One of the nodes is not showing its health status - weblogic

In the weblogic console, one of the nodes are not showing their health status while admin server and other nodes are showing there health status as "OK".
Is there any issue regarding communication between admin server and managed server or some other reason for this node not showing a health status?
What should be done?

I am able to get the status of managed server by restarting the managed server only.
it seems it is the problem due to unstability of the environment.there was problem with the start argument of the managed server.

Yes, that looks like a communication issue between Admin and Managed server. What you can usually do is:
Restart all. Then start Admin first and wait till its on. Then start the Managed server. Does the problem still persist?
Check that the Managed server is started properly. See that there are no errors in the log file.
Check the logs of the managed server. See if the managed server complains about not being able to connect to Admin, otherwise there should be a log message saying that the connection with the Admin was established.
You can also start Managed server without starting the Admin server, see if the Managed server is trying to contact the Admin server or not.
Check the config.xml file of the Admin and Managed server. Check the node and servers definitions, check their IP addresses, ports, etc.

Related

web logic server Breach Help! How do Find Signs of what data if any was accessed?

A Weblogic server got hacked and the problem is now removed.
I am looking through the infected VM's now in a sandbox and want to see what if any data was accessed on the application servers.
the app servers were getting hammered with ssh requests and so we identified the infected VM's as the web logic VMS, we did not have http logging on. Is there any way to Identify if any PII was Compromised?
Looked through secure logs on weblogic as well as looked through the PIA logs
I am not sure how to identify what if any data was accessed
I would like to find out what went out of our network and info or data
what should I be looking for
is there anything I can learn from looking at the weblogic servers running on red hat?
I would want to believe that SSH was not the only service being hammered, and that was a large attempt to make eyes be on Auth logging whilst an attempt on other services is made.
Do you have a Time frame that you are working with?
Have the OS logs been checked for that time frame?
.bash_history been checked? env variables? /etc/pass* for added users? aliases? reverse shells open on the network connections? New users created on services running on that particular host?
Was WebLogic the only service running on this publicly available host?
What other services and ports were available?
Was this due to an older version of Weblogic or another service, application, plugin?
Create yourself an excel spreadsheet and start a timeline.
Look at all the OS level logging possible and start to make note of anything that looks suspicious, to then follow that breadcrumb to exhaustion.

Cannot connect to RDS SQL Server Database using Management Studio

I created a SQL Server RDS Instance in AWS and it seems to be up and running, but if I try to connect to it using Management Studio I get this error:
Here is the text of the error:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - The wait operation timed out.) (Microsoft SQL Server, Error: 258)
I initially tried with the default security group that was created with the instance, but when that didn't work I created a new security group and modified the instance to use it.
Here you can see the details:
I tried this connection setup to connect:
Server Type: Database Engine
Server Name: valuationdlsdev.ck1qvjqhglyg.us-west-2.rds.amazonaws.com,1433
Authentication: SQL Server Authentication
Login: the Master User Login I created when creating the RDS Instance
Password: the Master User Password I created when creating the RDS Instance
I was kinda at my wits end and so I changed the setting on the Security Group to All traffic just to see if that would work, so here are all the settings on the security group:
At this point I'm wondering if port 1433 is not open, because I feel like I've tried everything. Could someone please help me.
Thanks.
In my case I opened the VPC Security group associated with my database
In the EC2 Security groups dashboard I selected Edit Inbound Rules from the actions dropdown and chose edit inbound rules.
At first, I looked at the inbound rules and thought everything was OK since this was the current setup
After all - if it was allowing all traffic, then what could possibly be wrong?
On a whim I added a rule for TCP port 1433. Ending up with this simple setup
Then it immediately started working for me.
Make sure it is publicly accessible, there is a radio button you have to check to make it publicly accessible.
Also add MS SQL inbound rule in inbound tab.After making the change wait for sometime so that the settings are updated in the instance.
In my experience this was counter-intuitive. With the options I selected, all ports and IPs seemed to be open, but after editing the inbound and outbound rules in the security group to have MS SQL for anywhere, I was able to connect.
For inbound rules, go to the VPC Security group of your database instance
In Inbound tab click modify
In column source change ip 0.0.0.0 by your IP by "My IP" or "Anywhere"
I had the same issue.
I ended up deleting the security group inbound rules, and just added a new inbound rule for port 1433, source being: 0.0.0.0
Image attached.
inbound rules
Thanks for the discussion here. Just post my finding in case anyone needs help in the future.
I initially followed this guide https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ConnectToMicrosoftSQLServerInstance.html.
then, I got some ideas from this post and figure out my particular issue in the end. https://forums.aws.amazon.com/thread.jspa?messageID=845682 The poster really did wonderful troubleshooting steps which could help fix most of the general Error 258 problems already. In the end I used the suggestion from the answerer to find out my problem.
In terms of my case of encountering error 258, I tried to connect to RDS SQL server 2016 inside a secure network from my workplace. When I switched to use the public network served by some Telecomm vendor, the connecting was succeeded.
If you want to access from different network were the instance was created, you'll need to open access to the IP range of where you want to access, by going to the "security group" assigned to your DB instance, and then adding the rule for your IP range.
PD. AWS by default only allow access from the IP range of the machine where you activated "public access" to the instance.
I was also not able to access it from my office laptop, but I was able to access it from my personal laptop. I think it is because of some company firewall rules.
In case anyone comes across this post looking for an answer, I just wanted to updated and make sure it's there if anyone needs it. The issue here turned out to be that I misunderstood the way "Publicly Accessible" works and set it to "Yes". Apparently it should have been set to "No". "Yes", however does work for the SQL Server Express version.

Mesos Failed to connect error to IP:5050

I am new to Mesos and just finished setting up mesos and along with zookeeper on my test server.
Unfortunately I keep getting this error message on my mesos console indicating i am unable to connect to mesos on port 5050 and can't seem to figure out why.
I have included the error in the screen shot below
The mesos log files doesn't point to why the error is showing either.
I resolved the problem by this:
./bin/mesos-master.sh --ip=x.x.x.x --work_dir=/var/lib/mesos --hostname=x.x.x.x
We can avoid this problem by starting mesos-master with following option:
--ip=xx.xx.xx.xx --hostname_lookup=false
I have resolved this problem. Open the web page in Chrome, and open the developer tool, you will see the chrome is accessing the web site with domain, in my case the domain name is "mesosphere", as there is no mesosphere in dns, so the accessing was failed.
I solved the problem by adding the mesosphere in the hosts file, C:/windows/system32/etc/hosts/
If you use the domain name for the Mesos cluster you must set the domain name in windows hosts.
There can be multiple issues here.
Is your mesos-master running and healthy ?
Has leader election process completed, if all is good.
Check if you are able to do
ping leader.mesos
If above ping doesn't work, that means leader has not been elected. First fix that.
I had this problem also. Luckily, I have a running mesos server also. So, I can compare the different between my demo and the running mesos server. I captured the packets between client and server in my demo. I found the explorer didn`t resend fresh request, only some keepalive packets.
but, when I catch the packets in the running mesos server, I found the explorer send get request frequently. like the image
I think, if you run some task or add some agent, maybe it will activate the explore to send request frequently. Then the "Failed to connect" will disappeared.
I was having the same issues and what fixed it for me was the zookeeper configuration. In my case I was using the EC2 public IP Address rather than the private one. Once I changed the /etc/mesos/zk file to zk://<private IP>:2181/mesos I was able to connect without the constant error messages. In other words, zookeeper was reporting to be running in one IP and mesos-master was trying to connect using a different IP.
My configuration was correct as suggested. But failed to start mesos-master service. But There is alternative way to start mesos-master node with exact same configuration. Commands to start mesos-master
$ cd /usr/sbin [or mesos_installation directory/bin]
$sudo ./mesos-master --work_dir=/var/lib/mesos --log_dir=/home/rajeev/logs/mesos/
Its start mesos-master service successfully for me.

Not able to add worker after successful installation of Website Controller, Management server,Front end server,Publication server and File server

After successful installation of Windows azure pack I am trying to install Windows Azure Pack: Web Sites v2 U6.
I am able to install most of the servers to the Website controller. All below servers are in ready state so there is no issue of installation error.
Management server
Front end server
Publication server
File server.
but while adding Worker server, it's added perfectly and start the installation process. At stage when it reach at the installation it seems like it is not getting some connection string. The information is below.
Start service: rsfilter.
Service rsfilter is running.
Configure Idle Pageout feature.
Completed configuration of Idle Pageout feature.
Take ownership for file C:\Windows\system32\Drivers\http.sys.
Configure DWAS Files location to path 'C:\DWASFiles'
File caching is turned off
Execute command 'powershell.exe Import-Module NetQoS; $policy = Get-NetQosPolicy -PolicyStore ActiveStore | Where-Object { $_.Name -eq 'udplimit' }; if (!$policy) { New-NetQosPolicy -name 'udplimit' -ThrottleRateActionBitsPerSecond 65536 -IpProtocol UDP -PolicyStore ActiveStore -ea Stop }'
Setup database connection string for server WAPSQL .
Setup data service credentials.
Stop service: WAS.
Service 'WAS' is stopped.
Set IPv4 dynamic port range, with starting port 30000, and number of ports 35536.
Execute command 'netsh.exe int ipv4 set dynamicport tcp start=30000 num=35536'
Start service: dwassvc.
Service dwassvc is running.
WorkerManagementService started. Ready to receive ConnectionString and DataServiceCredentials.
Waiting for worker connection string. Attempt number is 12.
Waiting for worker connection string. Attempt number is 24.
Waiting for worker connection string. Attempt number is 36.
Waiting for worker connection string. Attempt number is 48.
I also tried to repair Frontend server as mention in on Microsoft forum but it will not help.
Here's Microsoft forum link
Any trick or guideline will be appreciated
Thanks,
Dharmendra
I have found that my Front end server is not accessible from management server and web site controller. It is DNS server that not resolving named correctly (Accessed by IP address but not accessed by server name). Also by using klist tickets I have fount that front end server doesn't have Kerberos ticket available on the list.
For the solution what I have done is, I removed front end server from Web site controller and after that I remove it from Domain controller. Then I rejoin it again to domain. After that I tried it to access it by using it's name from management server and website controller. For example,\FRONTEND\C$. Then I first added FrontEnd server and then Web Worker Server and now it get's connection string properly and added with "Ready" status.
Hope this will help someone.
Thanks you very much for point out. It is hectic from more then a week.
Regards,
Dharmendra

How to check the WebSeal Server Junction connectivity?

I have to check the connectivity to the portal which is behind the WebSeal Server. I need the response code of the actual server and WebSeal server code too. Please help me.
Try turning on debugging. Ideally, you are the only traffic on the server. Make sure to turn it on before you do anything that may be related to the problem (i.e. logging in) then wait at least 1 min after the problem occurs to let the logs catch up.
server task default-webseald-xxxx trace set pdweb.snoop 9 file path=c:/pdweb.snoop.txt,rollover_size=100000000
server task default-webseald-xxxx trace set pdweb.debug 9 file path=c:/pdweb.debug.txt,rollover_size=100000000
Make sure to turn it off afterwards as it will destroy your hard drives.
server task default-webseald-xxxx trace set pdweb.snoop 0
server task default-webseald-xxxx trace set pdweb.debug 0
WebSEAL constantly checks the backend servers within the junction. If you use pdadmin to do server task SERVER show /junction you can see if the backend server is online or offline.
I am assuming you mean HTTP response code. You can get that from WebSEAL by doing a simple HTTP/S get like you would any regular HTTP server. However, for the backend server, you will need to go around WebSEAL and connect to the backend directly to perform your checks.
If you are trying to setup monitoring, you can do one of two things. Either watch the msg__webseal-default.log for the following lines:
DPWWA2025W IBM Security Access Manager WebSEAL has lost contact with junction server:
Or you can use the server task command to show the junction and look for the Server State: being running or not running.