When trying to clean up my PKI by running certutil -deleterow 31/12/2018 Cert I receive the following error:
C:\windows\system32>certutil -deleterow 31/12/2018 Cert
437.625.0:<2020/12/29, 11:55:22>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): CADescription
437.625.0:<2020/12/29, 11:55:22>: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND): ParentCAName
410.8311.0:<2020/12/29, 11:55:22>: 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER): 31/12/2018
410.8330.0:<2020/12/29, 11:55:22>: 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)
410.8345.0:<2020/12/29, 11:55:22>: 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER): 31/12/2018
Rows deleted: 0
CertUtil: -deleterow command completed successfully.
No certs have been cleaned although there are more than enough that should be cleared.
you have to keep the date format at "certutil -deletrow %date% Request" command same as your request submission date.
Example:
in my failed request the Request submission date was: 2021-01-12
I run the "certutil -deletrow 2021/01/12 Request", and it worked, all failed requests till January 12, 2021 have been deleted/cleaned up.
Related
I’m having this weird error when deploying to nexus.
npm i
npm ERR! code E403
npm ERR! 403 Forbidden: express#^4.16.3
Where the artifact at the end it changes from time to time (I mean, is not always express#^4.16.3)
Things I have checked so far.
I can login to Nexus through browser using the user and password that is defined on the upload.
I can login to Nexus repo through shell using the user and password defined on the upload.
I can upload the package using a local shell and using the same credentials.
During the execution, I did a curl -v repo-url and I get a correct response (so I assume I got network connectivity).
I have checked if was a proxy, and there was.
I deleted the proxy configuration
I changed to another proxy
I added a no proxy variable so I can except the FQDN of the Nexus URL Repo
I also checked if the package (in this case express#^4.16.3) exists on Nexus, and it does.
But in all cases I’m still getting the 403 error at the end.
To give a bit more of context.
This is using Jenkins.
And targetting a new nexus that I'm deploying.
If I use the old nexus I don’t have this issues. It only happens to the new version
And, I migrate all the data, so the same user that exists in the old nexus is in the new one and you can login with those credentials.
I have checked nexus.log, request.log and Jenkins logs but didn't find any errors.
Jenkins and "old nexus" are installed in docker form in the same server
"New nexus" is installed in another server, also as a container.
From the servers I have network connectivity between them (can ping them, check port, and curl to the URLs.
I have given nx-admin role to the user that is configured.
Still the same error.
While the Jenkins job was running, I left the Nexus Log Viewer open
There was no error or sign in the Nexus Log Viewer.
BUT, I managed to find the following log in Jenkins: JENKINS_HOME/.npm/_logs/timestamp-debug.log
Where I have the ERR 403, and got the following
jenkins#hostname:~/.npm/_logs$ cat timestamp-debug.log
0 info it worked if it ends with ok
1 verbose cli [ '/var/jenkins_home/tools /jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/bin/node',
1 verbose cli '/var/jenkins_home/tools /jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/bin/npm',
1 verbose cli 'i' ]
2 info using npm#5.6.0
3 info using node#v8.9.4
4 verbose npm-session 609c979f77769373
5 silly install runPreinstallTopLevelLifecycles
6 silly preinstall api-docs#1.0.0
7 info lifecycle api-docs#1.0.0~preinstall: api-docs#1.0.0
8 silly install loadCurrentTree
9 silly install readLocalPackageData
10 silly install loadIdealTree
11 silly install cloneCurrentTreeToIdealTree
12 silly install loadShrinkwrap
13 silly install loadAllDepsIntoIdealTree
14 http fetch GET 403 http://nexus-url/repository/my-repo-npm/express 2096ms
15 silly fetchPackageMetaData error for express#^4.16.3 403 Forbidden: express#^4.16.3
16 http fetch GET 403 http://nexus-url/repository/my-repo-npm/http-server 2094ms
17 http fetch GET 403 http://nexus-url/repository/my-repo-npm/swagger-ui-express 2092ms
18 silly fetchPackageMetaData error for http-server#^0.11.1 403 Forbidden: http-server#^0.11.1
19 silly fetchPackageMetaData error for swagger-ui-express#^4.0.1 403 Forbidden: swagger-ui-express#^4.0.1
20 http fetch GET 403 http://nexus-url/repository/my-repo-npm/multi-file-swagger 2095ms
21 silly fetchPackageMetaData error for multi-file-swagger#2.2.0 403 Forbidden: multi-file-swagger#2.2.0
22 http fetch GET 403 http://nexus-url/repository/my-repo-npm/express 45ms
23 silly fetchPackageMetaData error for express#^4.16.3 403 Forbidden: express#^4.16.3
24 http fetch GET 403 http://nexus-url/repository/my-repo-npm/http-server 46ms
25 silly fetchPackageMetaData error for http-server#^0.11.1 403 Forbidden: http-server#^0.11.1
26 http fetch GET 403 http://nexus-url/repository/my-repo-npm/multi-file-swagger 48ms
27 silly fetchPackageMetaData error for multi-file-swagger#2.2.0 403 Forbidden: multi-file-swagger#2.2.0
28 http fetch GET 403 http://nexus-url/repository/my-repo-npm/swagger-ui-express 49ms
29 silly fetchPackageMetaData error for swagger-ui-express#^4.0.1 403 Forbidden: swagger-ui-express#^4.0.1
30 silly saveTree api-docs#1.0.0
31 verbose stack Error: 403 Forbidden: express#^4.16.3
31 verbose stack at fetch.then.res (/var/jenkins_home/tools /jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/lib/node_modules/npm/node_modules/pacote/lib/fetchers/registry/fetch.js:42:19)
31 verbose stack at tryCatcher (/var/jenkins_home/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/lib/node_modules/npm/node_modules/bluebird/js/release/util.js:16:23)
31 verbose stack at Promise._settlePromiseFromHandler (/var/jenkins_home/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:512:31)
31 verbose stack at Promise._settlePromise (/var/jenkins_home/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:569:18)
31 verbose stack at Promise._settlePromise0 (/var/jenkins_home/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:614:10)
31 verbose stack at Promise._settlePromises (/var/jenkins_home/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/lib/node_modules/npm/node_modules/bluebird/js/release/promise.js:693:18)
31 verbose stack at Async._drainQueue (/var/jenkins_home/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:133:16)
31 verbose stack at Async._drainQueues (/var/jenkins_home/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:143:10)
31 verbose stack at Immediate.Async.drainQueues (/var/jenkins_home/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/lib/node_modules/npm/node_modules/bluebird/js/release/async.js:17:14)
31 verbose stack at runCallback (timers.js:789:20)
31 verbose stack at tryOnImmediate (timers.js:751:5)
31 verbose stack at processImmediate [as _immediateCallback] (timers.js:722:5)
32 verbose cwd /var/jenkins_home/jobs/CUSTOM/workspace
33 verbose Linux 4.4.21-69-default
34 verbose argv "/var/jenkins_home/tools /jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/bin/node" "/var/jenkins_home/tools/jenkins.plugins.nodejs.tools.NodeJSInstallation/Node_8.9.4/bin/npm" "i"
35 verbose node v8.9.4
36 verbose npm v5.6.0
37 error code E403
38 error 403 Forbidden: express#^4.16.3
39 verbose exit [ 1, true ]
I looked for this packages on my Nexus Repo
express#^4.16.3
http-server#^0.11.1
swagger-ui-express#^4.0.1
multi-file-swagger#2.2.0
And found that I did not got some of those, so I downloaded them and uploaded to the repo.
I have also rerun the job, but still got the same error.
Even configuring the proxy at server and container level didn't worked.
I'd found out that Jenkins has a proxy configuration at the application level.
So I went into Jenkins, Administration section and configured the proxy properly. After that was done, it all started to work.
Jenkins job is unable to checkout code .PFB error.
java.io.IOException: Failed to check out http://hostname:port/svn/rbESB/tags/dev/System/s-application/s-application-635
Caused by: org.tmatesoft.svn.core.SVNException: svn: E175002:
Processing REPORT request response failed: Premature end of file.
(/svn/rbESB/!svn/vcc/default) svn: E175002: REPORT request failed on
'/svn/rbESB/!svn/vcc/default'
It got resolved . I performed below step. – Nirbhay Singh 16 hours ago
1
Performed below changes in Jenkins file at /etc/sysconfig/Jenkins location. Added -Dhudson.spool-svn=true in JENKINS_JAVA_OPTIONS argument. – Nirbhay Singh 16 hours ago
1
JENKINS_JAVA_OPTIONS = "-Dhudson.spool-svn=true " Update at location /etc/sysconfig/jenkins file –
I am following the "Getting Started" guide from the Jenkins documentation; however, I have not been able to get Jenkins to run properly. When I run the command java -jar jenkins.war --httpPort=8080 I get a series of warnings/errors and Jenkins will not run as expected. I am not able to install any plugins or complete the very next step of the getting started guide.
The first warning I receive is for deleting a temp file. It appears to fail because there is no file at that location.
Jan 27, 2018 11:58:13 PM Main deleteWinstoneTempContents
WARNING: Failed to delete the temporary Winstone file
/var/folders/mg/r5m253mx4hz75sk1f_gn5xg80000gn/T/winstone/jenkins.war
The next warning I get is a Jetty warning. I have no idea what the issue is here, as I am not familiar with Jetty.
Jan 27, 2018 11:58:16 PM
org.eclipse.jetty.server.handler.ContextHandler setContextPath
WARNING: Empty contextPath
The next warning is,
Jan 27, 2018 11:58:34 PM jenkins.slaves.DeprecatedAgentProtocolMonitor
initializerCheck
WARNING: This Jenkins instance uses deprecated Remoting protocols: CLI-
connect,CLI2-connect,JNLP-connect,JNLP2-connectIt may impact stability
of the instance. If newer protocol versions are supported by all system
components (agents, CLI and other clients), it is highly recommended to
disable the deprecated protocols.
And finally, I get a lengthy stacktrace regarding some type of Hudson or certification issue.
Jan 27, 2018 11:58:37 PM hudson.model.UpdateCenter updateDefaultSite
WARNING: Upgrading Jenkins. Failed to update the default Update Site
'default'. Plugin upgrades may fail.
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at hudson.model.DownloadService.loadJSON(DownloadService.java:167)
at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:190)
at hudson.model.UpdateCenter.updateDefaultSite(UpdateCenter.java:2194)
at jenkins.install.SetupWizard.init(SetupWizard.java:184)
at jenkins.install.InstallState$3.initializeState(InstallState.java:105)
at jenkins.model.Jenkins.setInstallState(Jenkins.java:1037)
at jenkins.install.InstallUtil.proceedToNextStateFrom(InstallUtil.java:98)
at jenkins.model.Jenkins.<init>(Jenkins.java:927)
at hudson.model.Hudson.<init>(Hudson.java:86)
at hudson.model.Hudson.<init>(Hudson.java:82)
at hudson.WebAppMain$3.run(WebAppMain.java:233)
Caused by: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 29 more
As I said, I am following their instructions word for word and they're very simple, but it just won't work. Any help that you can provide would be much appreciated. Thanks.
It can depend on your exact setup and OS: this was seen for instance in a docker setup, with jenkinsci/docker issue 422, although this Dockerfile works.
The issue includes:
I was facing the same problem and I fixed it by removing option '--preferedClassLoader' in environment variable JENKINS_ARGS.
That being said, your local Jenkins instance might want to connect to https site (for instance to check for plugins update).
If that is the case, you would need to import the certificate of the remote site into your JDK keystore.
I am using Dockerflow to run parallel tasks through the Google Pipelines API on Google Cloud Platform. I started a single-step task running 1389 VMs in parallel and found that 233 of the VMs were apparently doing nothing and hanging indefinitely.
I did a spot check of the serial console output and repeatedly saw the VMs running into "Getting controller config failed" errors.
When I tried logging into the VMs I received the error: "Connection Failed. We are unable to connect to the VM on port 22".
I am wondering why my VM instances are hanging, and if there is something I can do to avoid running into these issues.
I've included a snippet of the serial console output below
startupscript: +++ readlink -f /usr/share/google-genomics/startup.sh
startupscript: ++ dirname /usr/share/google-genomics/startup.sh
startupscript: + cd /usr/share/google-genomics
startupscript: + ./controller --operation_id <id> --validation_token <token> --base_path https://genomics.googleapis.com
create controller[2905]: Getting controller config
create controller[2905]: Getting controller config failed, will retry: Get <link>: Get <service_account_token_link>: net/http: timeout awaiting response headers
create controller[2905]: Getting controller config failed, will retry: Get <link>: dial tcp 74.125.26.95:443: i/o timeout
collectd[2342]: write_gcm: Asking metadata server for auth token
collectd[2342]: write_gcm: curl_easy_perform() failed: Couldn't connect to server
collectd[2342]: write_gcm: Error -1 from wg_curl_get_or_post
collectd[2342]: write_gcm: wg_transmit_unique_segment failed.
collectd[2342]: write_gcm: wg_transmit_unique_segments failed. Flushing.
there was a temporary networking issue in us-east1-b. All 3 above VMs were in us-east1-b. These minor incidents do not appear in https://status.cloud.google.com/
Serial console output for a successful run looks like:
A Feb 21 19:05:06 ggp-5629907348021283130 startupscript: + ./controller --operation_id --validation_token --base_path https://autopush-genomics.sandbox.googleapis.com
A Feb 21 19:05:06 ggp-5629907348021283130 create controller[2689]: Getting controller config
A Feb 21 19:05:36 ggp-5629907348021283130 create controller[2689]: Getting controller config failed, will retry: Get https://genomics.googleapis.com/v1alpha2/pipelines:getControllerConfig?alt=json&operationId=&validationToken=: dial tcp 173.194.212.81:443: i/o timeout
A Feb 21 19:05:43 ggp-5629907348021283130 controller[2689]: Switching to status: pulling-image
A Feb 21 19:05:43 ggp-5629907348021283130 controller[2689]: Calling SetOperationStatus(pulling-image)
A Feb 21 19:05:44 ggp-5629907348021283130 controller[2689]: SetOperationStatus(pulling-image) succeeded
The "Getting controller config failed, will retry" is fine. It succeeded upon retry. The "SetOperationStatus(pulling-image) succeeded" indicates networking is working.
In theory, you can submit any number of jobs to Pipelines API and the API will take care of queueing.
If these temporary networking hiccups become common, we may consider changing Pipelines API to somehow detect and retry.
there may have been a temporary networking issue. Can you give me some failed operation ids (or failed VM names)?
Have you tried again since then; can you reproduce the problem?
I've dug into several threads (here, here, and here to name a few) but I just cannot figure this out. I've cleared cache, reset the simulator, tripled checked .plist files, cloned my repo again, and even reinstalled Xcode.
And here's the rub - the same repo works on my other machine. Here is log error:
Oct 8 09:51:09 CoreSimulatorService[1941] <Error>: Could not register service com.apple.coreservices.lsuseractivity.simulatorsupport: Failed to lookup com.apple.coreservices.lsuseractivity.simulatorsupport: 0x44e
Oct 8 09:51:11 com.apple.dt.Xcode[1927] <Error>: Error Domain=LaunchServicesError Code=0 "(null)" UserInfo={Error=ExecutableTwiddleFailed, ErrorDescription=Failed to chmod file:///Users/Jason/Library/Developer/CoreSimulator/Devices/0593D533-2974-4464-937C-B77EC0299078/data/Library/Caches/com.apple.containermanagerd/Temp/Bundle/Application/FA2B923A-1015-43E5-BA59-716BBD114A3D/Test.app/PlugIns/TestActionExtension.appex/TestActionExtension : No such file or directory}
I also tried clearing the cache where it's looking for the extension that's giving me issues.