All hosts locked to the local time server and within a few ms of each other
to the accuracy I can check.
Martin.
--
-------------------------------------------------------
Martin Bly | +44 1235 446981 | [log in to unmask]
Systems Admin, Tier 1/A Service, RAL PPD CSG
-------------------------------------------------------
> -----Original Message-----
> From: David Groep [mailto:[log in to unmask]]
> Sent: Tuesday, December 09, 2003 10:38 AM
> To: LHC Computer Grid - Rollout
> Cc: Bly, MJ (Martin)
> Subject: Re: [LCG-ROLLOUT] Globus error 3
>
>
> Hi Martin,
>
> This may be far fetched, but have a look at the system time of the RB
> and one of the clients. Is xntpd running and effective?
> I have seen these strange errors when the clocks of the client and the
> server in an SSL transaction are too far apart (more then a
> few seconds).
>
> Please check just to be sure....
>
> Cheers,
> DavidG.
>
> At 11:26 09-12-03, Bly, MJ (Martin) wrote:
> >Hi David,
> >
> >Yes, we periodically see the whinges thus:
> >
> >edg-wl-logd[10928]: edg_wll_ssl_accept() failed
> >(error:00000000:lib(0):func(0):reason(0))
> >edg-wl-logd[10929]: edg_wll_ssl_accept() failed (error:14094412:SSL
> >routines:SSL3_READ_BYTES:sslv3 alert bad certificate)
> >
> >which go on adnauseam. I had associated these with the
> attempst to read the
> >.1 files - obviously not the case from what you say, though
> using strace
> >does prompt these to reappear for the duration of the strace.
> >
> >Martin.
> >--
> > -------------------------------------------------------
> > Martin Bly | +44 1235 446981 | [log in to unmask]
> > Systems Admin, Tier 1/A Service, RAL PPD CSG
> > -------------------------------------------------------
> >
> > > -----Original Message-----
> > > From: David Groep [mailto:[log in to unmask]]
> > > Sent: Tuesday, December 09, 2003 10:20 AM
> > > To: [log in to unmask]
> > > Subject: Re: [LCG-ROLLOUT] Globus error 3
> > >
> > >
> > > Hi Martin,
> > >
> > > At 11:11 09-12-03, Bly, MJ (Martin) wrote:
> > > >We consistently get into the state where the edg-wl-logd
> > > whinges about
> > > >trying to read (via one of its sub processes) the file
> > > >/etc/grid-security/certificates/01621954.1 which isn't
> there and as I
> > > >understand it, is never likely to the there.
> > >
> > > If you see this attempt when using strace on the process: that's
> > > correct and documented behaviour. OpenSSL will try to
> read the .0, .1
> > > etc files in order, and the first one that fails signals
> the end of
> > > the certificate store for that CA.
> > >
> > > If it complains publicly (i.e. if you see that failed
> attempt apart
> > > from the strace log), that would be a real problem.
> Otherwise, don't
> > > get confused by this ENOENT from the ".1" file.
> > >
> > > Cheers,
> > > DavidG.
> > >
> > > >Previously, deleting the *.r0 files and recreating them using
> > > >edg-fetch-crl-cron seemed to fix the problem. It now
> > > appears to fix the
> > > >problem but only if I don't resort to strace on edg-wl-logd. :-(
> > >
> > >
> > >
> > >
> > > --
> > > David Groep
> > >
> > > ** National Institute for Nuclear and High Energy Physics,
> > > Grid/VL group **
> > > ** Room: H1.57 Phone: +31 20 592 2179, PObox 41882, NL-1009
> > > DB Amsterdam NL **
> > >
>
> --
> David Groep
>
> ** National Institute for Nuclear and High Energy Physics,
> Grid/VL group **
> ** Room: H1.57 Phone: +31 20 592 2179, PObox 41882, NL-1009
> DB Amsterdam NL **
>
