Tools/Manuals/TS22
Jump to navigation
Jump to search
Back to Troubleshooting Guide
425 425 Can't open data connection. timed out() failed.
Full message
$ lcg-rep --vo dteam lfn:my-test-lfn -d my-SE.my-domain the server sent an error response: 425 425 Can't open data connection. timed out() failed.
Diagnosis
Typical scenario: on a WN lcg-rep from a remote SE to the close/default SE fails. This can have various causes:
- At the time of the command the target SE was down or unreachable from outside, e.g. shielded by some firewall on the way.
- The GLOBUS_TCP_PORT_RANGE is not defined on the target SE, or the range is not allowed by some firewall on the way.
- Some firewall on the way to the SE has a problem with connections in rapid succession that all use the same source and destination ports, e.g. rapidly repeating occurrences of source:20000 --> SE:20000, which used to be normal when a file is copied onto the SE.
The idea is that normally the source port will be assigned by the OS to a different value for each connection, so that a firewall may conclude that rapid repetitions are abnormal/illegal, so should be blocked.
Recent versions of Globus (e.g. as used in gLite 3.2) let the OS pick random source ports unless the environment variable GLOBUS_TCP_SOURCE_RANGE (sic) is defined; that variable should never be set.
Solution
- Check definition of GLOBUS_TCP_PORT_RANGE on the target SE and if the GridFTP server was (re)started with that definition.
- Check the rules of firewalls on the way to the SE.
- Use a recent version of Globus on the source host (SE, UI, WN).
- Do not define GLOBUS_TCP_SOURCE_RANGE (sic).