[OpenAFS] Troubleshooting aklog/pioctl issue on Windows
Gjefle, Paul D
Paul.Gjefle@pnl.gov
Mon, 4 Dec 2006 14:12:46 -0800
This is a multi-part message in MIME format.
------_=_NextPart_001_01C717F1.54D79337
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
> About a week ago we started having problems getting AFS tokens with
> "aklog" on our Windows systems. (works okay on UNIX/Linux). We are in
> the process of switching over to using Kerberos 5 authentication
> against our AD's and up until last week obtaining AFS tokens from
> Kerberos 5 credentials/aklog has been working fine.
>=20
> It doesn't seem to make a difference what version of OpenAFS we are
> running (1.4.2 or 1.5.12).
>=20
> I'm able to obtain Kerberos credentials.
>=20
> c:\>klist (obfuscated)
> Ticket cache: API:username@our.realm
> Default principal: username@our.realm
>=20
> Valid starting Expires Service principal
> 12/04/06 08:40:40 12/11/06 08:40:49 krbtgt/our.realm@OUR.REALM
> renew until 12/11/06 08:40:40
>=20
> Running "aklog" in debug mode. I also enabled "pioctl" debugging in
> the registry.
>=20
> c:\>aklog -d
> Authenticating to cell our.afs.cell.
> Getting v5 tickets: afs/our.afs.cell@OUR.REALM
> pioctl temp !=3D 0: 0x66543218
> About to resolve name username@OUR.REALM to id
> Id 12345
> Set username to username@OUR.REALM
> Getting tokens.
> pioctl Transceive WriteFile failed: 0xC1
> aklog: unable to obtain tokens for cell our.afs.cell (status:
> 11862788).
>=20
> In doing a "klist" afterwards. I'm getting the cross-realm TGS from
> the Windows AD.
>=20
> c:\>klist (obfuscated)
> Ticket cache: API:username@our.realm
> Default principal: username@our.realm
>=20
> Valid starting Expires Service principal
> 12/04/06 08:40:40 12/11/06 08:40:49 krbtgt
> 12/04/06 08:40:51 12/11/06 08:40:49 afs/our.afs.cell@OUR.REALM
> renew until 12/11/06 08:40:40
>=20
> From what I was able to obtain from the Microsoft MSDN site. WriteFile
> error (0xC1) translates to ERROR_BAD_EXE_FORMAT. I'm out of ideas on
> how to debug this problem. I've tried a Window's strace utility, but I
> wasn't able to obtain anything useful in troubleshooting the problems.
>=20
> Any ideas that I can use to help troubleshoot?
>=20
> Thanks
> Paul
------_=_NextPart_001_01C717F1.54D79337
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7650.28">
<TITLE>Troubleshooting aklog/pioctl issue on Windows</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=3D2 FACE=3D"Arial">About a week ago we started having =
problems getting AFS tokens with "aklog" on our Windows =
systems. (works okay on UNIX/Linux). We are in the process of =
switching over to using Kerberos 5 authentication against our AD's and =
up until last week obtaining AFS tokens from Kerberos 5 =
credentials/aklog has been working fine.</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">It doesn't seem to make a difference =
what version of OpenAFS we are running (1.4.2 or 1.5.12).</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">I'm able to obtain Kerberos =
credentials.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Courier New">c:\>klist (obfuscated)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Ticket cache: =
API:username@our.realm</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Default principal: =
username@our.realm</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Courier New">Valid =
starting =
Expires =
Service principal</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">12/04/06 08:40:40 12/11/06 =
08:40:49 krbtgt/our.realm@OUR.REALM</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier =
New"> renew until 12/11/06 =
08:40:40</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Running "aklog" in debug =
mode. I also enabled "pioctl" debugging in the =
registry.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Courier New">c:\>aklog -d</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Authenticating to cell =
our.afs.cell.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Getting v5 tickets: =
afs/our.afs.cell@OUR.REALM</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">pioctl temp !=3D 0: =
0x66543218</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">About to resolve name =
username@OUR.REALM to id</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Id 12345</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Set username to =
username@OUR.REALM</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Getting tokens.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">pioctl Transceive WriteFile =
failed: 0xC1</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">aklog: unable to obtain tokens =
for cell our.afs.cell (status: 11862788).</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">In doing a "klist" =
afterwards. I'm getting the cross-realm TGS from the Windows AD.</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Courier New">c:\>klist (obfuscated)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Ticket cache: =
API:username@our.realm</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Default principal: =
username@our.realm</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Courier New">Valid =
starting =
Expires =
Service principal</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">12/04/06 08:40:40 12/11/06 =
08:40:49 krbtgt</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">12/04/06 08:40:51 12/11/06 =
08:40:49 afs/our.afs.cell@OUR.REALM</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier =
New"> renew until 12/11/06 =
08:40:40</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">From what I was able to obtain from the =
Microsoft MSDN site. WriteFile error (0xC1) translates to =
ERROR_BAD_EXE_FORMAT. I'm out of ideas on how to debug this problem. =
I've tried a Window's strace utility, but I wasn't able to obtain =
anything useful in troubleshooting the problems.</FONT></P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Any ideas that I can use to help =
troubleshoot?</FONT>
</P>
<P><FONT SIZE=3D2 FACE=3D"Arial">Thanks</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Arial">Paul</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C717F1.54D79337--