IDE wont connect to linux host

Homepage Clovertech Forums Read Only Archives Cloverleaf Cloverleaf IDE wont connect to linux host

  • Creator
    Topic
  • #51313
    herm ernst
    Participant

    Getting below error when trying to connect with IDE on XP laptop to remote host. Any ideas?

    An unexpected exception occurred during the login process.

    The exception shown below was caught.

    Unable to establish a connection to the host server: 10.129.176.32; nested exception is:

    com.hie.cloverleaf.securityserver.NoCloverleafSrvException: Unable to contact Server on server: 10.129.176.32; nested exception is:

    java.rmi.ConnectIOException: Cannot connect to host: //10.129.176.32:13015/

Viewing 22 reply threads
  • Author
    Replies
    • #69655
      Keith McLeod
      Participant

      Is this address in your /etc/hosts file?  It may be how you have your name resolution configured.

    • #69656
      Troy Morton
      Participant

      Also, verify the Cloverleaf host-server is running on the server to which you are trying to connect.

      Type…

      Code:

      >hciss

      Host Server is running
      >

      …from the command prompt on the server.

    • #69657
      herm ernst
      Participant

      I double checked.  10.129.176.32 is in the /etc/hosts file on the remote server and hciss shows that the host server is running but that the security server is not running.  Did try to start the security server with hciss -s s, it indicates that it starts but a follow up hciss shows that its not running.

      This is a new site installed by the vendor that I’m trying to connect to on the remote server. Any ideas on something they may have overlooked?

    • #69658
      herm ernst
      Participant

      Checked /etc/services and noticed there was no entry for port 13015. Could this be the problem? What should the entry look like?

    • #69659
      Troy Morton
      Participant

      Can you PING and TELNET to the server from your client?

      If not, its definitely not a Cloverleaf related issue.

      Also, verify that your site license certificates exist in $HCIROOT/server/certs.  There should be a key, cert, info and req file for your organization in this directory.  The name or acronym of your oganization is usually part of the file names.  These must exist before you can connect to the server with the JAVA GUI Client.  However, I’m not sure your error indicates a problem with the Security or License certificates.

      My suggestion is to contact QDX support for further assistance.  If none of this works.

    • #69660
      Troy Morton
      Participant

      We don’t have our Port defined in /etc/services either.

    • #69661
      herm ernst
      Participant

      I can ping but not telnet to the Linus host server.

      but can connect with Putty tool using SSH.

      Below are the contents of my laptop client.ini file and various server .ini files and directories.

      #### xp laptop client.ini

      $type client.ini

      general]

      doc_base_dir=C:quovadxqdx5.6integrator

      debug=false

      [logs]

      ### certs directory on Linux host is empty.

      $cd /quovadx/qdx5.6/integrator/client/certs

      $ls -la

      $

      ### contents of client.ini on Linux host server

      $cd /quovadx/qdx5.6/integrator/client

      $ cat client.ini

      [general]

      doc_base_dir=/quovadx/qdx5.6/integrator

      debug=false

      [logs]

      ### contents of linux host server.ini file

      $cd /quovadx/qdx5.6/integrator/server

      $ cat server.ini

      [general]

      [exports]

      environs=/quovadx/qdx5.6/integrator/mgh00sv0p0lwe

      [logging]

      cloverleaf_server_category=info

      cloverleaf_server_level=brief

      host_server_category=info

      host_server_level=brief

      ticket_server_category=info

      ticket_server_level=brief

      log_rmi_calls=false

      debug_ssl=false

      [security]

      audit_server_used=false

      ticket_life=16

      customer_ca_file_name=CUSTOMER_NAME-cert.der

      customer_ca_key_name=enc-CUSTOMER_NAME-key.der

      host_cert_chain=HOSTNAME-clserver-cert.der;CUSTOMER_NAME-cert.der;hie-cert.der

      host_private_key=enc-HOSTNAME-clserver-key.der

      password=PASSWORD

      security_server_host=FULLLY.QUALIFIED.HOSTNAME

      security_server_used=false

      security_anonymous=false

      basic_security_enabled=false

      [audit]

      auto_trim=true

      auto_trim_count=16000

      [ihb]

      ihb_sync_url=http://localhost:20210/IB/servlet/runHXML?action=IBgetNetConfig.xsp

      ihb_soap_port=20217

      ihb_email_port=20218

      ### license file exists on Linux host server

      $ pwd /quovadx/qdx5.6/integrator/vers

      $ ls

      db  license.dat

      Would firewalls need to be adjusted to allow traffice on 13015?

    • #69662
      Troy Morton
      Participant

      Looks like you have Security disabled, so that shouldn’t be the problem.

      If you are trying to connect to the Linux server from outside your network, you might need a firewall hole.  However, if you are using VPN, then I don’t think a firewall change should be necessary.

      I’ve pretty much exhausted my knowledge on what could be wrong.  I suggest contacting QDX support.  Jimmy has helped us with Certificate and Security issues in the past.

      Good luck

    • #69663
      herm ernst
      Participant

      Enabling port 13015 on the firewall fixed earlier problem. Now I’m getting following error when trying to connect to the Linux host server from my laptop:

      An unexpected exception occurred during the login process.

      The exception shown below was caught.

      Connection refused to host: 10.129.176.32; nested exception is:

      java.net.ConnectException: Connection timed out: connect

    • #69664
      Sam Craig
      Participant

      If you only opened one “hole” or port in firewall, then that is probably the issue.

      IDE uses two ports for communication.  Here is a netstat listing for my IDE connection from my workstation.  It is communicating on two ports.  Also, not sure if it uses the same two ports each time you try to connect.

      tcp4       0      0  uh2.org.46866    d79b1.org.4937    ESTABLISHED

      tcp4       0      0  uh2.org.53062    d79b1.org.1143    ESTABLISHED

      My workstation is d79b1 in this example.

      For AIX, command is…. netstat | grep workstationID

    • #69665
      David Teh
      Participant

      Sorry about digging up an old thread.

      But this is the only one with the similar error message.

      Cloverleaf 5.8.7 on Solaris 10.

      Getting this when using the client to access the server which is behind a firewall:

      ~~~~START ERROR~~~~

      An unexpected exception occurred during the login process.

      The exception shown below was caught.

      Connection refused to host: sgclvpr0; nested exception is:

      java.net.ConnectException: Connection timed out: connect

      ~~~~END ERROR~~~~

      Have already included these lines in server.ini:

      [firewall]

      rmi_exported_server_port=sgclvpr0

      Firewall rule has already been added to allow “all” to access the server on port 13019. And it is also allowing bi-directional traffic.

      Host server and daemons and other processes are running.

      Any ideas? Any other ports need to be opened?

      Thanks!

      herm ernst wrote:

      Enabling port 13015 on the firewall fixed earlier problem. Now I’m getting following error when trying to connect to the Linux host server from my laptop:

      An unexpected exception occurred during the login process.

      The exception shown below was caught.

      Connection refused to host: 10.129.176.32; nested exception is:

      java.net.ConnectException: Connection timed out: connect

    • #69666
      David Barr
      Participant

      This post has information about the port numbers used by the client:

      http://clovertech.infor.com/viewtopic.php?p=17485#17500

    • #69667
      David Teh
      Participant

      More infor:

      Machine IPs:

      Server 1: sgclvpr1 (10.168.22.21)

      Server 2: sgclvpr2 (10.168.22.22)

      Server 3: sgclvpr3 (10.216.46.41) <—behind firewall

      Service Hostname: sgclvpr0

      Client works fine on Server 1 and 2, but not 3.

      Tried the steps given:

      hcitest@sgclvpr3:/home/hcitest>showroot

      HCI root is /quovadx/cis5.8/integrator

      HCI master site is helloworld

      HCI site is hcitest

      hcitest@sgclvpr3:/home/hcitest>hostname

      sgclvpr3

      hcitest@sgclvpr3:/home/hcitest>uname -a

      SunOS sgclvpr3 5.10 Generic_148888-05 sun4v sparc sun4v

      hcitest@sgclvpr3:/home/hcitest>ping -s sgclvpr0

      PING sgclvpr0: 56 data bytes

      64 bytes from sgclvpr0.shses.shs.com.sg (10.216.46.40): icmp_seq=0. time=0.213 ms

      64 bytes from sgclvpr0.shses.shs.com.sg (10.216.46.40): icmp_seq=1. time=0.184 ms

      64 bytes from sgclvpr0.shses.shs.com.sg (10.216.46.40): icmp_seq=2. time=0.151 ms

      64 bytes from sgclvpr0.shses.shs.com.sg (10.216.46.40): icmp_seq=3. time=0.155 ms

      ^C

      —-sgclvpr0 PING Statistics—-

      4 packets transmitted, 4 packets received, 0% packet loss

      round-trip (ms)  min/avg/max/stddev = 0.151/0.176/0.213/0.029

      hcitest@sgclvpr3:/home/hcitest>hcireglist 10.216.46.40 13019

      Trying anonymous registry on host 10.216.46.40 at port 13019

      Trying registry on host 10.216.46.40 at port 13019

      Registry=RegistryImpl_Stub[UnicastRef [liveRef: [endpoint:[10.216.46.40:13019](remote),objID:[0:0:0, 0]]]]

      RMI_CloverleafServer_1.0

      RMI_CloverleafServer_1.0

      RemoteCloverleafServer_Stub[UnicastRef [liveRef: [endpoint:[10.216.46.40:34502](remote),objID:[-66b0f17e:142e1efe086:-7fff, -6125884924126111243]]]]

      Host “10.216.46.40” a.k.a:

             10.216.46.40

             sgclvpr0.shses.shs.com.sg

      Other than port 13019, any other ports needs to be opened?

    • #69668
      David Barr
      Participant

      David Teh wrote:

      Other than port 13019, any other ports needs to be opened?

      Yes, you will need to be able to access every port in the local port range of your server. On Linux this is set in /etc/sysctl.conf under the net.ipv4.ip_local_port_range setting.

      The Cloverleaf server starts accepting connections on port 13019, but then it tells the clients to open additional connections to ports that are assigned dynamically. They are assigned from the local port range.

    • #69669
      David Teh
      Participant

      Thanks David!!!!!

      Now my firewall admin will faint…..(again)

    • #69670
      David Teh
      Participant

      Solved!

      Support came back with these settings in the server.ini:

      [firewall]

      monitord_server_use=true

      host_server_default_port=34510 (as an example)

      rmi_exported_server_port=’clustered hostname’

    • #69671

      David Barr wrote:

      The Cloverleaf server starts accepting connections on port 13019, but then it tells the clients to open additional connections to ports that are assigned dynamically. They are assigned from the local port range.

      I’m not sure this is 100% accurate. I believe that the Cloverlreaf hostserver itself actually establishes the connection back out to the client on a new, randomly assigned port. This is often a problem for firewalls that block connections initialized from the server-side instead of from the client-side.

      I have actually asked R&D to look into doing it the way you stated, send the port number to the client, but have the client establish the connection on that port.

      You can force the hostserver to use port 13019 (or the assigned port) by setting this line in the server.ini or by checking the “Host Server routes traffic” box in the Server Administrator tool.

      Code:

      [firewall]
      monitord_server_use=true

      Here is a complete set of firewall settings I’ve used in successfully in the past. Your mileage may vary so be prepared to make tweaks.

      [general]
      jvm_args=-Xmx512m
      [code][general]
      jvm_args=-Xmx512m

      -- Max Drown (Infor)

    • #69672
      David Barr
      Participant

      Max Drown wrote:

      [general]
      jvm_args=-Xmx512m
      [code][general]
      jvm_args=-Xmx512m

    • #69673

      No. You don’t. This forces ALL traffic to one port, the port used by the hostserver.

      -- Max Drown (Infor)

    • #69674
      Bob Richardson
      Participant

      One and All,

      We are running 5.8.6.0 on AIX 6.1 TL 7 virtualized.

      Just a note on our experience with these settings.

      We use Net Motion from our Windows 7 clients to establish secure VPN connections with our LAN.

      In order for us to get back displayed test results in the IDE testing tool

      functions (hciroutetest, hcitpstest, etc.) when working remotely and connected by VPN tunnel,  INFOR support supplied us the following setting:

      [firewall]

      tunnel_port=14019

      Apparently this port is hard-wired into the software – deep secrets not revealed.  Anyway this is working for us.  We do get back our test results

      in the IDE.

    • #69675

      The default port numbers change from version to version so that running two versions of Cloverleaf on the same server do not conflict.

      -- Max Drown (Infor)

    • #69676

      Here is some more info.

      There are three ports used by the hostserver:

         RMI Registry Port: Defaults to 13019 in 5.8 and 13020 in 6.0 and can be changed to any number in server.ini.

         RMI Object Port: Random port. If host server runs behind firewall, the port should be explicitly specified in server.ini.

         RMI Callback Port: Introduced in 5.8.5 to make the callback behavior work in firewall environment. If the port is not specified, host server will choose a random port and create a connection from server to the client when callback is executed. If the port is specified, the connection is established from client to server. Just as you said, the connection from server to client will be blocked by firewall always. Therefore, the RMI callback port should be also specified in server.ini in firewall environment.

      The hcimonitord traffic is using random ports and cannot be forced to use a specified port or range. If a firewall exists, choose

      -- Max Drown (Infor)

    • #69677

      Here are my notes in .pdf format.

      -- Max Drown (Infor)

Viewing 22 reply threads
  • The forum ‘Cloverleaf’ is closed to new topics and replies.

Forum Statistics

Registered Users
5,126
Forums
28
Topics
9,296
Replies
34,439
Topic Tags
287
Empty Topic Tags
10