If you get an "Error -1 on transfer" or "Error -50 on transfer" error when using HSI to transfer files from or to the IU SDA

Important:

Files containing PHI must be encrypted when they are stored (at rest) and when they are transferred between networked systems (in transit). To ensure that files containing PHI are encrypted when they are stored, encrypt them before transferring them to storage. To ensure that files containing PHI remain encrypted during transit, use SFTP/SCP or the IU Globus Web App. For more, see Recommended tools for encrypting data containing HIPAA-regulated PHI.

If you are using HSI to transfer files from or to the Indiana University Scholarly Data Archive (SDA), you may get one of the following error messages:

*** get: Error -1 on transfer
*** put: Error -1 on transfer
*** put: Error -50 on transfer

The most likely cause of such an error is the use of a firewall.

Another possible cause is a mismatch between your local host's name and its external (public) IP address. HSI uses the default hostname/IP address for data transfers. Consequently, systems with private IP addresses associated with their hostnames can't be used for HPSS file transfers. This is true also for stand-alone systems that have their hostnames resolve to localhost (127.0.0.1) in /etc/hosts.

To diagnose or work around a potential firewall problem, use HSI's firewall bypass feature; at the HSI prompt, enter:

firewall -on
Note:
Use this command only for diagnosing network problems, or in cases when the firewall cannot be disabled. Transfers using this method are less efficient than normal transfers.

If your firewall requires a specific port range for transfers, before starting HSI, set a port range in the HPSS_PFTPC_PORT_RANGE environment variable. For example, to set a port range of 50000-51000, on the local host command line, enter:

HPSS_PFTPC_PORT_RANGE='ncacn_ip_tcp[50000-51000]'
export HPSS_PFTPC_PORT_RANGE

As a workaround for a problem involving the local host's hostname and IP address, set the HPSS_HOSTNAME environment variable to the local host computer's public IP address (the one that is meant to be used for data transfers). Alternatively, modify either the hostname or the hosts file to make sure the hostname resolves to the public IP address.

In a Unix-like environment, to determine whether your hostname is set correctly, query it using the hostname command, and then use ping to find the IP address; for example:

[darvader@deathstar ~]$ hostname
deathstar.empire.mil
[darvader@deathstar ~]$ ping deathstar.empire.mil
PING deathstar.empire.mil (198.51.100.18) 56(84) bytes of data.
64 bytes from deathstar.empire.mil (198.51.100.18): icmp_seq=1 ttl=64 time=0.016 ms

--- deathstar.empire.mil ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.016/0.016/0.016/0.009 ms

For help using HSI commands and options, see the HSI Reference Manual. If you have questions or need help diagnosing HSI errors when working with your SDA account, email the UITS Research Storage team (store-admin@iu.edu).

This is document auhp in the Knowledge Base.
Last modified on 2023-11-02 15:30:03.