On one of our machines, <first-machine-name> (Windows 7, 64-bit, condor 7.4.1), condor_q -global fails with the following error:
-- Failed to fetch ads from: <10.1.2.22:9686> : <second-machine-name>
When looking at the SchedLog on <second-machine-name> (Windows XP, 32-bit, condor 7.4.1) I find:
05/03 17:29:53 (pid:4144) PERMISSION DENIED to unauthenticated user from host 10.1.2.143 for command 1111 (QMGMT_CMD), access level READ: reason: READ authorization policy contains no matching ALLOW entry for this request; identifiers used for this host: 10.1.2.143,<first-machine-name>
05/03 18:12:04 (pid:4144) PERMISSION DENIED to unauthenticated user from host 10.1.2.143 for command 1111 (QMGMT_CMD), access level READ: reason: cached result for READ; see first case for the full reason
Both <first-machine-name> and <second-machine-name> have ALLOW_READ/WRITE = *.<our-domain-name>. The curious thing is that in the first message of the SchedLog from <second-machine-name>, the <first-machine-name> does not contain <our-domain-name>. I think that changing ALLOW_READ/WRITE to be "*" would solve the problem, but I would rather not do that.
We have other similarly configured machines that appear to be OK.