Steven Erat's Blog
 
 
Viewing By Entry
 
 

TalkingTree  Tracing wsconfig with Ethereal Network Analyzer

 

Tracing the wsconfig utility's TCP communications to a JRun server reveals communication over ports other than the JNDI port. In fact, after wsconfig establishes a connection over the JNDI port, the JRun server instructs wsconfig that JRun will now listen on a random port and that wsconfig is to complete the communications over that new port through a new TCP connection.

The wsconfig utility is used by ColdFusion and JRun servers to configure external webservers to the appropriate application server. One type of configuration is referred to as Distributed Mode where the webserver is on one machine and it will use the JRun connector to communicate with the ColdFusion or JRun server on another machine. In this situation there may be a firewall between the two machines, for example, which could potentially block the required TCP communication between wsconfig and JRun when initially installing the connector for the webserver. Knowing that wsconfig will perform a port scan on the JRun server machine starting at port 2900 until port 2999 enables the user to prepare the firewall to permit a connection from the webserver to the JRun server over the JNDI port by TCP.

Identifying the JNDI port
The JNDI port for a JRun or ColdFusion server can be determined in a number of ways.

  • The JNDI port number can be found by reading $CFHOME/runtime/servers/default/SERVER-INF/jndi.properties, looking for the port number at the end of java.naming.provider.url
  • The same port is shown in the start up sequence in the $CFHOME/runtime/logs/default-out.log such as
    "info JRun Naming Service listening on *:2901".
  • netstat -an can be used to confirm the port is actively being listened to on
    TCP 0.0.0.0:2901 0.0.0.0:0 LISTENING

However, an undocumented and little known aspect of wsconfig is that once communications are established over the JNDI port by RMI, the remainder of the configuration occurs by communication over a random port, making it difficult to know how to adjust any firewall rules to permit the TCP connection over the new random port.

Could not connect to any Jrun/ColdFusion servers
If either the JNDI port or the secondary random port are blocked between the webserver and the CF/JRun server, then you may enounter the error:

Could not connect to any Jrun/ColdFusion servers on host localhost.
Possible causes:
Server not running
-Start Macromedia JRun4 or ColdFusion MX server
Server running
-JNDI listen port in jndi.properties blocked by TCP/IP filtering or firewall on server
-host restriction in security.properties blocking communications with server

Its even possible to use netstat to see that the JNDI port has an ESTABLISHED connection or maybe a TIME_WAIT connection lingering, which is good evidence to confirm that TCP connections to the JNDI port are not bocked. If you can see the JNDI port active in one of these states but still get the error above, then very likely it is the other, random port being blocked.

You may want to check this blog posting for the other, more typical reasons for why this error might occur.

Tracing wsconfig TCP communication
Below are highlighted traces taken while using the Ethereal Network Analyzer (a packet sniffer) to watch the wsconfig TCP communications in a distributed configuration. The trace shows the normal events during wsconfig communication with the JRun/CF server where a firewall is not in operation between the two hosts.

  • 1a) Here the port scan begins, starting at port 2900. A synchronize (SYN) flag is sent to the JRun host on each port in the port range. If the remote host does not respond to that port then reset flag is returned (RST, ACK).
  • 2a) A SYN flag to port 2909 was responded to with a synchronize/acknowledge flag (SYN, ACK) indicating that something is active on that port on the remote host.

  • 1b) The port scan continues until port 2999.
  • 2b) Any established connections made during the port scan are finished (FIN, ACK) and closed. The wsconfig util assumes that active ports during the scan might be active JRun servers.
  • 3) A new TCP connection is established to those ports that were active during the port scan. Here some initial data is transmitted via RMI. During this communication, JRun instructs wsconfig that JRun will be listening on a new randomly chosen port number, and wsconfig should contact JRun over that port.
  • 4) wsconfig establishes a new TCP connection to JRun over the new port using RMI. Much communication occurs with the JRun server over this new port using RMI. In this example, the new port is 1523. Predicting this port may be difficult, and a firewall blocking that port will cause the error above.
posted on 9 February, 2005 at 10:21 PM.
ColdFusion | Comments (4)
 

Comments

I've seen this prob before. What solution can you offer, besides opening up all the ports in the firewall?


comment by dick, posted at 2/10/05 7:13 AM

Technote 19575

ColdFusion MX 6.1: Manually configuring the web server connector for ColdFusion MX Standalone

http://www.macromedia.com/cfusion/knowledgebase/in...


comment by Steven Erat, posted at 2/10/05 7:21 AM

Technote 18724

JRun 4: Manually Configuring External Web Server Connectors

http://www.macromedia.com/cfusion/knowledgebase/in...


comment by Steven Erat, posted at 2/10/05 7:24 AM

Technote: Webserver connector hangs while trying to configure remote ColdFusion MX/JRun server
http://www.macromedia.com/go/8a0aaf29
This explains how to control the second (normally random) port used while configuring wsconfig. This will permit you to configure your firewall or tcp filtering rules to allow the exact two ports used when configuring the webserver.


comment by Steven Erat, posted at 3/18/06 10:02 PM
 

  

Calendar
 
<< November 2009 >>
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          

Search This Site
 
This is an exact search only

About This Site
 
I live west of Boston and work as a Software Engineer with ColdFusion and Flex, specializing in Linux. Recently I graduated in Professional Digital Photography from CDIA.
More about me

Recent Entries
 
Recent Tweets for Fri Oct 2, ..
Recent Tweets for Fri Oct 2, ..

Recent Comments
 
Posted By Jonas:
Hey, appreciate the tutorial. I think some more expensive dSLRs allow autobracketing that yields up to 5 frames. My hands tremble a lot, for some u ...

Posted By Becky the Pregnant:
I am a pregnant woman...I am in love with their salad dressing!!! In fact since my boyfriend won't travel from Lunenburg to Parkhill to get the most s ...

Posted By Violet:
Wow,you don't even imagine how glad I am that I found this article. The thing is that tomorrow I'm gonna deal with this problem. I postponed it for se ...

recently played
 
Refugee
by Tom Petty & The Heartbreakers
on Greatest Hits
Greatest Hits, Tom Petty & The Heartbreakers

now playing, a plug-in for itunes

Categories
 
RSS Adobe (33)
RSS Bicycling (9)
RSS Blogging (39)
RSS Books (13)
RSS Breeze (13)
RSS CFMX Podcasts (10)
RSS ColdFusion (423)
RSS Computer Technology (51)
RSS Events (25)
RSS Flash (3)
RSS Flex (20)
RSS Gadgets (10)
RSS HiTech Industry (16)
RSS Java (25)
RSS Learning (57)
RSS Linux (70)
RSS Mac OS X (22)
RSS Macromedia (27)
RSS Meetup (35)
RSS New England (62)
RSS Odds & Ends (25)
RSS Outdoors (32)
RSS Personal (29)
RSS Photography (110)
RSS Photoshop (29)
RSS Podcasts (18)
RSS Rants (19)
RSS Restaurants (8)
RSS Science (34)
RSS Spain (16)
RSS Travel (42)
RSS Twitter (10)
RSS Video (20)
RSS Webcam (3)
RSS Writing (10)

Blogs I Read
 
Terrence Ryan
Ben Forta
Ray Camden
Kinky Solutions
Dan Vega
Gary Gilbert
Simeon Bateman
Red Hat Blogs
O'Reilly Digital Media
O'Reilly Radar
John Nack
The Strobist
Scott Kelby
Matt Kloskowski
Joe McNally
Digital Photography School
Engadget
Science Blog

RSS
 


Add to Google
Add to My Yahoo!

Aggregated By
 


Consumed By Feed-Squirrel.com
Aggregated by ColdFusionBlogger.org

Credits and Stuff
 
BlogCFC - Free ColdFusion Powered Blog Software
CJM Group - ColdFusion Website Hosting


 
 
blog | photos | flickr | referers | webcam | stats | about | contact
 
Copyright © 2009 Steven Erat. All rights reserved.
This is a personal weblog. The opinions expressed here represent my own and not those of my employer