RE: FW: gpg-agent connection errors
It is installed on the local file system of one of our internal servers, a portion of which is shared on our internal network. The server is running Windows Server 2016, and all of the clients that can access it are running Windows 10 or Windows Server 2012 R2 or higher. FWIW, GnuPG 1.x (latest probably 1.4.20 or 21) ran flawlessly in a similar installation arrangement for almost 15 years, before we upgraded to GnuPG 2.2.19 (via gpg4win 3.1.11) as part of the migration of the server to Windows Server 2016. As far as AV goes, a current version of ESET is running on the server, but I've already tried excluding the entire Keys subfolder (where those connection files and the keyring reside) from its scanning. I'll have our Network Administrator look into the firewall configuration, but as Werner observed, it doesn't fail ALL the time. Thanks. Kent A. Larsen, FLMI Systems Analyst New Era/Philadelphia American Life Insurance Companies klar...@neweralife.com Direct: (402) 905-2179 -Original Message- From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of Werner Koch via Gnupg-users Sent: Friday, May 22, 2020 3:49 AM To: Ángel Cc: gnupg-users@gnupg.org Subject: Re: FW: gpg-agent connection errors ATTENTION: This email came from an external source. Do not open attachments or click on links from unknown or unexpected emails. On Fri, 22 May 2020 03:18, Ángel said: > how this AF_UNIX socket is actually implemented on Gpg4win (as a named > pipe, perhaps?), but your issues might be related to having it on a It is a regular file with a nonce and a port. The server listens on localhost:THATPORT for connections and checks that the client provides the nonce in an initial handshake. Now if some plain stupid firewall software (Symantec _used_ to be one) blocks connections from localhost to localhost things won't work. But that can't be the problem of the OP because it worked most of the times. FWIW, Named pipes are not used because there is no mechanism on Windows to restrict them to the local machine. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. HIPAA requires covered entities to safeguard Protected Health Information (PHI) related to a person's health care. Information in this email may include PHI that has been provided after appropriate authorization from the patient or under certain circumstances that do not require the patient's authorization. You, the recipient, are obligated to maintain PHI in a safe and secure manner. You may not use or disclose this email without additional patient consent unless required by law. Unauthorized use or disclosure of or failure to safeguard PHI could subject you to penalties under state and/or federal law. The information contained in this email and any attachments is also confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, please notify us immediately and delete this email from your email system. Please also shred any hard copy of this email and attachments, if any. If you have received this email in error, please notify our Privacy Officer immediately at (281)368-7200 (in Houston) or toll free at (800)552-7879. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FW: gpg-agent connection errors
On Freitag, 22. Mai 2020 10:48:55 CEST Werner Koch via Gnupg-users wrote: > On Fri, 22 May 2020 03:18, Ángel said: > > how this AF_UNIX socket is actually implemented on Gpg4win (as a named > > pipe, perhaps?), but your issues might be related to having it on a > > It is a regular file with a nonce and a port. The server listens on > localhost:THATPORT for connections and checks that the client provides > the nonce in an initial handshake. Now if some plain stupid firewall > software (Symantec _used_ to be one) blocks connections from localhost > to localhost things won't work. But that can't be the problem of the OP > because it worked most of the times. Could also be caused by antivirus software. Such software prevents access to new files until it has checked those files. Maybe telling the antivirus software to ignore S.gpg-agent files helps. As for gpg-agent, maybe it could retry binding the socket a few times (with some delay) if an unknown error occurs. Regards, Ingo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FW: gpg-agent connection errors
On Fri, 22 May 2020 03:18, Ángel said: > how this AF_UNIX socket is actually implemented on Gpg4win (as a named > pipe, perhaps?), but your issues might be related to having it on a It is a regular file with a nonce and a port. The server listens on localhost:THATPORT for connections and checks that the client provides the nonce in an initial handshake. Now if some plain stupid firewall software (Symantec _used_ to be one) blocks connections from localhost to localhost things won't work. But that can't be the problem of the OP because it worked most of the times. FWIW, Named pipes are not used because there is no mechanism on Windows to restrict them to the local machine. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: FW: gpg-agent connection errors
On 2020-05-20 at 18:22 +, Kent A. Larsen wrote: > I've adding logging to our gpg-agent.conf file, and when these errors > occur the gpg-agent log file has the following error: > 2020-05-18 09:36:07 gpg-agent[3800] error binding socket to '\\Neofs1 > \Userapps\Apps\GnuPG\Keys\S.gpg-agent': Unknown error > Have had three of these just this week already. > What could be causing this, and what can we do to prevent it? > Thanks. Is the program installed on a remote server? I would place the gpg-agent socket on a local filesystem. I don't know how this AF_UNIX socket is actually implemented on Gpg4win (as a named pipe, perhaps?), but your issues might be related to having it on a network filesystem (I'm surprised it works, actually). Cheers ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
FW: gpg-agent connection errors
Werner, If that's the case, then why do we continue to intermittently get the following messages when issuing a command to sign+encrypt (or decrypt) a file? gpg: can't connect to the agent: IPC connect call failed gpg: keydb_search failed: No agent running gpg: skipped "0x8A811544": No agent running gpg: //neofs1/Userdata/IT/FileRetrieval/Chase/PositivePay/Positive_Pay_LifePRO.txt: sign+encrypt failed: No agent running I've adding logging to our gpg-agent.conf file, and when these errors occur the gpg-agent log file has the following error: 2020-05-18 09:36:07 gpg-agent[3800] error binding socket to '\\Neofs1\Userapps\Apps\GnuPG\Keys\S.gpg-agent': Unknown error Have had three of these just this week already. What could be causing this, and what can we do to prevent it? Thanks. Kent A. Larsen, FLMI Systems Analyst New Era/Philadelphia American Life Insurance Companies klar...@neweralife.com Direct: (402) 905-2179 Reply No. Fruther, gpg-agent and all other background processes are always started on demand. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -Original Message- From: Kent A. Larsen Sent: Tuesday, May 05, 2020 7:10 AM To: gnupg-users@gnupg.org Subject: gpg-agent connection errors As part of a server upgrade, we recently replaced a GnuPG 1.4.x installation with GnuPG 2.2.19, from the Gpg4win package (3.1.11). The server is running Windows Server 2016. We have an un-attended application that runs on that same server that needs to sign+encrypt a file (4 to 6 distinct files each weekday)for transfer to an external client. Since the upgrade, invoking gpg to sign+encypt a file periodically fails with the message "gpg: can't connect to the agent: IPC call failed" followed by messages indicating "No agent running". The failure appears to occur on the first file processed (in a group of 3 or more files), and the remaining files are processed without error. We are relying on gpg to automatically start gpg-agent (as needed). Does gpg-agent auto-terminate after a certain period of inactivity? Would appreciate any help you can provide that would allow us to eliminate these errors. Thanks. Kent A. Larsen, FLMI Systems Analyst New Era/Philadelphia American Life Insurance Companies klar...@neweralife.com Direct: (402) 905-2179 HIPAA requires covered entities to safeguard Protected Health Information (PHI) related to a person's health care. Information in this email may include PHI that has been provided after appropriate authorization from the patient or under certain circumstances that do not require the patient's authorization. You, the recipient, are obligated to maintain PHI in a safe and secure manner. You may not use or disclose this email without additional patient consent unless required by law. Unauthorized use or disclosure of or failure to safeguard PHI could subject you to penalties under state and/or federal law. The information contained in this email and any attachments is also confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, please notify us immediately and delete this email from your email system. Please also shred any hard copy of this email and attachments, if any. If you have received this email in error, please notify our Privacy Officer immediately at (281)368-7200 (in Houston) or toll free at (800)552-7879. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
