Error: got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied

I am trying to create channel with following command

docker exec cli.org1.example.com peer channel create -o orderer0.example.com:7050 -c example -f /var/hyperledger/config/example.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

and following error is being produced

2019-01-02 10:11:33.253 UTC [grpc] Printf -> DEBU 04a ClientConn switching balancer to “pick_first”
2019-01-02 10:11:33.253 UTC [grpc] Printf -> DEBU 04b pickfirstBalancer: HandleSubConnStateChange: 0xc4204eed70, CONNECTING
2019-01-02 10:11:33.257 UTC [grpc] Printf -> DEBU 04c pickfirstBalancer: HandleSubConnStateChange: 0xc4204eed70, READY
Error: got unexpected status: FORBIDDEN – Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied

I am trying to deploy fabric network without docker swarm. I have generated new crypto-config, removed previous containers but still error is persisting

Here is the docker-compose.yml file

version: ‘3.2’

services:

ca.org1.example.com:
    image: hyperledger/fabric-ca:1.2.1
    container_name: ca.org1.example.com
    environment:
        - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
        - FABRIC_CA_SERVER_TLS_ENABLED=TRUE
        - FABRIC_CA_SERVER_CA_NAME=ca_org1
        - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
        - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/5a3249c85c821aa8ddf10c7937b99f7cddd0d7ac3d08546db41eacbf05401eb6_sk
    ports:
        - "7054:7054"   
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
        - /var/mynetwork/certs/crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config

cli.org1.example.com:
    image: hyperledger/fabric-tools:1.2.1
    tty: true
    container_name: cli.org1.example.com
    environment:
      - GOPATH=/opt/gopath
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_LOGGING_LEVEL=DEBUG
      - CORE_PEER_ID=cli.org1.example.com
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_CHAINCODE_KEEPALIVE=10
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
      
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
        - /var/run/:/host/var/run/
        - /var/mynetwork/chaincode:/opt/gopath/src/github.com/chaincode
        - /var/mynetwork/fabric-src/hyperledger/fabric:/opt/gopath/src/github.com/hyperledger/fabric
        - /var/mynetwork/certs/crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto
        - /var/mynetwork/certs/config:/var/hyperledger/config
        - /var/mynetwork/bin/:/var/bin
        # - /var/mynetwork/bin/jq:/usr/local/bin/jq

kafka0:
   container_name: kafka0
   image: hyperledger/fabric-kafka
   environment:
     - KAFKA_MESSAGE_MAX_BYTES=103809024 # 99 * 1024 * 1024 B
     - KAFKA_REPLICA_FETCH_MAX_BYTES=103809024 # 99 * 1024 * 1024 B
     - KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
     - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=example
     - KAFKA_BROKER_ID=0
     - KAFKA_MIN_INSYNC_REPLICAS=2
     - KAFKA_DEFAULT_REPLICATION_FACTOR=3
     - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
     - KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS=36000
     - KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS=36000

kafka1:
   container_name: kafka1
   image: hyperledger/fabric-kafka
   environment:
     - KAFKA_MESSAGE_MAX_BYTES=103809024 # 99 * 1024 * 1024 B
     - KAFKA_REPLICA_FETCH_MAX_BYTES=103809024 # 99 * 1024 * 1024 B
     - KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
     - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=example
     - KAFKA_BROKER_ID=1
     - KAFKA_DEFAULT_REPLICATION_FACTOR=3
     - KAFKA.MIN_INSYNC_REPLICAS=2
     - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
     - KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS=36000
     - KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS=36000

kafka2:
   container_name: kafka2
   image: hyperledger/fabric-kafka
   environment:
     - KAFKA_MESSAGE_MAX_BYTES=103809024 # 99 * 1024 * 1024 B
     - KAFKA_REPLICA_FETCH_MAX_BYTES=103809024 # 99 * 1024 * 1024 B
     - KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
     - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=example
     - KAFKA_BROKER_ID=2
     - KAFKA_DEFAULT_REPLICATION_FACTOR=3
     - KAFKA.MIN_INSYNC_REPLICAS=2
     - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
     - KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS=36000
     - KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS=36000

kafka3:
   container_name: kafka3
   image: hyperledger/fabric-kafka
   environment:
     - KAFKA_MESSAGE_MAX_BYTES=103809024 # 99 * 1024 * 1024 B
     - KAFKA_REPLICA_FETCH_MAX_BYTES=103809024 # 99 * 1024 * 1024 B
     - KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
     - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=example
     - KAFKA_BROKER_ID=3
     - KAFKA_DEFAULT_REPLICATION_FACTOR=3
     - KAFKA.MIN_INSYNC_REPLICAS=2
     - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
     - KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS=36000
     - KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS=36000

orderer0.example.com:
    image: hyperledger/fabric-orderer:1.2.1
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
    command: orderer
    container_name: orderer0.example.com
    environment:
        - ORDERER_GENERAL_LOGLEVEL=debug
        - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
        - ORDERER_GENERAL_GENESISMETHOD=file
        - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/config/genesis.block
        - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
        - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/msp
        - ORDERER_GENERAL_TLS_ENABLED=true
        - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/tls/server.key
        - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/tls/server.crt
        - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/tls/ca.crt]
        - ORDERER_HOME=/var/hyperledger/orderer
        - ORDERER_GENERAL_LISTENPORT=7050
        #- ORDERER_GENERAL_LEDGERTYPE=ram
        - CONFIGTX_ORDERER_BATCHSIZE_MAXMESSAGECOUNT=10
        - CONFIGTX_ORDERER_BATCHTIMEOUT=2s
        - CONFIGTX_ORDERER_ADDRESSES=[127.0.0.1:7050]
        - ORDERER_TLS_CLIENTAUTHREQUIRED=false
        - ORDERER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin@example.com/tls/ca.crt
        - ORDERER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin@example.com/tls/client.crt
        - ORDERER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin@example.com/tls/client.key
        - ORDERER_HOST=orderer0.example.com
        - CONFIGTX_ORDERER_ORDERERTYPE=kafka
        - CONFIGTX_ORDERER_KAFKA_BROKERS=[kafka0:9092,kafka1:9092,kafka2:9092,kafka3:9092]
        - ORDERER_KAFKA_RETRY_SHORTINTERVAL=1s
        - ORDERER_KAFKA_RETRY_SHORTTOTAL=30s
        - ORDERER_KAFKA_VERBOSE=true
        - ORDERER_GENERAL_GENESISPROFILE=SecureKafka
        - ORDERER_ABSOLUTEMAXBYTES=10MB
        - ORDERER_PREFERREDMAXBYTES=512KB
    ports:
      - 7050:7050
    volumes:
        - /var/mynetwork/certs/crypto-config/ordererOrganizations/example.com/users:/var/hyperledger/users
        - /var/mynetwork/certs/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp:/var/hyperledger/msp
        - /var/mynetwork/certs/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls:/var/hyperledger/tls
        - /var/mynetwork/certs/config/:/var/hyperledger/config
        #- /var/hyperledger/orderer/:/var/hyperledger/
    depends_on:
        - kafka0
        - kafka1
        - kafka2
        - kafka3

peer0.org1.example.com:
    image: hyperledger/fabric-peer:1.2.1
    container_name: peer0.org1.example.com
    environment:
        - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
        - CORE_PEER_NETWORKID=example
        - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=example
        - CORE_PEER_ADDRESSAUTODETECT=true
        # - CORE_PEER_GOSSIP_ORGLEADER=false
        # - CORE_PEER_GOSSIP_USELEADERELECTION=true
        - CORE_PEER_PROFILE_ENABLED=true
        - CORE_PEER_MSPCONFIGPATH=/var/hyperledger/msp
        #- CORE_LEDGER_STATE_STATEDATABASE=LevelDB
        - CORE_LOGGING_LEVEL=DEBUG
        - CORE_LOGGING_GOSSIP=${CORE_LOGGING_GOSSIP}
        - CORE_LOGGING_MSP=DEBUG
        # - CORE_PEER_MSPCONFIGPATH=/var/hyperledger/msp
        # TLS settings
        - CORE_PEER_TLS_ENABLED=true
        - CORE_PEER_TLS_CLIENTAUTHREQUIRED=false
        - CORE_PEER_TLS_CERT_FILE=/var/hyperledger/tls/server.crt
        - CORE_PEER_TLS_KEY_FILE=/var/hyperledger/tls/server.key
        - CORE_PEER_TLS_ROOTCERT_FILE=/var/hyperledger/tls/ca.crt
        - CORE_PEER_CHAINCODELISTENADDRESS=peer0.org1.example.com:7052
        - CORE_PEER_ID=peer0.org1.example.com
        - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
        - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
        - CORE_PEER_LOCALMSPID=Org1MSP
        #- CORE_LEDGER_STATE_STATEDATABASE=goleveldb
        - CORE_LEDGER_STATE_STATEDATABASE=CouchDB
        - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0.org1.example.com:5984

    volumes:
        - /var/run/:/host/var/run/
        - /var/mynetwork/certs/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/var/hyperledger/msp
        - /var/mynetwork/certs/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/var/hyperledger/tls
        - /var/mynetwork/certs/crypto-config/peerOrganizations/org1.example.com/users:/var/hyperledger/users
        - /var/mynetwork/certs/crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto
        - /var/mynetwork/certs/config/:/var/hyperledger/config
        #- /var/hyperledger/peer0/:/var/hyperledger/production/
    command: peer node start
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    depends_on:
        - orderer0.example.com
        - couchdb0.org1.example.com
    ports:
        - 7051:7051
        - 7053:7053

couchdb0.org1.example.com:
    image: hyperledger/fabric-couchdb:x86_64-0.4.6
    container_name: couchdb0.org1.example.com
    ports:
        - 5984:5984
    environment:
       DB_URL: http://localhost:5984/member_db

zookeeper0:
   container_name: zookeeper0.example.com
   image: hyperledger/fabric-zookeeper
   environment:
     - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=example
     - ZOO_MY_ID=1
     - ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888

zookeeper1:
   container_name: zookeeper1.example.com
   image: hyperledger/fabric-zookeeper       
   environment:
     - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=example
     - ZOO_MY_ID=2
     - ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
   
zookeeper2:
   container_name: zookeeper2.example.com
   image: hyperledger/fabric-zookeeper
   environment:
     - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=example
     - ZOO_MY_ID=3
     - ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888

configtx.yaml

################################################################################

# Section: Organizations

#
#   - This section defines the different organizational identities which will
#   be referenced later in the configuration.
#

################################################################################
Organizations:

# SampleOrg defines an MSP using the sampleconfig.  It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
    # DefaultOrg defines the organization which is used in the sampleconfig
    # of the fabric.git development environment
    Name: OrdererOrg

    # ID to load the MSP definition as
    ID: OrdererMSP

    # MSPDir is the filesystem path which contains the MSP configuration
    MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
    Name: Org1MSP
    ID: Org1MSP
    MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
    AnchorPeers:
        - Host: peer0.org1.example.com
          Port: 7051           

################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults

# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: kafka

Addresses:
    - orderer0.example.com:7050
    - orderer1.example.com:7050
    - orderer2.example.com:7050
    - orderer3.example.com:7050

# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s

# Batch Size: Controls the number of messages batched into a block
BatchSize:

    # Max Message Count: The maximum number of messages to permit in a batch
    MaxMessageCount: 10

    # Absolute Max Bytes: The absolute maximum number of bytes allowed for
    # the serialized messages in a batch.
    AbsoluteMaxBytes: 99 MB

    # Preferred Max Bytes: The preferred maximum number of bytes allowed for
    # the serialized messages in a batch. A message larger than the preferred
    # max bytes will result in a batch larger than preferred max bytes.
    PreferredMaxBytes: 512 KB

Kafka:
    # Brokers: A list of Kafka brokers to which the orderer connects
    # NOTE: Use IP:port notation
    Brokers:
        - kafka0:9092
        - kafka1:9092
        - kafka2:9092
        - kafka3:9092

# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:

################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults

# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:

################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both. Set the value of the capability to true to require it.
Global: &ChannelCapabilities
# V1.1 for Global is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running v1.0.x,
# but the modification of which would cause incompatibilities. Users
# should leave this flag set to true.
V1_1: true

    # Orderer capabilities apply only to the orderers, and may be safely
    # manipulated without concern for upgrading peers.  Set the value of the
    # capability to true to require it.
    Orderer: &OrdererCapabilities
        # V1.1 for Order is a catchall flag for behavior which has been
        # determined to be desired for all orderers running v1.0.x, but the
        # modification of which  would cause incompatibilities.  Users should
        # leave this flag set to true.
        V1_1: true

    # Application capabilities apply only to the peer network, and may be safely
    # manipulated without concern for upgrading orderers.  Set the value of the
    # capability to true to require it.
    Application: &ApplicationCapabilities
        # V1.1 for Application is a catchall flag for behavior which has been
        # determined to be desired for all peers running v1.0.x, but the
        # modification of which would cause incompatibilities.  Users should
        # leave this flag set to true.
        V1_1: true

################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:

OrdererGenesis:
    Capabilities:
        <<: *ChannelCapabilities
    Orderer:
        <<: *OrdererDefaults
        Organizations:
            - *OrdererOrg
        Capabilities:
            <<: *OrdererCapabilities
    Consortiums:
        TradeConsortium:
            Organizations:
                - *Org1
exampleChannel:
    Consortium: exampleConsortium
    Application:
        <<: *ApplicationDefaults
        Organizations:
            - *Org1
        Capabilities:
            <<: *ApplicationCapabilities

This error usually occurs if some old certificates are left in the system. Try to delete the certificates and generate the new.

I have deleted and regenerated certificates but error is persisting. And i used these for

cryptogen generate --config=./crypto-config.yaml

configtxgen -profile OrdererGenesis -outputBlock ./config/genesis.block -channelID example

configtxgen -profile exampleChannel -outputCreateChannelTx ./config/example.tx -channelID example

configtxgen -profile exampleChannel -outputAnchorPeersUpdate ./config/ORG1MSPanchors_example.tx -channelID example -asOrg Org1MSP

And i have also removed locally mounted volumes but error is still persisting

have you replace the FABRIC_CA_SERVER_CA_KEYFILE with the new one?

Yes i did. I have restarted again from scratch. And now i am facing this error

Error: got unexpected status: SERVICE_UNAVAILABLE – will not enqueue, consenter for this channel hasn’t started yet

All containers are up and running not sure why is it occuring

And it is back to previous error

Error: got unexpected status: FORBIDDEN – Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied

hmm… no idea… I used to get this error when I was trying Multi-Org on Multi-Host, but it has got solved after deleting volumes and certificates

I am thinking about setting up a new vm and try there. Maybe i am missing something here.

yes. I think that would help.

Still nothing. Error is still there even on fresh machine.

I have added configtx.yaml. I didn’t add any policies. That might be the issue ?
These are the logs from orderer

2019-01-03 07:34:37.531 UTC [cauthdsl] func2 -> DEBU 12f 0xc42000e0f8 identity 0 does not satisfy principal: the identity is a member of a different MSP (expected OrdererMSP, got Org1MSP)
2019-01-03 07:34:37.531 UTC [cauthdsl] func2 -> DEBU 130 0xc42000e0f8 principal evaluation fails
2019-01-03 07:34:37.531 UTC [cauthdsl] func1 -> DEBU 131 0xc42000e0f8 gate 1546500877531277313 evaluation fails
2019-01-03 07:34:37.531 UTC [policies] Evaluate -> DEBU 132 Signature set did not satisfy policy /Channel/Orderer/OrdererOrg/Writers
2019-01-03 07:34:37.531 UTC [policies] Evaluate -> DEBU 133 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Writers
2019-01-03 07:34:37.531 UTC [policies] func1 -> DEBU 134 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ OrdererOrg.Writers ]
2019-01-03 07:34:37.531 UTC [policies] Evaluate -> DEBU 135 Signature set did not satisfy policy /Channel/Orderer/Writers
2019-01-03 07:34:37.531 UTC [policies] Evaluate -> DEBU 136 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Writers
2019-01-03 07:34:37.531 UTC [policies] func1 -> DEBU 137 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Orderer.Writers Consortiums.Writers ]
2019-01-03 07:34:37.531 UTC [policies] Evaluate -> DEBU 138 Signature set did not satisfy policy /Channel/Writers
2019-01-03 07:34:37.531 UTC [policies] Evaluate -> DEBU 139 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Writers
2019-01-03 07:34:37.531 UTC [orderer/common/broadcast] Handle -> WARN 13a [channel: mychannel] Rejecting broadcast of config message from 172.27.0.4:54410 because of error: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied
2019-01-03 07:34:37.531 UTC [orderer/common/server] func1 -> DEBU 13b Closing Broadcast stream
2019-01-03 07:34:37.533 UTC [grpc] Printf -> DEBU 13c transport: http2Server.HandleStreams failed to read frame: read tcp 172.27.0.12:7050->172.27.0.4:54410: read: connection reset by peer
2019-01-03 07:34:37.533 UTC [common/deliver] Handle -> WARN 13d Error reading from 172.27.0.4:54408: rpc error: code = Canceled desc = context canceled
2019-01-03 07:34:37.533 UTC [orderer/common/server] func1 -> DEBU 13e Closing Deliver stream

i m also facing this issue?how did you solve this ?

Same problem and don’t know where the error is