Hello forum!

We have a new Minknow measuring device.

Our problem is that when we start the Minknow software on our freshly installed Ubuntu v22.01 Server, and we klick the button “Log in with your Nanopore account” we get this error message:

“Unable to reach the Nanopore login servers. Please ensure there is a connection to the internet and try again”.

The important points:

The Server is behind a firewall and a proxy of our university. We often configure computers behind this proxy and firewall.

All other communications from our host (hostname: ubuntu_server) with the outside world function properly and without error:

• Firefox surfing works fine, also in https:// (it didn’t at first and we installed a certificate in the browser itself so it wouldn’t show https errors all the time)
• CURL works fine getting files “from outside”
• WGET works fine getting files “from outside”
• APT works fine to update packages and so on

1. The last few lines of our Minknow user_conf are:

   "network_security": {
       "cereal_class_version": 0,
       "local_connection_only": "minknow_default",
       "guest_rpc_enabled": "minknow_default"
   },
   "proxy": {
       "cereal_class_version": 0,
       "use_system_settings": false,
       "auto_detect": true,
       "auto_config_script": "http://pac.uni-ger.de/",
       "https_proxy": "proxyhst.uni-ger.de:8080",
       "proxy_bypass": ""
   }
   

   } }

Note, both the direct proxy approach “proxyhst.uni-ger.de:8080” by naming a host works for all other applications, as well as the scriptbased method with the URL http://pac.uni-ger.de/". We are extremely sure that these written hostnames and links are correct, we have many computers using them. However neither method seems to work (we also tried only filling in only one of the fields and changing the false to true of course and so on)

We do the following commands: systemctl restart minknow

The log then says:

ubuntu_server@ubuntu_server:~$ cat /var/log/minknow/mk_manager_svc_log-0.txt 
2024-01-15 15:01:17.971432    INFO: machine_description (mk_manager)
    cpu_has_avx: true
    cpu_has_sse42: true
    cpu_logical_core_count: 32
    cpu_model: AMD Ryzen Threadripper PRO 3955WX 16-Cores
    cpu_physical_core_count: 16
    memory_physical_bytes: 270068027392
2024-01-15 15:01:17.971868    INFO: sending_telemetry_message (ping)
    data: {"machine":{"arch":"x64","cpu":{"data":"100000004175746863414d44656e7469100f8300000820140b32f87efffb8b170000000000000000000000000000000000000000000...
2024-01-15 15:01:17.972096    INFO: mk_manager_starting (mk_manager)
    hostname: ubuntu_server
    system: ubuntu 22.04
            Distribution:           23.11.4 (STABLE)
            MinKNOW Core:           5.8.3
            Bream:                  7.8.2
            Protocol configuration: 5.8.6
            Dorado (build):          0.0.0.19120+441f78764
            Dorado (connected):      7.2.13+fba8e8925

2024-01-15 15:01:17.972855    INFO: ping_flusher_network_up (mk_manager)
2024-01-15 15:01:17.976471    INFO: usb_device_with_firmware_found (host)
    os_identifier: 2a1d:0091@004:005
2024-01-15 15:01:17.976546    INFO: usb_device_with_firmware_being_reset (host)
    device_type: p2
    os_identifier: 2a1d:0091@004:005
2024-01-15 15:01:18.021707    INFO: usb_device_with_firmware_disconnected (host)
    os_identifier: 2a1d:0091@004:005
2024-01-15 15:01:18.021847    INFO: auth_guest_mode (rpc)
    value: local_only
2024-01-15 15:01:18.030651    INFO: waiting_on_existing_basecaller_service (host)
2024-01-15 15:01:18.033250    INFO: local_auth_token (host)
    path: /tmp/minknow-auth-token.json
2024-01-15 15:01:18.033545    INFO: mk_manager_initialised (mk_manager)
    pid: 82984
2024-01-15 15:01:18.035653    INFO: common_process_started (host)
    name: grpcwebproxy
2024-01-15 15:01:18.037351    INFO: common_process_started (host)
    name: basecall_manager
2024-01-15 15:01:18.050117    INFO: rpc_delegate_is_listening (host)
    executable: basecall_manager
    port: 9504
    security: tls
2024-01-15 15:01:18.051934    INFO: common_process_started (host)
    name: basecall_manager:grpcwebproxy
2024-01-15 15:01:18.057189    INFO: rpc_delegate_proxy_is_listening (host)
    executable: basecall_manager
    tls_port: 9505
2024-01-15 15:01:18.064539    INFO: queuing_telemetry_message (ping)
    detailed_error_info: Network transport error: SSL peer certificate or SSH remote key was not OK
    path: /var/lib/minknow/data/pings/9db69d0bd5a343302cf8dd9765d267aefeb5b51b/8734f810-5bf4-48bd-b993-66abdbef19ce-exp-20240214.ping
    server: https://ping.oxfordnanoportal.com/info
2024-01-15 15:01:18.370581 WARNING: unable_to_connect_to_okta_to_update_jwks_keys (host)
    std_ec: (60:std::cURL (easy)): [0x0x55c8fa9ff0e8]: SSL peer certificate or SSH remote key was not OK
2024-01-15 15:01:18.380531    INFO: device_requiring_firmware_found (usb)
    device_path: 2a1d:0090@003:005
2024-01-15 15:01:18.380821   ERROR: libusb: error [get_usbfs_fd] libusb couldn't open USB device /dev/bus/usb/003/005, errno=13
 (usb::libusb)
2024-01-15 15:01:18.380940   ERROR: libusb: error [get_usbfs_fd] libusb requires write access to USB device nodes
 (usb::libusb)
2024-01-15 15:01:19.266780    INFO: usb_device_with_firmware_found (host)
    os_identifier: 2a1d:0091@004:006
2024-01-15 15:01:19.266927   ERROR: libusb: error [get_usbfs_fd] libusb couldn't open USB device /dev/bus/usb/004/006, errno=13
 (usb::libusb)
2024-01-15 15:01:19.267091   ERROR: libusb: error [get_usbfs_fd] libusb requires write access to USB device nodes
 (usb::libusb)
2024-01-15 15:01:20.316790    INFO: hardware_state_changed (host)
    name: P2S-00813-A
    os_identifier: 2a1d:0091@004:006
    state: initialising
2024-01-15 15:01:20.316877    INFO: hardware_state_changed (host)
    name: P2S-00813-B
    os_identifier: 2a1d:0091@004:006
    state: initialising
2024-01-15 15:01:22.368069    INFO: hardware_state_changed (host)
    name: P2S-00813-A
    os_identifier: <unchanged>
    state: ready
2024-01-15 15:01:22.369117    INFO: hardware_state_changed (host)
    name: P2S-00813-B
    os_identifier: <unchanged>
    state: ready
2024-01-15 15:01:22.415450    INFO: instance_started (host)
    grpc_secure_port: 8000
    grpcweb_tls_port: 8001
    instance: P2S-00813-A
2024-01-15 15:01:22.417718    INFO: instance_started (host)
    grpc_secure_port: 8002
    grpcweb_tls_port: 8003
    instance: P2S-00813-B
2024-01-15 15:01:33.058537    INFO: failed_to_send_queued_telemetry_message (ping)
    detailed_error_info: Network transport error: SSL peer certificate or SSH remote key was not OK
    number_of_logs: 1
    path: /var/lib/minknow/data/pings/9db69d0bd5a343302cf8dd9765d267aefeb5b51b/2a3e4592-7b29-4e21-9fa7-531fddf33aa8-exp-20240210.ping.sending
(base) ubuntu_server@ubuntu_server:~$

Now. We believe what is stopping us is this? detailed_error_info: Network transport error: SSL peer certificate or SSH remote key was not OK

Heres the story on that. We have received the certificates for this host from our IT department (pem files). We have integrated them properly into our certificates on the Ubuntu machine. We copied them into /etc/ssl/certs Then we did sudo update-ca-certificates and that worked creating us a ca-certificates.crt file with valid certificates in it. When we scroll through that file we see only text with many certificates in it. (At one stage there was a binary file in that file as well but we removed that “not correct” certificate).

So we think that all the certificates should be in order but then again we have no sure way to test this. All we know is that if there’s a problem with the certificates, Curl and Wget would not function properly, but to be honest we have never seen those two not function properly.

Do you have any ideas what we could try to fix our Error?

Any suggestion will be appreciated. Peer