I am able to invoke my chaincode from docker cli successfully (fabric-shim).
i ran enrollAdmin.js and registerUser.js sucessfully,
but when i try to run invoke.js or query.js, i get Error: 2 UNKNOWN: access denied: channel [mychannel] creator org [Org1MSP].
Though there are limited information shows above, the peer log give the essential hint about the problem:
WARN 044 channel [mychannel]: MSP error: the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.org1.example.com"
Here is the suggestions that may help your to solve this problem:
Change your peer's logging level to DEBUG on docker-compose file, you will be more easily to find the solution followed by the debug information.
Make sure your CA container is running and its logs not throws out error, like some certifications verify error, which commonly causes by wrong configuration.
Now that the logs shows up some information about x509 ECDSA, which related to the signature and and the peers endorsement keycert. Also, this keycerts may storage on /tmp/hfc-key-store or any other place that you defined on you code. Try to clean up this temporary file and restart network again.
Noticed that your are using the fabric-sample repo, I think this problem may not caused by some code issues since you just modified a few parameters. So I recommend you to follow this tutorial to get the right step.
I came across similar issue.
I found out then channel name in network config and the channel I created was different. So I changed the channel name in the network config and it got fixed.
Related
I renewed the certificates of peer msp, orderer msp and tls. I am able to query the data from the ledger. But when I try to invoke the data, I got the following error,
Error: error sending transaction for invoke: got unexpected status: SERVICE_UNAVAILABLE -- channel renewalchannel is not serviced by me.
Can anyone suggest how to resolve this? If I missed anything?
New Peer is unable to join the channel.
I have created a new peer in an existing organization and when I am running
docker network inspect bridge I can see that new peer is part of the organization.
When I am trying this peer to join the channel (mychannel) it is throwing below error.
Error: 2 UNKNOWN: access denied: channel [] creator org [Org1MSP]
In the above error, channel is an empty string while I am sending the mychannel as an argument.
I am using the join-channel script of balance transfer. It is working perfectly fine for the peers which created during the network creation.
Any idea why it is taking an empty string?
thanks
I figured out the reason.
Actually, the new peer is generated using different CA.
Previously I moved my organization's crypto-config directory to a different folder and then when I created new Peer it created new certificates for complete organization.
But I don't know the significance of the error as it must be different in this scenario.
I am trying to deploy a production Hyperledger Fabric network on kubernetes and when trying out the example from fabric-ca sample, I can see that the pod running fabric-ca-tools is not generating and giving an error at line number 51 from setup-fabric.sh in function registerOrdererIdentities where the ORDERER is registered with CA for identity using command fabric-ca-client register -d --id.name $ORDERER_NAME --id.secret $ORDERER_PASS --id.type orderer. It fails to register and says,Error: Response from server: Error Code: 0 - Registration of 'orderer1-org0failed: Identity 'orderer1-org0' is already registered
.
I am not able to understand, that if the identity was not previously registered by root-ca and intermediate ca then why this error is coming.
Stuck here from a long time, any help is appreciated.
This error is thrown whenever you try to re-register an identity which is already registered. So that means you have already run fabric-ca-client register command for --id.name orderer1-org0. The next step would be you enrol orderer1-org0 with the appropiate password and in return you will recieve certificate and private key. from CA server.The interesting part is, now I am searching a way where I can edit attributes of already generated certificate. Kind of like edit it at the first place. But I keep getting this error. For a moment I though that revoking the certificate will make it work but nonetheless that only made a requirement to run fabric-ca-client reenroll Unable to find any help anywhere.
Trying to add a new organisation from a separate host.(Modifying steps from ./eyfn.sh when necessary).
Managed to create and import network admin card using Hyperledger Composer. (https://medium.com/#mahoney_33893/hyperledger-composer-adding-another-organization-to-an-existing-running-multi-organization-fff5c8104a82).
However when pinging the network I got:
Error: Error trying to ping. Error: 2 UNKNOWN: access denied: channel [composerchannel] creator org [Org3MSP]
Upon getting the logs from peer I got
-Principal deserialization failure (MSP Org3MSP is unknown) for identity
-[channel: composerchannel] Client authorization revoked for deliver request from 10.0.1.6:48262: Failed evaluating policy on signed data during check policy on channel [composerchannel] with policy [/Channel/Application/Readers]: [Failed to reach implicit threshold of 1 sub-policies, required 1 remaining]
My problem is actually similar to that of Hyperledger-Composer: Getting "access denied" when pinging network admin card.
The solution did mention to include msp files of my new org into volumes of the orderer which I did as
docker cp msp <containername>:/etc/hyperledger/msp/peerOrganizations/org3.example.com
My first organisation was set up using the default ./startFabric.sh
Take note that im not using TLS for the time being.
The error still persist though and Im wondering why. I do however suspect that the way im giving msp to the orderer is somehow wrong. or Im putting it in a wrong file.
Maybe you will need to migrate from Composer to other framework.
Hundreds of devs are taking is using Convector. Convector is a Hyperledger Labs project that was created before Hyperledger Composer was deprecated but that looks similar to developers. It follows a model controller pattern (similar to Composer assets and transactions) however it compiles natively to Fabric code and does not create a runtime.
I'm trying to add a new org called Org4 in the fabric network generated by the script byfn. I'm following this tutorial http://hyperledger-fabric.readthedocs.io/en/latest/channel_update_tutorial.html
But I met an error when I try to do the "peer channel update" :
could not create channel Application sub-group config: setting up the MSP manager failed: the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.org4.example.com"
I don't know why the certificate is not valid because I generated it the same way I did and succeed with Org3. Using cryptogen and I changed the config files by replacing 'Org3' to 'Org4'.
First I thought it was because I had already three orgs, but then I create a new network and try to add Org4. It didn't work, but if i try again to add Org3 it will work. So I'm confused about how just changing the name of the Org can impact the process.
Best Regards