[OpenAFS] Re: windows openafs cache not updating
Anders Hannus
Anders.Hannus@ltu.se
Tue, 13 Dec 2011 14:34:58 +0000
--_000_EBED5B6E32140044A32A70292199E7934D69377BSTAEXDB2stafflt_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I can confirm that there seems to be an issue with the windows firewall rul=
e and 1.7.3.
Computer installed from Windows 7 Enterprise 64-bit DVD
MIT Kerberos, network identity manager, Openafs 1.7.3 64-bit/32-bit tools
Tried the rxdebug command from an afs server. No go.
Deleted the Windows firewall rule and added a new one with
netsh advfirewall firewall add rule name=3D"AFS Callback" dir=3Din action=
=3Dallow enable=3Dyes protocol=3Dudp localport=3D7001
And now it works.
We haven't seen this this issue here with 1.7.3 as a custom firewall rule w=
as required for 1.7.1 anyway and we haven't removed it yet.
/anders Hannus
Lule=E5 technical university
From: openafs-info-admin@openafs.org [mailto:openafs-info-admin@openafs.org=
] On Behalf Of Jonathan Nilsson
Sent: den 13 december 2011 03:28
To: Andrew Deason
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] Re: windows openafs cache not updating
> FindClient: stillborn client 74024d60(d16fe8cc); conn 180213d0
> (host MY.CLI.ENT.IP:7001) had client f402fa30(d16fe8cc)
> CB: RCallBackConnectBack (host.c) failed for host MY.CLI.ENT.IP:7001
> CB: WhoAreYou failed for host 34015890 (MY.CLI.ENT.IP:7001), error 1
>
> Could these messages be indicating a problem? (They appear frequently in
> the logs and I cannot tell if they correspond to specific read or write
> actions on the clients.)
Yes, they indicate that the fileserver cannot contact that client to
tell it that the files have changed (well, the latter two, anyway). Is
that client behind a NAT or some kind of stateful firewall?
No, the client has a static IP.
Assuming not, a simple test you can perform to check that a client is
reachable from the fileserver is by running:
rxdebug <client> 7001 -version
doh! that does not respond.
in Control Panel -> Windows Firewall -> "Allow a program or feature through=
Windows Firewall" it seems like the OpenAFS client must have attempted to =
add itself, but not completely... i see a checkbox under the "Public" netwo=
rk type, but not in the "Domain" or "Home/Work (Private)" network type. wh=
en I add those checkboxes, then rxdebug <client> 7001 -version works.
is it intentional to only allow 7001 on Public networks but not on Domain n=
etworks?
thanks for the quick reply!
--
Jonathan
from the fileserver. If that does not respond with the version of that
client, check firewalls et al and allow port udp 7001 to the client.
This is assuming, though, that the client generally stays up. It can be
normal to see messages like that if the client is abruptly removed from
the network or shutdown in an unclean fashion, etc.
--
Andrew Deason
adeason@sinenomine.net<mailto:adeason@sinenomine.net>
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org<mailto:OpenAFS-info@openafs.org>
https://lists.openafs.org/mailman/listinfo/openafs-info
--
Jonathan.Nilsson at uci dot edu
Social Sciences Computing Services
SSPB 1265 | 949.824.1536
--_000_EBED5B6E32140044A32A70292199E7934D69377BSTAEXDB2stafflt_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"SV" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D">I can conf=
irm that there seems to be an issue with the windows firewall rule and 1.7.=
3.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D"><o:p> =
;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D">Computer i=
nstalled from Windows 7 Enterprise 64-bit DVD<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D">MIT Kerber=
os, network identity manager, Openafs 1.7.3 64-bit/32-bit tools<o:p></o:p><=
/span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D"><o:p> =
;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D">Tried the =
rxdebug command from an afs server. No go.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D"><o:p> =
;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D">Deleted th=
e Windows firewall rule and added a new one with<o:p></o:p></span></p>
<p class=3D"MsoNormal"><i><span lang=3D"EN-US">netsh advfirewall firewall a=
dd rule name=3D"AFS Callback" dir=3Din action=3Dallow enable=3Dye=
s protocol=3Dudp localport=3D7001<o:p></o:p></span></i></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D"><o:p> =
;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D">And now it=
works.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D"><o:p> =
;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D">We haven&#=
8217;t seen this this issue here with 1.7.3 as a custom firewall rule was r=
equired for 1.7.1 anyway and we haven’t removed it yet.<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D"><o:p> =
;</o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D">/anders Ha=
nnus<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D">Lule=E5 te=
chnical university<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:11.0pt;font-=
family:"Calibri","sans-serif";color:#1F497D"><o:p> =
;</o:p></span></p>
<p class=3D"MsoNormal"><b><span lang=3D"EN-US" style=3D"font-size:10.0pt;fo=
nt-family:"Tahoma","sans-serif"">From:</span></b><span =
lang=3D"EN-US" style=3D"font-size:10.0pt;font-family:"Tahoma",&qu=
ot;sans-serif""> openafs-info-admin@openafs.org [mailto:openafs-info-a=
dmin@openafs.org]
<b>On Behalf Of </b>Jonathan Nilsson<br>
<b>Sent:</b> den 13 december 2011 03:28<br>
<b>To:</b> Andrew Deason<br>
<b>Cc:</b> openafs-info@openafs.org<br>
<b>Subject:</b> Re: [OpenAFS] Re: windows openafs cache not updating<o:p></=
o:p></span></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<div>
<blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0c=
m 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt">> FindClient: stil=
lborn client 74024d60(d16fe8cc); conn 180213d0<br>
> (host MY.CLI.ENT.IP:7001) had client f402fa30(d16fe8cc)<br>
> CB: RCallBackConnectBack (host.c) failed for host MY.CLI.ENT.IP:7001<b=
r>
> CB: WhoAreYou failed for host 34015890 (MY.CLI.ENT.IP:7001), error 1<b=
r>
><br>
> Could these messages be indicating a problem? (They appear frequently =
in<br>
> the logs and I cannot tell if they correspond to specific read or writ=
e<br>
> actions on the clients.)<o:p></o:p></p>
</div>
<p class=3D"MsoNormal">Yes, they indicate that the fileserver cannot contac=
t that client to<br>
tell it that the files have changed (well, the latter two, anyway). Is<br>
that client behind a NAT or some kind of stateful firewall?<o:p></o:p></p>
</blockquote>
<div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class=3D"MsoNormal">No, the client has a static IP.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"> <o:p></o:p></p>
</div>
<blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0c=
m 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<p class=3D"MsoNormal">Assuming not, a simple test you can perform to =
check that a client is <o:p></o:p></p>
</blockquote>
<blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0c=
m 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<p class=3D"MsoNormal">reachable from the fileserver is by running:<br=
>
<br>
rxdebug <client> 7001 -version<o:p></o:p></p>
</blockquote>
<div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class=3D"MsoNormal">doh! that does not respond.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class=3D"MsoNormal">in Control Panel -> Windows Firewall -> "=
Allow a program or feature through Windows Firewall" it seems like the=
OpenAFS client must have attempted to add itself, but not completely... i =
see a checkbox under the "Public" network type, but
not in the "Domain" or "Home/Work (Private)" network t=
ype. when I add those checkboxes, then rxdebug <client> 7001 -v=
ersion works.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class=3D"MsoNormal">is it intentional to only allow 7001 on Public netwo=
rks but not on Domain networks?<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class=3D"MsoNormal">thanks for the quick reply!<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">--<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Jonathan<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"> <o:p></o:p></p>
</div>
<blockquote style=3D"border:none;border-left:solid #CCCCCC 1.0pt;padding:0c=
m 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<p class=3D"MsoNormal"><br>
from the fileserver. If that does not respond with the version of that<br>
client, check firewalls et al and allow port udp 7001 to the client.<br>
This is assuming, though, that the client generally stays up. It can be<br>
normal to see messages like that if the client is abruptly removed from<br>
the network or shutdown in an unclean fashion, etc.<br>
<span style=3D"color:#888888"><br>
<span class=3D"hoenzb">--</span><br>
<span class=3D"hoenzb">Andrew Deason</span><br>
<span class=3D"hoenzb"><a href=3D"mailto:adeason@sinenomine.net">adeason@si=
nenomine.net</a></span><br>
<br>
<span class=3D"hoenzb">_______________________________________________</spa=
n><br>
<span class=3D"hoenzb">OpenAFS-info mailing list</span><br>
<span class=3D"hoenzb"><a href=3D"mailto:OpenAFS-info@openafs.org">OpenAFS-=
info@openafs.org</a></span><br>
<span class=3D"hoenzb"><a href=3D"https://lists.openafs.org/mailman/listinf=
o/openafs-info" target=3D"_blank">https://lists.openafs.org/mailman/listinf=
o/openafs-info</a></span></span><o:p></o:p></p>
</blockquote>
</div>
<p class=3D"MsoNormal"><br>
<br clear=3D"all">
<o:p></o:p></p>
<div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
<p class=3D"MsoNormal">-- <o:p></o:p></p>
<div>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Jonathan.Nilsson at uci dot edu</span><o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
Social Sciences Computing Services</span><o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-family:"Courier New"">=
SSPB 1265 | 949.824.1536</span><o:p></o:p></p>
</div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>
--_000_EBED5B6E32140044A32A70292199E7934D69377BSTAEXDB2stafflt_--