Re: [Condor-users] DC_AUTHENTICATE: attempt to open invalid session...

[Zachary Miller <zmiller@xxxxxxxxxxx>]

On Fri, Apr 08, 2005 at 04:33:13PM -0400, Jeff Linderoth wrote:

important bit here:
> Condor version is 6.4.7 (yikes -- old!) on the machines trying to run
> the job and 6.7.5 on the machines submitting the job.

ah.


> StartLog on machine that was trying to start the job looks like...
> 
> 4/8 15:52:01 DC_AUTHENTICATE: attempt to open invalid session 
> fire4:801:1112972542:6, failing.

this means the schedd was trying to resume a session the startd doesn't
know about.  could be a couple things:

1) the session somehow expired on one side before the other.  this
shouldn't happen as they agree to the session length in a handshake.

2) the startd was restarted or reconfiged - in 6.4.X a reconfig dumps
the session cache.  this was later determined to be a Bad Idea(TM) in
the 6.6.X series.

even worse, every so often (8 hours i believe) the 6.4.X daemons dump
the entire session cache.  this was later determined to be a Really Bad
Idea(TM), so that doesn't happen in 6.6.X now either.

> These machines are all on a private network, so we don't need to fancy
> authentication turned on, and I am fairly sure that the Admin didn't
> change anything from the defaults.

right, 6.4.X did not use sessions by default.  6.6.X does.  and as you can
see, the way that 6.4.X handles sessions is less than ideal.  you can either:

1) upgrade the 6.4.X daemons
2) turn off sessions by adding 'SEC_DEFAULT_NEGOTIATION = OPTIONAL' to your
   condor_config on the 6.6.X daemons.

i'd suggest #1.


cheers,
-zach