On a Windows Server 2012 machine, I have a local DTC and a clustered DTC, as you can see here:
Here you can see the clustered DTC in the Failover Cluster Manager:
I have enabled WS-AT with the following command on the clustered DTC:
wsatconfig -network:enable -endpointCert:7c6361568413852afb471d5f8b92604cdde530dd -accountsCerts:3bcf068b0b984d2af9d2efa03e8a489c8483ba11 -virtualServer:ftsappdev -restart
For the endpointCert, I gave the thumbprint of the certificate for ftsappdev (the cluster role), and for accountscerts, I gave the thumbprint of the certificate of a JBOSS server.
I also have configured WS-AT for the local DTC through the WS-AT tab in Component Services:
In Failover Cluster Manager, when I take the clustered DTC resource offline and then online, I get the following entry in the Eventviewer/Application:
The MSDTC WS-AT protocol failed at the beginning of recovery. As a result, WS-AT functionality will be disabled.
Protocol ID: c05b9cad-ab24-4bb3-9440-3548fa7b4b1b
Protocol Name: WS-AtomicTransaction 1.1
Exception: Microsoft.Transactions.Bridge.PluggableProtocolException: A channel factory could not be opened. ---> Microsoft.Transactions.Wsat.Messaging.MessagingInitializationException: A channel factory could not be opened. ---> System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL https://+:2372/WsatService/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied
at System.Net.HttpListener.AddAllPrefixes()
at System.Net.HttpListener.Start()
at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
at System.ServiceModel.Channels.TransportChannelListener.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.HttpChannelListener`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.LayeredChannelListener`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.DatagramChannelDemuxer`2.OnOuterListenerOpen(ChannelDemuxerFilter filter, IChannelListener listener, TimeSpan timeout)
at System.ServiceModel.Channels.SingletonChannelListener`3.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.InternalDuplexChannelFactory.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelFactory.TypedServiceChannelFactory`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ChannelFactory.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at Microsoft.Transactions.Wsat.Messaging.CoordinationService.OpenChannelFactory[T](ChannelFactory`1 cf)
--- End of inner exception stack trace ---
at Microsoft.Transactions.Wsat.Messaging.CoordinationService.OpenChannelFactory[T](ChannelFactory`1 cf)
at Microsoft.Transactions.Wsat.Messaging.CoordinationService.Initialize(CoordinationServiceConfiguration config)
at Microsoft.Transactions.Wsat.Messaging.CoordinationService..ctor(CoordinationServiceConfiguration config, ProtocolVersion protocolVersion)
at Microsoft.Transactions.Wsat.Protocol.ProtocolState.RecoveryBeginning()
--- End of inner exception stack trace ---
at Microsoft.Transactions.Wsat.Protocol.ProtocolState.RecoveryBeginning()
at Microsoft.Transactions.Wsat.InputOutput.TransactionManagerReceive.RecoveryBeginning()
Process Name: msdtc
Process ID: 12248
In Component Services, when I restart the local DTC I get the following entry in the Eventviewer/Application:
The WS-AT protocol service successfully completed startup and recovery.
Protocol ID: cc228cf4-a9c8-43fc-8281-8565eb5889f2
Protocol Name: WS-AtomicTransaction 1.0
Process Name: msdtc
Process ID: 7744
Both DTCs run under the user Network Service:
Why does the clustered DTC not have access rights to this namespace, whereas the local DTC has? Both run under the same user.
How can I make the clustered DTC to register the URL https://+:2372/WsatService/ successfully?
I finally used port 8444. I had to reserve it with the command:
netsh http add urlacl url=https://+:8444/ user=Everyone
and then I ran wsatonfig specifying port 8444:
wsatconfig -network:enable -port:8444 -accounts:Everyone -endpointcert:7c6361568413852afb471d5f8b92604cdde530dd -accountsCerts:7c6361568413852afb471d5f8b92604cdde530dd,83112f9b598c4341b3975aba413bf04eb71eb679 -traceLevel:ALL -restart
Another time, it helped to disable and reenable the Network DTC Access in the properties of the Local DTC and the Cluster DTC:
Disable Local DTC, Apply and OK:
Enable Local DTC, Apply and OK:
Disable Cluster DTC, Apply and OK:
Enable Cluster DTC, Apply and OK:
Related
I have downloaded and set up Rancher Desktop with nerdctl but I am unable to pull any public image from the Docker Hub. I am receiving an error:
INFO[0011] trying next host error="failed to do request: Head
"https://registry-1.docker.io/v2/maildev/maildev/manifests/latest":
dial tcp: lookup registry-1.docker.io on 192.168.47.23:53: read udp
192.168.47.23:37689->192.168.47.23:53: i/o timeout" host=registry-1.docker.io
FATA[0011] failed to resolve reference
"docker.io/maildev/maildev:latest": failed to do request: Head
"https://registry-1.docker.io/v2/maildev/maildev/manifests/latest":
dial tcp: lookup registry-1.docker.io on 192.168.47.23:53: read udp
192.168.47.23:37689->192.168.47.23:53: i/o timeout
Thanks for your inputs
In ejabberd 18.01-2, installed in lxc container Ubuntu 18.04 Bionic LTS using apt, I'm trying to setup mod_http_upload.
In the section listen, I have
listen:
-
port: 5444
module: ejabberd_http
tls: true
request_handlers:
"/upload": mod_http_upload
In the configuration file, commented port was 5444, however, in the current documentation, it is 5443, so I am not sure which one is right.
In the modules section, I have
modules:
mod_http_upload:
host: "upload.ejabberd.forumanalogue.fr"
max_size: infinity
thumbnail: true
put_url: "https://ejabberd.forumanalogue.fr:5444/upload"
docroot: "/ejabberd/upload"
When I start the service, I can see an odd message in the logs
2019-11-11 21:02:35.287 [warning] <0.367.0>#ejabberd_pkix:handle_call:255 No certificate found matching 'upload.ejabberd.forumanalogue.fr': strictly configured clients or servers will reject connections with this host; obtain a certificate for this (sub)domain from any trusted CA such as Let's Encrypt (www.letsencrypt.org)
It is strange because I have a signed wildcard certificate.
certfiles:
- "/etc/letsencrypt/live/forumanalogue.fr/*.pem"
I can see the service with my client (Gajim) but when I try to send a file to another local account, I receive an error Access denied by service policy, see the complete log:
<iq xml:lang='en' to='foo#forumanalogue.fr/gajim.HCLJ4BZI' from='upload.ejabberd.forumanalogue.fr' type='error' id='1dd35274-90e9-4b3b-9608-0fab59afe34e'>
<request xmlns='urn:xmpp:http:upload'>
<filename>a.out</filename>
<size>27232</size>
<content-type>application/octet-stream</content-type>
</request>
<error code='403' type='auth'>
<forbidden xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
<text xml:lang='en' xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Access denied by service policy</text>
</error>
</iq>
I had to enable debug logging in order to see something. It is quite verbose, but I think that the relevant part, which is non redundant with the client message, is
2019-11-11 20:53:08.329 [debug] <0.501.0>#mod_http_upload:process_slot_request:544 Denying HTTP upload slot request from foo#forumanalogue.fr/gajim.HCLJ4BZI
Thank you for your help.
I tried with ejabberd 18.01, a configuration similar to yours, and it works for me.
Looking at the source code, that "process_slot_request:544 " error means that the account attempting to use the upload feature is not allowed by the "local" Access rule in the vhost it sended it to. Probably it's a remote account. Remote to that upload service. In other words, the service upload.whatever can only be used by accounts like user12#whatever.
In your case, you are attempting to use upload.ejabberd.forumanalogue.fr from account foo#forumanalogue.fr, which is not local to that upload service.
Several ideas, I hope one of them suits your specific setup:
A) don't mess with vhosts. If it's forumanalogue.fr, keep it that everywhere
B) use #HOST# in host and put_url options
C) Or if you really want to mess with hosts, then add Access rights so accounts in that vhost are considered "local" to the upload service.
I am currently trying to work with the geth and I want to start my private Ethereum Network so I can test my applications. However, when I try to use geth --datadir=./chaindata/ but that's only giving me some error in the terminal which I have shown at the bottom of this question. I am aware that there are other users that are having the same problem on Mac OS, which is what I'm using as well.
Here is the terminal output:
Steves-MBP:assignment_1 stevesahayadarlin$ geth --datadir=./chaindata/
WARN [01-06|22:12:18] No etherbase set and no accounts found as default
INFO [01-06|22:12:18] Starting peer-to-peer node instance=Geth/v1.7.3-stable/darwin-amd64/go1.9.2
INFO [01-06|22:12:18] Allocated cache and file handles database=/Users/stevesahayadarlin/Desktop/distributed_exchange_truffle_class_3-master/assignment_1/chaindata/geth/chaindata cache=128 handles=1024
INFO [01-06|22:12:18] Initialised chain configuration config="{ChainID: 15 Homestead: 0 DAO: <nil> DAOSupport: false EIP150: <nil> EIP155: 0 EIP158: 0 Byzantium: <nil> Engine: unknown}"
INFO [01-06|22:12:18] Disk storage enabled for ethash caches dir=/Users/stevesahayadarlin/Desktop/distributed_exchange_truffle_class_3-master/assignment_1/chaindata/geth/ethash count=3
INFO [01-06|22:12:18] Disk storage enabled for ethash DAGs dir=/Users/stevesahayadarlin/.ethash count=2
INFO [01-06|22:12:18] Initialising Ethereum protocol versions="[63 62]" network=1
INFO [01-06|22:12:18] Loaded most recent local header number=0 hash=9b8d4a…9021ba td=131072
INFO [01-06|22:12:18] Loaded most recent local full block number=0 hash=9b8d4a…9021ba td=131072
INFO [01-06|22:12:18] Loaded most recent local fast block number=0 hash=9b8d4a…9021ba td=131072
INFO [01-06|22:12:18] Loaded local transaction journal transactions=0 dropped=0
INFO [01-06|22:12:18] Regenerated local transaction journal transactions=0 accounts=0
INFO [01-06|22:12:18] Starting P2P networking
INFO [01-06|22:12:20] UDP listener up self=enode://258e1a8136fd23d47b97404139841059a37e95751182dde366adc4a22bab88b9580eb53bfb1de937016645817f071d0766a3be66e7e056c8f6afe0a450bb221d#70.106.232.168:30303
INFO [01-06|22:12:20] RLPx listener up self=enode://258e1a8136fd23d47b97404139841059a37e95751182dde366adc4a22bab88b9580eb53bfb1de937016645817f071d0766a3be66e7e056c8f6afe0a450bb221d#70.106.232.168:30303
INFO [01-06|22:12:20] Blockchain manager stopped
INFO [01-06|22:12:20] Stopping Ethereum protocol
INFO [01-06|22:12:20] Ethereum protocol stopped
INFO [01-06|22:12:20] Transaction pool stopped
INFO [01-06|22:12:20] Database closed database=/Users/stevesahayadarlin/Desktop/distributed_exchange_truffle_class_3-master/assignment_1/chaindata/geth/chaindata
INFO [01-06|22:12:20] Mapped network port proto=udp extport=30303 intport=30303 interface="UPNP IGDv1-IP1"
INFO [01-06|22:12:20] Mapped network port proto=tcp extport=30303 intport=30303 interface="UPNP IGDv1-IP1"
Fatal: Error starting protocol stack: listen unix /Users/stevesahayadarlin/Desktop/distributed_exchange_truffle_class_3-master/assignment_1/chaindata/geth.ipc: bind: invalid argument
Steves-MBP:assignment_1 stevesahayadarlin$
System information
Geth Version: 1.7.3-stable
Git Commit: 4bb3c89d44e372e6a9ab85a8be0c9345265c763a
Operating System: linux
Expected behaviour
Connect Mist with local private network
Actual behaviour
I type command :
geth --datadir ~/private_network init ~/private_network/genesis.json
geth --datadir ~/private_network --networkid 3131 --ipcpath ~/private_network/geth.ipc console 2>~/private_network/console.log
and I run Mist but I have an error "address already in use" even if I kill processes that uses port 30303 I have the same result
Backtrace
~/.ethereum/testnet/geth/ethash count=3
INFO [12-16|12:05:37] Disk storage enabled for ethash DAGs dir=~/.ethash count=2
INFO [12-16|12:05:37] Initialising Ethereum protocol versions="[63 62]" network=3
INFO [12-16|12:05:37] Loaded most recent local header number=797369 hash=81c88e…3044c5 td=587702682055345
INFO [12-16|12:05:37] Loaded most recent local full block number=0 hash=419410…ca4a2d td=1048576
INFO [12-16|12:05:37] Loaded most recent local fast block number=761870 hash=08735b…e597b9 td=571350456833753
INFO [12-16|12:05:37] Loaded local transaction journal transactions=0 dropped=0
INFO [12-16|12:05:37] Upgrading chain index type=bloombits percentage=79
INFO [12-16|12:05:37] Regenerated local transaction journal transactions=0 accounts=0
INFO [12-16|12:05:37] Starting P2P networking
Fatal: Error starting protocol stack: listen udp :30303: bind: address already in use
You're connecting to the Ropsten network (network=3). You have to pass in your network id into Mist using the --network option and provide the path to your .ipc file using --rpc.
$ ./Mist.exe --network 3131 --rpc ~/private_network/geth.ipc
Full command line options:
$ ./Mist.exe --help
Usage: Mist.exe --help [Mist options] [Node options]
Mist options:
--mode, -m App UI mode: wallet, mist. [string] [default: "mist"]
--node Node to use: geth, eth [string] [default: null]
--network Network to connect to: main, test
[string] [default: null]
--rpc Path to node IPC socket file OR HTTP RPC hostport (if
IPC socket file then --node-ipcpath will be set with
this value). [string]
--swarmurl URL serving the Swarm HTTP API. If null, Mist will
open a local node.
[string] [default: "http://localhost:8500"]
--gethpath Path to Geth executable to use instead of default.
[string]
--ethpath Path to Eth executable to use instead of default.
[string]
--ignore-gpu-blacklist Ignores GPU blacklist (needed for some Linux
installations). [boolean]
--reset-tabs Reset Mist tabs to their default settings. [boolean]
--logfile Logs will be written to this file in addition to the
console. [string]
--loglevel Minimum logging threshold: info, debug, error, trace
(shows all logs, including possible passwords over
IPC!). [string] [default: "info"]
--syncmode Geth synchronization mode: [fast|light|full] [string]
--version, -v Display Mist version. [boolean]
--skiptimesynccheck Disable checks for the presence of automatic time sync
on your OS. [boolean]
Node options:
- To pass options to the underlying node (e.g. Geth) use the --node- prefix,
e.g. --node-datadir
Options:
-h, --help Show help [boolean]
I am trying to get a sample java application to connect to a Mysql gen2 instance I have in GCP. I use SSL and the ip address is whitelisted. I have confirmed connectivity to the instance using the mysql command line and passing in the client-cert.pem, client-key.pem and the server-ca.pem. Now inorder to connect to it from the spring boot java application, I did the following:
created a p12 file from the client cert and key and added it to keystore.jks
created a truststore with the server-ca.pem file.
Added this code in the main before the connection is created:
System.setProperty("javax.net.debug", "all");
System.setProperty("javax.net.ssl.trustStore", TRUST_STORE_PATH);
System.setProperty("javax.net.ssl.trustStorePassword", "fake_password");
System.setProperty("javax.net.ssl.keyStore", KEY_STORE_PATH);
System.setProperty("javax.net.ssl.keyStorePassword", "fake_password");
For the jdbc url, I used : jdbc:mysql://1.1.1.1:3306/sampledb?useSSL=true&requireSSL=true
However I am unable to connect to the instance and see this error from the java ssl debug:
restartedMain, RECV TLSv1.1 ALERT: fatal, unknown_ca
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
restartedMain, called closeSocket()
restartedMain, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
restartedMain, called close()
restartedMain, called closeInternal(true)
I also tried to run
openssl verify -CAfile server-ca.pem client-cert.pem`
and got this output:
error 20 at 0 depth lookup:unable to get local issuer certificate`
Any ideas on what I might be doing wrong?