;--------------------------------------------------------------------------------;
; For information on adding additional paramaters to this file, please visit the ;
; FreePBX.org wiki page, or ask on IRC. This file was created by the new FreePBX ;
; BMO - Big Module Object. Any similarity in naming with BMO from Adventure Time ;
; is totally deliberate.                                                         ;
;--------------------------------------------------------------------------------;
[cxpanel]
secret = SECRET
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate
write = system,call,log,verbose,command,agent,user,config,dtmf,reporting,cdr,dialplan,originate
writetimeout = 100
[firewall]
secret = SECRET
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = all
write = user
writetimeout = 100
8

That all looks correct. Have you done a manual reload yet? Is FreePBX still complaining?

9

No, it seems to be working, I don’t see the error.

It is not just going incredibly slow. compared to just yesterday. The apply config takes 2+ minutes to complete, before it was maybe 15 seconds. Its a 24-core 32GB Ram 2TB 7200rpm server, its not a resource constraint.

Thanks for getting me this far, it was a big help!

Did

asterisk -x "core reload"

Still slow.

10

Seeing the following on apply config:

[2019-12-20 12:22:13] ERROR[28178]: config_options.c:658 aco_process_config: Unable to load config file 'acl.conf'
[2019-12-20 12:22:13] WARNING[28178]: named_acl.c:424 ast_named_acl_reload: Could not reload ACL config
11

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.