[LON-CAPA-admin] New access server johnabbotta1 (galileo.johnabbott.qc.ca) not connecting to MSU

Raeburn, Stuart raeburn at msu.edu
Tue Aug 26 12:23:48 EDT 2025 

Michael,

The MSU network border currently permits connections to the LON-CAPA port on MSU LON-CAPA servers from 207.162.58.140 but not from 207.162.58.72.

Once the MSU firewall team updates rules to permit connections from 207.162.58.72, lonc on your access server will be able to connect to lond on any of the MSU LON-CAPA nodes.

See:
mail.lon-capa.org/pipermail/lon-capa-admin/2018-January/003316.html
mail.lon-capa.org/pipermail/lon-capa-admin/2017-August/003277.html
mail.lon-capa.org/pipermail/lon-capa-users/2017-January/005155.html

In recent times the time taken for MSU firewall changes to be completed has typically been longer than the 48 hours mentioned in the 2018-January/003316.html post to this list.

That said, in May this year the MSU firewall team were able to expedite a change request for firewall rules for IP addresses for another LON-CAPA domain (one of the Academic Consortium members), but upper level management approval in MSU IT had to be obtained to do that.

Note: mtal1 and mun* are *not* hostIDs of MSU LON-CAPA nodes

Stuart Raeburn
LON-CAPA Academic Consortium

________________________________________
From: LON-CAPA-admin <lon-capa-admin-bounces at mail.lon-capa.org> on behalf of Michael Dugdale via LON-CAPA-admin <lon-capa-admin at mail.lon-capa.org>
Sent: Tuesday, August 26, 2025 11:40 AM
To: Michael Dugdale; list about administration and system updating
Subject: Re: [LON-CAPA-admin] New access server johnabbotta1 (galileo.johnabbott.qc.ca) not connecting to MSU

Digging a little further, I’m seeing a lot of lonc.log entries like the following "[s7.lite.msu.edu] [Tue Aug 26 05:13:10 2025: Connected to s7.lite.msu.edu] <font color='blue'>WARNING: Failing transaction sethost</font>”. Any suggestions on where I could look for the root cause?

Thanks again,
Michael



On Aug 26, 2025, at 11:27, Michael Dugdale via LON-CAPA-admin <lon-capa-admin at mail.lon-capa.org> wrote:

Hi,

We’ve just updated our access server johnabbotta1 (galileo.johnabbott.qc.ca<https://urldefense.com/v3/__http://galileo.johnabbott.qc.ca/__;!!HXCxUKc!yrmBThui4wbJoqDYn0NPJr7qdvdcxreqQgrPgGXW9BwWDY4EPa_1PPyVHoS1eFz_6O5fcTOLaeHtvckl9xKvxuuDaHm6yg$>) and things *seem* to be okay for the most part. I did get reports of some replication problems, however, associated with the MSU domain.  Running loncontrol status, I see that this new galileo is not connecting to any servers in the MSU domain (our library server, however, is connecting just fine). I ran the request_ssl_key.sh script and obtained loncapaCA.pem, lonhostcert.pem, and lonKey.pem and I seem to be able to appropriately connect to johnabbottl1 via ssl.

I’m wondering if this had to do with a change of IP address: what used to be 207.162.58.140 is now 207.162.58.72. However, this change was made last week and DNS seems to have propagated appropriately.

Any thoughts on how I should proceed?

Thanks in advance for any suggestions.

Cheers,
Michael


Michael Dugdale
Physics Department,
John Abbott College,
21275 Lakeshore Road,
Sainte-Anne-de-Bellevue, QC  H9X 3L9
Canada
(514) 457-6610 Ext. 5 888
michael.dugdale at johnabbott.qc.ca

Co-director, SALTISE
https://www.saltise.ca




_______________________________________________
LON-CAPA-admin mailing list
LON-CAPA-admin at mail.lon-capa.org
http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin

More information about the LON-CAPA-admin mailing list