Mailing List Archives

Public Access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Strange CRL expiry error

Hi Timm,

are you sure this is not an outdated certificate ?

You should try to do 'sudo /etc/init.d/cvmfs restart' and check again ...

Best
christoph


--
Christoph Beyer
DESY Hamburg
IT-Department

Notkestr. 85
Building 02b, Room 009
22607 Hamburg

phone:+49-(0)40-8998-2317
mail: christoph.beyer@xxxxxxx

Von: "Steven C Timm" <timm@xxxxxxxx>
An: "htcondor-users" <htcondor-users@xxxxxxxxxxx>
Gesendet: Sonntag, 29. MÃrz 2020 06:38:35
Betreff: [HTCondor-users] Strange CRL expiry error

We recently changed to htcondor 8.8.8 to run our startds.  I am seeing the following error when the startd attempts to connect back to the central pool:
3/28/20 09:55:36 Condor GSI authentication failure
GSS Major Status: Communications Error
GSS Minor Status Error Chain:
(null)
03/28/20 09:55:36 DC_AUTHENTICATE: required authentication of 206.76.217.23 fail
ed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:F
ailed to authenticate using GSI|GSI:5004:Failed to authenticate. Globus is repo
rting error (589824:0)
03/28/20 09:55:37 Condor GSI authentication failure
GSS Major Status: Communications Error
GSS Minor Status Error Chain:
(null)
03/28/20 09:55:37 DC_AUTHENTICATE: required authentication of 206.76.217.23 fail
ed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:F
ailed to authenticate using GSI|GSI:5004:Failed to authenticate. Globus is repo
rting error (589824:0)

The above is on server side.. the client side says:

03/28/20 10:39:14 (pid:288764) SECMAN: required authentication with collector cmssrv605.fnal.gov:9622 failed, so aborting command INVALIDATE_STARTD_ADS.

03/28/20 10:39:14 (pid:288764) ERROR: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using GSI|GSI:5004:Failed to authenticate.  Globus is reporting error (655360:1559)

03/28/20 10:39:14 (pid:288764) Failed to send update to collector cmssrv605.fnal.gov:9622.

03/28/20 10:39:14 (pid:288764) Condor GSI authentication failure

GSS Major Status: Authentication Failed

GSS Minor Status Error Chain:

globus_gss_assist: Error during context initialization

globus_gsi_callback_module: Could not verify credential

globus_gsi_callback_module: Could not verify credential

globus_gsi_callback_module: Invalid CRL: The available CRL has expired



But I am using the CRL's as stored in /cvmfs at 

/cvmfs/oasis.opensciencegrid.org/osg-software/osg-wn-client/certificates


and they appear to be fine.

Have also verified the condor config to make sure it is pointing at that directory.

It doesn't say which of the CRL's is supposedly expired  There are three in the chain of the 
certificate that it could be.

Also under 8.8.8 things are not failing everywhere, just at one remote glidein site
where we are picking up cvmfs in a non-standard way.

Steve Timm


_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/