Error when starting LPC

Unknown

Program received channel reconnecting notification for socket 12 associated with LPC. Error: -1</local/jenkins/workspace/RRTLPC/OS/OL7-64/esdk/source/esdk/Cpp-C/Eta/Impl/Transport/ripcutils.c:256> Error: 1002 Curl failed. Curl error number: 56 Curl error text: Received HTTP code 403 from proxy after CONNECT

tlandot

Hi,

See my comment above. You were correct that CONNECT requests also needed to be allowed in our proxy. That was the issue.
LPC is now running correctly after adding this in proxy config:

acl SSL_ports port 14002
http_access deny CONNECT !SSL_ports

Thank you very much for your help!

zoya faberov

Hello @dan.reinmund,

In order for us to be of help with this question, please provide, or ask the developers to provide as much information as possible surrounding this error:

1. Is this the first time run, after LPC is installed, or is the issue happening intermittently, or the run was always successful, and rmdstestclient-verified, and this is the first time the issue described has occurred?

2. From the nature of the error, it looks like LPC is failing to connect upstream, are the firewall opening provisions and connectivity upstream for LPC confirmed with client's network group/admin, per LPC Installation Guide? Please see Wikipedia entry on status=403.

tlandot

Hi,

1. This is the first time run after LPC is installed.
2. Rules were added to our firewall to allow connectivity to api.refinitiv.com and amer-{1..3}-t{1..3}.streaming-pricing-api.refinitiv.com:14002

I am not sure how to figure the details of the curl call that is failing.
We are configured to use ssl, not rssl.
We created an appKey but it doesn't look like it was required at any step of lpc setup.
I tried both:
*lpc*tokenServiceURL: https://api.refinitiv.com:443/auth/oauth2/beta1/token and
*lpc*tokenServiceURL: https://api.refinitiv.com:443/auth/oauth2/v1/token
with the same outcome.


Thank you for your help
T

zoya faberov

Hello @tlandot,

Just confirming, rules on firewall are in place to open to api.refinitiv.com on port 443 and pricing endpoints both 443 and 14002 per LPC Installation Guide?

Thanks

tlandot

Pricing endpoints have been authorized on 14002 but not 443.

Will correct and get back here.

tlandot

Actually, ports 443, 14002 and 80 were already allowed for endpoints.

tlandot

Here is complete lpc log until the error happens:

<belemtrade7.cme.tower-research.com.1.lpc: Info: Tue May 25 16:11:55.336813 2021>

lpc (version lpc1.2.0.L1 ( aafda90 112)) Initialization Start.

<END>

<belemtrade7.cme.tower-research.com.1.lpc: Info: Tue May 25 16:11:55.336843 2021>

The Configuration Database is using the file /spare/local/belemprod/elektron/refinitiv/lpc.cnf .

<END>

<belemtrade7.cme.tower-research.com.1.lpc: Info: Tue May 25 16:11:55.336854 2021>

lpc main thread Using Epoll Event Notifier.

<END>

<ServerSharedMemory: Info: Tue May 25 16:11:55.336907 2021>

Allocated

<END>

<belemtrade7.cme.tower-research.com.1.lpc: Info: Tue May 25 16:11:55.337221 2021>

RSSL connections are disabled. Reason : enableRsslServer is set to False.

<END>

<belemtrade7.cme.tower-research.com.1.lpc: Info: Tue May 25 16:11:55.346886 2021>

Refinitiv Real-Time Legacy Protocol Converter is configured to perform service discovery queries for connections.

<END>

<belemtrade7.cme.tower-research.com.1.lpc: Info: Tue May 25 16:11:55.346912 2021>

Creating login message for Refinitiv Real-Time Legacy Protocol Converter dictionary download. Client servers may not start until dictionary is downloaded.

<END>

<belemtrade7.cme.tower-research.com.1.lpc: Info: Tue May 25 16:11:56.588297 2021>

Standard endpoint found via Service Discovery. Using endpoint address amer-3-t1.streaming-pricing-api.refinitiv.com and port 14002.

<END>

<belemtrade7.cme.tower-research.com.1.lpc: Warning: Tue May 25 16:11:57.174447 2021>

Program received channel reconnecting notification for socket 12 associated with LPC. Error: -1</local/jenkins/workspace/RRTLPC/OS/OL7-64/esdk/source/esdk/Cpp-C/Eta/Impl/Transport/ripcutils.c:256> Error: 1002 Curl failed. Curl error number: 56 Curl error text: Received HTTP code 403 from proxy after CONNECT

<END>

<belemtrade7.cme.tower-research.com.1.lpc: Warning: Tue May 25 16:11:57.308151 2021>

Program received channel reconnecting notification for socket 12 associated with LPC. Error: -1</local/jenkins/workspace/RRTLPC/OS/OL7-64/esdk/source/esdk/Cpp-C/Eta/Impl/Transport/ripcutils.c:256> Error: 1002 Curl failed. Curl error number: 56 Curl error text: Received HTTP code 403 from proxy after CONNECT

<END>

<belemtrade7.cme.tower-research.com.1.lpc: Warning: Tue May 25 16:11:57.541907 2021>

Program received channel reconnecting notification for socket 12 associated with LPC. Error: -1</local/jenkins/workspace/RRTLPC/OS/OL7-64/esdk/source/esdk/Cpp-C/Eta/Impl/Transport/ripcutils.c:256> Error: 1002 Curl failed. Curl error number: 56 Curl error text: Received HTTP code 403 from proxy after CONNECT

<END>

<belemtrade7.cme.tower-research.com.1.lpc: Warning: Tue May 25 16:11:57.826056 2021>

Program received channel reconnecting notification for socket 12 associated with LPC. Error: -1</local/jenkins/workspace/RRTLPC/OS/OL7-64/esdk/source/esdk/Cpp-C/Eta/Impl/Transport/ripcutils.c:256> Error: 1002 Curl failed. Curl error number: 56 Curl error text: Received HTTP code 403 from proxy after CONNECT

<END>

tlandot

And here are logs from our proxy:

[Tue May 25 16:10:47 2021].962      0 10.100.200.55 TCP_DENIED/403 4052 CONNECT amer-3-t1.streaming-pricing-api.refinitiv.com:14002 - HIER_NONE/- text/html
[Tue May 25 16:10:48 2021].245      0 10.100.200.55 TCP_DENIED/403 4052 CONNECT amer-3-t1.streaming-pricing-api.refinitiv.com:14002 - HIER_NONE/- text/html
[Tue May 25 16:10:48 2021].529      1 10.100.200.55 TCP_DENIED/403 4052 CONNECT amer-3-t1.streaming-pricing-api.refinitiv.com:14002 - HIER_NONE/- text/html

Do we need to have our ip whitelisted?

Or maybe we are not authenticating correctly?

zoya faberov

Hello @tlandot,

There is no need to be whitelisted on the service side.

---

Please confirm that you have installed LPC:

• According LPC Installation Guide?
• On one of the supported platforms?
• There were no errors during the installation, and you have added your assigned user with long password successfully?
• Sounds redundant, but the curl library provided with LPC is in your running user PATH and LD_LIBRARY_PATH, user you run LPC as is root, and does not lack permissions for folders?

---

I can think of two ways to verify authentication. You can pick whichever is more comfortable to you, so you can obtain more info.

If you are more in admin, test with curl, see this previous discussion thread for details.

If you are more in dev, import and run our RDP Postman Starter collection, replace username, password andclient_id with your machineId, password and clientId, and run Authernictaion request.

With both, you should get back a token, and scopes. Pls confirm you get back token, do not post it. Post scopes that you get back please?

---

403 usually means that you are not permissioned to access the service. Would expect you have the connectivity through firewall both to authentication endpoint and service discovery endpoint and amers pricing endpoint, which is where you seem to experience 403.

---

I would also enable full trace/debug in LPC config, remove log and restart LPC to see if you can gain more information in log about the response from the pricing endpoint.

tlandot

Hi, thank you for your help.

• According LPC Installation Guide?
  I believe so
• On one of the supported platforms?
  Not exactly as we are on CentOS7. Installation script defaulted to using linux7_x86_64 version (which seems like a reasonable choice)
• There were no errors during the installation, and you have added your assigned user with long password successfully?
  No errors with installation. user_list.txt looks ok.
• Sounds redundant, but the curl library provided with LPC is in your running user PATH and LD_LIBRARY_PATH, user you run LPC as is root, and does not lack permissions for folders?
  User running LPC is not root. Would it need to be?
  There is no libraries errors when starting lpc. Would there be any?
  ../lib is added to the path by ./start_lpc script
  provided libcurl.so was already in there
  I added the below links after looking
  ls -ltrh ../lib/-rwxr-x--- 1 belemprod belem 473K May 25 09:48 libcurl.so
  lrwxrwxrwx 1 belemprod belem 26 May 26 10:49 libcrypto.so.10 -> /usr/lib64/libcrypto.so.10
  lrwxrwxrwx 1 belemprod belem 23 May 26 10:50 libssl.so.10 -> /usr/lib64/libssl.so.10
  lrwxrwxrwx 1 belemprod belem 22 May 26 10:52 libnsl.so.0 -> /usr/lib64/libnsl.so.1
  I also did try to run lpc.debug instead of lpc and log level is *.debug but I did not see any extra information (nothing more than what already posted above)
  
  
• I will see if I can try what you suggested with postman
  
  
  

zoya faberov

Hello @tlandot,

After looking up the specific error that you face, it seems that there may be an additional action required on the proxy, to allow the traffic through, see this previous external discussion thread and this previous external discussion thread.

Would try running this error and solution by your organization's network admin/group, see if they would recognize the issue?

tlandot

I successfully ran the curl example you put above (https://community.developers.refinitiv.com/questions/77838/ema-api-having-ssl-connect-error-after-server-migr.html) and received an access_token.

To so so, I had to include my appKey (client ID) in the curl request.

Yet, the clientID was never requested when installing lpc. Am I suppose to add it somewhere?

tlandot

thank you
will do

zoya faberov

Do you see "scopes" with your token? Could you please paste scopes, not the token?

tlandot

populated fields are:
"access_token":"[removed]",
"refresh_token":"[removed]",
"expires_in":"300" ,
"scope":"",
"token_type":"Bearer"

scope is empty

tlandot

this looks like a very good track - waiting to hear back

zoya faberov

Sorry, my miss. Did not look at the curl closely. Try adding to curl request, at the end ...&scope=trapi" Do you see scope ?

Unfortunately, with status=403 we only know that you are not permissioned. But at what point, at proxy or at streaming endpoint, we do not know.

So I suggest to verify both: verify on proxy, while verifying you have authentication happening and scopes assigned properly, as well.

With authentication request, in the raw, you certainly need clientid, however LPC will generate and supply it on your behalf.

tlandot

"scope":"trapi.auth.cloud-credentials trapi.cfs.claimcheck.read trapi.data.symbology.advanced.read trapi.data.symbology.read trapi.metadata.read trapi.streaming.pricing.read"


I believe you are right about the CONNECT being restricted in the our proxy (in one of your answers above). Unfortunately we cannot restart our proxy before 4pm. We will be trying a few config changes then to see if that resolves it.

tlandot

That was the issue.
LPC is now running correctly after adding this in proxy config:

acl SSL_ports port 14002        
http_access deny CONNECT !SSL_ports

Thank you very much for your help.

zoya faberov

Hello @tlandot

Scope looks much better.

Suggest testing with rmdstestclient, instead of with custom code, first, and not making any code changes before you verify with rmdstestclient.

Rmdstestclient can be found in demo folder of LPC. If you like a complete package, with docs, rather then just the binary, it is part of Infrastructure Tools package that can be downloaded from my.refinitiv.com -> Software Downloads

adem.clemons

Hello Zoya, Adem Clemons here. Long time no talk. I am trying to fix permissions on 2 users.
"rate_srvp" and "max_user" are the two users that are setup. Both IDs can consume data, but some of the symbols are not setup for "rate_srvp". I need them to have the same permissions. LPC does not use DACS though. How do I setup the user perms for LPC.I was told that the Platform Administration portal can do that, but I can't find it in the portal of "myRefinitiv" or "Developer Connect". Can you please point me in the right direction?

Jirapongse

LPC users link to the LSEG Real-Time Optimized users. You can chack the user_list.txt file.

The permissions are assigned to the LSEG Real-Time Optimized users. Please contact the Real-Time - Optimized support team directly via MyAccount regarding permission settings.

If you have any further questions regarding API usages, please post a new question on the forum.