Remote jconsole access (again)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I have the JmxRemoteLifecycleListener enabled with the following configuration: System properties (confirmed effective): - -Dcom.sun.management.jmxremote.password.file=app/conf/jmxremote.password - -Dcom.sun.management.jmxremote.access.file=app/conf/jmxremote.access - -Dcom.sun.management.jmxremote.ssl=false Also these files: $ cat app/conf/jmxremote.password admin letmein $ cat app/conf/jmxremote.access admin readwrite ...and server.xml: Listener className=org.apache.catalina.mbeans.JmxRemoteLifecycleListener rmiRegistryPortPlatform=18215 rmiServerPortPlatform=18217 useLocalPorts=true / I can confirm that my (remote) Java process is listening on these ports: $ netstat -plan | grep 1821 tcp6 0 0 :::18215:::* LISTEN 24991/java tcp6 0 0 :::18217:::* LISTEN 24991/java I can also confirm that my local machine is forwarding these ports via SSH: $ netstat -an | grep 1821 tcp4 0 0 127.0.0.1.18217*.* LISTEN tcp6 0 0 ::1.18217 *.* LISTEN tcp4 0 0 127.0.0.1.18215*.* LISTEN tcp6 0 0 ::1.18215 *.* LISTEN When attempting to connect via jconsole (as per Tomcat documentation[1]): $ jconsole service:jmx:rmi://localhost:18217/jndi/rmi://localhost:18215/jmxrmi This command doesn't ask for username and password, and fails. So I use jconsole's GUI interface to connect to a Remote Process and enter these values: Remote Process: service:jmx:rmi://localhost:18217/jndi/rmi://localhost:18215/jmxrmi Username: admin Password: letmein jconsole tells me that it can't connect via SSL and I say okay, connect insecurely and the connection fails immediately. Am I missing a step somewhere? Am I doing it wrong? Running Oraacle Java 1.7.0_25-b15 on both the client and the server. Thanks! - -chris [1] http://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#JMX_Remote_Lifecycle_Listener_-_org.apache.catalina.mbeans.JmxRemoteLifecycleListener -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJR8qpvAAoJEBzwKT+lPKRYRKsP/19lcquLTBJP7xKe+G+TruJC QacwBIttc19Dp2zNVEypK0HvnsFdzQOFBz2ZpLxhyyu93vlHdr+IfCX+znnWJv3K rd7yxwZBEFOwx0xRv9KzhHedL4+TP98wgrIUyHC37eAp7y2PfKBv6I0wV84RZIts qnKdfZ8eMVyiAsGIwBDUT1YLNyb50W82TwvB/G9AYXT/GeS9W7bfM2psX2EYAkFE g2F5VJ6dD6ygEgfkecr1YFzJ4ka1F3sjnv/lUt+emNYUs0zi97suetaDWX1shRDf wcwSeqKrUHV+clewbN5BWy0DaUGqtSbBxyeEk87YPMUTovK9Tlk2Cmxe+vvdZG6g hMuB1iPvfjkaQd1IyErYNO+A0dm7YxQb4/EzdJOaUEpLH8epZuOALx9IlWxvD/Yk vpVZGPqzmm42GUaYNW+WoAcK612WDtEiij5mIRdCVhUTZYzl1SbADT7kB0sG8zGq 9Vuujy5XVxSqpWOnquQzlcbIPejX9HqW/42rzr231a7X4o7A8Y1GEstSD/Bwg4LL ZgJBVVxtRqaqjiLhZuwsujI+ilLSmg+gbwsif0pVkL9GvRTe1VLTndr7MkJ7XYq0 9IVLMxkGxI5XKJX5SC65ErKSL0P6byJ7cBoSxj8iPwDMIO6HquDwbrNL9cbjaXzb XJ3Kc4X9w8C2qYkAxw4m =LeWE -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Remote jconsole access (again)
On Fri, 2013-07-26 at 12:57 -0400, Christopher Schultz wrote: All, I have the JmxRemoteLifecycleListener enabled with the following configuration: System properties (confirmed effective): -Dcom.sun.management.jmxremote.password.file=app/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=app/conf/jmxremote.access -Dcom.sun.management.jmxremote.ssl=false Also these files: $ cat app/conf/jmxremote.password admin letmein $ cat app/conf/jmxremote.access admin readwrite ...and server.xml: Listener className=org.apache.catalina.mbeans.JmxRemoteLifecycleListener rmiRegistryPortPlatform=18215 rmiServerPortPlatform=18217 useLocalPorts=true / I can confirm that my (remote) Java process is listening on these ports: $ netstat -plan | grep 1821 tcp6 0 0 :::18215:::* LISTEN 24991/java tcp6 0 0 :::18217:::* LISTEN 24991/java I can also confirm that my local machine is forwarding these ports via SSH: $ netstat -an | grep 1821 tcp4 0 0 127.0.0.1.18217*.* LISTEN tcp6 0 0 ::1.18217 *.* LISTEN tcp4 0 0 127.0.0.1.18215*.* LISTEN tcp6 0 0 ::1.18215 *.* LISTEN Presumably sshd is the listener here. Any chance the remote only accepts tcp6 connections and your local is trying to connect via the tcp4 address? I'm pretty sure the jvm default now is to prefer IPv6 but maybe you've got some funky setting somewhere. Is there any message conveying *how* it failed, e.g. connection refused, invalid handshake etc? Could there be missing classes that it's trying to resolve via rmi? No answers here but hopefully some useful questions. -tim When attempting to connect via jconsole (as per Tomcat documentation[1]): $ jconsole service:jmx:rmi://localhost:18217/jndi/rmi://localhost:18215/jmxrmi This command doesn't ask for username and password, and fails. So I use jconsole's GUI interface to connect to a Remote Process and enter these values: Remote Process: service:jmx:rmi://localhost:18217/jndi/rmi://localhost:18215/jmxrmi Username: admin Password: letmein jconsole tells me that it can't connect via SSL and I say okay, connect insecurely and the connection fails immediately. Am I missing a step somewhere? Am I doing it wrong? Running Oraacle Java 1.7.0_25-b15 on both the client and the server. Thanks! -chris [1] http://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#JMX_Remote_Lifecycle_Listener_-_org.apache.catalina.mbeans.JmxRemoteLifecycleListener - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: This is a digitally signed message part