[OpenAFS] Re: windows openafs cache not updating

Jeffrey Altman jaltman@your-file-system.com
Wed, 14 Dec 2011 13:03:26 -0500 

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig8DD60F590DEA5638933136BA
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content=3D"text/html; charset=3DUTF-8" http-equiv=3D"Content-Ty=
pe">
  </head>
  <body bgcolor=3D"#ffffff" text=3D"#000000">
    <a class=3D"moz-txt-link-freetext" href=3D"http://gerrit.openafs.org/=
6332">http://gerrit.openafs.org/6332</a>=C2=A0 removes the service name f=
rom the
    Firewall Rule<br>
    <br>
    On 12/14/2011 10:03 AM, Anders Hannus wrote:
    <blockquote
cite=3D"mid:EBED5B6E32140044A32A70292199E7934D694732@STAEXDB2.staff.ltu.s=
e"
      type=3D"cite">
      <pre wrap=3D"">On the Programs and Services tab, Services, Settings=
=2E.., Apply to this service: OpenAFS Client Service.
Then it doesn't work.
Changing it (back) to Apply to all programs and services. Then it works a=
gain.

Can of course be added with the netsh command as well.

I'm using this workaround now for scripted install:
netsh advfirewall firewall add rule name=3D"AFS CacheManager Callback (UD=
P)" dir=3Din action=3Dallow enable=3Dyes program=3D"C:\Program Files\Open=
AFS\Client\Program\afsd_service.exe" protocol=3Dudp localport=3D7001


/anders hannus

-----Original Message-----
From: <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:openafs-info-a=
dmin@openafs.org">openafs-info-admin@openafs.org</a> [<a class=3D"moz-txt=
-link-freetext" href=3D"mailto:openafs-info-admin@openafs.org">mailto:ope=
nafs-info-admin@openafs.org</a>] On Behalf Of Jeffrey Altman
Sent: den 14 december 2011 15:16
To: <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:openafs-info@ope=
nafs.org">openafs-info@openafs.org</a>
Subject: Re: [OpenAFS] Re: windows openafs cache not updating

What do you mean by "add the OpenAFS Client Service to the rule"?

On 12/14/2011 7:44 AM, Anders Hannus wrote:
</pre>
      <blockquote type=3D"cite">
        <pre wrap=3D"">I redid the test today and the windows firewall bl=
ocks the UDP 7001=20
packets. Adding a new rule with:

=20

netsh advfirewall firewall add rule name=3D"AFS CacheManager Callback=20
(UDP)" dir=3Din action=3Dallow enable=3Dyes program=3D"C:\Program=20
Files\OpenAFS\Client\Program\afsd_service.exe"

=20

opens up and the test is successful.

=20

If I add the OpanAFS Client Service to the rule it fails.

=20

/anders

=20

*From:*openafs-info-admin@openafs.org
[<a class=3D"moz-txt-link-freetext" href=3D"mailto:openafs-info-admin@ope=
nafs.org">mailto:openafs-info-admin@openafs.org</a>] *On Behalf Of *Ander=
s Hannus
*Sent:* den 13 december 2011 15:35
*To:* Jonathan Nilsson; Andrew Deason
*Cc:* <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:openafs-info@o=
penafs.org">openafs-info@openafs.org</a>
*Subject:* RE: [OpenAFS] Re: windows openafs cache not updating

=20

I can confirm that there seems to be an issue with the windows=20
firewall rule and 1.7.3.

=20

Computer installed from Windows 7 Enterprise 64-bit DVD

MIT Kerberos, network identity manager, Openafs 1.7.3 64-bit/32-bit=20
tools

=20

Tried the rxdebug command from an afs server. No go.

=20

Deleted the Windows firewall rule and added a new one with

/netsh advfirewall firewall add rule name=3D"AFS Callback" dir=3Din=20
action=3Dallow enable=3Dyes protocol=3Dudp localport=3D7001/

=20

And now it works.

=20

We haven=E2=80=99t seen this this issue here with 1.7.3 as a custom firew=
all=20
rule was required for 1.7.1 anyway and we haven=E2=80=99t removed it yet.=


=20

/anders Hannus

Lule=C3=A5 technical university

=20

*From:*openafs-info-admin@openafs.org
[<a class=3D"moz-txt-link-freetext" href=3D"mailto:openafs-info-admin@ope=
nafs.org">mailto:openafs-info-admin@openafs.org</a>] *On Behalf Of *Jonat=
han=20
Nilsson
*Sent:* den 13 december 2011 03:28
*To:* Andrew Deason
*Cc:* <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:openafs-info@o=
penafs.org">openafs-info@openafs.org</a>
*Subject:* Re: [OpenAFS] Re: windows openafs cache not updating

=20

    &gt; FindClient: stillborn client 74024d60(d16fe8cc); conn 180213d0
    &gt; (host MY.CLI.ENT.IP:7001) had client f402fa30(d16fe8cc)
    &gt; CB: RCallBackConnectBack (host.c) failed for host MY.CLI.ENT.IP:=
7001
    &gt; CB: WhoAreYou failed for host 34015890 (MY.CLI.ENT.IP:7001), err=
or 1
    &gt;
    &gt; Could these messages be indicating a problem? (They appear
    frequently in
    &gt; the logs and I cannot tell if they correspond to specific read o=
r
    write
    &gt; actions on the clients.)

    Yes, they indicate that the fileserver cannot contact that client to
    tell it that the files have changed (well, the latter two, anyway). I=
s
    that client behind a NAT or some kind of stateful firewall?

=20

No, the client has a static IP.

=20

    Assuming not, a simple test you can perform to check that a client=20
is

    reachable from the fileserver is by running:

    rxdebug &lt;client&gt; 7001 -version

=20

doh! that does not respond.

=20

in Control Panel -&gt; Windows Firewall -&gt; "Allow a program or feature=
=20
through Windows Firewall" it seems like the OpenAFS client must have=20
attempted to add itself, but not completely... i see a checkbox under=20
the "Public" network type, but not in the "Domain" or "Home/Work=20
(Private)" network type.  when I add those checkboxes, then rxdebug=20
&lt;client&gt; 7001 -version works.

=20

is it intentional to only allow 7001 on Public networks but not on=20
Domain networks?

=20

thanks for the quick reply!

--

Jonathan

=20


    from the fileserver. If that does not respond with the version of tha=
t
    client, check firewalls et al and allow port udp 7001 to the client.
    This is assuming, though, that the client generally stays up. It can =
be
    normal to see messages like that if the client is abruptly removed fr=
om
    the network or shutdown in an unclean fashion, etc.

    --
    Andrew Deason
    <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:adeason@sinenomi=
ne.net">adeason@sinenomine.net</a> <a class=3D"moz-txt-link-rfc2396E" hre=
f=3D"mailto:adeason@sinenomine.net">&lt;mailto:adeason@sinenomine.net&gt;=
</a>

    _______________________________________________
    OpenAFS-info mailing list
    <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:OpenAFS-info@ope=
nafs.org">OpenAFS-info@openafs.org</a> <a class=3D"moz-txt-link-rfc2396E"=
 href=3D"mailto:OpenAFS-info@openafs.org">&lt;mailto:OpenAFS-info@openafs=
=2Eorg&gt;</a>
    <a class=3D"moz-txt-link-freetext" href=3D"https://lists.openafs.org/=
mailman/listinfo/openafs-info">https://lists.openafs.org/mailman/listinfo=
/openafs-info</a>



=20

--

Jonathan.Nilsson at uci dot edu

Social Sciences Computing Services

SSPB 1265 | 949.824.1536

=20

</pre>
      </blockquote>
      <pre wrap=3D"">
:=EF=BF=BD=EF=BF=BD</pre>
    </blockquote>
    <br>
  </body>
</html>


--------------enig8DD60F590DEA5638933136BA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJO6OTwAAoJENxm1CNJffh4j6IH/0Bv2ZESTsDQgLZc8KuvjvG6
aM04qXWx/GT4PIeJEpyz+FFLRJf+Vxb9QLDzS9JCZvzLfY7zl6zEq1N9ArjJlBJi
YGubl11rLBqIeT37tC4A/FoNVx/mbTEoxDri6LWShV7E6lp23eYhXFJ5NlS+fjUo
ZSuexNC/hy2I0BF3iyC9KIR0wd1SrOt62f2unBOmIGTG1oFUxHu0tkdrUs4/HT8a
Iltd0oq4a36r3V6EHV/jcrTCWTC1AZf7qyZw+B3eRMYc9esWjIc0+o3HaHzS0+XV
SuKs2cDzjzBPVzYf2nwb5JrcxfaSQsbBnNeto38daqmnP2KRU+gFzwoG1Hp86OI=
=hKXd
-----END PGP SIGNATURE-----

--------------enig8DD60F590DEA5638933136BA--