Sorry for this question which must have been asked many times, but I can't succeed in resolving my problem.
I've read a lot of blogs, sites, forums, .... and didn't find any solution in my case.
Case :
I need to connect VisualVM on my box to distant servers (tomcats, weblogics) for performance / threads / memory monitoring.
Those servers are installed on (physical or virtual) machines which are protected by a firewall.
Large intervals of ports are open in the firewall and can be used, but not all ports.
Tests
I've tried direct connections through JMX in VisualVM, using following JVM options on the server-side at server startup :
-Djava.rmi.server.hostname=[hostname]
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=[port]
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
I've precised the hostname because from my network the hostname and the IP address of the server are not the same than those from the network of the remote server.
No success, VisualVM always seems searching for an unknown server.
tried starting jstatd on the server-side on a port accessible (-p option) from my box (telnet on this port works), but when launching visualVM on this host with the jstatd port, it still seems waiting for something unreachable.... Same behavior with jps connecting to this remote host.
tried using the same tools on a server with less network protection, and it works. So I have seen the connections between my box and the server and they are done on ports different from what I've specified to jstatd.
I understand that this port is needed for first communication (kind of handshake) and real communications are done on other ports, but not predictible (ex: 60305, 55197, ...).
Not sure I understand very well how RMI works.
Please, help me, I'm going crazy !
Unfortunately JMX tries to open ports other than the one you configure. Just yesterday I succeeded connecting to tomcat behind firewall via JMX. The two tricky parts are:
put a file called jmxremote.access in CATALINA_HOME/conf, which contains the following lines:
monitorRole readonly
controlRole readwrite
in server.xml set the ports that will be used by jmx, via a special tomcat listener (catalina-jmx-remote.jar required in /lib):
<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
rmiRegistryPortPlatform="9009" rmiServerPortPlatform="9010" />
Then open these two ports on the firewall. It works. But that's just for tomcat.
Another option is to use ssh tunnelling. In short - you connect via SSH and configure it to forward some local port (where the jmx client is running) to some ports on the other side of the tunnel.
References:
Connecting to JMX on Tomcat 6 through a firewall
Connecting MySQL server on Amazon EC2 instance using ssh tunnel
Here are the steps to do this:
Launch an ejstatd in your remote host this way (in ejstatd folder): mvn exec:java -Djava.rmi.server.hostname=[remote_host_name] -Dexec.args="-pr 1099 -ph 1100 -pv 1101" (used for "jstatd" type connection)
Launch your Java application with those additional Java parameters: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=1102 -Dcom.sun.management.jmxremote.rmi.port=1102 -Djava.rmi.server.hostname=[remote_host_name] (used for "JMX" type connection) (java.rmi.server.hostname is required here only because the IP and hostname from your network is not the same as the server point of view)
Open those 4 ports on your remote host and make them available to your local machine: 1099, 1100, 1101 and 1102
Launch JVisualVM
Right-click on "Remote" > "Add Remote Host..." and enter your remote host name in "Host name" (if you don't use the port 1099, you can change this in the "Advanced Settings")
Right-click on the remote host you've just created > "Add JMX Connection..." and enter "[remote_host_name]:1102" in "Connection" input, and check "Do not require SSL connection"
Your Java process will appear twice: one from the "jstatd" connection type, and one from the "JMX" connection type.
Disclaimer: I'm the author of the open source ejstatd tool.
On your [hostname], open up [port] and tcp port range 40000-60000 for your IP only.
This did the trick for me fairly well.
Related
I am trying to start H2 in server mode to connect an application from another computer. But no matter how hard I have tried, I have not succeeded.
I have seen the documentation and to start the server from the command line is executed:
java -cp h2-2.1.214.jar org.h2.tools.Server -tcpAllowOthers
output:
TCP server running at tcp://127.0.1.1:9092 (others can connect)
PG server running at pg://127.0.1.1:5435 (only local connections)
Web Console server running at https://127.0.1.1:8082 (others can connect)
now from the other pc, as I understand I must execute the connection in the following way:
jdbc:h2:tcp://[server][:port]/[path]/[databaseName]
then it should be:
jdbc:h2:tcp://127.0.1.1:9092/home/mateo/database
But I have read that 127.0.1.1 only works locally. I have also noticed that when I open H2 Console in the examples I have seen, the machine's ip appears, that is to say: 192.168.X.
What am I doing wrong?
(Update)
I am currently using Linux.
I have launched the server from Windows and managed to connect it from Linux successfully following the above steps. But, I still don't understand why it doesn't work in Linux, in Windows it loads the server with the IP address of the machine. It makes me think that I have to do some additional configuration for Linux.
server running
You need to replace local IP address in your JDBC URL with real non-local IP address of your server (jdbc:h2:tcp://127.0.1.1:9092/*** -> jdbc:h2:tcp://192.168.1.4:9092/***, for example). H2 listens all network interfaces of the host, it doesn't matter which address was reported in “runnig at …” message.
You also may need to protect ports 8082 and 9092 from connections from untrusted systems if you have them in your internal network and from connections from external network (make sure your router or whatever you have doesn't redirect connections to the host with database server).
I'm attempting to connect to a remote JMX service using VisualVM 1.3.8 with JRE 1.8.0. Making exactly the same connection with JConsole works perfectly, however the attempt to use the same parameters with VVM just hangs at the 'Adding services' stage. I've looked in the VVM log but there is literally nothing logged.
I also read here at the VVM remote JMX doc:
Note: To retrieve and display information on applications running on the remote host, the jstatd utility needs to be running on the remote host.
That puzzles me since I can make the remote JMX connection using JConsole and as far as I can tell, jstatd is not running on the remote.
Does anyone know if jstatd a requirement only for VVM as a remote JMX client? As the JMX connection can be made with JConsole between the same client and server endpoints, then there's no problem with network/firewall etc.
Other than that I'm really puzzled where else to look for clues?
I had the same trouble when I switched from Java 7 to 8, while using SOCKS where I was updating proxy settings through VisualVM -> Tools -> Plugins -> Settings -> Proxy Settings. However, I have been successful with the following:
Run your JVM with the following options:
-Dcom.sun.management.jmxremote.port=<JMX_PORT>
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
Note that you could obviously do something more secure, both w.r.t SSL and authentication.
Setup a SOCKS proxy from your localhost to the remote server:
ssh -D<SOCKS_PORT> -vvv -N <REMOTE_HOST>
Run either of these commands on your localhost:
jconsole -J-DsocksProxyHost=localhost -J-DsocksProxyPort=<SOCKS_PORT> service:jmx:rmi:///jndi/rmi://<REMOTE_HOST:JMX_PORT>/jmxrmi
jvisualvm -J-DsocksProxyHost=localhost -J-DsocksProxyPort=<SOCKS_PORT> --openjmx <REMOTE_HOST>
I installed locally and now running Weblogic Server in my machine. I can access the web application from my machine by using URL like 192.168.XXX.XXX:7001/myapp/, but I cannot access it from a different machine connected in same network. I have done this one: went to Administrative console, clicked on my server and inserted my IP in the textbox beside Listen Address.But it didn't help.
Please, help me on this matter.
The 'Listen Address' configuration item specifies which IP address your server listens on.
If it's set to 127.0.0.1 or localhost, then your server only listens on localhost address, which means it only serves requests come from localhost.
You should set it to the public IP address of your machine. Or simply set to 0.0.0.0, which means listen on all available address that your machine has.
Companies block some ports due to security reason. And 7001 is one of those common ports which they block.
So you can perform following steps.
Type following command in cmd:
telnet HOST.IP.ADDRESS PORT
Ex: telnet 192.658.152.45 7001
In case if it shows connecting and then stops, that means that port has been
blocked.
Try some other port , let say 8080.
If it works then change the default port in weblogic
Go to config.xml file in
\user_projects\domains\\config
Add listener port as
<server>
<name>AdminServer</name>
<listen-port>8080</listen-port>
<listen-port-enabled>true</listen-port-enabled>
<listen-address></listen-address>
</server>
I had the same problem and solved it like:
From the administration console change Listen address from localhost to admin server's IP
Stop Windows Firewall (I try only to define a new Rule to open port 7001 but without a result)
After that all works like a charm :)
Is your machine connected to the network?
Do you have any firewall installed? Is it blocking access from the outside?
Do you have any other software on your computer that is blocking access?
Does you network have hardware/software that blocks access to certain ports?
Other
This is a firewall issue. You can add port 7001 an exception to the firewall or before that to confirm whether the issue is because of firewall, try
systemctl stop firewalld
Check again if you are able to access the console from a different machine.
just allow specific port in firewall, Try this
sudo firewall-cmd --zone=public --permanent --add-port=7001/tcp
sudo firewall-cmd –-reload
I developing under Spring3.1 standalone env.
I am trying to connect my application remotely via jconsole.
It's working locally but when I deploy my application into the linux machine it gets time out.
I am using Daemon in order to run my environment.
this is what I add in the run.sh script:
-Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=6969 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=false \
com.mypackage.daemon.FixDaemon
and inside applicationContext.xml:
<context:mbean-server />
<context:mbean-export />
now on the linux machine after doing netstat thats what we see:
[root# logs]# netstat -an | grep 6969
tcp 0 0 :::6969 :::* LISTEN
so it's seems like it does listening.
but when I add my ip:6969 inside the jconsole interface I get connection failed popup.
any idea what am I doing wrong?
thanks,
ray.
First try to add also this option to your application:
-Djava.rmi.server.hostname=<ip>
Also keep in mind jconsole is using RMI for the communication. This means jconsole first connects to ip:6969. Then server generates a random port X which is passed back to the jconsole. Jconsole then opens another connection to ip:X. Since X is random, there is no way you can open this specific port in the firewall. You have either to open all ports or use a socks proxy which is another subject.
Try connecting to that port using telnet from your machine. If this does not succeed it usually is because of a firewall dropping packets. You will have to talk to your network administrator to open up that port.
Note: You will have to open up two ports. One for binding the RMIRegistry and another one to export the RMI objects. RMI usually exports objects on random high ports. But this will not work in a firewall-ed environment hence you would have to configure the port on which it is exported. This is done by using a RMI URL.
If you are running this on Linux then do a hostname -i, if it returns 127.0.0.1 then fix /etc/hosts. The FAQ entry for JConsole has more information on this.
Another option I would strongly suggest is to look at Jolokia which does not involve changing the firewall configuration but still provides the JMX goodies over HTTP.
I have an application running in server A. The dev environment is in server B.
I am trying to do remote debugging of app running in server A.
In server A i added following command to service start script
-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,address=4554,server=y,suspend=n
And service is running in server A.
When i try to launch remote debugging configuration it gives
Failed to connect to remote VM. Connection refused. Connection refused
port 4554 is free in server A.
What other configuration need to be done for this?
Regards
Dheeraj Joshi
Try this.
Set suspend=y, just to make sure you got the JVM line right. This should stop the VM on startup until you connect.
If you're on Unix, bring up the terminal and try telnet [host] [port] - this will quickly let you know if there's anything listening to that port on that host.
Make sure the connection properties in Eclipse are set correctly. Note that the port defaults to 8000.
Use the IP address instead of the host name, to rule out DNS/hostfile problems.
Another way of starting the JVM that I use successfully is:
-agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=y
Check if there is a firewall between and/or on the two servers.