[LON-CAPA-admin] Not connected to network

Lucas, Richard clucas at purdue.edu
Fri Sep 5 09:58:08 EDT 2014 

Stuart,

Those PerlVars are both set to 1. 

I think I know what the issue is here, maybe you can confirm. When we originally moved the server we have put it behind the F5 and gave the server and internal IP address. We configured the F5 to forward ports through since we only have the one server. However, connections going out to other institutions servers will look like they're coming from the NAT address of the private network and not from loncapa.purdue.edu. Also the F5 is receiving the connection and forwards it on so to the LON-CAPA server it looks like the connection is coming from the F5. I am seeing messages like this for connections in:

Tue Sep  2 21:33:44 2014 (2184): <font color="green"> Attempting to start child (IO::Socket::INET=GLOB(0x3e55dd8))</font>
Tue Sep  2 21:33:44 2014 (22758): <font color="green"> existing host msul1</font>

Tue Sep  2 21:33:44 2014 (22758): <font color='blue'>WARNING: Unknown client 128.210.203.143</font>
Tue Sep  2 21:33:44 2014 (22758): <font color='blue'>WARNING: Rejected client 128.210.203.143, closing connection</font>
Tue Sep  2 21:33:44 2014 (22758): <font color='red'>CRITICAL: Disconnect from 128.210.203.143 ()</font>
Tue Sep  2 21:33:44 2014 (2184): Child 22758 died

Does LON-CAPA do some sort of reverse dns on the connections and verify? I am working with the F5 admins here to try to get this configuration changed. However, I'm wondering if you can shed some lights on how this works and if there's anything else I can do before that? I was thinking this functionality was working when we first switched to this configuration, however based on what I'm seeing I don't see how.

Thanks,
Richard

-----Original Message-----
From: lon-capa-admin-bounces at mail.lon-capa.org [mailto:lon-capa-admin-bounces at mail.lon-capa.org] On Behalf Of Stuart Raeburn
Sent: Wednesday, September 03, 2014 12:20 AM
To: lon-capa-admin at mail.lon-capa.org
Subject: Re: [LON-CAPA-admin] Not connected to network

Richard,

I would agree that the LON-CAPA server for the purdue domain is currently unable to connect to other LON-CAPA servers in the network.

What is currently in /etc/httpd/conf/loncapa.conf for the two PerlVars loncAllowInsecure and londAllowInsecure ?

Looking at debug information in /home/httpd/perl/logs/lonc.log on s12.lite.msu.edu I am seeing:

[Tue Sep  2 21:33:43 2014: Connected to loncapa.purdue.edu] Created connection 1 to host loncapa.purdue.edu LondWritable State = Connected host = loncapa.purdue.edu LondWritable State = Initialized host = loncapa.purdue.edu LondReadable host = loncapa.purdue.edu LondReadable called state = Initialized host = loncapa.purdue.edu Readable returned: 0 host = loncapa.purdue.edu After read, state is Initialized host = loncapa.purdue.edu LondReadable called state = Initialized host = loncapa.purdue.edu [Tue Sep  2 21:33:43 2014: Connected to loncapa.purdue.edu]  
Socket->Readable returned: -1 host = loncapa.purdue.edu
[Tue Sep  2 21:33:43 2014: Connected to loncapa.purdue.edu] <font
color='blue'>WARNING: Lond connection lost.</font>

when connecting from s12.lite.msu.edu (the msudemo domain server).

The transaction request which is failing is the init command:

TransactionRequest -> init:ssl:'2.11.0-2014063012'
TransactionReply -> refused

Could you check lond.log in /home/httpd/perl/logs for messages such as:

<font color="yellow">INFO: Connection, 35.9.66.242 (msudemol1) connection type = client </font>"

or

<font color='blue'>WARNING: 35.9.66.242 failed to initialize:  
 >init:ssl:'2.11.0-2014063012'< </font>

or

<font color="yellow">Attempted insecure connection disallowed</font>

or

<font color='blue'>WARNING: Unknown client 35.9.66.242</font>


Thanks,

Stuart Raeburn
LON-CAPA Academic Consortium


Quoting "Lucas, Richard" <clucas at purdue.edu>:

> I received a complaint that faculty are unable to browse resources   
> in other institutions. As far as I can tell our LON-CAPA instance is  
>  not connected to anyone else. I see a lot of connection messages   
> with "CRITICAL: Failed to make a connection with lond." and then   
> followed shortly after with "WARNING: Failing transaction sethost"   
> messages for host connections in the lonc.log. However, I'm not sure  
>  what that means or even if it's related. Any pointers on what I   
> should be looking at?
>
> Thanks,
> Richard

_______________________________________________
LON-CAPA-admin mailing list
LON-CAPA-admin at mail.lon-capa.org
http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin

More information about the LON-CAPA-admin mailing list