[OpenAFS] Re: windows openafs cache not updating

Jeffrey Altman jaltman@your-file-system.com
Wed, 14 Dec 2011 09:15:54 -0500 

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig63C086D09220E863E72FCEBA
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

What do you mean by "add the OpenAFS Client Service to the rule"?

On 12/14/2011 7:44 AM, Anders Hannus wrote:
> I redid the test today and the windows firewall blocks the UDP 7001
> packets. Adding a new rule with:
>=20
> =20
>=20
> netsh advfirewall firewall add rule name=3D"AFS CacheManager Callback
> (UDP)" dir=3Din action=3Dallow enable=3Dyes program=3D"C:\Program
> Files\OpenAFS\Client\Program\afsd_service.exe"
>=20
> =20
>=20
> opens up and the test is successful.
>=20
> =20
>=20
> If I add the OpanAFS Client Service to the rule it fails.
>=20
> =20
>=20
> /anders
>=20
> =20
>=20
> *From:*openafs-info-admin@openafs.org
> [mailto:openafs-info-admin@openafs.org] *On Behalf Of *Anders Hannus
> *Sent:* den 13 december 2011 15:35
> *To:* Jonathan Nilsson; Andrew Deason
> *Cc:* openafs-info@openafs.org
> *Subject:* RE: [OpenAFS] Re: windows openafs cache not updating
>=20
> =20
>=20
> I can confirm that there seems to be an issue with the windows firewall=

> rule and 1.7.3.
>=20
> =20
>=20
> Computer installed from Windows 7 Enterprise 64-bit DVD
>=20
> MIT Kerberos, network identity manager, Openafs 1.7.3 64-bit/32-bit too=
ls
>=20
> =20
>=20
> Tried the rxdebug command from an afs server. No go.
>=20
> =20
>=20
> Deleted the Windows firewall rule and added a new one with
>=20
> /netsh advfirewall firewall add rule name=3D"AFS Callback" dir=3Din
> action=3Dallow enable=3Dyes protocol=3Dudp localport=3D7001/
>=20
> =20
>=20
> And now it works.
>=20
> =20
>=20
> We haven=E2=80=99t seen this this issue here with 1.7.3 as a custom fir=
ewall
> rule was required for 1.7.1 anyway and we haven=E2=80=99t removed it ye=
t.
>=20
> =20
>=20
> /anders Hannus
>=20
> Lule=C3=A5 technical university
>=20
> =20
>=20
> *From:*openafs-info-admin@openafs.org
> [mailto:openafs-info-admin@openafs.org] *On Behalf Of *Jonathan Nilsson=

> *Sent:* den 13 december 2011 03:28
> *To:* Andrew Deason
> *Cc:* openafs-info@openafs.org
> *Subject:* Re: [OpenAFS] Re: windows openafs cache not updating
>=20
> =20
>=20
>     > FindClient: stillborn client 74024d60(d16fe8cc); conn 180213d0
>     > (host MY.CLI.ENT.IP:7001) had client f402fa30(d16fe8cc)
>     > CB: RCallBackConnectBack (host.c) failed for host MY.CLI.ENT.IP:7=
001
>     > CB: WhoAreYou failed for host 34015890 (MY.CLI.ENT.IP:7001), erro=
r 1
>     >
>     > Could these messages be indicating a problem? (They appear
>     frequently in
>     > the logs and I cannot tell if they correspond to specific read or=

>     write
>     > actions on the clients.)
>=20
>     Yes, they indicate that the fileserver cannot contact that client t=
o
>     tell it that the files have changed (well, the latter two, anyway).=
 Is
>     that client behind a NAT or some kind of stateful firewall?
>=20
> =20
>=20
> No, the client has a static IP.
>=20
> =20
>=20
>     Assuming not, a simple test you can perform to check that a client =
is=20
>=20
>     reachable from the fileserver is by running:
>=20
>     rxdebug <client> 7001 -version
>=20
> =20
>=20
> doh! that does not respond.
>=20
> =20
>=20
> in Control Panel -> Windows Firewall -> "Allow a program or feature
> through Windows Firewall" it seems like the OpenAFS client must have
> attempted to add itself, but not completely... i see a checkbox under
> the "Public" network type, but not in the "Domain" or "Home/Work
> (Private)" network type.  when I add those checkboxes, then rxdebug
> <client> 7001 -version works.
>=20
> =20
>=20
> is it intentional to only allow 7001 on Public networks but not on
> Domain networks?
>=20
> =20
>=20
> thanks for the quick reply!
>=20
> --
>=20
> Jonathan
>=20
> =20
>=20
>=20
>     from the fileserver. If that does not respond with the version of t=
hat
>     client, check firewalls et al and allow port udp 7001 to the client=
=2E
>     This is assuming, though, that the client generally stays up. It ca=
n be
>     normal to see messages like that if the client is abruptly removed =
from
>     the network or shutdown in an unclean fashion, etc.
>=20
>     --
>     Andrew Deason
>     adeason@sinenomine.net <mailto:adeason@sinenomine.net>
>=20
>     _______________________________________________
>     OpenAFS-info mailing list
>     OpenAFS-info@openafs.org <mailto:OpenAFS-info@openafs.org>
>     https://lists.openafs.org/mailman/listinfo/openafs-info
>=20
>=20
>=20
> =20
>=20
> --=20
>=20
> Jonathan.Nilsson at uci dot edu
>=20
> Social Sciences Computing Services
>=20
> SSPB 1265 | 949.824.1536
>=20
> =20
>=20


--------------enig63C086D09220E863E72FCEBA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJO6K+aAAoJENxm1CNJffh4fD8H/14yhXqj8VBJ5SQ0dKbMY3N9
s44xZzRwtclRTIfRyFtXZpad2wHc04dUvZ/9yuQD8q8ZC5Z4MM4doYbsgYC2IS2s
VAhUWs2yv4edJLqqW3Uy+Iucb1O+Kr8RTgOQzJ7rEa9dNdcn+V9FyUlalI/vKSjr
Ka+2YeJtTgHUap1zV+U1Q2v582MAhtnuuZYfHJzbkJ75yvp/Ps8ArMR3y8z04Vwm
3CRkPdFvo5KKqrySQxwDIvX9g6lBIkflwDj9A+IdHbfGkn+5fSRxDgHsMFkS5eUG
aXU89S5S0ZSgRa2Ln4+iz9nZpAjqWrUqK8AsZCU331YNwz7LWxFAiEI9uD9JxYM=
=O7xG
-----END PGP SIGNATURE-----

--------------enig63C086D09220E863E72FCEBA--