Server offline - access with serial console ?

Hi,
i have a server which is offline since midnight. It answers to pings, show the right ports open for nmap, but login via ssh is not possible.
Also the webserver does not present any pages. Using a hub to check network traffic to/from the host i see that tcp handshakes are possible, but nothing further. So maybe kernel is still alive. Local login is not possible, after entering the username nothing further happens. On several consoles. Same with HP ILO. tty10 shows kernel messages, but nothing recent nor informative, only some messages months ago. Today just the message that the link from eth0 disappeared for a short period when i connect the server to the hub.
Is it possible to get access via serial console ? I found a lot of tutorials in the net, but all needed some measures done before. E.g. editing /etc/inittab.
Of course i didn’t that, and now it’s impossible.
Of course i can reboot the server. But i like to know what is going on (maybe a hack), so i’d like to investigate the running system.

Any chance ?

Thanks.

Bernd

Hi Bernd,

So, you have a server that is still running but is non responsive. However you may try to gain access, you will have to authenticate yet you say you are unable lo login.

What version of SLES are you running?

By chance, is SLES running in a VM? if so, what hypervisor are you using?

Hi Kevin,

it’s SLES 11 SP4 in a physical host, not in a vm.

Bernd

[QUOTE=berndgsflinux;36402]Hi Kevin,

it’s SLES 11 SP4 in a physical host, not in a vm.

Bernd[/QUOTE]

That’s too bad.

If you were running in a virtual environment, there are ways to attach your virtual disk to another VM so you cam peek into it from the outside.

Other than rebooting, I can’t think of any way to gain access. Perhaps someone else will offer a few suggestions.

Hi
Have a read here…
https://www.suse.com/support/kb/doc?id=3456486

So can’t even ssh?

If you can run something like minicom or putty and see if it will give
some access…

AFAIK, if you set the baud rate data stop and parity bits it should
just turn up when you start you serial client and press enter… That’s
how it works on SLES for RPI…


Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.36-44-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Hi Bernd,

sounds like a resource exhaustion or a hang in some common subsystem (like authentication or alike or file system). Typically, you won’t be able to access the system then via anything not already running (in terms of “doesn’t require to fork a new process”), not even via serial console.

It answers to pings
so the kernel is alive

show the right ports open for nmap
what happens if you telnet to those ports - any responses at all?

login via ssh is not possible […] Also the webserver does not present any pages
does the client establish a TCP session (but no practical responses from the daemons), or is even that not possible?

Using a hub to check network traffic to/from the host i see that tcp handshakes are possible, but nothing further
Do you see new sessions from your clients being established? Or are these simply timing out? Is there any additional traffic coming from your server?

All this is aiming to see if it’s the user space processes that are hanging on some common service, if it’s possible to spawn new processes at all (I doubt it, seeing your description of the login programs) or if user space is actually dead.

Today just the message that the link from eth0 disappeared for a short period when i connect the server to the hub
So at least syslogd is still alive & kicking.

But i like to know what is going on
Without syslog messages nor any open (and already active) service that you could misuse to somehow gain some level of insight, IMO all you can do is reboot.

Oh, any of the usual other indicators - HDD leds blinking, unusual noises, patterned noises that indicate excessive retries with disk access?

Regards,
J

PS: Are the sysreq features of that server still enabled? https://en.wikipedia.org/wiki/Magic_SysRq_key