[AG-TECH] GLOBUS_HOSTNAME problems

Thomas D. Uram turam at mcs.anl.gov
Sat Aug 27 18:21:21 CDT 2005 

The problem with the anonymous certificate was identified and fixed in 
the 2.4 release.  It would occur with old (pre-2.3) certificate 
repositories into which the anonymous CA certificate had been imported 
(automatically by the 2.3 software).  The CA cert was not properly 
tagged, so was not used as a CA cert, causing anon cert verification ops 
to fail.  Thanks to Darin Oman for submitting his log files; they helped 
me understand and resolve the problem.

There is no relationship between the certificate and the hostname.

If you look in the VenueClient.log file (in ~/.AccessGrid/Logs), you 
should see an indication of the problem.  I'm interested to see the 
logfile myself, to see what has gone wrong and try to help.

Tom


Eric Peterson wrote:
> Hi All,
> 
> I am having the same type of problem using 2.4 and Mac OS X 10.4. If I
> use the default anonymous certificate I have no problems running the
> "Manage my Node" and adding and deleting services. However when I
> import my certificate and try to use it, everything breaks. I am not
> able to set URL node etc. Not sure what the certificate has to do with
> being able to set the URL node and hostname but it some how does. I'll
> just be using the anonymous cert for now. Would requesting a new
> certificate fix this?
> 
> Thanks,
> Eric Peterson
> Arctic Region Supercomputing Center 
> 
> 
> On 8/24/05, Julia Mullen <julia.mullen at gmail.com> wrote:
> 
>>Hi Tom,
>>
>>I have to support Darin's experience here as we had exactly the same thing
>>happen with Ray Chen at U Maryland that day.  You may recall an exchange of
>>email - we had the added complexity of removing the previous expired
>>cert - but once that was removed the anonymous cert still gave us the
>>globus-host error.
>>Once Ray was able to use his own cert the error went away and we were able to
>>connect and test.
>>
>>Ray, can you grab the logfiles from the machine you used and send them to
>>Tom?
>>
>>Thanks,
>>
>>  Julie
>>
>>
>>On 8/24/05, Thomas D. Uram <turam at mcs.anl.gov> wrote:
>>
>>>Darin:
>>>
>>>I'd be very interested to see logfiles from your machines to understand
>>>what went wrong.
>>>
>>>There is no relationship whatsoever between the certificate and the
>>>hostname, so switching from an anonymous certificate to an identity
>>>certificate can not have been the solution to the problem.
>>>
>>>If you can send the VenueClient.log from the display machine, and the
>>>ServiceManager.log from any remote machine(s) involved, we should be
>>>able to identify the problem.
>>>
>>>Thanks in advance for your help, Darin.
>>>
>>>Tom
>>>
>>>
>>>Darin Oman wrote:
>>>
>>>>Mike, you RULE! I replaced the anonymous certificate with a good,
>>>>approved cert and it's back to normal! Is this a bug or something done
>>>>on purpose? Either way, people should know about this with DHCP nodes.
>>>>Thanks again! And Julie, thanks for verifying the fix.
>>>>
>>>>Darin
>>>>
>>>>
>>>>On Aug 16, 2005, at 11:52 AM, Michael Miller wrote:
>>>>
>>>>
>>>>>I've had the same trouble when trying to use an anonymous cert.  not
>>>>>sure how to fix tho'.  What does nslookup give for your IP, and
>>>>>conversely for your domain name?  They should match up of course, but
>>>>>I've seen the name resolve to a different IP before...
>>>>>
>>>>>MYK
>>>>>
>>>>>Darin Oman wrote:
>>>>>
>>>>>
>>>>>>When I try to "manage my node," I'm told I need to specify the node
>>>>>>service URL, then I'm told that the machine "can not open node
>>>>>>management at https://..." I know this is a problem with DHCP
>>>>>>machines. I've tried set GLOBUS_HOSTNAME and I've also tried to
>>>>>>remove the environment variable. The problem there is that there is
>>>>>>no reference anywhere to GLOBUS_HOSTNAME. No environment variable,
>>>>>>nothing. I've tried removing and reinstalling the Globus parts as
>>>>>>well as the toolkit a number of times. I've also dug through the
>>>>>>registry. The result is always the same. Does anybody have any idea
>>>>>>what I'm missing?
>>>>>>
>>>>>>Thanks,
>>>>>>Darin
>>>>>>
>>>>>>
>>>>>
>>>>>--
>>>>>Thanx,
>>>>>
>>>>>Michael Miller
>>>>>System Engineer
>>>>>Video Technology Services
>>>>>Persistent Infrastructure Directorate
>>>>>National Center for Supercomputing Applications
>>>>>University of Illinois - UC
>>>>>217-649-0747
>>>>>
>>>>>"If you're clear in your vision and trust the people in your team with
>>>>>clear objectives, they will invariably do their best to achieve
>>>>>everything desired, and usually deliver everything you could have
>>>>>hoped for and even more." -Paul Debevec
>>>>>
>>>>
>>>>
>>>
>>
> 
>

More information about the ag-tech mailing list