3 Replies Latest reply on Apr 26, 2012 2:42 PM by kaioho

    Problem with Remote JMX in JBoss 7.1 Final

    kaioho

      Hi all,

       

      I have the AS7.1 setup in standalone mode. I am able to connect using jconsole to my local instance of jboss, but i am having trouble connecting to a remote server.

      For example,

      service:jmx:remoting-jmx://127.0.0.1:9999 works fine

      service:jmx:remoting-jmx://remotehost:9999 with username and password from ManagementRealm doesn't work.

      If i enter a wrong user/password, i will get a error in jconsole say, ERROR: JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed

      If i enter the correct user/password, i get a fail to connect without any log.

       

      I have search around a bit in the forum and read the article: https://community.jboss.org/wiki/UsingJconsoleToConnectToJMXOnAS7,

      I retried to use remote 4447, i did some config change and it will work locally, but remote connect fail using that method too.

      https://community.jboss.org/thread/196433 reading this it says is current not supported in domain mode, but does remote jmx work in standalone mode?

       

      If is not supported is there a work around? i have tried to proxy it, that didn't work either.

       

      Any help is appreciated

        • 1. Re: Problem with Remote JMX in JBoss 7.1 Final
          dlofthouse

          Forget anything you see discussing domain mode or port 4447 none of that is applicable to you are you are using standalone mode.

           

          Do you have an option to use a tool like wireshark to trace the traffic between the client and server?  That may reveal more why the connection is failing.

          • 2. Re: Problem with Remote JMX in JBoss 7.1 Final
            dlofthouse

            Just to add I have also tested this scenario myself with the remote AS just to double check - authentication is working fine with the username and password specified so a network trace would help a lot to see what is different in your environment.

             

            In addition to a network trace can you also attempt a remote connection using the CLI?  That should also be over port 9999 and uses the exact same authentication as the jconsole connection so will be good to see if there is any issue there.

            • 3. Re: Problem with Remote JMX in JBoss 7.1 Final
              kaioho

              Hi Darran,

               

              Thanks for the reply and help.

              Not sure how to attach the dump file to the thread.

               

              I uploaded to google doc

              https://docs.google.com/open?id=0Bx5PzEZaMvbyTjJmdFNnaEFuTDA

               

              But following is the TCP stream i got

               

              .......corefbreg01..........endpoint...:......corefbreg01:MANAGEMENT..JBOSS-LOCAL-USER.

              DIGEST-MD5......JBOSS-LOCAL-USER....>./opt/msp/pkg/jboss-core/standalone/tmp/auth/challenge-9758992..........endpoint...:......corefbreg01:MANAGEMENT..JBOSS-LOCAL-USER.

              DIGEST-MD5.....

              DIGEST-MD5...j.realm="ManagementRealm",nonce="9w5mFAy7FjXWHa9YKwpnrHQqsg/AfK5Svk7CqTX2",charset=utf-8,algorithm=md5-sess.....charset=utf-8,username="admin",realm="ManagementRealm",nonce="9w5mFAy7FjXWHa9YKwpnrHQqsg/AfK5Svk7CqTX2",nc=00000001,cnonce="W0reWlgvWyt9rV30bZHA5/evFZrVtPzKK2TYqbjf",digest-uri="remote/corefbreg01",maxbuf=65536,response=78ecfe5e0a6e9dba7e5c8dc7521864b5,qop=auth...).rspauth=3e1dcac9bc6f49bd5d133c20d5ba7a98

               

               

              I also tried CLI, i am getting The controller is not available at remotehost:9999

               

              I forgot to mention, i only get this when i am on VPN. I am still able to telnet to it and i can access the admin console on remotehost:9990.

               

              If i log off vpn and be on the regular network it works. Hope there is just something wrong with the config =)

               

              Thanks again for your help