All hosts locked to the local time server and within a few ms of each other to the accuracy I can check. Martin. -- ------------------------------------------------------- Martin Bly | +44 1235 446981 | [log in to unmask] Systems Admin, Tier 1/A Service, RAL PPD CSG ------------------------------------------------------- > -----Original Message----- > From: David Groep [mailto:[log in to unmask]] > Sent: Tuesday, December 09, 2003 10:38 AM > To: LHC Computer Grid - Rollout > Cc: Bly, MJ (Martin) > Subject: Re: [LCG-ROLLOUT] Globus error 3 > > > Hi Martin, > > This may be far fetched, but have a look at the system time of the RB > and one of the clients. Is xntpd running and effective? > I have seen these strange errors when the clocks of the client and the > server in an SSL transaction are too far apart (more then a > few seconds). > > Please check just to be sure.... > > Cheers, > DavidG. > > At 11:26 09-12-03, Bly, MJ (Martin) wrote: > >Hi David, > > > >Yes, we periodically see the whinges thus: > > > >edg-wl-logd[10928]: edg_wll_ssl_accept() failed > >(error:00000000:lib(0):func(0):reason(0)) > >edg-wl-logd[10929]: edg_wll_ssl_accept() failed (error:14094412:SSL > >routines:SSL3_READ_BYTES:sslv3 alert bad certificate) > > > >which go on adnauseam. I had associated these with the > attempst to read the > >.1 files - obviously not the case from what you say, though > using strace > >does prompt these to reappear for the duration of the strace. > > > >Martin. > >-- > > ------------------------------------------------------- > > Martin Bly | +44 1235 446981 | [log in to unmask] > > Systems Admin, Tier 1/A Service, RAL PPD CSG > > ------------------------------------------------------- > > > > > -----Original Message----- > > > From: David Groep [mailto:[log in to unmask]] > > > Sent: Tuesday, December 09, 2003 10:20 AM > > > To: [log in to unmask] > > > Subject: Re: [LCG-ROLLOUT] Globus error 3 > > > > > > > > > Hi Martin, > > > > > > At 11:11 09-12-03, Bly, MJ (Martin) wrote: > > > >We consistently get into the state where the edg-wl-logd > > > whinges about > > > >trying to read (via one of its sub processes) the file > > > >/etc/grid-security/certificates/01621954.1 which isn't > there and as I > > > >understand it, is never likely to the there. > > > > > > If you see this attempt when using strace on the process: that's > > > correct and documented behaviour. OpenSSL will try to > read the .0, .1 > > > etc files in order, and the first one that fails signals > the end of > > > the certificate store for that CA. > > > > > > If it complains publicly (i.e. if you see that failed > attempt apart > > > from the strace log), that would be a real problem. > Otherwise, don't > > > get confused by this ENOENT from the ".1" file. > > > > > > Cheers, > > > DavidG. > > > > > > >Previously, deleting the *.r0 files and recreating them using > > > >edg-fetch-crl-cron seemed to fix the problem. It now > > > appears to fix the > > > >problem but only if I don't resort to strace on edg-wl-logd. :-( > > > > > > > > > > > > > > > -- > > > David Groep > > > > > > ** National Institute for Nuclear and High Energy Physics, > > > Grid/VL group ** > > > ** Room: H1.57 Phone: +31 20 592 2179, PObox 41882, NL-1009 > > > DB Amsterdam NL ** > > > > > -- > David Groep > > ** National Institute for Nuclear and High Energy Physics, > Grid/VL group ** > ** Room: H1.57 Phone: +31 20 592 2179, PObox 41882, NL-1009 > DB Amsterdam NL ** >