Hotsync problems with new system

NethServer Version: 7.6
Module: nethserver-hotsync

I reinstalled Neth on the system that’s been my hotsync target, and now hotsync isn’t working any more–I’m getting an email every 15 minutes saying:

hotsync error: rsync returned 12. rsync output:
rsync: safe_read failed to read 1 bytes [sender]: Connection reset by peer (104)
rsync error: error in rsync protocol data stream (code 12) at io.c(276) [sender=3.1.2]

Configuration appears to match. Here’s the master:

[root@neth ~]# config show rsyncd
rsyncd=service
    TCPPort=873
    password=(redacted)
    status=disabled
[root@neth ~]# config show hotsync
hotsync=configuration
    MasterHost=
    SlaveHost=192.168.1.60
    SlavePort=273
    databases=enabled
    role=master
    status=enabled
[root@neth ~]# 

…and on the target:

[root@neth-backup ~]# config show rsyncd
rsyncd=service
    TCPPort=873
    password=(redacted)
    status=enabled
[root@neth-backup ~]# config show hotsync
hotsync=configuration
    MasterHost=192.168.3.100
    SlaveHost=
    SlavePort=273
    databases=enabled
    role=slave
    status=enabled

Each system can ping the other at the IP address in the database. This was in the system log at the time of the last failure:

Aug 25 17:30:32 neth esmith::event[14340]: Event: pre-backup-config
Aug 25 17:30:32 neth esmith::event[14340]: expanding /etc/backup-config.d/nethserver-sssd.include
Aug 25 17:30:32 neth esmith::event[14340]: WARNING in /etc/e-smith/templates//etc/backup-config.d/nethserver-sssd.include/20kerberos: Use of uninitialized value in string ne at /etc/e-smith/templates//etc/backup-config.d/nethserver-sssd.include/20kerberos line 5.
Aug 25 17:30:32 neth esmith::event[14340]: WARNING: Template processing succeeded for //etc/backup-config.d/nethserver-sssd.include: 1 fragment generated warnings
Aug 25 17:30:32 neth esmith::event[14340]: at /etc/e-smith/events/actions/generic_template_expand line 64.
Aug 25 17:30:32 neth esmith::event[14340]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [0.160081]
Aug 25 17:30:32 neth esmith::event[14340]: Action: /etc/e-smith/events/pre-backup-config/S20nethserver-directory-dump-ldap SUCCESS [0.073252]
Aug 25 17:30:32 neth esmith::event[14340]: Action: /etc/e-smith/events/pre-backup-config/S40nethserver-mail-shrmbx-cfgbackup SUCCESS [0.011093]
Aug 25 17:30:32 neth esmith::event[14340]: Action: /etc/e-smith/events/pre-backup-config/S40nethserver-sssd-backup-tdb SUCCESS [0.004206]
Aug 25 17:30:37 neth esmith::event[14340]: Action: /etc/e-smith/events/pre-backup-config/S50nethserver-backup-config-list-packages SUCCESS [4.706979]
Aug 25 17:30:37 neth esmith::event[14340]: Event: pre-backup-config SUCCESS
Aug 25 17:30:37 neth esmith::event[14377]: Event: post-backup-config
Aug 25 17:30:37 neth esmith::event[14377]: Event: post-backup-config SUCCESS

…but it doesn’t look relevant. I don’t see any other log files that look like they’d be helpful. What else should I be checking?

Logs are involving error invoking kerberos.
Old system and new system are configured in the exact same way? Or are using a different account provider?
Also: subnets are different. Is that correct?
Between subnets, for involved ports (273, 873) are specific rules that allow data flow both ways?

They should be–I downloaded a config backup from the old system and uploaded it to the new (though I don’t recall having set up an accounts provider at all on the old system).

Yes, that’s correct.

There are no specific rules for those ports; data is routed freely between the two networks.

Both green as firewall perspective?

Hmmm, adding 192.168.3.0/24 as a trusted network on the target machine seems to have done something–it’s far too early for the sync to have finished, but I didn’t get an error email at the last scheduled run time, and there’s now a lot of network traffic going to the target machine. So if I’d done that before (and apparently I had), why wasn’t that saved in the config backup? But that’s a question for a different thread, I guess.

If the target server should not share data with the subnet, that was a “bad move”, i’d setup exception into the firewall for source server…

No, 3.0 is a secure VPN network, so there really isn’t a problem there–other than that restoring the configuration backup didn’t work at all as expected.

Has the new server more network interfaces? Or more network zones?

It’s the same server; the only hardware change is that I added a SSD. But the config backup issue is on its own thread: What does restoring a configuration backup actually do?