[OpenAFS] OpenAFS 1.6.0002, Windows 64: RPC Server in unavailable

Jeffrey Altman jaltman@secure-endpoints.com
Fri, 09 Sep 2011 12:26:34 -0400


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigEB9B7FAA98B12C1B1BDFB775
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 9/9/2011 11:14 AM, John Tang Boyland wrote:
> I have a new crop of students trying to install OpenAFS on Windows.
>=20
> I have a student who is able to get Tickets and AFS tokens with NIM:
> aklog -d -c cs.uwm.edu
> says that there are identical tokens already and doesn't do anything.

AFS tokens are simply a Kerberos 5 service ticket with some metadata
wrapping.  If the token that would be set is already present in the
cache manager, aklog won't set it a second time.

> (aklog -d tries to get tickets from openafs.org, but that's probably
> an incautious installation problem that is irrelevant to this problem.)=


The workstation cell name is set to "openafs.org".  Set it to the thing
you want it to be.

> NET VIEW \\AFS shows everything is fine.  (It shows the version 1.6.000=
2
> and mount points for cs.uwm.edu etc.)

Freelance mode is in use therefore all of this data is being delivered
from the registry.

> BUT,
> when they go to \\afs\cs.uwm.edu
>=20
> it says that they don't have access to the remote location because the
> "RPC Server is unavailable".

Which is an indication that the file server is considered to be down or
cannot be reached or that volume location information is unavailable for
the root.cell volume.

"fs checkservers -all -fast"  will print the current status for all
known servers.

"fs checkservers -all" will actually ping the servers and report back.

> We went to Norton Firewall and added a rule at the top to allow ALL
> outgoing connections.  Rebooted, still "RPC Server is unavailable"

More important is permitting all incoming connections to port 7001 so
that the servers can communicate with the client.

> NB: The cell cs.uwm.edu is open to system:anyuser, and so shouldn't
> require tokens anyway.

access control doesn't matter when you aren't communicating with the serv=
er.




--------------enigEB9B7FAA98B12C1B1BDFB775
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJOaj47AAoJENxm1CNJffh41c8H+wSrGfJYDp+/B6EJJYbsiWVE
Jy78KJ8kepO4Szux/rBUgKdB7MW6YXWLaNRzhdGN2XmlUb13THbLcBn2+c5srEdL
MMOI+wyHuDR4rLsMG7gwzYwFtNgeKJ8zLomkmcZFpBgH2XETnWjgrx6iKKJ+0h/W
qhdHLH0HDrtFaakxMZWqmggPiPWFX5S8TH4cb3BZW6PXAXDS1Zq73hoNLr6GikMm
DCn1WROVe1f9aYv+4mkjJ0SI+jzS6OWaLSXQ9/vQdce5MepuTKktYtqNzcbygtUr
Iq1OE/Ba7ISkrzRTg3D2J3K94Ad2uxpQg/NkCuz1FFsUqsa9iMQK1X6rm/oli5E=
=dTjY
-----END PGP SIGNATURE-----

--------------enigEB9B7FAA98B12C1B1BDFB775--