"Unable to sign consensus message: SStore(Invalid Password)" error in PoA network

[adilimroz]

• Parity Ethereum version: 2.4.4 and other newer versions
• Operating system: Linux
• Installation: From source
• Network - Custom poa network

Steps to reproduce

1. Create a PoA network with 2 authority nodes.
2. Run the nodes with parity-ethereum v2.4.4 (or any version newer than 2.4.4).

Note:
Password file is properly formatted with each password in new line.
Error comes only with the authority nodes.

[hklee93]

• Parity Ethereum version: v2.4.7
• Operating system: Linux (arm64)
• Installation: From snap
• Network - Private PoA network

Steps to reproduce

1. Create a PoA network with 2 authority nodes (basically following https://wiki.parity.io/Demo-PoA-tutorial.html, but with actual 3 different physical machines).

• On node0, there's a validator.
• On node0, there's a regular user.
• On node1, there's a validator.
• On node1, there's a regular user.
• On node2, there's a regular user.

2. Followed the exact same steps up to Step 3, and on Step 4, when I create node.pwds file on both nodes and run each node with parity --config node0.toml and parity --config node1.toml, I get 2019-06-24 18:36:07 UTC Unable to sign consensus message: SStore(InvalidPassword) error on both node0 and node1. This is not shown on node2, which is a non-validator node.

3. Note:

• When I make a transaction on node0, which is a validator node, I have no issue.
• When I make a transaction on node1, which is also a validator node, I get {"jsonrpc":"2.0","error":{"code":-32021,"message":"Account password is invalid or account does not exist.","data":"SStore(InvalidAccount)"},"id":0}, which I think it shouldn't be doing.
• When I make a transaction on node2, which is a non-validator node, I also get {"jsonrpc":"2.0","error":{"code":-32021,"message":"Account password is invalid or account does not exist.","data":"SStore(InvalidAccount)"},"id":0}, and I'm not sure if it's normal to only be able to make transactions on validator nodes. I thought making a transaction and creating a block were different. Correct me if I'm wrong.

[grbIzl]

The original error message "Unable to sign consensus message" is totally legit. On the start Parity tries to find the proper engine signer account and uses all the passwords in order to find the corresponding one. This error message(s) is the result of this search. However, I agree, that showing it in such situation is not the best idea (if we have 100 passwords in the file, 99 errors might be shown). So I removed it.

[grbIzl]

But the problem described by @hklee93 is might be different. So I cannot close the issue for now and I'm looking further into it

[hklee93]

The original error message "Unable to sign consensus message" is totally legit. On the start Parity tries to find the proper engine signer account and uses all the passwords in order to find the corresponding one. This error message(s) is the result of this search. However, I agree, that showing it in such situation is not the best idea (if we have 100 passwords in the file, 99 errors might be shown). So I removed it.

Oh that's why I didn't get the same error when I only stored one on each node.

[hklee93]

But the problem described by @hklee93 is might be different. So I cannot close the issue for now and I'm looking further into it

So you're saying that I should be able to make transactions on any node, regardless of whether it is a validator node or not, right?

[grbIzl]

So you're saying that I should be able to make transactions on any node, regardless of whether it is a validator node or not, right?

Yes. I'm able to do that, using setup from the tutorial:
anton@anton-Latitude-E5470:~$ curl --data '{"jsonrpc":"2.0","method":"personal_sendTransaction","params":[{"from":"0x00Aa39d30F0D20FF03a22cCfc30B7EfbFca597C2","to":"0x00Bd138aBD70e2F00903268F3Db08f2D25677C9e","value":"0xde0b6b3a7640000"}, "node1"],"id":0}' -H "Content-Type: application/json" -X POST localhost:8541
{"jsonrpc":"2.0","result":"0x755ece94c7616a75a3a6c0064f85de895bfac4d37a47d9aeb8ee2ea183a3d9ab","id":0}

@hklee93 Are you sure, that you've used the correct passphrase inside personal_sendTransaction method?

[hklee93]

So you're saying that I should be able to make transactions on any node, regardless of whether it is a validator node or not, right?

Yes. I'm able to do that, using setup from the tutorial:
anton@anton-Latitude-E5470:~$ curl --data '{"jsonrpc":"2.0","method":"personal_sendTransaction","params":[{"from":"0x00Aa39d30F0D20FF03a22cCfc30B7EfbFca597C2","to":"0x00Bd138aBD70e2F00903268F3Db08f2D25677C9e","value":"0xde0b6b3a7640000"}, "node1"],"id":0}' -H "Content-Type: application/json" -X POST localhost:8541
{"jsonrpc":"2.0","result":"0x755ece94c7616a75a3a6c0064f85de895bfac4d37a47d9aeb8ee2ea183a3d9ab","id":0}

@hklee93 Are you sure, that you've used the correct passphrase inside personal_sendTransaction method?

Just to make sure, let me clarify my question. I did some test and this is what I figured out. Are we only allowed to call personal_sendTransaction on the node (regardless of being validator or not) with the only account that was created on that specific node?

Ex)
-On physical node0 -> created account node0 (validator)
-On physical node1 -> created account node1 (validator)
-On physical node2 -> created account alice (non-validator)

With this setting, if I want to send a transaction from node0's account to other accounts, must it be the case where I send a transaction on physical node0? Because I can only send transaction only if this condition holds. i.e.) I can't send a transaction on node1 or node 2 with "from" parameter being node0's account, even with the valid passphrase, and this is the same for all other nodes/accounts.

Maybe this could be the reason? But I'm still not sure whether it should be this way, because if this is the case, then it means I can't make any transactions if I don't have access to a specific node where my account was created, right? Please correct me if I'm wrong, and thanks for keep answering!

[grbIzl]

Are we only allowed to call personal_sendTransaction on the node (regardless of being validator or not) with the only account that was created on that specific node?

Yes. When you create an account on nodeX, you generate key data, that stored in nodeX data folder. So only nodeX has access to it and can perform actions on behalf of this account. You can import keys to the other node, but you have to do it explicitly.

[hklee93]

Are we only allowed to call personal_sendTransaction on the node (regardless of being validator or not) with the only account that was created on that specific node?

Yes. When you create an account on nodeX, you generate key data, that stored in nodeX data folder. So only nodeX has access to it and can perform actions on behalf of this account. You can import keys to the other node, but you have to do it explicitly.

I see. So what I heard from Gitter channel when people said I should be able to make transactions on any nodes implies the fact that I should import the keys. I think then we are good to close this issue? Thanks again for answering!

[jam10o-new]

(@adilimroz are we still seeing this issue ourselves?)

[adilimroz]

@joshua-mir Sorry, for responding so late, somehow lost track of this issue.
Yes we do. Fix is yet to be added to the latest beta and stable.

[miguelmtzinf]

Hi, I am facing the same issue... getting "Not preparing block; cannot sign." message on node logs.

• Parity Ethereum version: Parity-Ethereum/v2.6.0-beta-e38293b-20190708/x86_64-linux-gnu/rustc1.36.0
• Operating system: Linux
• Installation: Docker official image parity/parity:stable
• Fully synchronized: no
• Network: private network (aura)
• Restarted: no

[jam10o-new]

@miguelmartinezinf are you seeing this message more often than just on startup? Apparently it is expected behavior to see this on startup, the issue is if you see it after your node is running. If you do, could you share -l engine logs in #10936?