I have a Mule 4 application [App1] created on CloudHub. I tried to deploy the application's jar file onto CloudHub. This application has a Static IP [eg. 100.101.102.103] assigned to it in Runtime Manager. This IP address is whitelisted by customer to allow communication with their SFTP sites and APIs. My Mule application has APIs and some SFTP flows. When I try to deploy my mule application [App1], the deployment fails with below error:
Connectivity test failed for config 'SFTP_Config'. Application deployment will continue. Error was: Could not establish SFTP connection with host: 'sftp.hostname' at port: '22' - Error during login to 'sftpuser#sftp.hostname'.
The SFTP Config is:
<sftp:config name="SFTP_Config" doc:name="SFTP Config" doc:id="5d626288-5181-41d5-807d-2786ea4292d8" >
<sftp:connection host="${sftp.host}" port="${sftp.port}" username="${secure::sftp.username}" password="${secure::sftp.password}" connectionTimeoutUnit="MINUTES" connectionTimeout="2" responseTimeoutUnit="MINUTES" responseTimeout="2" workingDir="${sftp.peoplePosition.directory}">
<reconnection failsDeployment="false" >
<reconnect frequency="${sftp.retryInterval}" count="${sftp.retryAttempts}" />
</reconnection>
</sftp:connection>
</sftp:config>
I also tried using failsDeployment="false" in the SFTP configuration as recommended in this KB article
but it didn't work either.
The log shows:
[2023-02-16 05:59:00.754] ERROR
org.mule.extension.sftp.internal.connection.SftpConnectionProvider
[qtp1351434790-36]: Auth fail
com.jcraft.jsch.JSchException: Auth fail
[2023-02-16 05:59:00.824] WARN
org.mule.runtime.core.internal.connection.
PoolingConnectionManagementStrategy
[qtp1351434790-36]: Failed to create a connection while
applying the pool initialization policy.
org.mule.runtime.api.connection.ConnectionException:
Could not establish SFTP connection with host: 'sftphost' at port: '22'
- Error during login to sftpuser#sftphost
at
org.mule.runtime.core.internal.connection.ErrorTypeHandler
ConnectionProviderWrapper.lambda$connect$0(ErrorTypeHandler
ConnectionProviderWrapper.java:70)
at java.util.Optional.map(Optional.java:215)
I have verified the SFTP credentials, they are working fine with Winscp.
Is there any way a CloudHub worker can complete the deployment successfully or validate the SFTP configuration using Static IP instead of it's own IP address?
Related
Trying to connect to an Azure SFTP results in a "connection reset" - same when using the "list" operation in a mule application as well as simply using the "test connection" button in the connector.
Credentials are fine and server is perfectly accessible with different FTP Clients.
Maybe you have an idea or can make more then I from the DEBUG log:
DEBUG org.mule.extension.sftp.internal.connection.SftpConnectionProvider: Connecting to host: 'xyz.blob.core.windows.net' at port: '22'
DEBUG com.jcraft.jsch: Connecting to xyz.blob.core.windows.net port 22
DEBUG com.jcraft.jsch: Connection established
DEBUG com.jcraft.jsch: Remote version string: SSH-2.0-AzureSSH_1.0.0
DEBUG com.jcraft.jsch: Local version string: SSH-2.0-JSCH-0.1.54
DEBUG com.jcraft.jsch: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
DEBUG com.jcraft.jsch: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
DEBUG com.jcraft.jsch: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
DEBUG com.jcraft.jsch: SSH_MSG_KEXINIT sent
DEBUG com.jcraft.jsch: Disconnecting from xyz.blob.core.windows.net port 22
ERROR org.mule.extension.sftp.internal.connection.SftpConnectionProvider: Session.connect: java.net.SocketException: Connection reset
com.jcraft.jsch.JSchException: Session.connect: java.net.SocketException: Connection reset
The issue can happen if the preferred authentication method is missing in the SFTP configuration with the identity file specified, and the target SFTP server is only enabled for SSH key based authentication
<sftp:connection host="${sftp.host}" port="${sftp.port}" username="${sftp.username}" passphrase="${sftp.passphrase}" preferredAuthenticationMethods="#[['PUBLIC_KEY']]" identityFile="${sftp.identityfile}" connectionTimeout="${sftp.connectionTimeout}" responseTimeout="${ftp.responseTimeout}">
</sftp:connection>
There is a known issue with connection to Azure SFTP using JSCH. See this post.
I am trying to get the node and cluster details in the Apache Ignite WebConsole. Below are the steps i have performed:
1. Download the Apache Ignite WebConsole.
2. My applications is running the ignite node as a cache layer(Ignite node started OK (id=ac87a66c,)
3. Ignite is running on Ignite discovery url 192.168.0.102:47500
4. I ran the bat file: web-console-agent.bat. But it is not able to connect to the agent and hence the web console:
[2020-05-26T18:05:33,245][INFO ][main][AgentLauncher] Starting Apache GridGain Web Console Agent...
[2020-05-26T18:05:33,415][INFO ][main][AgentLauncher]
[2020-05-26T18:05:33,416][INFO ][main][AgentLauncher] Web Console Agent configuration :
[2020-05-26T18:05:33,535][INFO ][main][AgentLauncher] User's security tokens : ********************************af05
[2020-05-26T18:05:33,539][INFO ][main][AgentLauncher] URI to Ignite node REST server : http://localhost:8080
[2020-05-26T18:05:33,540][INFO ][main][AgentLauncher] URI to GridGain Web Console : https://console.gridgain.com
[2020-05-26T18:05:33,548][INFO ][main][AgentLauncher] Path to properties file : default.properties
[2020-05-26T18:05:33,548][INFO ][main][AgentLauncher] Path to JDBC drivers folder : C:\pluralsight\gridgain-web-console-agent-2020.03.01\jdbc-drivers
[2020-05-26T18:05:33,557][INFO ][main][AgentLauncher] Demo mode : enabled
[2020-05-26T18:05:33,560][INFO ][main][AgentLauncher]
[2020-05-26T18:05:33,621][INFO ][main][WebSocketRouter] Starting Web Console Agent...
[2020-05-26T18:05:33,635][INFO ][Connect thread][WebSocketRouter] Connecting to server: wss://console.gridgain.com
[2020-05-26T18:05:35,996][INFO ][http-client-16][WebSocketRouter] Successfully completes handshake with server
[2020-05-26T18:05:40,035][WARN ][pool-2-thread-1][ClusterHandler] Failed to connect to cluster.
[2020-05-26T18:05:40,036][WARN ][pool-2-thread-1][ClusterHandler] Check that '--node-uri' configured correctly.
[2020-05-26T18:05:40,039][WARN ][pool-2-thread-1][ClusterHandler] Ensure that cluster nodes have [ignite-rest-http] module in classpath (was copied from libs/optional to libs folder).
[2020-05-26T18:05:40,045][INFO ][pool-2-thread-1][ClustersWatcher] Failed to establish connection to node
Please let me know where i am missing steps
I am using a network charge to import files PST in Office 365 follow this link:
https://support.office.com/es-es/article/Usar-la-carga-en-la-red-para-importar-archivos-PST-en-Office-365-103f940c-0468-4e1a-b527-cc8ad13a5ea6?ui=es-ES&rs=es-ES&ad=ES
The transfer start, but in the end display (for the detail in every mailbox) the next:
"The transfer failed: Unable to connect to the remote server"
"The transfer failed: Unable to write data to the transport
connection: An existing connection was forcibly closed by the remote
host"
I have a user administrator and a file shared with all Access: to read and write, i don`t know if i need something special permission or disable something service?
Please your help!
Best Regards,
Verónica Muentes
"The transfer failed: Unable to write data to the transport connection: An existing connection was forcibly closed by the remote host"
The error is often caused by following 2 reasons.
Azure storage request either using http or https. That means it send requests through ports 80 or 443. So you need to make sure these ports are open to the internet.
Please double check whether you used a proxy on your machine. If yes, you need to disable the proxy or create a configuration file named 'AzCopy.exe.config' to the following location 'C:\Program Files (x86)\Microsoft SDKs\Azure\AzCopy\'.
In this file you will need to add the following XML:
<configuration>
<system.net>
<defaultProxy>
<!--PROXY_ADDRESS: Is the proxy address used to connect to the internet, e.g. myproxy.company.com
PORT_NUMBER: Is the port number used to connect to the proxy, e.g. 8080-->
<proxy proxyaddress="http://PROXY_ADDRESS:PORT_NUMBER" bypassonlocal="true" />
</defaultProxy>
</system.net>
</configuration>
I am using IBM APIC 5.0
I have setup the following.
1. IBM HTTP Server, WAS Plugin routing to MicroGateway
2. MicroGateway, running on Collectives
3. IBM HTTP Server, WAS Plugin routing to Provider Application
4. Provider Application, running on Collectives
Scenario 1 - Invoke Provider App URL directly
HTTPS request to IHS1/Plugin
Configure API to invoke the URL directly (e.g. http://:9081), without SSL
IHS1/Plugin (svr1:443) > MicroGateway (svr1:9081) > Loopback App (svr2:9081)
This works.
Scenario 2 - Invoke Provider App, indirectly via HTTP Server
HTTPS request to IHS1/Plugin
Set host header accordingly (as described in KnowledgeCenter)
Configure API to invoke the IHS URL (e.g. https://svr1:443), with SSL
IHS1/Plugin (svr1:443) > MicroGateway (svr1:9081) > IHS2/Plugin (svr2:443) > Loopback App (svr2:9081).
503 error encountered.
The ihs2/plugin trace reveals the following:
[29/Sep/2016:12:55:59.40468] 00007ea3 fdd0b700 - ODR:DEBUG: matchVHost: enter - host=apidemo-57d22263e4b0171525a5042d-1474392568657.xxx, port=443
[29/Sep/2016:12:55:59.40470] 00007ea3 fdd0b700 - ODR:DEBUG: matchLongestURI: virtual host /cell/defaultCollective/vHostGroup/-vHost-apidemo-57d22263e4b0171525a5042d-1474392568657.xxx:-1 matched host apidemo-57d22263e4b0171525a5042d-1474392568657.xxx
This shows that the configured host header matches, and it is able to find the provider application server. Means that the dynamic routing works to certain extent.
[29/Sep/2016:12:55:59.40565] 00007ea3 fdd0b700 - ODR:DEBUG: checkIfTransportIsValid: endpoint name='/cell/defaultCollective/node/,%2Fhome%2Fusers%2Fadmin%2Fwlpn/server/apidemo-57d22263e4b0171525a5042d-1474392568657-1/transport/Https', port=9081 is valid
This shows that 9081 is a valid part and Https is selected.
[29/Sep/2016:12:55:59.40971] 00007ea3 fdd0b700 - ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_SOCKET_CLOSED(gsk rc = 420) PARTNER CERTIFICATE DN=No Information Available, Serial=No Information Available
[29/Sep/2016:12:55:59.40982] 00007ea3 fdd0b700 - ERROR: GSK_INVALID_HANDLE
[29/Sep/2016:12:55:59.40998] 00007ea3 fdd0b700 - ERROR: ws_common: websphereGetStream: Could not open stream
Then come the error. It's can SSL error. I suspect that currently the Provider application is not enabled with SSL.
Question on how to resolve this
1) How do I enable the loopback app with SSL. I follow this instruction, but it does not work for me because my loopback app is deployed on Collectives.
https://github.com/strongloop/loopback-example-ssl
2) How do I configure the dynamic routing to use non-SSL http traffic instead?
I'm trying to use SSL with the JMX connector that Active MQ creates, but with no success. I'm able to get SSL working with the JVM platform JMX connector, but that requires storing keystore and truststore passwords plaintext, which is a no-go for our project.
Using the instructions here, I set up managementContext in activemq.xml as follows:
<managementContext>
<managementContext createConnector="true">
<property xmlns="http://www.springframework.org/schema/beans" name="environment">
<map xmlns="http://www.springframework.org/schema/beans">
<entry xmlns="http://www.springframework.org/schema/beans"
key="javax.net.ssl.keyStore"
value="${activemq.base}/conf/keystore.jks"/>
<entry xmlns="http://www.springframework.org/schema/beans"
key="javax.net.ssl.keyStorePassword"
value="${keystore.password}"/>
<entry xmlns="http://www.springframework.org/schema/beans"
key="javax.net.ssl.trustStore"
value="${activemq.base}/conf/truststore.jks"/>
<entry xmlns="http://www.springframework.org/schema/beans"
key="javax.net.ssl.trustStorePassword"
value="${truststore.password}"/>
</map>
</property>
</managementContext>
</managementContext>
This section seems to be completely ignored when the connector starts up. I can connect without credentials. I also tried using username and password authentication instead of ssl for JMX, as seen here, and that worked fine.
Has anyone seen this before? Any ideas? Thanks!
Have you enabled jmx ssl in the activemq launch scripts? On windows in the activemq-admin or activemq batch files, uncomment and modify the SUNJMX settings.
JMX authentiation is independent of whether ssl is used. It is controlled by the authenticate attribute. By default it will use the jmx access files in your jre, so re-point them with the system properties shown below. You may get an error message stating that the files themselves must be access controlled, so set them with chmod on unix or cacls on windows. I would suggest even turning off the ssl and getting the authentication to work first. You can test with jconsole with a remote connection to confirm that it wants credentials. Then follow-up with the ssl stuff.
set SUNJMX=-Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=1199 -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.ssl=true -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.password.file=%ACTIVEMQ_BASE%/conf/access/jmx.password -Dcom.sun.management.jmxremote.access.file=%ACTIVEMQ_BASE%/conf/access/jmx.access
I had the same issue regarding the ActiveMQ SSL configuration (keystore & password) in the XML not working.
My requirement was to enable remote JMX monitoring of ActiveMQ with SSL and authentication through a firewall.
I resolved it using a custom JMX connector (via a Java Agent), rather than using the JMX connector that Active MQ creates.
see: JMX connectivity through a firewall for an example (JMXAgent.java)
The important entries for configuring SSL in the JMXAgent.java are:
Map<String, Object> env = new HashMap<String, Object>();
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory();
env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, csf);
env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, ssf);
You can also specify your authentication files in the env Map:
env.put("jmx.remote.x.password.file", System.getProperty("password.file","<default_path>"));
env.put("jmx.remote.x.access.file", System.getProperty("access.file","<default_path>"));
The Java Agent needs to be compiled and put into a jar with a valid manifest file as described here
Add the following to the activemq launch configuration (depending on activemq version/ environment and run ActiveMQ:
-javaagent:<full_path_to_agent_jar_file> \
-Dpassword.file=<full_path_to_jmx.password_file> \
-Daccess.file=<full_path_to_jmx.access_file> \
-Djavax.net.ssl.keyStore=<full_path_to_keystore_file> \
-Djavax.net.ssl.keyStorePassword=<password>
You should then be able to connect through jconsole (with correct security parameters)
The remote JMX connection URL will be something like:
service:jmx:rmi://<host>:<rmi_server_port>/jndi/rmi://<host>:<port>/jmxrmi
Note - ports can be configured in the Java Agent.