
<div dir="ltr">Hi, <div><br></div><div>I am using port 8443, since no other process -- as far as I know -- is using it;</div><div><br></div><div>below you will find all of the requested configuration files:</div><div><br></div>

<div>Contents of /etc/oat_client/*:</div><div>log4j.properties: <a href="http://pastebin.com/MQLM68vs">http://pastebin.com/MQLM68vs</a></div><div>OAT.properties: <a href="http://pastebin.com/LwHihxah">http://pastebin.com/LwHihxah</a></div>

<div>OATprovisioner.properties: <a href="http://pastebin.com/0x5TShtZ">http://pastebin.com/0x5TShtZ</a></div><div>TPMModule.properties: <a href="http://pastebin.com/hvw9gfRE">http://pastebin.com/hvw9gfRE</a></div><div><br>

</div><div><br></div><div>server.xml: <a href="http://pastebin.com/VZ9Vk6iC">http://pastebin.com/VZ9Vk6iC</a></div><div>OAT_client.sh: <a href="http://pastebin.com/St4yCGcF">http://pastebin.com/St4yCGcF</a><br></div><div>

provisioner.sh: <a href="http://pastebin.com/RedqQt8V">http://pastebin.com/RedqQt8V</a><br></div><div><br></div><div>cheers,</div><div>/Nicolae.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 13 November 2013 14:47, Wei, Gang <span dir="ltr">&lt;<a href="mailto:gang.wei@intel.com" target="_blank">gang.wei@intel.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This time it failed earlier. Looks like the PCA webservice2 was not<br>

listening on 8443 port. Have you replaced the port 8443 with 8442 in server<br>

side ($TOMCAT_HOME/conf/server.xml) but not change it in client side<br>

(/usr/share/oat-client/script/OAT_client.sh)? Or the 8443 port is occupied<br>

by another app?<br>

<br>

Please copy the content from your current server.xml, OAT_client.sh,<br>

provisioner.sh and /etc/oat-client/* into the content of your reply for<br>

analysis. (don&#39;t attach *.sh as attachments, that will get filtered by my<br>

company&#39;s mailing system).<br>

<br>

Thanks<br>

Jimmy<br>

<div class="im HOEnZb"><br>

<br>

&gt; -----Original Message-----<br>

&gt; From: Nicolae Paladi [mailto:<a href="mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>]<br>

&gt; Sent: Wednesday, November 13, 2013 7:01 PM<br>

&gt; To: Wei, Gang<br>

&gt; Cc: Doron Fediuck; <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>

&gt; Subject: Re: [Users] Trusted Pools and CentOS 6 packages<br>

&gt;<br>

</div><div class="HOEnZb"><div class="h5">&gt; Hi,<br>

&gt;<br>

&gt; thank you for the feedback;<br>

&gt; I&#39;ve gone through the steps again, but obtained the exactly same problem:<br>

&gt;<br>

&gt; 1. I removed all of the previously installed packaged related to OAT.<br>

&gt;<br>

&gt; 2. I followed the tutorial, until this command:<br>

&gt;<br>

&gt; bash provisioner.sh<br>

&gt;<br>

&gt; provisioner.sh: line 7: systemctl: command not found<br>

&gt; ### ecStorage = NVRAM###<br>

&gt; Performing TPM provisioning...FAILED<br>

&gt; javax.xml.ws.WebServiceException: Failed to access the WSDL at:<br>

&gt; <a href="https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor" target="_blank">https://seoul:8443/HisPrivacyCAWebServices2/hisPrivacyCAWebService2Factor</a><br>

&gt; yService?wsdl. It failed with:<br>

&gt;         Connection refused.<br>

&gt;         at<br>

&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLP<br>

&gt; arser.java:162)<br>

&gt;         at<br>

&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br>

&gt; ava:144)<br>

&gt;         at<br>

&gt; com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.jav<br>

&gt; a:265)<br>

&gt;         at<br>

&gt; com.sun.xml.ws.client.WSServiceDelegate.&lt;init&gt;(WSServiceDelegate.java:228)<br>

&gt;         at<br>

&gt; com.sun.xml.ws.client.WSServiceDelegate.&lt;init&gt;(WSServiceDelegate.java:176)<br>

&gt;         at<br>

&gt;<br>

com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104<br>

&gt; )<br>

&gt;         at javax.xml.ws.Service.&lt;init&gt;(Service.java:77)<br>

&gt;         at<br>

&gt;<br>

gov.niarl.his.webservices.hisprivacycawebservice2.server.HisPrivacyCAWebSer<br>

&gt;<br>

vice2FactoryServiceService.&lt;init&gt;(HisPrivacyCAWebService2FactoryServiceServi<br>

&gt; ce.java:42)<br>

&gt;         at<br>

&gt;<br>

gov.niarl.his.webservices.hisPrivacyCAWebService2.client.HisPrivacyCAWebSer<br>

&gt; vices2ClientInvoker.getHisPrivacyCAWebService2(HisPrivacyCAWebServices2Cli<br>

&gt; entInvoker.java:32)<br>

&gt;         at<br>

&gt; gov.niarl.his.privacyca.HisTpmProvisioner.main(HisTpmProvisioner.java:205)<br>

&gt; Caused by: java.net.ConnectException: Connection refused<br>

&gt;         at java.net.PlainSocketImpl.socketConnect(Native Method)<br>

&gt;         at<br>

&gt;<br>

java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339<br>

&gt; )<br>

&gt;         at<br>

&gt;<br>

java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.j<br>

&gt; ava:200)<br>

&gt;         at<br>

&gt; java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)<br>

&gt;         at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)<br>

&gt;         at java.net.Socket.connect(Socket.java:579)<br>

&gt;         at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)<br>

&gt;         at<br>

&gt; sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160)<br>

&gt;         at sun.net.NetworkClient.doConnect(NetworkClient.java:180)<br>

&gt;         at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)<br>

&gt;         at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)<br>

&gt;         at<br>

&gt; sun.net.www.protocol.https.HttpsClient.&lt;init&gt;(HttpsClient.java:275)<br>

&gt;         at<br>

&gt; sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:371)<br>

&gt;         at<br>

&gt; sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHt<br>

&gt; tpClient(AbstractDelegateHttpsURLConnection.java:191)<br>

&gt;         at<br>

&gt; sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnec<br>

&gt; tion.java:932)<br>

&gt;         at<br>

&gt; sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A<br>

&gt; bstractDelegateHttpsURLConnection.java:177)<br>

&gt;         at<br>

&gt; sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConn<br>

&gt; ection.java:1300)<br>

&gt;         at<br>

&gt; sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsU<br>

&gt; RLConnectionImpl.java:254)<br>

&gt;         at java.net.URL.openStream(URL.java:1037)<br>

&gt;         at<br>

&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSD<br>

&gt; LParser.java:804)<br>

&gt;         at<br>

&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(RuntimeWSDL<br>

&gt; Parser.java:262)<br>

&gt;         at<br>

&gt; com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.j<br>

&gt; ava:129)<br>

&gt;         ... 8 more<br>

&gt; Failed to initialize the TPM, error 1<br>

&gt; Performing HIS identity provisioning...FAILED<br>

&gt; gov.niarl.his.privacyca.TpmModule$TpmModuleException:<br>

&gt; TpmModule.getCredential returned nonzero error: 2()<br>

&gt;         at<br>

&gt; gov.niarl.his.privacyca.TpmModule.getCredential(TpmModule.java:594)<br>

&gt;         at<br>

&gt;<br>

gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisioner.j<br>

ava:<br>

&gt; 217)<br>

&gt; Failed to receive AIC from Privacy CA, error 1<br>

&gt; Registering identity with server...FAILED<br>

&gt; java.io.FileNotFoundException: /usr/share/oat-client/aik.cer (No such file<br>

or<br>

&gt; directory)<br>

&gt;         at java.io.FileInputStream.open(Native Method)<br>

&gt;         at java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:146)<br>

&gt;         at java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:101)<br>

&gt;         at<br>

gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>

&gt;         at<br>

&gt;<br>

</div></div><div class="im HOEnZb">gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:99<br>

)<br>

&gt; Failed to register identity with appraiser, error 1<br>

&gt;<br>

</div><div class="HOEnZb"><div class="h5">&gt; Should I have updated anything else?<br>

&gt;<br>

&gt; cheers,<br>

&gt; /Nicolae.<br>

&gt;<br>

&gt;<br>

&gt;<br>

&gt; On 1 November 2013 10:14, Wei, Gang &lt;<a href="mailto:gang.wei@intel.com">gang.wei@intel.com</a>&gt; wrote:<br>

&gt;<br>

&gt;<br>

&gt;       This is indeed an issue caused by the incompatibility between OAT<br>

tpm<br>

&gt; access<br>

&gt;       code &amp; tpm-tools(tpm_takeownership -z). It has already been fixed.<br>

&gt; Please<br>

&gt;       follow below wiki and try again.<br>

&gt;<br>

<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>

&gt; Recipe.<br>

&gt;<br>

&gt;       Thanks<br>

&gt;       Jimmy<br>

&gt;<br>

&gt;       Nicolae Paladi wrote on 2013-10-28:<br>

&gt;<br>

&gt;       &gt; Hi, I&#39;ve followed the recipe<br>

&gt;       &gt;<br>

&gt; (<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-Rec</a><br>

&gt;<br>

&gt;       &gt; i pe) but didn&#39;t get it to run yet; I think a step is missing --<br>

the AIK<br>

&gt;<br>

&gt;       &gt; is not available is /usr/share/oat-client (it was not available in<br>

&gt;       &gt; /var/lig/oat-appraiser/ClientFiles either); when I try to run<br>

&gt;       &gt; provisioner.sh, I get the following: provisioner.sh: line 7:<br>

systemctl:<br>

&gt;       &gt; command not found ### ecStorage = NVRAM### Performing TPM<br>

&gt;       &gt; provisioning...710 DONE Successfully initialized TPM Performing<br>

HIS<br>

&gt;       &gt; identity provisioning...FAILED java.util.NoSuchElementException<br>

&gt;       &gt;         at<br>

&gt; java.util.StringTokenizer.nextToken(StringTokenizer.java:349)<br>

&gt;       &gt;         at<br>

&gt;       &gt;<br>

&gt; gov.niarl.his.privacyca.TpmModule.executeVer2Command(TpmModule.java:21<br>

&gt;       &gt; 5)<br>

&gt;       &gt;         at<br>

&gt;       &gt;<br>

&gt; gov.niarl.his.privacyca.TpmModule.collateIdentityRequest(TpmModule.java:29<br>

&gt;       &gt; 2)<br>

&gt;       &gt;         at<br>

&gt;       &gt;<br>

gov.niarl.his.privacyca.HisIdentityProvisioner.main(HisIdentityProvisione<br>

&gt;<br>

&gt;       &gt; r.java: 225) Failed to receive AIC from Privacy CA, error 1<br>

Registering<br>

&gt;<br>

&gt;       &gt; identity with server...FAILED java.io.FileNotFoundException:<br>

&gt;       &gt; /usr/share/oat-client/aik.cer (No such file or directory)<br>

&gt;       &gt;         at java.io.FileInputStream.open(Native Method)<br>

&gt;       &gt;         at<br>

java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:137)<br>

&gt;       &gt;         at java.io.FileInputStream.&lt;init&gt;(FileInputStream.java:96)<br>

&gt;       &gt;         at<br>

&gt;       gov.niarl.his.privacyca.TpmUtils.certFromFile(TpmUtils.java:612)<br>

&gt;       &gt;         at<br>

&gt;       &gt;<br>

&gt;<br>

gov.niarl.his.privacyca.HisRegisterIdentity.main(HisRegisterIdentity.java:9<br>

&gt; 9<br>

&gt;       )<br>

&gt;       &gt; Failed to register identity with appraiser, error 1<br>

&gt;       &gt;<br>

&gt;       &gt;<br>

&gt;       &gt;<br>

&gt;       &gt; Thanks,<br>

&gt;       &gt; /Nicolae<br>

&gt;       &gt;<br>

&gt;       &gt;<br>

&gt;       &gt; On 27 October 2013 22:55, Nicolae Paladi &lt;<a href="mailto:n.paladi@gmail.com">n.paladi@gmail.com</a>&gt;<br>

wrote:<br>

&gt;       &gt;<br>

&gt;       &gt;<br>

&gt;       &gt;       Awesome, thanks!<br>

&gt;       &gt;<br>

&gt;       &gt;       I&#39;ll try this out in the morning<br>

&gt;       &gt;<br>

&gt;       &gt;       /Nicolae<br>

&gt;       &gt;<br>

&gt;       &gt;<br>

&gt;       &gt;       On 27 October 2013 17:03, Wei, Gang &lt;<a href="mailto:gang.wei@intel.com">gang.wei@intel.com</a>&gt;<br>

&gt; wrote:<br>

&gt;       &gt;<br>

&gt;       &gt;<br>

&gt;       &gt;               Please refer to<br>

&gt;       &gt;<br>

&gt;       &gt;<br>

&gt;<br>

<a href="https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-" target="_blank">https://github.com/OpenAttestation/OpenAttestation/wiki/OAT-for-RHEL-</a><br>

&gt;       &gt; Recipe.<br>

&gt;       &gt;<br>

&gt;       &gt;               Jimmy<br>

&gt;<br>

&gt;<br>

<br>

</div></div></blockquote></div><br></div>