[OpenAFS] rxkad error=19270408

Mircea Ciocan mircea.ciocan@cmosvision.com
Tue, 21 Apr 2009 09:45:46 +0200 

Ted Creedon wrote:
> I spoke too soon.. there's something amiss with my tokens and it uses 
> 100% of my cpu cycles
>
> Help!
>
> Apr 20 21:42:55 geronimo kernel: Found 32-bit system call table at 
> 0xffffffff80407460 (pattern scan)
> Apr 20 21:42:58 geronimo kernel: Starting AFS cache scan...found 4141 
> non-empty cache files (8%).
> Apr 20 21:43:05 geronimo krb5kdc[4567]: AS_REQ (12 etypes {18 17 16 23 
> 1 3 2 11 10 15 12 13}) 10.1.1.185 <http://10.1.1.185>: ISSUE: authtime 
> 1240288985, etypes {rep=16 tkt=1 ses=16}, admin@CREEDON.BIZ 
> <mailto:admin@CREEDON.BIZ> for krbtgt/CREEDON.BIZ 
> <http://CREEDON.BIZ>@CREEDON.BIZ <http://CREEDON.BIZ>
> Apr 20 21:43:10 geronimo syslog-ng[2290]: last message repeated 2 times
> Apr 20 21:43:10 geronimo krb5kdc[4567]: TGS_REQ (1 etypes {1}) 
> 10.1.1.185 <http://10.1.1.185>: ISSUE: authtime 1240288985, etypes 
> {rep=16 tkt=1 ses=1}, admin@CREEDON.BIZ <mailto:admin@CREEDON.BIZ> for 
> afs/creedon.biz <http://creedon.biz>@CREEDON.BIZ <http://CREEDON.BIZ>
> Apr 20 21:43:31 geronimo syslog-ng[2290]: last message repeated 2 times
> Apr 20 21:43:31 geronimo kernel: afs: Tokens for user of AFS id 1 for 
> cell creedon.biz <http://creedon.biz>: rxkad error=19270408
> Apr 20 21:43:31 geronimo syslog-ng[2290]: last message repeated 538 times
> Apr 20 21:43:31 geronimo kernel:  rxkad error=19270408
> Apr 20 21:43:31 geronimo kernel: afs: Tokens for user of AFS id 1 for 
> cell creedon.biz <http://creedon.biz>: rxkad error=19270408
> Apr
>
>
>
> On Mon, Apr 20, 2009 at 8:12 PM, Ted Creedon <tcreedon@easystreet.net 
> <mailto:tcreedon@easystreet.net>> wrote:
>
>     This has been discussed to death before but the keys seem to be
>     the same...
>
>     I have no clue about what's going on. Can anyone help?
>
>     thanks
>
>     tedc
>
>     klist -k /etc/krb5.keytab -t -K
>     Keytab name: FILE:/etc/krb5.keytab
>     KVNO Timestamp         Principal
>     ---- -----------------
>     --------------------------------------------------------
>        8 04/20/09 19:49:50 afs@CREEDON.BIZ <mailto:afs@CREEDON.BIZ>
>     (0xbaf225e9c7aeeab9)
>     ==========================
>     geronimo:~ # asetkey list
>     kvno    8: key is: baf225e9c7aeeab9
>     All done.
>
>     ==========================
>
>     Tokens held by the Cache Manager:
>
>     User's (AFS ID 1) tokens for afs@creedon.biz
>     <mailto:afs@creedon.biz> [Expires Apr 21 19:53]
>        --End of list-
>
>     ===========================
>     bos listkeys $S
>     bos: ticket contained unknown key version number error encountered
>     while listing keys
>
>

 This is EXACTLY what happened with my machines yesterday, I was 
transferring both the AFS and the KRB server to new hardware and new IPs 
and everything had seem to work OK and then BAM,
all the simulation machines totally unresponsive and 100% CPU. I had to 
reboot them, not a pleasure, I tell you :(
Anyway to make it work all the gentle methods described in previous 
similar posts didn't work for me, I had to delete all the AFS service 
principals, remove the keys wit bos, delete the keytab for afs and 
recreate it and put the new key in the database with bos.
It worked but was not funny, if someone has a better method guaranteed 
to work I'll be glad to hear about it for future reference, eventually 
explained in in such details to make it somehow easy for folks that are 
not mainly sysadmins.

 Cheers,
 Mircea