When using HSI to transfer files from or to the IU SDA, why do I get an "Error -1 on transfer" error?

Important:
Files containing PHI must be encrypted when they are stored (i.e., at rest) and when they are transferred between networked systems (i.e., in transit). Do not use HSI, HTAR, or Samba to transfer data containing PHI unless those data are encrypted already; HSI, HTAR, and Samba do not encrypt data during transit. To ensure that files containing PHI remain encrypted during transit, use SFTP/SCP or the IU Globus Web App. To ensure that files containing PHI are encrypted when they are stored on the SDA, encrypt them before transferring them. For more, see Recommended tools for encrypting data containing HIPAA-regulated PHI .

If you are using HSI to transfer files from or to the Indiana University Scholarly Data Archive (SDA), you may get one of the following error messages:

*** get: Error -1 on transfer

***put: Error -1 on transfer

The most likely cause of such an error is the use of a firewall.

Another possible cause is a mismatch between your local host's name and its external (public) IP address. HSI uses the default hostname/IP address for data transfers. Consequently, systems with private IP addresses associated with their hostnames can't be used for HPSS file transfers. This is true also for stand-alone systems that have their hostnames resolve to localhost (127.0.0.1) in /etc/hosts.

To diagnose or work around a potential firewall problem, use HSI's firewall bypass feature; at the HSI prompt, enter:

  firewall -on

Note: Use this command only for diagnosing network problems, or in cases when the firewall cannot be disabled. Transfers using this method are less efficient than normal transfers.

If your firewall requires a specific port range for transfers, before starting HSI, set a port range in the HPSS_PFTPC_PORT_RANGE environment variable. For example, to set a port range of 50000-51000, on the local host command line, enter:

  HPSS_PFTPC_PORT_RANGE='ncacn_ip_tcp[50000-51000]'
  export HPSS_PFTPC_PORT_RANGE

As a workaround for a problem involving the local host's hostname and IP address, set the HPSS_HOSTNAME environment variable to the local host computer's public IP address (the one that is meant to be used for data transfers). Alternatively, modify either the hostname or the hosts file to make sure the hostname resolves to the public IP address.

In a Unix-like environment, to determine whether your hostname is set correctly, query it using the hostname command, and then use ping to find the IP address; for example:

  [darvader@deathstar ~]$ hostname
  deathstar.empire.mil 
  [darvader@deathstar ~]$ ping deathstar.empire.mil
  PING deathstar.empire.mil (198.51.100.18) 56(84) bytes of data.
  64 bytes from deathstar.empire.mil (198.51.100.18): icmp_seq=1 ttl=64 time=0.016 ms

  --- deathstar.empire.mil ping statistics ---
  1 packets transmitted, 1 received, 0% packet loss, time 999ms
  rtt min/avg/max/mdev = 0.016/0.016/0.016/0.009 ms

This is document auhp in the Knowledge Base.
Last modified on 2018-02-22 16:46:19.

Contact us

For help or to comment, email the UITS Support Center.