Closed Dolphinsimon closed 2 years ago
fcabrera23
commented
2 years ago Hi @Dolphinsimon,
Could you please connect to the EFLOW VM and run the command sudo arp -a and share the output?
Also, have you tried ELFOW 1.1LTS version?
Thanks, Francisco
Dolphinsimon
commented
2 years ago sudo arp -a _gateway (192.168.167.129) at 02:15:00:6b:c5:8c [ether] on eth0
Only tried CR version. The 1.2.9 works fine in our physical server. I have this issue in a Hyper-V virtual machine.
Dolphinsimon
commented
2 years ago And Get-EflowVmAddr
Querying IP and MAC addresses from virtual machine (EDGEGATEWAY-EFLOW)
fcabrera23
commented
2 years ago Hi @Dolphinsimon,
Thanks for the information. Have you enabled the vTPM on the Windows VM? Can you please confirm that the data is available through the Windows OS, without TPM passthrough? Check Retrieve provisioning information for your TPM.
Thanks, Francisco
Dolphinsimon
commented
2 years ago Yes, the vTPM works fine and I can use tpm provisioning for iotedge windows in the vm.
fcabrera23
commented
2 years ago Hi @Dolphinsimon,
Thanks for your response. Please run the following commands:
Please share the output of that command. Also, could you make sure the EFLOWProxy service is running?
Thanks, Francisco
Dolphinsimon
commented
2 years ago iotedge-user@EDGEGATEWAY-EFLOW [ ~ ]$ sudo /usr/bin/tpm_device_provision Gathering the registration information...
(process:15663): CRITICAL : 12:37:51.849: failed to allocate dbus proxy object: Error calling StartServiceByName for com.intel.tss2.Tabrmd: GDBus.Error:org.freedesktop.DBus.Error.TimedOut: Failed to activate service 'com.intel.tss2.Tabrmd': timed out (service_start_timeout=25000ms) Error: Time:Fri May 20 12:37:51 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/deps/utpm/src/tpm_comm_linux.c Func:load_abrmd Line:235 Tss2_Tcti_Info(ctx, ...) in libtss2-tcti-tabrmd.so failed Error: Time:Fri May 20 12:37:51 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/deps/utpm/src/tpm_comm_linux.c Func:tpm_usermode_resmgr_connect Line:268 Failure: No user mode TRM found. Error: Time:Fri May 20 12:37:51 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/deps/utpm/src/tpm_comm_linux.c Func:tpm_comm_create Line:335 Failure: connecting to the TPM device Error: Time:Fri May 20 12:37:51 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/deps/utpm/src/tpm_codec.c Func:Initialize_TPM_Codec Line:258 creating tpm_comm object Error: Time:Fri May 20 12:37:51 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/adapters/hsm_client_tpm.c Func:initialize_tpm_device Line:453 Failure initializeing TPM Codec Error: Time:Fri May 20 12:37:51 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/adapters/hsm_client_tpm.c Func:hsm_client_tpm_create Line:492 Failure initializing tpm device. Error: Time:Fri May 20 12:37:51 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/src/prov_auth_client.c Func:prov_auth_create Line:307 failed create device auth module. failed creating security device handle
Dolphinsimon
commented
2 years ago I am sure EFLOWProxy service is running. But sometimes the Get-EflowVmAddr command also could failed.
Get-EflowVmAddr
[05/20/2022 12:45:12] Querying IP and MAC addresses from virtual machine (EDGEGATEWAY-EFLOW)
Dolphinsimon
commented
2 years ago When the Get-EflowVmAddr executed success, the sudo /usr/bin/tpm_device_provision output is different:
Gathering the registration information...
(process:5658): WARNING : 12:55:00.896: Failed to create connection with service: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name :1.172 was not provided by any .service files Error: Time:Fri May 20 12:55:00 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/deps/utpm/src/tpm_comm_linux.c Func:load_abrmd Line:235 Tss2_Tcti_Info(ctx, ...) in libtss2-tcti-tabrmd.so failed Error: Time:Fri May 20 12:55:00 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/deps/utpm/src/tpm_comm_linux.c Func:tpm_usermode_resmgr_connect Line:268 Failure: No user mode TRM found. Error: Time:Fri May 20 12:55:00 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/deps/utpm/src/tpm_comm_linux.c Func:tpm_comm_create Line:335 Failure: connecting to the TPM device Error: Time:Fri May 20 12:55:00 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/deps/utpm/src/tpm_codec.c Func:Initialize_TPM_Codec Line:258 creating tpm_comm object Error: Time:Fri May 20 12:55:00 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/adapters/hsm_client_tpm.c Func:initialize_tpm_device Line:453 Failure initializeing TPM Codec Error: Time:Fri May 20 12:55:00 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/adapters/hsm_client_tpm.c Func:hsm_client_tpm_create Line:492 Failure initializing tpm device. Error: Time:Fri May 20 12:55:00 2022 File:/usr/src/mariner/BUILD/azure-iot-sdk-c/provisioning_client/src/prov_auth_client.c Func:prov_auth_create Line:307 failed create device auth module. failed creating security device handle
seanyen
commented
2 years ago @Dolphinsimon Thanks for the information. According to the logs, the TPM software stack seemed not to be able to start, and can you run the commands to help us learn more: (Based on your description, there might be some disconnection in the network stack and subsequentially could affect the communication between the VM and the Host TPM software stack. And hope we can narrow it down with further logs.)
Invoke-EflowVmCommand "sudo systemctl status tpm*"
Invoke-EflowVmCommand "sudo arp -a"
ipconfig /allAnd here is the example output for a TPM working EFLOW VM:
PS C:\Windows\system32> Invoke-EflowVmCommand "sudo systemctl status tpm*"
* tpm2-socat@2321.service - TPM2 Sandbox Service on Port 2321
Loaded: loaded (/etc/systemd/system/tpm2-socat@.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-05-20 19:05:44 UTC; 2min 22s ago
Process: 2348 ExecStartPre=/usr/bin/bash -c [ ! -z $(arp -a | grep 'DESKTOP-M30JON5.mshome.net\|02:15:00:8a:a3:58' | awk -F'[()]' '{print $2}' | head -1) ] && exit 0 || exit 1 (code=exited, status=0/SUCCESS)
Main PID: 2364 (socat)
Tasks: 1 (limit: 947)
Memory: 852.0K
CGroup: /system.slice/system-tpm2\x2dsocat.slice/tpm2-socat@2321.service
`-2364 /usr/bin/socat -v tcp-listen:2321,reuseaddr,bind=127.0.0.1 openssl-connect:192.168.206.113:2321,cert=/etc/.eflow/client.pem,cafile=/etc/.eflow/server.crt,verify=0
May 20 19:06:17 DESKTOP-M30JON5-EFLOW bash[2364]: ....< 2022/05/20 19:06:17.865507 length=398 from=1058 to=1455
May 20 19:06:17 DESKTOP-M30JON5-EFLOW bash[2364]: ...........:...\v..... .q.gD.......F..$.R.n.R\vd....3.i......C..\b.........h.qX.4..Mz.
May 20 19:06:17 DESKTOP-M30JON5-EFLOW bash[2364]: ...q.... #n....ec.2]..uQI.1+4.7..7Y.Gb'...&..~Y)..\b...G...d.......GQL.J...8.u=.O.....?.E!IZ/...8.....|.=>..*....Yu4..\f,xp~7..}6...p..'.0".wz..`..b53$....\b/kV....._=5.\f^...)n..9.2...Y9..N.,.-...."X3..eB8V..Z"m..J\b...\fe.O}ut..e....?x.Q`..Ri..13.".\v...w#.:.FB/9cW\\.~....5.......:o..".\v.(.2u......4j..a.......4...."C\\.< 2022/05/20 19:06:17.866005 length=4 from=1456 to=1459
May 20 19:06:17 DESKTOP-M30JON5-EFLOW bash[2364]: ....> 2022/05/20 19:06:17.866315 length=9 from=175 to=183
May 20 19:06:17 DESKTOP-M30JON5-EFLOW bash[2364]: ...\b.....> 2022/05/20 19:06:17.866355 length=14 from=184 to=197
May 20 19:06:17 DESKTOP-M30JON5-EFLOW bash[2364]: .........s....< 2022/05/20 19:06:17.923067 length=4 from=1460 to=1463May 20 19:06:17 DESKTOP-M30JON5-EFLOW bash[2364]: ...n< 2022/05/20 19:06:17.924390 length=366 from=1464 to=1829
May 20 19:06:17 DESKTOP-M30JON5-EFLOW bash[2364]: .....n.........\v...r.......C..\b............l .e.*\\.. .....?.v.hw......-m...q: .vj......>...\a..+.h.7...'|..........i.o=s..H.......s.....UwE.P9...D.
May 20 19:06:17 DESKTOP-M30JON5-EFLOW bash[2364]: ../&K.....i..-.G....~.Midz.O.S..5...3\f.#...Y....I.a..e;r.?%.h..S.U|...Ld........8....n;.\a,\\}..N[4....Y...QIAXr...+.mq.l.o........X4..z..{d..G..
May 20 19:06:17 DESKTOP-M30JON5-EFLOW bash[2364]: ....".\vu.}..6"[*..!...p.....#p... ....?.".\vR".]<.v.<Ad|..P..C.7\rX....M,h..v< 2022/05/20 19:06:17.925240 length=4 from=1830 to=1833
* tpm2-netns.service - TPM2 Network Namespace
Loaded: loaded (/etc/systemd/system/tpm2-netns.service; enabled; vendor preset: enabled)
Active: active (exited) since Fri 2022-05-20 19:05:44 UTC; 2min 22s ago
Process: 2341 ExecStart=/usr/bin/sudo iptables -A FORWARD -o eth0 -i v-eth1 -j ACCEPT (code=exited, status=0/SUCCESS)
Process: 2331 ExecStart=/usr/bin/sudo iptables -A FORWARD -i eth0 -o v-eth1 -j ACCEPT (code=exited, status=0/SUCCESS)
Process: 2320 ExecStart=/usr/bin/sudo iptables -t nat -A POSTROUTING -s 10.200.1.0/255.255.255.0 -o eth0 -j MASQUERADE (code=exited, status=0/SUCCESS)
Process: 2309 ExecStart=/usr/bin/sudo ip netns exec ns1 ip route add default via 10.200.1.1 (code=exited, status=0/SUCCESS)
Process: 2301 ExecStart=/usr/bin/sudo ip netns exec ns1 ip link set lo up (code=exited, status=0/SUCCESS)
Process: 2289 ExecStart=/usr/bin/sudo ip netns exec ns1 ip link set v-peer1 up (code=exited, status=0/SUCCESS)
Process: 2277 ExecStart=/usr/bin/sudo ip netns exec ns1 ip addr add 10.200.1.2/24 dev v-peer1 (code=exited, status=0/SUCCESS)
Process: 2251 ExecStart=/usr/bin/sudo ip link set v-eth1 up (code=exited, status=0/SUCCESS)
Process: 2236 ExecStart=/usr/bin/sudo ip addr add 10.200.1.1/24 dev v-eth1 (code=exited, status=0/SUCCESS)
Process: 2185 ExecStart=/usr/bin/sudo ip link set v-peer1 netns ns1 (code=exited, status=0/SUCCESS)
Process: 2176 ExecStart=/usr/bin/sudo ip link add v-eth1 type veth peer name v-peer1 (code=exited, status=0/SUCCESS)
Process: 2156 ExecStart=/usr/bin/sudo ip netns add ns1 (code=exited, status=0/SUCCESS)
Process: 2148 ExecStart=/usr/bin/sudo iptables -D FORWARD -o eth0 -i v-eth1 -j ACCEPT (code=exited, status=1/FAILURE)
Process: 2130 ExecStart=/usr/bin/sudo iptables -D FORWARD -i eth0 -o v-eth1 -j ACCEPT (code=exited, status=1/FAILURE)
Process: 2125 ExecStart=/usr/bin/sudo iptables -t nat --delete POSTROUTING -s 10.200.1.0/255.255.255.0 -o eth0 -j MASQUERADE (code=exited, status=1/FAILURE)
Process: 2109 ExecStart=/usr/bin/sudo ip link delete v-eth1 type veth (code=exited, status=1/FAILURE)
Process: 2087 ExecStart=/usr/bin/sudo ip netns del ns1 (code=exited, status=1/FAILURE)
Main PID: 2341 (code=exited, status=0/SUCCESS)
May 20 19:05:44 DESKTOP-M30JON5-EFLOW sudo[2320]: pam_unix(sudo:session): session closed for user root
May 20 19:05:44 DESKTOP-M30JON5-EFLOW sudo[2331]: root : PWD=/ ; USER=root ; COMMAND=/usr/sbin/iptables -A FORWARD -i eth0 -o v-eth1 -j ACCEPT
May 20 19:05:44 DESKTOP-M30JON5-EFLOW sudo[2331]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0)May 20 19:05:44 DESKTOP-M30JON5-EFLOW sudo[2331]: pam_systemd(sudo:session): Failed to create session: Start job for unit user@0.service failed with 'failed'
May 20 19:05:44 DESKTOP-M30JON5-EFLOW sudo[2331]: pam_unix(sudo:session): session closed for user root
May 20 19:05:44 DESKTOP-M30JON5-EFLOW sudo[2341]: root : PWD=/ ; USER=root ; COMMAND=/usr/sbin/iptables -A FORWARD -o eth0 -i v-eth1 -j ACCEPT
May 20 19:05:44 DESKTOP-M30JON5-EFLOW sudo[2341]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0)May 20 19:05:44 DESKTOP-M30JON5-EFLOW systemd[1]: Started TPM2 Network Namespace.
May 20 19:05:44 DESKTOP-M30JON5-EFLOW sudo[2341]: pam_systemd(sudo:session): Failed to create session: Start job for unit user@0.service failed with 'dependency'
May 20 19:05:44 DESKTOP-M30JON5-EFLOW sudo[2341]: pam_unix(sudo:session): session closed for user root
* tpm2-socat@2322.service - TPM2 Sandbox Service on Port 2322
Loaded: loaded (/etc/systemd/system/tpm2-socat@.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-05-20 19:05:44 UTC; 2min 22s ago
Process: 2349 ExecStartPre=/usr/bin/bash -c [ ! -z $(arp -a | grep 'DESKTOP-M30JON5.mshome.net\|02:15:00:8a:a3:58' | awk -F'[()]' '{print $2}' | head -1) ] && exit 0 || exit 1 (code=exited, status=0/SUCCESS)
Main PID: 2361 (socat)
Tasks: 1 (limit: 947)
Memory: 1.3M
CGroup: /system.slice/system-tpm2\x2dsocat.slice/tpm2-socat@2322.service
`-2361 /usr/bin/socat -v tcp-listen:2322,reuseaddr,bind=127.0.0.1 openssl-connect:192.168.206.113:2322,cert=/etc/.eflow/client.pem,cafile=/etc/.eflow/server.crt,verify=0
May 20 19:05:44 DESKTOP-M30JON5-EFLOW systemd[1]: Starting TPM2 Sandbox Service on Port 2322...
May 20 19:05:44 DESKTOP-M30JON5-EFLOW systemd[1]: Started TPM2 Sandbox Service on Port 2322.
May 20 19:05:44 DESKTOP-M30JON5-EFLOW bash[2361]: > 2022/05/20 19:05:44.618813 length=4 from=0 to=3
May 20 19:05:44 DESKTOP-M30JON5-EFLOW bash[2361]: ....< 2022/05/20 19:05:44.629351 length=4 from=0 to=3
May 20 19:05:44 DESKTOP-M30JON5-EFLOW bash[2361]: ....> 2022/05/20 19:05:44.629544 length=4 from=4 to=7
May 20 19:05:44 DESKTOP-M30JON5-EFLOW bash[2361]: ...\v< 2022/05/20 19:05:44.630119 length=4 from=4 to=7
* tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
Loaded: loaded (/etc/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-05-20 19:05:44 UTC; 2min 22s ago
Main PID: 2365 (sudo)
Tasks: 0 (limit: 947)
Memory: 552.0K
CGroup: /system.slice/tpm2-abrmd.service
> 2365 sudo -u tss /usr/sbin/tpm2-abrmd --tcti=libtss2-tcti-mssim.so.0:host=127.0.0.1,port=2321
May 20 19:05:44 DESKTOP-M30JON5-EFLOW systemd[1]: Starting TPM2 Access Broker and Resource Management Daemon...
May 20 19:05:44 DESKTOP-M30JON5-EFLOW sudo[2365]: root : PWD=/ ; USER=tss ; COMMAND=/usr/sbin/tpm2-abrmd --tcti=libtss2-tcti-mssim.so.0:host=127.0.0.1,port=2321
May 20 19:05:44 DESKTOP-M30JON5-EFLOW sudo[2365]: pam_unix(sudo:session): session opened for user tss(uid=1000) by (uid=0)
May 20 19:05:44 DESKTOP-M30JON5-EFLOW systemd[1]: Started TPM2 Access Broker and Resource Management Daemon.
PS C:\Windows\system32> Invoke-EflowVmCommand "sudo arp -a"
? (10.200.1.2) at 6e:ff:40:f6:5f:be [ether] on v-eth1
DESKTOP-M30JON5.mshome.net (192.168.206.113) at 02:15:00:8a:a3:58 [ether] on eth0
PS C:\Windows\system32> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DESKTOP-M30JON5
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mshome.net
Ethernet adapter vEthernet (Ethernet):
Connection-specific DNS Suffix . : mshome.net
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #3
Physical Address. . . . . . . . . : 00-15-5D-04-4E-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::24d0:ebc8:e4c6:3c06%2(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.91.87(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Lease Obtained. . . . . . . . . . : Friday, May 20, 2022 11:59:05 AM
Lease Expires . . . . . . . . . . : Saturday, May 21, 2022 11:59:05 AM
Default Gateway . . . . . . . . . : 192.168.80.1
DHCP Server . . . . . . . . . . . : 192.168.80.1
DHCPv6 IAID . . . . . . . . . . . : 419435869
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-D7-B5-55-00-15-5D-04-4E-11
DNS Servers . . . . . . . . . . . : 192.168.80.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter vEthernet (Default Switch):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 02-15-00-8A-A3-58
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::80f9:71f3:d47c:3123%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.206.113(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 201463040
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-D7-B5-55-00-15-5D-04-4E-11
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enablediotedge-user@EDGEGATEWAY-EFLOW [ ~ ]$ sudo systemctl status tpm*
* tpm2-netns.service - TPM2 Network Namespace
Loaded: loaded (/etc/systemd/system/tpm2-netns.service; enabled; vendor preset: enabled)
Active: active (exited) since Sat 2022-05-21 08:41:53 UTC; 3min 40s ago
Process: 1118 ExecStart=/usr/bin/sudo iptables -A FORWARD -o eth0 -i v-eth1 -j ACCEPT (code=exited, status=0/SUCCESS)
Process: 1112 ExecStart=/usr/bin/sudo iptables -A FORWARD -i eth0 -o v-eth1 -j ACCEPT (code=exited, status=0/SUCCESS)
Process: 1106 ExecStart=/usr/bin/sudo iptables -t nat -A POSTROUTING -s 10.200.1.0/255.255.255.0 -o eth0 -j MASQUERADE
(code=exited, status=0/SUCCESS)
Process: 1100 ExecStart=/usr/bin/sudo ip netns exec ns1 ip route add default via 10.200.1.1 (code=exited, status=0/SUC
CESS)
Process: 1093 ExecStart=/usr/bin/sudo ip netns exec ns1 ip link set lo up (code=exited, status=0/SUCCESS)
Process: 1083 ExecStart=/usr/bin/sudo ip netns exec ns1 ip link set v-peer1 up (code=exited, status=0/SUCCESS)
Process: 1065 ExecStart=/usr/bin/sudo ip netns exec ns1 ip addr add 10.200.1.2/24 dev v-peer1 (code=exited, status=0/S
UCCESS)
Process: 1047 ExecStart=/usr/bin/sudo ip link set v-eth1 up (code=exited, status=0/SUCCESS)
Process: 1025 ExecStart=/usr/bin/sudo ip addr add 10.200.1.1/24 dev v-eth1 (code=exited, status=0/SUCCESS)
Process: 1013 ExecStart=/usr/bin/sudo ip link set v-peer1 netns ns1 (code=exited, status=0/SUCCESS)
Process: 999 ExecStart=/usr/bin/sudo ip link add v-eth1 type veth peer name v-peer1 (code=exited, status=0/SUCCESS)
Process: 980 ExecStart=/usr/bin/sudo ip netns add ns1 (code=exited, status=0/SUCCESS)
Process: 962 ExecStart=/usr/bin/sudo iptables -D FORWARD -o eth0 -i v-eth1 -j ACCEPT (code=exited, status=1/FA
ILURE)
Process: 941 ExecStart=/usr/bin/sudo iptables -D FORWARD -i eth0 -o v-eth1 -j ACCEPT (code=exited, status=1/FA
ILURE)
Process: 931 ExecStart=/usr/bin/sudo iptables -t nat --delete POSTROUTING -s 10.200.1.0/255.255.255.0 -o eth0 -j MASQU
ERADE (code=exited, status=1/FAILURE)
Process: 920 ExecStart=/usr/bin/sudo ip link delete v-eth1 type veth (code=exited, status=1/FAILURE)
Process: 905 ExecStart=/usr/bin/sudo ip netns del ns1 (code=exited, status=1/FAILURE)
Main PID: 1118 (code=exited, status=0/SUCCESS)
May 21 08:41:53 EDGEGATEWAY-EFLOW sudo[1106]: pam_unix(sudo:session): session closed for user root
May 21 08:41:53 EDGEGATEWAY-EFLOW sudo[1112]: root : PWD=/ ; USER=root ; COMMAND=/usr/sbin/iptab
les -A FORWARD -i eth0 -o v-eth1 -j ACCEPT
May 21 08:41:53 EDGEGATEWAY-EFLOW sudo[1112]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0)
May 21 08:41:53 EDGEGATEWAY-EFLOW sudo[1112]: pam_systemd(sudo:session): Failed to create sessio
n: Start job for unit user@0.service failed with 'dependency'
May 21 08:41:53 EDGEGATEWAY-EFLOW sudo[1112]: pam_unix(sudo:session): session closed for user root
May 21 08:41:53 EDGEGATEWAY-EFLOW sudo[1118]: root : PWD=/ ; USER=root ; COMMAND=/usr/sbin/iptab
les -A FORWARD -o eth0 -i v-eth1 -j ACCEPT
May 21 08:41:53 EDGEGATEWAY-EFLOW sudo[1118]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=0)
May 21 08:41:53 EDGEGATEWAY-EFLOW sudo[1118]: pam_systemd(sudo:session): Failed to create sessio
n: Start job for unit user@0.service failed with 'dependency'
May 21 08:41:53 EDGEGATEWAY-EFLOW systemd[1]: Started TPM2 Network Namespace.
May 21 08:41:53 EDGEGATEWAY-EFLOW sudo[1118]: pam_unix(sudo:session): session closed for user root
* tpm2-abrmd.service - TPM2 Access Broker and Resource Management Daemon
Loaded: loaded (/etc/systemd/system/tpm2-abrmd.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2022-05-21 08:45:30 UTC; 2s ago
Process: 6229 ExecStart=/usr/sbin/ip netns exec ns1 sudo -u tss /usr/sbin/tpm2-abrmd --tcti=libtss2-tcti-mssim.so.0:ho
st=127.0.0.1,port=2321 (code=exited, status=74)
Main PID: 6229 (code=exited, status=74)
May 21 08:45:30 EDGEGATEWAY-EFLOW systemd[1]: tpm2-abrmd.service: Main process exited, code=exit
ed, status=74/IOERR
May 21 08:45:30 EDGEGATEWAY-EFLOW systemd[1]: tpm2-abrmd.service: Failed with result 'exit-code'
.
May 21 08:45:30 EDGEGATEWAY-EFLOW systemd[1]: Failed to start TPM2 Access Broker and Resource Ma
nagement Daemon.
* tpm2-socat@2322.service - TPM2 Sandbox Service on Port 2322
Loaded: loaded (/etc/systemd/system/tpm2-socat@.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2022-05-21 08:45:32 UTC; 654ms ago
Process: 6269 ExecStartPre=/usr/bin/bash -c [ ! -z $(arp -a | grep 'EdgeGateway.mshome.net\|02:15:00:8e:7c:28' | awk -
F'[()]' '{print $2}' | head -1) ] && exit 0 || exit 1 (code=exited, status=1/FAILURE)
May 21 08:45:32 EDGEGATEWAY-EFLOW systemd[1]: tpm2-socat@2322.service: Control process exited, c
ode=exited status=1
May 21 08:45:32 EDGEGATEWAY-EFLOW systemd[1]: tpm2-socat@2322.service: Failed with result 'exit-
code'.--
May 21 08:45:32 EDGEGATEWAY-EFLOW systemd[1]: Failed to start TPM2 Sandbox Service on Port 2322.
* tpm2-socat@2321.service - TPM2 Sandbox Service on Port 2321
Loaded: loaded (/etc/systemd/system/tpm2-socat@.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2022-05-21 08:45:32 UTC; 678ms ago
Process: 6270 ExecStartPre=/usr/bin/bash -c [ ! -z $(arp -a | grep 'EdgeGateway.mshome.net\|02:15:00:8e:7c:28' | awk -
F'[()]' '{print $2}' | head -1) ] && exit 0 || exit 1 (code=exited, status=1/FAILURE)
May 21 08:45:32 EDGEGATEWAY-EFLOW systemd[1]: tpm2-socat@2321.service: Control process exited, c
ode=exited status=1
May 21 08:45:32 EDGEGATEWAY-EFLOW systemd[1]: tpm2-socat@2321.service: Failed with result 'exit-
code'.--
May 21 08:45:32 EDGEGATEWAY-EFLOW systemd[1]: Failed to start TPM2 Sandbox Service on Port 2321.iotedge-user@EDGEGATEWAY-EFLOW [ ~ ]$ sudo arp -a
? (172.18.0.4) at 02:42:ac:12:00:04 [ether] on br-21b947e15e2a
? (172.18.0.2) at 02:42:ac:12:00:02 [ether] on br-21b947e15e2a
_gateway (172.17.173.193) at 02:15:00:a2:48:5d [ether] on eth0PS C:\Windows\system32> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : EdgeGateway
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mshome.net
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : mshome.net
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-01-7B-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::190:6d2e:15c2:4d48%11(Preferred)
IPv4 Address. . . . . . . . . . . : 172.25.211.237(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Lease Obtained. . . . . . . . . . : Saturday, May 21, 2022 8:41:11 AM
Lease Expires . . . . . . . . . . : Sunday, May 22, 2022 8:41:17 AM
Default Gateway . . . . . . . . . : 172.25.208.1
DHCP Server . . . . . . . . . . . : 172.25.208.1
DHCPv6 IAID . . . . . . . . . . . : 67114333
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-FB-DD-68-00-15-5D-01-7B-01
DNS Servers . . . . . . . . . . . : 172.25.208.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter vEthernet (Default Switch):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 02-15-00-A2-48-5D
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::587c:a278:9930:8e4f%7(Preferred)
IPv4 Address. . . . . . . . . . . : 172.17.173.193(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 117576960
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-FB-DD-68-00-15-5D-01-7B-01
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter vEthernet (nat):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-15-5D-5F-5C-C0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::11a:a76f:864b:8635%25(Preferred)
IPv4 Address. . . . . . . . . . . : 172.25.176.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 419435869
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-FB-DD-68-00-15-5D-01-7B-01
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : EnabledHi @Dolphinsimon,
Thanks for your information. I've edited the comments for better visualization. We'll take a look and reach back.
Thanks, Franicsco
fcabrera23
commented
2 years ago Hi @Dolphinsimon,
We haven't been able to reproduce this in our own environment. Are you still facing the same issue? Would you be able to join a call with our team to do some further troubleshooting?
Thanks, Francisco
Dolphinsimon
commented
2 years ago Hi @fcabrera23 ,
Yes , I still have the problem. I'd like to join the call.
fcabrera23
commented
2 years ago Broken installation - We reinstalled the EFLOW VM and enabled TPM and worked - There was an issue with the communication with the aziot-identity service.
Describe the bug Get-EflowVmTpmProvisioningInfo | Format-List
[05/16/2022 02:49:40] Retrieving TPM EK pub hash and registration ID for automated provisioning with DPS
Expected behavior Endorsement Key and Registration ID should display
Windows Host OS (please complete the following information):
Additional context Have tried reinstall the Eflow packages. EFlow CR Version: 1.2.9.20042 Default Switch