peer channel creation fails in Hyperledger Fabric

Question

I am trying to set up a sample hyperledger fabric environment with an orderer and 2 peers. I am not using docker approach instead I am running the actual executable itself.

Orderer and 2 peer nodes started successfully. However, channel creation fails with the following error. Any help would be greatly appreciated.

Error on the orderer window

> 2017-08-17 07:28:22.338 IST [orderer/common/deliver] Handle -> WARN > 029 Error reading from stream: rpc error: code = Canceled desc = > context canceled 2017-08-17 07:31:08.044 IST [common/config/channel] > CommitProposals -> WARN 02a Current configuration has no policy > '/Channel/Application/Readers', this will likely cause problems in > production systems 2017-08-17 07:31:08.050 IST [common/config/channel] > CommitProposals -> WARN 02b Current configuration has no policy > '/Channel/Application/Writers', this will likely cause problems in > production systems 2017-08-17 07:31:08.050 IST [common/config/channel] > CommitProposals -> WARN 02c Current configuration has no policy > '/Channel/Application/Admins', this will likely cause problems in > production systems 2017-08-17 07:31:08.051 IST [cauthdsl] func2 -> > ERRO 02d Principal deserialization failure (The supplied identity is > not valid, Verify() returned x509: certificate signed by unknown > authority) for identity > 0a07506565724f726712e7052d2d2d2d2d424547494e202d2d2d2d2d0a4d494943427a43434161326741774942416749514e303434797750356c6d6c3477613379723836355a6a414b42676771686b6a4f50515144416a426e4d5173770a435159445651514745774a56557a45544d4245474131554543424d4b5132467361575a76636d3570595445574d4251474131554542784d4e5532467549455a790a5957356a61584e6a627a45544d4245474131554543684d4b593246795a6d46344c6d4e76625445574d4251474131554541784d4e59324575593246795a6d46340a4c6d4e7662544165467730784e7a41344d5459784e7a41344e445261467730794e7a41344d5451784e7a41344e4452614d465578437a414a42674e56424159540a416c56544d524d77455159445651514945777044595778705a6d3979626d6c684d52597746415944565151484577315459573467526e4a68626d4e7063324e760a4d526b774677594456515144444242425a473170626b426a59584a6d59586775593239744d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a30440a4151634451674145743046756e6d577635336b6366417846785953784c44565164324d336b6d586345714b556c77507a6a444a544b626c4265317931376b39380a4c64384f2f57374c777a71394b374f563957394a3765367962736b44324b4e4e4d45737744675944565230504151482f42415144416765414d417747413155640a457745422f7751434d4141774b7759445652306a42435177496f4167445a62512f58784241523253396670326b64587a78546a666c35685055724958376635460a664d446d6b4f7377436759494b6f5a497a6a304541774944534141775251496841507a303051514962515769727a467962357978736a3168384d6a316a37482b0a333971735171445438387a684169426a6776705a777675764947456b6a624a75697663574b3172476f36416b314430362f7445527a59383538513d3d0a2d2d2d2d2d454e44202d2d2d2d2d0a > 2017-08-17 07:31:08.052 IST [orderer/common/broadcast] Handle -> WARN > 02e [channel: testing] Rejecting broadcast of config message because > of error: Error authorizing update: Error validating DeltaSet: Policy > for [Groups] /Channel/Application not satisfied: Failed to reach > implicit threshold of 1 sub-policies, required 1 remaining 2017-08-17 > 07:31:08.063 IST [orderer/common/deliver] Handle -> WARN 02f Error > reading from stream: rpc error: code = Canceled desc = context > canceled 

Value of ORDERER_TLS

ORDERER_TLS="--tls true--cafile /opt/gopath/src/github.com/hyperledger/fabric/sampleconfig/tls/ca.crt"

Error while creating the channel

node1@ubuntu:/opt/gopath/src/github.com/hyperledger/fabric/build/bin$ peer channel create $ORDERER_TLS -f /home/node1/Downloads/fabricDeployment-master/testing.tx -c testing -o node1.honda.com:7050 --logging-level DEBUG  -v 2017-08-17 07:28:21.953 IST [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP 2017-08-17 07:28:21.953 IST [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity 2017-08-17 07:28:21.996 IST [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized 2017-08-17 07:28:22.014 IST [msp] GetLocalMSP -> DEBU 004 Returning existing local MSP 2017-08-17 07:28:22.019 IST [msp] GetDefaultSigningIdentity -> DEBU 005 Obtaining default signing identity 2017-08-17 07:28:22.019 IST [msp] GetLocalMSP -> DEBU 006 Returning existing local MSP 2017-08-17 07:28:22.019 IST [msp] GetDefaultSigningIdentity -> DEBU 007 Obtaining default signing identity 2017-08-17 07:28:22.019 IST [msp/identity] Sign -> DEBU 008 Sign: plaintext: 0AF3050A07506565724F726712E7052D...69636174696F6E2F41646D696E731801  2017-08-17 07:28:22.019 IST [msp/identity] Sign -> DEBU 009 Sign: digest: 63EBD4B3B350685B39A0C8E8E216EFCB3D4C3C82F74B6FA2638D2A7974EB1E74  2017-08-17 07:28:22.020 IST [msp] GetLocalMSP -> DEBU 00a Returning existing local MSP 2017-08-17 07:28:22.020 IST [msp] GetDefaultSigningIdentity -> DEBU 00b Obtaining default signing identity 2017-08-17 07:28:22.020 IST [msp] GetLocalMSP -> DEBU 00c Returning existing local MSP 2017-08-17 07:28:22.020 IST [msp] GetDefaultSigningIdentity -> DEBU 00d Obtaining default signing identity 2017-08-17 07:28:22.020 IST [msp/identity] Sign -> DEBU 00e Sign: plaintext: 0AA6060A1108021A0608BEF0D3CC0522...1A843140B4B661FA8CBCB3170133AC2B  2017-08-17 07:28:22.020 IST [msp/identity] Sign -> DEBU 00f Sign: digest: EB039E58FB665150B556394FD464155BBB349CEBB591A578DE402789465EDA84  Error: Got unexpected status: BAD_REQUEST -- Error authorizing update: Error validating DeltaSet: Policy for [Groups] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining Usage:   peer channel create [flags]  Flags:   -c, --channelID string   In case of a newChain command, the channel ID to create.   -f, --file string        Configuration transaction file generated by a tool such as configtxgen for submitting to orderer   -t, --timeout int        Channel creation timeout (default 5)  Global Flags:       --cafile string                       Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint       --logging-level string                Default logging level and overrides, see core.yaml for full syntax   -o, --orderer string                      Ordering service endpoint       --ordererTLSHostnameOverride string   The hostname override to use when validating the TLS connection to the orderer.       --test.coverprofile string            Done (default "coverage.cov")       --tls                                 Use TLS when communicating with the orderer endpoint   -v, --version                             Display current version of fabric peer server 

Edit Start

Thank you for your reply Yacovm. I am still facing the same issue. In fact, I am using your github code to try this sample. The script was awesome and easy to understand

Let me quickly brief about the current set up I have.

Environment 3 nodes running - Ubuntu 16

> **Node1 Details** Hostname : node1 Domain name : honda.com User1 : node1 User2 : Admin >  > **Node2 Details** Hostname : node2 Domain name : carfax.com User1 : node2 User2 : Admin >  > **Node3 Details** Hostname : node3 Domain name : carfax.com User1 : node3 User2 : Admin 

Step 1 : Downloaded the Fabric source in all 3 machines and ran “make” – Everything was successful

Source is present in the following path : /opt/gopath/src/github.com/hyperledger/fabric

Step 2 :

Downloaded fabricDeployment-master /home/node1/Downloads/fabricDeployment-master in node1 machine From node1 machine, I am running the following ( I am using the deploy.sh provided in github with slight changes )

[[ -z $GOPATH ]] && (echo "Environment variable GOPATH isn't set!"; exit 1) FABRIC=$GOPATH/src/github.com/hyperledger/fabric [[ -d "$FABRIC" ]] || (echo "Directory $FABRIC doesn't exist!"; exit 1) for file in configtxgen peer cryptogen; do     [[ -f $file ]] && continue     binary=$FABRIC/build/bin/$file     [[ ! -f $binary ]] && ( cd $FABRIC ; make $file)     cp $binary $file && continue done  for file in configtxgen peer cryptogen; do     [[ ! -f $file ]] && echo "$file isn't found, aborting!" && exit 1 done  . config.sh  bootPeer=$(echo ${peers} | awk '{print $1}') anchorPeer=$(echo ${peers} | awk '{print $1}') PROPAGATEPEERNUM=${PROPAGATEPEERNUM:-3} i=0 for p in $orderer $peers ; do          echo "Making Directory structure for $p"         mkdir -p $p/sampleconfig/crypto         mkdir -p $p/sampleconfig/tls         ip=$(getIP $p)         echo "${p}'s ip address is ${ip}"         orgLeader=false         bootstrap=$anchorPeer:7051         if [[ $i -eq 1 ]];then                 orgLeader=true         fi         (( i += 1 ))         echo "Creating core.yaml from core.yaml.template for $p"         cat core.yaml.template | sed "s/PROPAGATEPEERNUM/${PROPAGATEPEERNUM}/ ; s/PEERID/$p/ ; s/ADDRESS/$p/ ; s/ORGLEADER/$orgLeader/ ; s/BOOTSTRAP/$bootPeer:7051/ ; s/TLS_CERT/$p.carfax.com-cert.pem/" > $p/sampleconfig/core.yaml done          echo "Creating configtx.yaml from configtx.yaml.template with ANCHOR_PEER_IP & ORDERER_IP"  cat configtx.yaml.template | sed "s/ANCHOR_PEER_IP/$anchorpeer/ ; s/ORDERER_IP/$orderer/" > configtx.yaml           echo "Creating crypto-config.yml from crypto-config.yml.template with ORDERER_IP and adding hostname node2 & node3"   cat crypto-config.yml.template | sed "s/ORDERER_IP/$orderer/" > crypto-config.yml for p in $peers ; do     echo "        - Hostname: $p" >> crypto-config.yml done cat << EOF >> crypto-config.yml     Users:       Count: 1 EOF  ./cryptogen generate --config crypto-config.yml ./configtxgen -profile Genesis -outputBlock genesis.block  -channelID system ./configtxgen -profile Channels -outputCreateChannelTx yacov.tx -channelID yacov ./configtxgen -profile Channels -outputAnchorPeersUpdate OrdererOrganchors.tx -channelID yacov -asOrg PeerOrg  mv genesis.block node1/sampleconfig/ cp orderer.yaml node1/sampleconfig/ cp -r crypto-config/ordererOrganizations/honda.com/orderers/node1.honda.com/msp/* node1/sampleconfig/crypto cp -r crypto-config/ordererOrganizations/honda.com/orderers/node1.honda.com/tls/* node1/sampleconfig/tls  cp -r crypto-config/peerOrganizations/carfax.com/peers/node2.carfax.com/msp/* node2/sampleconfig/crypto cp -r crypto-config/peerOrganizations/carfax.com/peers/node2.carfax.com/tls/* node2/sampleconfig/tls/  cp -r crypto-config/peerOrganizations/carfax.com/peers/node3.carfax.com/msp/* node3/sampleconfig/crypto cp -r crypto-config/peerOrganizations/carfax.com/peers/node3.carfax.com/tls/* node3/sampleconfig/tls/  echo "Deploying configuration - Moving configurations to respective machines" scp -r node1/sampleconfig/* node1@node1:/opt/gopath/src/github.com/hyperledger/fabric/sampleconfig/ scp -r node2/sampleconfig/* node2@node2:/opt/gopath/src/github.com/hyperledger/fabric/sampleconfig/ scp -r node3/sampleconfig/* node3@node3:/opt/gopath/src/github.com/hyperledger/fabric/sampleconfig/ 

Step 3 :

Resulting crypto-config.yaml

OrdererOrgs:   - Name: Org0     Domain: honda.com PeerOrgs:   - Name: Org1     Domain: carfax.com         - Hostname: node2         - Hostname: node3     Users:       Count: 1  Resulting crypto-config.yaml Profiles:     Genesis:         Orderer:             <<: *OrdererDefaults             Organizations:                 - *OrdererOrg         Consortiums:              SampleConsortium:                 Organizations:                 - *PeerOrg     Channels:         Consortium: SampleConsortium         Application:             <<: *ApplicationDefaults             Organizations:                 - *PeerOrg Organizations:     - &OrdererOrg         Name: OrdererOrg         ID: OrdererOrg         MSPDir: crypto-config/ordererOrganizations/honda.com/msp         AdminPrincipal: Role.ADMIN     - &PeerOrg         Name: PeerOrg         ID: PeerOrg         MSPDir: crypto-config/peerOrganizations/carfax.com/msp         AdminPrincipal: Role.ADMIN          AnchorPeers:             - Host: node2               Port: 7051  Orderer: &OrdererDefaults      OrdererType: solo     Addresses:         - node1:7050     BatchTimeout: 1ms     BatchSize:         MaxMessageCount: 10         AbsoluteMaxBytes: 99 MB         PreferredMaxBytes: 512 KB      MaxChannels: 0      Kafka:         Brokers:             - 127.0.0.1:9092      Organizations:  Application: &ApplicationDefault 

s

Step 4 : Starting orderer from node1 as node1 user Starting peer1 from node2 as node2 user Starting peer2 from node3 as node3 user

Till here things work fine

Step 5 : Channel Creation

From node1 as node1 user, running the following commands

node1@ubuntu:~/Downloads/fabricDeployment-master$ pwd

/home/node1/Downloads/fabricDeployment-master  export FABRIC=$GOPATH/src/github.com/hyperledger/fabric export ORDERER_TLS="--tls true --cafile `pwd`/crypto-config/ordererOrganizations/honda.com/orderers/node1.honda.com/tls/ca.crt" export CORE_PEER_TLS_ROOTCERT_FILE=`pwd`/crypto-config/peerOrganizations/carfax.com/peers/node2.carfax.com/tls/ca.crt export CORE_PEER_TLS_ENABLED=true export CORE_PEER_MSPCONFIGPATH=`pwd`/crypto-config/peerOrganizations/carfax.com/users/[email protected]/msp  export CORE_PEER_LOCALMSPID=PeerOrg  /opt/gopath/src/github.com/hyperledger/fabric/build/bin/peer channel create $ORDERER_TLS -f yacov.tx  -c yacov -o node1:7050 

Contents of configtx.yaml

--- Profiles:      Genesis:         Orderer:             <<: *OrdererDefaults             Organizations:                 - *OrdererOrg         Consortiums:              SampleConsortium:                 Organizations:                 - *PeerOrg     Channels:         Consortium: SampleConsortium         Application:             <<: *ApplicationDefaults             Organizations:                 - *PeerOrg  Organizations:      - &OrdererOrg         Name: OrdererOrg          ID: OrdererOrg          MSPDir: crypto-config/ordererOrganizations/honda.com/msp          AdminPrincipal: Role.ADMIN       - &PeerOrg         Name: PeerOrg          ID: PeerOrg          MSPDir: crypto-config/peerOrganizations/carfax.com/msp          AdminPrincipal: Role.ADMIN           AnchorPeers:             - Host:                Port: 7051   Orderer: &OrdererDefaults      OrdererType: solo      Addresses:         - node1:7050      BatchTimeout: 1ms      BatchSize:          MaxMessageCount: 10          AbsoluteMaxBytes: 99 MB          PreferredMaxBytes: 512 KB      MaxChannels: 0      Kafka:         Brokers:             - 127.0.0.1:9092      Organizations:  Application: &ApplicationDefaults      Organizations: 

Output of command line statements when executing Genesis Block

2017-08-18 16:50:37.015 IST [common/tools/configtxgen] main -> INFO 001 Loading configuration 

2017-08-18 16:50:37.175 IST [common/tools/configtxgen] doOutputBlock -> INFO 002 Generating genesis block 2017-08-18 16:50:37.179 IST [common/tools/configtxgen] doOutputBlock -> INFO 003 Writing genesis block

Output of Genesis Block

 <1.{��������G<&�����n��ix*s!�0 �0 �0 t ����"system*@d6a8b389f09cd34562dda9af564c11bd28fed0ae9c42070f11a56c678b19e704h�N�b����S���>%��_bٮ�/ �/�/�  Consortiums�� SampleConsortium�� PeerOrg�� MSP��� PeerOrg�-----BEGIN CERTIFICATE----- MIICKzCCAdGgAwIBAgIQCxUbHYlT+2GRvjnArG6gZjAKBggqhkjOPQQDAjBnMQsw CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy YW5jaXNjbzETMBEGA1UEChMKY2FyZmF4LmNvbTEWMBQGA1UEAxMNY2EuY2FyZmF4 LmNvbTAeFw0xNzA4MTgxMTIwMzZaFw0yNzA4MTYxMTIwMzZaMGcxCzAJBgNVBAYT AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv MRMwEQYDVQQKEwpjYXJmYXguY29tMRYwFAYDVQQDEw1jYS5jYXJmYXguY29tMFkw EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUufxUYHLgvaxfm6AObKj60v4dIwd0/gT Xd17VLEWlUpNR63se9yjzIbKzBw2rxje+9GalDDOaNJzFG+XXNz6wKNfMF0wDgYD VR0PAQH/BAQDAgGmMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zAp BgNVHQ4EIgQgEk7d6Qvvq5FBNjXfHh0Fa4MjzHXcsIKg0+B+vdZT6D8wCgYIKoZI zj0EAwIDSAAwRQIhAI7atq+JHSmzBwZ034y6u54+uBPe+S9qyqrTVDQ9a6RoAiBG n8WRFVKobSeMJR6igf78tAjWVuSdEhhBJV2rGKmD1Q== -----END CERTIFICATE----- "�-----BEGIN CERTIFICATE----- MIICBzCCAa2gAwIBAgIQfWg0mgPDxGOBJpfWRqJ3tzAKBggqhkjOPQQDAjBnMQsw CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy YW5jaXNjbzETMBEGA1UEChMKY2FyZmF4LmNvbTEWMBQGA1UEAxMNY2EuY2FyZmF4 LmNvbTAeFw0xNzA4MTgxMTIwMzZaFw0yNzA4MTYxMTIwMzZaMFUxCzAJBgNVBAYT AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv MRkwFwYDVQQDDBBBZG1pbkBjYXJmYXguY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D AQcDQgAEWmAAX6Xj0/H7a5S6K5lA7u1pQLYZ/6iTTLn2E1JTWTd0jI5sh0zcL9qf dkfIk/8G0u6rLUA8WDv0EZqvi8Mt8KNNMEswDgYDVR0PAQH/BAQDAgeAMAwGA1Ud EwEB/wQCMAAwKwYDVR0jBCQwIoAgEk7d6Qvvq5FBNjXfHh0Fa4MjzHXcsIKg0+B+ vdZT6D8wCgYIKoZIzj0EAwIDSAAwRQIhAI3IKnk6Rxw3s78GuTpwiVjObwR1ylOo juILM99AMMFrAiAUx31MEvAZaw89QQ8KirZzl/JnCERoQ0kz8ov3jiFJzA== -----END CERTIFICATE----- B SHA2SHA256J�-----BEGIN CERTIFICATE----- MIICMDCCAdegAwIBAgIQbuC39Z6/ccEP3hMMe5cGSjAKBggqhkjOPQQDAjBqMQsw CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy YW5jaXNjbzETMBEGA1UEChMKY2FyZmF4LmNvbTEZMBcGA1UEAxMQdGxzY2EuY2Fy ZmF4LmNvbTAeFw0xNzA4MTgxMTIwMzZaFw0yNzA4MTYxMTIwMzZaMGoxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp c2NvMRMwEQYDVQQKEwpjYXJmYXguY29tMRkwFwYDVQQDExB0bHNjYS5jYXJmYXgu Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2oEQ9GicVdKYvI9pHj3iWb4P rjT7VO8weBDbDe0/MfxwhDsXe5uReASpL2YcbUYb1nCc/n9z/qvq23LXzPusaKNf MF0wDgYDVR0PAQH/BAQDAgGmMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUw AwEB/zApBgNVHQ4EIgQg/o+D3yG/Yzjm3Ka2AcI8VU63RSvF8aHIvnD10/EQtZgw CgYIKoZIzj0EAwIDRwAwRAIgXM/MWiZFfRQdAy1ybRHV8/A2IO8Xu6+aIKcSK5kF mXgCIBFDIzDA0DjeO0O3F7dBEf3nbiSvCQgIBQQbjGKm15+D -----END CERTIFICATE----- Admins"1 Admins'  PeerOrgAdmins"0 Readers%  PeerOrgAdmins"0 Writers%  PeerOrgAdmins*Admins@ ChannelCreationPolicy'  Admins/Channel/Orderer/Admins*/Channel/Orderer/Admins" AdminsAdmins*/Channel/Orderer/Admins� Orderer��  OrdererOrg�� MSP���  OrdererOrg�-----BEGIN CERTIFICATE----- MIICJzCCAc6gAwIBAgIRAIMBXTi8vzqOVhQiXB+ovQMwCgYIKoZIzj0EAwIwZTEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG cmFuY2lzY28xEjAQBgNVBAoTCWhvbmRhLmNvbTEVMBMGA1UEAxMMY2EuaG9uZGEu Y29tMB4XDTE3MDgxODExMjAzNloXDTI3MDgxNjExMjAzNlowZTELMAkGA1UEBhMC VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x EjAQBgNVBAoTCWhvbmRhLmNvbTEVMBMGA1UEAxMMY2EuaG9uZGEuY29tMFkwEwYH KoZIzj0CAQYIKoZIzj0DAQcDQgAEm3VY12jlinzimYav4K39anZGIyd7DrygL7fV b57S7tpvwTXWfGNt58tDBf584w1Bw7Yr6M3unJjWfNj7VaLwd6NfMF0wDgYDVR0P AQH/BAQDAgGmMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNV HQ4EIgQgMfMrGCUNqJqCehc2xsAYVyWqVTV3jYDcnmkyBhtFSGcwCgYIKoZIzj0E AwIDRwAwRAIgMrdpDfMnULyS2dMtjfdWGAXPxDj4URM0nelcSjOpmAoCIB24mFvn C34fP8icL0QVIOf+mPin2jD4HgsDP58dDFtu -----END CERTIFICATE----- "�-----BEGIN CERTIFICATE----- MIICBDCCAaqgAwIBAgIQOHnvuaxK4NLP1+Qb7OIm+DAKBggqhkjOPQQDAjBlMQsw CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy YW5jaXNjbzESMBAGA1UEChMJaG9uZGEuY29tMRUwEwYDVQQDEwxjYS5ob25kYS5j b20wHhcNMTcwODE4MTEyMDM2WhcNMjcwODE2MTEyMDM2WjBUMQswCQYDVQQGEwJV UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEY MBYGA1UEAwwPQWRtaW5AaG9uZGEuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD QgAEUe6whrR0aqrwMJ+kKZaAetMAYmBON4S9yu0VPaGDuaEmQufj6guOFP6eQ+6A LPRa1LaDEWAO0sPg9xtSc2P0MaNNMEswDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB /wQCMAAwKwYDVR0jBCQwIoAgMfMrGCUNqJqCehc2xsAYVyWqVTV3jYDcnmkyBhtF SGcwCgYIKoZIzj0EAwIDSAAwRQIhAMS9lF1z1wyp90zW2rgrIz7m0iX/hCUyR15N kSPTuzTQAiB6HWU0nabnzQHOcWwalz4WoCeIJRA6kjpQoP7yq7JmrQ== -----END CERTIFICATE----- B SHA2SHA256J�-----BEGIN CERTIFICATE----- MIICLjCCAdSgAwIBAgIRAP+2jzBK3BFU8vDd0QvneV4wCgYIKoZIzj0EAwIwaDEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG cmFuY2lzY28xEjAQBgNVBAoTCWhvbmRhLmNvbTEYMBYGA1UEAxMPdGxzY2EuaG9u ZGEuY29tMB4XDTE3MDgxODExMjAzNloXDTI3MDgxNjExMjAzNlowaDELMAkGA1UE BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz Y28xEjAQBgNVBAoTCWhvbmRhLmNvbTEYMBYGA1UEAxMPdGxzY2EuaG9uZGEuY29t MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3vaA4FhLDOMH7h39Ih2ivixOlg+n OI7+mF0GQrG8f2qop4gSaZQwtVIj5MpzTBcKqaa0l0k8FDdlobDtJ94QVKNfMF0w DgYDVR0PAQH/BAQDAgGmMA8GA1UdJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB /zApBgNVHQ4EIgQgxL6aI6nufoznFDDukcIWHhrAYIrNu7tNFYfHsoxgX0IwCgYI KoZIzj0EAwIDSAAwRQIhAJ5fLjps0Fq0r0l0Vfi1/35TMYgo9/6rNRkjnCZ3xPEV AiAVbQba7Pg9s8Ej6ok2zta1biohj5+k/flDM5KXM1NfOg== -----END CERTIFICATE----- Admins"4 Admins*  OrdererOrgAdmins"3 Readers(   OrdererOrgAdmins"3 Writers(   OrdererOrgAdmins*Admins! ConsensusType soloAdmins"     BatchSize  ���1�� Admins  BatchTimeout 1msAdmins ChannelRestrictionsAdmins"* ockValidation WritersAdmins"" aders ReadersAdmins"" iters WritersAdmins"" Admins  AdminsAdmins*Admins& HashingAlgorithm SHA256Admins- BlockDataHashingStructure����Admins; OrdererAddresses'   node1:7050/Channel/Orderer/Admins"" aders ReadersAdmins"" iters WritersAdmins"" Admins  AdminsAdmins*Admins 

Answer 1

Error: Got unexpected status: BAD_REQUEST -- Error authorizing update: Error validating DeltaSet: Policy for [Groups] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining

This usually indicates that the signer of the channel creation transaction does not have admin rights for one of the consortium orgs, however, it may indicate a failure for a number of other reasons.

Unfortunately, the error must be somewhat cryptic, to avoid leaking information about consortium or channel membership. To get the underlying cause, you will need to check the orderer logs. If it is not already set, you will want to turn the log level up to debug in orderer.yaml or alternately by setting FABRIC_LOGGING_SPEC=debug (or for versions of Fabric prior to v1.4.x ORDERER_GENERAL_LOGLEVEL=debug) before starting the orderer. In your orderer logs, you will see the same error text as output by the peer client, but in the preceding lines you will see additional causes for your error.

The most common reasons are:

1. The identity is not in the list of admins for the org.
2. The identity's certificate is not validly signed by the org CA chain.
3. The identity's org is not known to the orderer.

Some other unlikely possibilities because you are using the peer binary and not custom code:

4. The signature does not match the identity or signed bytes.
5. The identity is malformed.

Assuming that the cause is not obvious from the orderer logs, if you post them here, I'd be happy to help diagnose them.

Oh, and as a helpful tip. You may see a more human readable version of your genesisblock by using configtxgen -inspectBlock <genesis.block>.

Edit: Looking back a the top of your post I see this output in the orderer log:

ERRO 02d Principal deserialization failure (The supplied identity is not valid, Verify() returned x509: certificate signed by unknown authority) for identity

This would indicate that the certificate claims to be issued by a CA, but is not signed by the CA the orderer knows about (error type 2 above). This would commonly happen if you bootstrapped the orderer, then regenerated the crypto material for your environment without removing the orderer's storage directory.

It's important to remember that the ORDERER_GENERAL_BOOTSTRAPFILE (or prior to v2.0.0 ORDERER_GENERAL_GENESISFILE) is only read if the system is not already bootstrapped, so changing the genesis block for the orderer will have no affect unless the orderer storage is also deleted.