Back to Troubleshooting Guide

Generic verification error for VOMS (failure)!

Full message

In /var/log/glite/gatekeeper.log or /var/log/gridftp-lcas_lcmaps.log (on gLite-CE):

LCAS   0: 2006-12-27.17:15:51.873516.0000031537.0000015470 :
   lcas_plugin_voms-plugin_confirm_authorization_from_x509():
 Generic verification error for VOMS (failure)!
LCAS   0: 2006-12-27.17:15:51.873516.0000031537.0000015470 :
   lcas_plugin_voms-plugin_confirm_authorization_from_x509():
 voms plugin failed

In /var/log/globus-gatekeeper.log or /var/log/gridftp-lcas_lcmaps.log (on LCG-CE or SE_classic):

LCMAPS 0: 2006-12-27.18:21:14.747346.0000009868.0000005366 :
   lcmaps_plugin_voms-plugin_run():
 Generic verification error for VOMS (failure)!
LCMAPS 0: 2006-12-27.18:21:14.747346.0000009868.0000005366 :
   lcmaps_plugin_voms-plugin_run():
 voms plugin failed

In /var/log/lfc/log (on LFC) or /var/log/dpns/log (on DPM):

01/17 11:12:00 28364,0 Cns_serv: Could not establish security context:
_Csec_get_voms_creds: Generic verification error for VOMS (failure) !

In /var/log/dpm/log (on DPM):

01/17 17:29:00 22553,24 dpm_serv: Could not establish security context:
 _Csec_get_voms_creds: Generic verification error for VOMS (failure) !

In /var/log/dpm-gsiftp/gridftp.log (on DPM):

Jan 17 17:29:46 lxdpm01 gridftpd[9941]:
 Generic verification error for VOMS (failure)!

Diagnosis

This happens when the VOMS extensions are present in the user proxy, but:

* either they have expired (their max. lifetime typically is a few days,
whereas the underlying grid proxy can have a lifetime up to the
expiration time of the user certificate);

* or they were signed by a server whose host cert is not present in
{{{/etc/grid-security/vomsdir}}} on the CE/LFC/SE, or its CRL is out of date,
or its CA is not present;

* or the VOMS extensions were signed by a VOMS server host cert that
in the meantime has expired itself.