Post

2 followers Follow
0
Avatar

GEmfire locator throwing security warning : Failed to find credentials in VIEW_SYNC message

We are using gemfire's locator service for discovery with authentication service.

The server is able to join the DS using the security credentials and the classpath jar which contains the PKCSAuthenticator. Both locator and server has this jar on their classpath. The server does not throw a JOIN_REQ error and is able to join the DS. However, the locator keeps throwing a security warning on VIEW_SYNC message. We are running the locator with pulse dependencies to enable launching gemfire's pulse gui on port 8081. Any insight into why the locator is throwing this warning?

Logs here.

[info 2014/07/25 21:26:47.555 CDT <main> tid=0x1] Locator started on XXX.XX.XX.XX[10334]
[info 2014/07/25 21:26:47.556 CDT <main> tid=0x1] Starting server location for Distribution Locator on MYSERVER.MYDOMAIN.net[10334]
[security-info 2014/07/25 23:09:52.061 CDT <UDP ucast receiver> tid=0x1a] Starting Authentication
[security-info 2014/07/25 23:09:52.062 CDT <UDP ucast receiver> tid=0x1a] Called Authentication ALIAS IS gemfire
[security-info 2014/07/25 23:09:52.073 CDT <UDP ucast receiver> tid=0x1a] Authenticated successfully
[security-warning 2014/07/25 23:09:52.254 CDT <UDP Incoming Message Handler> tid=0x19] Failed to find credentials in VIEW message from [MYSERVER(31269)<v0>:62476] using Authenticator [com.dotcom.cache.gemfire.security.PKCSAuthenticator.create]
[info 2014/07/25 23:09:52.559 CDT <P2P message reader@36305d63> tid=0x38] Admitting member <MYSERVER(609)<v1>:34730>. Now there are 2 non-admin member(s).
[info 2014/07/25 23:09:52.574 CDT <pool-1-thread-1> tid=0x39] Initializing region monitoringRegion_MYSERVER(609)<v1>34730
[info 2014/07/25 23:09:53.149 CDT <pool-1-thread-1> tid=0x39] Initializing region _notificationRegion_MYSERVER(609)<v1>34730
[info 2014/07/25 23:09:54.757 CDT <Pooled Message Processor 1> tid=0x3e] Adding alert listener MYSERVER(609)<v1>:34730 level=1000
[security-info 2014/07/25 23:10:06.698 CDT <UDP ucast receiver> tid=0x1a] Starting Authentication
[security-info 2014/07/25 23:10:06.699 CDT <UDP ucast receiver> tid=0x1a] Called Authentication ALIAS IS gemfire
[security-info 2014/07/25 23:10:06.702 CDT <UDP ucast receiver> tid=0x1a] Authenticated successfully
[info 2014/07/25 23:10:06.704 CDT <UDP ucast receiver> tid=0x1a] Membership: lead member is now MYSERVER(609)<v1>:34730
[security-info 2014/07/25 23:10:16.290 CDT <UDP ucast receiver> tid=0x1a] Starting Authentication
[security-info 2014/07/25 23:10:16.291 CDT <UDP ucast receiver> tid=0x1a] Called Authentication ALIAS IS gemfire
[security-info 2014/07/25 23:10:16.299 CDT <UDP ucast receiver> tid=0x1a] Authenticated successfully
[security-warning 2014/07/25 23:10:20.102 CDT <UDP Incoming Message Handler> tid=0x19] Failed to find credentials in VIEW
SYNC message from [MYSERVER(31269)<v0>:62476] using Authenticator [com.dotcom.cache.gemfire.security.PKCSAuthenticator.create]

amol singh

Please sign in to leave a comment.

6 comments

0
Avatar

It looks like there are two servers attempting to join this distributed system - one joins, the other doesn't. Is it possible you have a rogue server process running somewhere?

One server gets admitted and is the lead member:

Admitting member <MYSERVER(609)<v1>:34730>. Now there are 2 non-admin member(s).
Membership: lead member is now MYSERVER(609)<v1>:34730

Meanwhile the other server cannot get admitted:

Failed to find credentials in VIEW message from [MYSERVER(31269)<v0>:62476]
Failed to find credentials in VIEWSYNC message from [MYSERVER(31269)<v0>:62476]

Barry Oglesby 0 votes
0
Avatar

I've verified there is no other rogue server - we are seeing this in production.

Also the logs where you see Admitting member <MYSERVER(609)<v1>:34730>. Now there are 2 non-admin member(s).
..
that shows the two members - one is the locator and the other is the server. I can verify these 2 via Gemfire pulse as well. And even if there as a rogue server , we would have seen a JOIN_REQ security warning in the locator logs, and not a VIEW_SYNC

amol singh 0 votes
0
Avatar

You're right. Another server would send a JOIN_REQ message first. What I thought was another server must be the locator itself. Can you post the entire locator log? What does your AuthInitialize.getCredentials method return for the locator?

Barry Oglesby 0 votes
0
Avatar

here are the full logs, hope the character limit is not exceeded here.

[info 2014/07/30 15:52:28.889 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1]


Copyright (C) 1997-2013 VMware, Inc. All rights reserved. This product is
protected by U.S. and international copyright and intellectual property
laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents.  VMware is a registered trademark or
trademark of VMware, Inc. in the United States and/or other jurisdictions.
All other marks and names mentioned herein may be trademarks of their
respective companies.

Java version: 7.0.1 build 40235 03/04/2013 14:29:19 PST javac 1.6.0_26
Native version: 6.5 06/02/2010 11:16:48 PDT optimized i386 Linux 2.4.21-47.EL
Source revision: 40235
Source repository: gemfire/trunk
Running on: MYSERVER/xxxx.xx.xx.xx, 2 cpu(s), amd64 Linux 2.6.18-371.el5
Process ID: 17406
User: a_MYAPP
Current dir: /app/a_MYAPP/MYAPP/installs/MYAPP/logs/MYAPP_locator/DEV/MYSERVER
Home dir: /home/a_MYAPP
Command Line Parameters:
-Dgemfire.log-disk-space-limit=1000
-Dgemfire.log-file-size-limit=50
-DgemfirePropertyFile=/data/MYAPP/config/gemfire.properties
Class Path:
/app/a_MYAPP/MYAPP/installs/MYAPP/artifacts/cache-gemfire-security.jar
/app/a_MYAPP/MYAPP/installs/gemfire/prod/lib/gemfire.jar
/app/a_MYAPP/MYAPP/installs/gemfire/prod/lib/antlr.jar
/app/a_MYAPP/MYAPP/installs/gemfire/prod/lib/spring-shell-1.0.0.RELEASE.jar
/app/a_MYAPP/MYAPP/installs/gemfire/prod/lib/spring-core-3.1.1.RELEASE.jar
/app/a_MYAPP/MYAPP/installs/gemfire/prod/lib/pulse-dependencies.jar
Library Path:
/app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/lib/amd64/server
/app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/lib/amd64
/app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/../lib/amd64
/usr/java/packages/lib/amd64
/usr/lib64
/lib64
/lib
/usr/lib
System Properties:
Locator.forceLocatorDMType = true
file.encoding = ANSI_X3.4-1968
file.encoding.pkg = sun.io
file.separator = /
gemfire.log-disk-space-limit = 1000
gemfire.log-file-size-limit = 50
gemfire.sys.security-peer-authenticator = ********
gemfire.sys.security-publickey-filepath = ********
gemfire.sys.security-publickey-pass = ********
gemfirePropertyFile = /data/MYAPP/config/gemfire.properties
java.awt.graphicsenv = sun.awt.X11GraphicsEnvironment
java.awt.printerjob = sun.print.PSPrinterJob
java.class.version = 50.0
java.endorsed.dirs = /app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/lib/endorsed
java.ext.dirs = /app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/lib/ext:/usr/java/packages/lib/ext
java.home = /app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre
java.io.tmpdir = /tmp
java.runtime.name = Java(TM) SE Runtime Environment
java.runtime.version = 1.6.0_35-b10
java.specification.name = Java Platform API Specification
java.specification.vendor = Sun Microsystems Inc.
java.specification.version = 1.6
java.vendor = Sun Microsystems Inc.
java.vendor.url = http://java.sun.com/
java.vendor.url.bug = http://java.sun.com/cgi-bin/bugreport.cgi
java.version = 1.6.0_35
java.vm.info = mixed mode
java.vm.name = Java HotSpot(TM) 64-Bit Server VM
java.vm.specification.name = Java Virtual Machine Specification
java.vm.specification.vendor = Sun Microsystems Inc.
java.vm.specification.version = 1.0
java.vm.vendor = Sun Microsystems Inc.
java.vm.version = 20.10-b01
line.separator =

  os.version = 2.6.18-371.el5
  path.separator = :
  sun.arch.data.model = 64
  sun.boot.class.path = /app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/lib/resources.jar:/app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/lib/rt.jar:/app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/lib/sunrsasign.jar:/app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/lib/jsse.jar:/app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/lib/jce.jar:/app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/lib/charsets.jar:/app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/lib/modules/jdk.boot.jar:/app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/classes
  sun.boot.library.path = /app/a_MYAPP/MYAPP/installs/java/jdk1.6.0_35/jre/lib/amd64
  sun.cpu.endian = little
  sun.cpu.isalist = 
  sun.io.unicode.encoding = UnicodeLittle
  sun.java.command = com.gemstone.gemfire.internal.DistributionLocator 10334  true true 
  sun.java.launcher = SUN_STANDARD
  sun.jnu.encoding = ANSI_X3.4-1968
  sun.management.compiler = HotSpot 64-Bit Tiered Compilers
  sun.nio.ch.bugLevel = 
  sun.os.patch.level = unknown
  user.country = US
  user.language = en
  user.timezone = America/Chicago

[info 2014/07/30 15:52:28.916 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Starting peer location for Distribution Locator on MYSERVER[10334]

[info 2014/07/30 15:52:28.922 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Starting Distribution Locator on MYSERVER[10334]

[info 2014/07/30 15:52:28.931 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] MYSERVER [ 10,334 ] attempting to get state from localhost [ 10,334 ]

[info 2014/07/30 15:52:29.950 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Starting distributed system

[info 2014/07/30 15:52:30.015 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] GemFire P2P Listener started on tcp:///xxxx.xx.xx.xx:34796

[info 2014/07/30 15:52:37.176 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Entered into membership in group GF70 with ID MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406:locator):2387.

[info 2014/07/30 15:52:37.177 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Starting DistributionManager MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406:locator):2387.

[info 2014/07/30 15:52:37.178 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Initial (membershipManager) view = [MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406:locator):2387]

[info 2014/07/30 15:52:37.178 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Admitting member <MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406:locator):2387>. Now there are 1 non-admin member(s).

[info 2014/07/30 15:52:37.183 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Did not hear back from any other system. I am the first one.

[info 2014/07/30 15:52:37.184 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] DistributionManager MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406:locator):2387 started on MYSERVER[10334],localhost[10334]. There were 0 other DMs. others:

[info 2014/07/30 15:52:37.212 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <Thread-7 StatSampler> tid=0x26] Disabling statistic archival.

[info 2014/07/30 15:52:37.214 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Creating cache for locator.

[info 2014/07/30 15:52:37.485 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Initializing region _monitoringRegion_MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-locator17406locator)2387

[info 2014/07/30 15:52:38.847 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Attempting to start http service with port=8081 bind-address=

info 2014/07/30 15:52:39.237 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1 Initializing ProtocolHandler ["http-bio-8081"]

info 2014/07/30 15:52:39.247 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1 Starting service Tomcat

info 2014/07/30 15:52:39.247 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1 Starting Servlet Engine: Apache Tomcat/7.0.30

info 2014/07/30 15:52:39.635 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 No global web.xml found

info 2014/07/30 15:52:44.668 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 No Spring WebApplicationInitializer types detected on classpath

info 2014/07/30 15:52:44.692 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Initializing Spring root WebApplicationContext

info 2014/07/30 15:52:44.693 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Root WebApplicationContext: initialization started

info 2014/07/30 15:52:44.760 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Refreshing Root WebApplicationContext: startup date [Wed Jul 30 15:52:44 CDT 2014]; root of context hierarchy

info 2014/07/30 15:52:44.817 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Loading XML bean definitions from ServletContext resource [/WEB-INF/spring-config.xml]

info 2014/07/30 15:52:44.953 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 You are running with Spring Security Core 3.1.1.RELEASE

info 2014/07/30 15:52:44.953 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Spring Security 'config' module version is 3.1.1.RELEASE

info 2014/07/30 15:52:45.024 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Checking sorted filter chain: [Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 300, Root bean: class [org.springframework.security.web.authentication.logout.LogoutFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 400, <org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>, order = 800, Root bean: class [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1200, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1300, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1400, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1800, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1900, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 2000]

info 2014/07/30 15:52:45.073 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@4c767fb3: defining beans [org.springframework.security.filterChains,org.springframework.security.filterChainProxy,org.springframework.security.web.PortMapperImpl#0,org.springframework.security.web.PortResolverImpl#0,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0,org.springframework.security.authentication.ProviderManager#0,org.springframework.security.web.context.HttpSessionSecurityContextRepository#0,org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy#0,org.springframework.security.web.savedrequest.HttpSessionRequestCache#0,org.springframework.security.access.vote.AffirmativeBased#0,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0,org.springframework.security.authentication.AnonymousAuthenticationProvider#0,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#0,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.userDetailsServiceFactory,org.springframework.security.web.DefaultSecurityFilterChain#0,authenticationFailureHandler,org.springframework.security.provisioning.InMemoryUserDetailsManager#0,org.springframework.security.authentication.dao.DaoAuthenticationProvider#0,org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0,org.springframework.security.authenticationManager]; root of factory hierarchy

info 2014/07/30 15:52:45.272 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Loading properties file from class path resource [pulse-users.properties]

info 2014/07/30 15:52:45.407 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Creating filter chain: org.springframework.security.web.util.AnyRequestMatcher@1, [org.springframework.security.web.context.SecurityContextPersistenceFilter@3c789d63, org.springframework.security.web.authentication.logout.LogoutFilter@12a4ed99, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@9eae15f, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@1b72290f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@63e5a5dc, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@79ec41c0, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@5d0e2c9, org.springframework.security.web.session.SessionManagementFilter@54d8fd1a, org.springframework.security.web.access.ExceptionTranslationFilter@71d0e17a, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@48834af6]

info 2014/07/30 15:52:45.615 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Checking whether login URL '/Login.html' is accessible with your configuration

info 2014/07/30 15:52:45.625 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Root WebApplicationContext: initialization completed in 931 ms

info 2014/07/30 15:52:45.633 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30
INFO 2014/07/30 15:52:45.626 CDT localhost-startStop-1 tid=0x30 [PULSE]
[com.vmware.gemfire.tools.pulse.internal.PulseAppListener]
Context Initialized..

INFO 2014/07/30 15:52:45.627 CDT localhost-startStop-1 tid=0x30 [PULSE]
[com.vmware.gemfire.tools.pulse.internal.PulseAppListener]
Could not read Properties File..

INFO 2014/07/30 15:52:45.627 CDT localhost-startStop-1 tid=0x30 [PULSE]
[com.vmware.gemfire.tools.pulse.internal.PulseAppListener]
Checking whether log configurations provided through system properties..

INFO 2014/07/30 15:52:45.627 CDT localhost-startStop-1 tid=0x30 [PULSE]
[com.vmware.gemfire.tools.pulse.internal.PulseAppListener]
Some/All Log properties provided through system properties

info 2014/07/30 15:52:45.634 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Checking whether Pulse is running in embedded mode..

info 2014/07/30 15:52:45.634 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <localhost-startStop-1> tid=0x30 Pulse is running in Embedded Mode..

info 2014/07/30 15:52:45.674 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1 Starting ProtocolHandler ["http-bio-8081"]

[info 2014/07/30 15:52:45.681 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Starting jmx manager agent on port 1199

[info 2014/07/30 15:52:45.708 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Finished starting jmx manager agent.

[info 2014/07/30 15:52:45.725 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Locator started on xxxx.xx.xx.xx[10334]

[info 2014/07/30 15:52:45.725 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <main> tid=0x1] Starting server location for Distribution Locator on MYSERVER[10334]

[info 2014/07/30 15:52:45.748 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <WAN Locator Discovery Thread> tid=0x38] Locator discovery task exchanged locator information MYSERVER[10334] with localhost[10334].

[security-info 2014/07/30 15:57:41.820 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Starting Authentication

[security-info 2014/07/30 15:57:41.820 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Called Authentication ALIAS IS gemfire

[security-info 2014/07/30 15:57:41.822 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Authenticated successfully

[security-warning 2014/07/30 15:57:41.988 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP Incoming Message Handler> tid=0x1b] Failed to find credentials in VIEW message from [MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406)<v0>:2387] using Authenticator [com.xxxxxorgan.tss.MYAPP.cache.gemfire.security.PKCSAuthenticator.create]

[info 2014/07/30 15:57:42.138 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <P2P message reader@27feae0f> tid=0x3c] Admitting member <MYSERVER(17971)<v1>:26699>. Now there are 2 non-admin member(s).

[info 2014/07/30 15:57:42.142 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <pool-1-thread-1> tid=0x3d] Initializing region _monitoringRegion_MYSERVER(17971)<v1>26699

[info 2014/07/30 15:57:42.389 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <pool-1-thread-1> tid=0x3d] Initializing region _notificationRegion_MYSERVER(17971)<v1>26699

[security-info 2014/07/30 15:57:47.135 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Starting Authentication

[security-info 2014/07/30 15:57:47.135 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Called Authentication ALIAS IS gemfire

[security-info 2014/07/30 15:57:47.139 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Authenticated successfully

[info 2014/07/30 15:57:47.140 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Membership: lead member is now MYSERVER(17971)<v1>:26699

[security-warning 2014/07/30 15:57:59.957 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP Incoming Message Handler> tid=0x1b] Failed to find credentials in VIEW_SYNC message from [MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406)<v0>:2387] using Authenticator [com.xxxxxorgan.tss.MYAPP.cache.gemfire.security.PKCSAuthenticator.create]

[security-info 2014/07/30 15:58:05.745 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Starting Authentication

[security-info 2014/07/30 15:58:05.745 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Called Authentication ALIAS IS gemfire

[security-info 2014/07/30 15:58:05.746 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Authenticated successfully

[security-warning 2014/07/30 15:58:06.832 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP Incoming Message Handler> tid=0x1b] Failed to find credentials in VIEW_SYNC message from [MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406)<v0>:2387] using Authenticator [com.xxxxxorgan.tss.MYAPP.cache.gemfire.security.PKCSAuthenticator.create]

[security-warning 2014/07/30 15:58:18.289 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP Incoming Message Handler> tid=0x1b] Failed to find credentials in VIEW_SYNC message from [MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406)<v0>:2387] using Authenticator [com.xxxxxorgan.tss.MYAPP.cache.gemfire.security.PKCSAuthenticator.create]

[security-warning 2014/07/30 15:58:18.396 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP Incoming Message Handler> tid=0x1b] Failed to find credentials in VIEW_SYNC message from [MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406)<v0>:2387] using Authenticator [com.xxxxxorgan.tss.MYAPP.cache.gemfire.security.PKCSAuthenticator.create]

[security-info 2014/07/30 15:58:20.132 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Starting Authentication

[security-info 2014/07/30 15:58:20.132 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Called Authentication ALIAS IS gemfire

[security-info 2014/07/30 15:58:20.133 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Authenticated successfully

[security-warning 2014/07/30 15:58:22.603 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP Incoming Message Handler> tid=0x1b] Failed to find credentials in VIEW_SYNC message from [MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406)<v0>:2387] using Authenticator [com.xxxxxorgan.tss.MYAPP.cache.gemfire.security.PKCSAuthenticator.create]

[security-info 2014/07/30 15:58:30.860 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Starting Authentication

[security-info 2014/07/30 15:58:30.861 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Called Authentication ALIAS IS gemfire

[security-info 2014/07/30 15:58:30.861 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Authenticated successfully

[security-warning 2014/07/30 15:58:38.119 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP Incoming Message Handler> tid=0x1b] Failed to find credentials in VIEW_SYNC message from [MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406)<v0>:2387] using Authenticator [com.xxxxxorgan.tss.MYAPP.cache.gemfire.security.PKCSAuthenticator.create]

[security-info 2014/07/30 15:58:41.110 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Starting Authentication

[security-info 2014/07/30 15:58:41.110 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Called Authentication ALIAS IS gemfire

[security-info 2014/07/30 15:58:41.111 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Authenticated successfully

[security-info 2014/07/30 15:58:44.753 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Starting Authentication

[security-info 2014/07/30 15:58:44.753 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Called Authentication ALIAS IS gemfire

[security-info 2014/07/30 15:58:44.754 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Authenticated successfully

[security-warning 2014/07/30 15:58:47.308 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP Incoming Message Handler> tid=0x1b] Failed to find credentials in VIEW_SYNC message from [MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406)<v0>:2387] using Authenticator [com.xxxxxorgan.tss.MYAPP.cache.gemfire.security.PKCSAuthenticator.create]

[security-warning 2014/07/30 15:58:48.737 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP Incoming Message Handler> tid=0x1b] Failed to find credentials in VIEW_SYNC message from [MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406)<v0>:2387] using Authenticator [com.xxxxxorgan.tss.MYAPP.cache.gemfire.security.PKCSAuthenticator.create]

[security-info 2014/07/30 15:58:50.569 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Starting Authentication

[security-info 2014/07/30 15:58:50.569 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Called Authentication ALIAS IS gemfire

[security-info 2014/07/30 15:58:50.569 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Authenticated successfully

[security-info 2014/07/30 15:58:55.939 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Starting Authentication

[security-info 2014/07/30 15:58:55.939 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Called Authentication ALIAS IS gemfire

[security-info 2014/07/30 15:58:55.940 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP ucast receiver> tid=0x1c] Authenticated successfully

[security-warning 2014/07/30 15:59:01.639 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP Incoming Message Handler> tid=0x1b] Failed to find credentials in VIEW_SYNC message from [MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406)<v0>:2387] using Authenticator [com.xxxxxorgan.tss.MYAPP.cache.gemfire.security.PKCSAuthenticator.create]

[security-warning 2014/07/30 15:59:05.195 CDT MYAPP-MYSERVER.svr.us.mycompany.net-Locator <UDP Incoming Message Handler> tid=0x1b] Failed to find credentials in VIEW_SYNC message from [MYSERVER(MYAPP-MYSERVER.svr.us.mycompany.net-Locator:17406)<v0>:2387] using Authenticator [com.xxxxxorgan.tss.MYAPP.cache.gemfire.security.PKCSAuthenticator.create]

amol singh 0 votes
0
Avatar

I see no security-peer-auth-init configured.

gemfire.sys.security-peer-authenticator = ********
gemfire.sys.security-publickey-filepath = ********
gemfire.sys.security-publickey-pass = ********

If I comment out the one configured in my test, I see the same behavior you are seeing.

Add a security-peer-auth-init like:

security-peer-auth-init=TestAuthInitialize.create

Barry Oglesby 0 votes
0
Avatar

Thanks Barry. That seems to have worked.

We had locator properties, and the server properties in two separate files - this missing property you mentioned was available to the server but not to the locator. I believe since the locator is both a joining member and an authenticator, it requires security-peer-auth-init along with the security-peer-authenticator property.

amol singh 0 votes