ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere DataPower » Web GUI connection refused

Post new topic  Reply to topic Goto page Previous  1, 2, 3
 Web GUI connection refused « View previous topic :: View next topic » 
Author Message
ivanachukapawn
PostPosted: Sat Nov 21, 2015 11:56 pm    Post subject: Reply with quote

Knight

Joined: 27 Oct 2003
Posts: 561

fj,

My thinking exactly.

When first opening the OVA the DP presents an acceptance dialogue which reads (to import "idg.7201.prod" you must read and accept the following license agreement(s).

The "following" agreement is blank (the getting started PDF primed me to expect that). Nevertheless, I must accept the blank agreement after which there is a progress bar displayed which gradually fills up as the appliance is imported.

(I am actually doing this as I write this reply and I'm beginning to feel (ss) a glimmer of hope - maybe I can make some progress this time!).

When the OVA has been imported, the player displays its home page with a listing of the available VMs with 2 links, 1 to run the VM and another to edit virtual machine settings.

I edit the virtual machine settings as follows:

Change the number of processor cores from 8 to 2 (8? I wish)

Change the 4 network adapters from bridged (automatic) to host-only.
(note I have run all sorts of tests with leaving the network adapters to bridged (automatic) and to changing only the 1st network adapter to host-only and leaving the others alone. I tend to go with host-only because back in time when I could get to the WebUI host-only had been set)

Then I run the virtual machine and the following transpires:

1. a black CLI screen is displayed which shows the DP being built. Last command being displayed is "executing the supervisor process)
2. "unauthorized access is prohibited" is displayed and then "login:"
3. I enter "admin" and then "admin"
4. press any key to continue is displayed and I press a key
5. Enable secure backup mode (yes or no) I enter no.
6. Enable common criteria compatibility (yes or no) I enter no.
7. I then enter a new password for admin twice.
8. do you want to run install wizard? I answer yes.
9. do you want to configure network interfaces? I answer yes.
10. for eth0-3 I enable DHCP for each
11. do I want to configure network services? I answer yes.
12. do I want to configure DNS? I answer no.
13. do I want to configure a unique system identifier? I answer no
14. do I want to configure remote management? I answer yes.
15. do I want to enable SSH? I answer no.
16. do you want to enable telnet? I answer no (I answered yes once and afterwards received "connection refused" on both WebUI and telnet
17. do I want to enable WebGUI access? I answer yes.
18. enter the local IP address (0 for all) - I have run tests with 0 and never got anywhere - this time I specify: network adapter VMnet1:
123.456.157.1
19. enter the port number - I enter 9090
20. do you want to configure a user account? I specify a user ID and password. This will be used to login to DP from the WebUI.
21. do you want to configure the RAID array? I answer no.
22. do you want to review the config? I answer yes and note that WebGUI admin-state is enabled for port 9090 on the ip address I specified -
22. do you want to save the configuration (overriding previous save? I answer yes.
23. the CLI command line is displayed - idg(config)#

At this point any DP CLI command entered results in an error "you must first accept the license using the WebGUI" - and any shell command entered results in "unknown command"

I attempt to bring up the WebGUI (chrome or Firefox) with
https://123.456.157.1:9090 and get "ERR_CONNECTION_REFUSED
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Sun Nov 22, 2015 12:07 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

ivanachukapawn wrote:


Then I run the virtual machine and the following transpires:

1. a black CLI screen is displayed which shows the DP being built. Last command being displayed is "executing the supervisor process)
2. "unauthorized access is prohibited" is displayed and then "login:"
3. I enter "admin" and then "admin"
4. press any key to continue is displayed and I press a key
5. Enable secure backup mode (yes or no) I enter no.
6. Enable common criteria compatibility (yes or no) I enter no.
7. I then enter a new password for admin twice.
8. do you want to run install wizard? I answer yes.
9. do you want to configure network interfaces? I answer yes.
10. for eth0-3 I enable DHCP for each
11. do I want to configure network services? I answer yes.
12. do I want to configure DNS? I answer no.
13. do I want to configure a unique system identifier? I answer no

you might want to answer yes to 13
ivanachukapawn wrote:
14. do I want to configure remote management? I answer yes.
15. do I want to enable SSH? I answer no.

you might want to say yes to 15 as an alternate mode of access
ivanachukapawn wrote:

16. do you want to enable telnet? I answer no (I answered yes once and afterwards received "connection refused" on both WebUI and telnet
17. do I want to enable WebGUI access? I answer yes.
18. enter the local IP address (0 for all) - I have run tests with 0 and never got anywhere - this time I specify: network adapter VMnet1:
123.456.157.1

I think that's where you going wrong. Enter either 0 or the ip from which you are running your browser. The ip you have given does not strike me as any that would be accessible from your pc. It should definitely not be the router's ip. (192.168.x.1) 0 will mean that DP will listen on all of it's configured network interfaces. Setting it to any ip would mean you know the ip DP is running on and that is the ip you should be entering (upon bridged you could enter your own ip..., for the time being just enter 0). (if entering 127.0.0.1, you could only access the browser from the "localhost interface on DP...)
ivanachukapawn wrote:

19. enter the port number - I enter 9090
20. do you want to configure a user account? I specify a user ID and password. This will be used to login to DP from the WebUI.
21. do you want to configure the RAID array? I answer no.
22. do you want to review the config? I answer yes and note that WebGUI admin-state is enabled for port 9090 on the ip address I specified -
22. do you want to save the configuration (overriding previous save? I answer yes.
23. the CLI command line is displayed - idg(config)#

At this point any DP CLI command entered results in an error "you must first accept the license using the WebGUI" - and any shell command entered results in "unknown command"

I attempt to bring up the WebGUI (chrome or Firefox) with
https://123.456.157.1:9090 and get "ERR_CONNECTION_REFUSED


leave DP running and look at the settings of the VM. If you are lucky it should display an IP for each network adapter. You will need to use that IP in the browser with port 9090 to contact DP.

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
ivanachukapawn
PostPosted: Sun Nov 22, 2015 12:50 pm    Post subject: Reply with quote

Knight

Joined: 27 Oct 2003
Posts: 561

fj,

I edited the settings and now have bridged for all 4 network interfacia.

I entered 0 and port 9090 for setting up remote access for WebUI.

I'm running DP VM

trying the WebGui I get "ERR_CONNECTION_REFUSED"

my ipconfig is as follows:

C:\Users\John>ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::c837:6da6:983b:2e99%7
IPv4 Address. . . . . . . . . . . : 192.168.157.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::b160:929b:4b9f:ab5e%5
IPv4 Address. . . . . . . . . . . : 192.168.17.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::4594:8ead:5765:8c23%11
IPv4 Address. . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

I tried 192.168.1.3 because I am bridged and 192.168.1.3 is the IP for my wireless network connection -

Although I don't understand it, I also tried 127.0.0.1 and got connection refused.

I can ping 192.168.1.3 OK.

Why did you write "It should definitely not be the router's ip. (192.168.x.1)" ? Do I understand correctly that 192.168.1.3 is my host's IP and the one I should specify in the WebUI URL when bridged is configured? Please bear with me - I tried to warn you that I am network knowledge impaired.



C:\Users\John>
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Sun Nov 22, 2015 4:38 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

Ok typical network set up is

192.168.x.1 router
192.168.x.0 network identifier (add mask like 255.255.255.0)
192.168.x.y your ip address:

example with no wireless on
Code:
C:\Windows\system32>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : FJS-HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 48-5A-B6-38-2C-18
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek RTL8188EE 802.11 bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : 48-5A-B6-38-2C-18
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : A0-1D-48-C2-B8-8F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:4578:e29c:e472::1000(Preferred)
   Lease Obtained. . . . . . . . . . : Sunday, November 22, 2015 1:50:26 AM
   Lease Expires . . . . . . . . . . : Monday, November 23, 2015 12:16:03 PM
   Link-local IPv6 Address . . . . . : fe80::e46e:e0d2:453c:f0b1%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, November 22, 2015 1:50:25 AM
   Lease Expires . . . . . . . . . . : Monday, November 23, 2015 1:50:13 PM
   Default Gateway . . . . . . . . . : fe80::2002:18e4:293d:e472%3
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 60824904
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-41-A3-6A-A0-1D-48-C2-B8-8F
   DNS Servers . . . . . . . . . . . : fe80::861b:5eff:fe03:ca06%3
                                       192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


With wireless: (optimum wifi)
Code:
C:\Windows\system32>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : FJS-HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 48-5A-B6-38-2C-18
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek RTL8188EE 802.11 bgn Wi-Fi Adapter
   Physical Address. . . . . . . . . : 48-5A-B6-38-2C-18
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e5df:f76:bb26:6767%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 25.229.230.168(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.248.0.0
   Lease Obtained. . . . . . . . . . : Sunday, November 22, 2015 7:18:18 PM
   Lease Expires . . . . . . . . . . : Sunday, November 22, 2015 7:20:47 PM
   Default Gateway . . . . . . . . . : 25.224.0.1
   DHCP Server . . . . . . . . . . . : 25.224.0.1
   DHCPv6 IAID . . . . . . . . . . . : 306731702
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-41-A3-6A-A0-1D-48-C2-B8-8F
   DNS Servers . . . . . . . . . . . : 10.240.205.161
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : A0-1D-48-C2-B8-8F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:4578:e29c:e472::1000(Preferred)
   Lease Obtained. . . . . . . . . . : Sunday, November 22, 2015 1:50:26 AM
   Lease Expires . . . . . . . . . . : Monday, November 23, 2015 12:16:03 PM
   Link-local IPv6 Address . . . . . : fe80::e46e:e0d2:453c:f0b1%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, November 22, 2015 1:50:25 AM
   Lease Expires . . . . . . . . . . : Monday, November 23, 2015 1:50:13 PM
   Default Gateway . . . . . . . . . : fe80::2002:18e4:293d:e472%3
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 60824904
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-41-A3-6A-A0-1D-48-C2-B8-8F
   DNS Servers . . . . . . . . . . . : fe80::861b:5eff:fe03:ca06%3
                                       192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


so now my pc has 2 ip addresses
192.168.0.7 => behind the router router = 192.168.0.1 (see default gateway)
25.229.230.168 => optimum wifi router = 25.224.0.1 (default gateway on optimum)

The same way you have multiple ip addresses for your pc:
192.168.157.1 => on network vmware1 ? looks however that the network is not well defined: I cannot see a default gateway... or does that mean that you ARE the router for that network??

192.168.17.1 network vmware2 and you are the router

192.168.1.3 with router 192.168.1.1 your pc behind your router

127.0.0.1 localhost loopback.


What does this mean?
a) you have a vmware box on 192.168.157.0 (network) with ip between 192.168.157.2 & 192.168.157.254 (255 is reserved for multicast)
b) you have a vmware box on 192.168.17.0 (network) with ip between 192.168.17.2 & 192.168.17.254

Looking at the vmware box settings while the vmware box is running might reveal the exact ip allocated to the vmware box. I'd try that first.
Beware of firewalls. Use telnet ip 9090 to check for firewall.

As a wild guess try accessing either of
192.168.157.2 or 192.168.17.2

Still using 0 => listening to all networks.

What this means is that when you look at 192.168.1.3 and do a netstat -an the port might not come up because it is not your pc that has the port open.

However another device on the network (your phone @ ip 192.168.1.2 ??) might see the port 9090 open on 192.168.1.3 because it is forwarding it to
192.168.157.2 ... hope that makes sense.

And of course you'd have a hard time opening port 9090 on your pc because it would create a routing clash...

Have fun
_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
ivanachukapawn
PostPosted: Mon Nov 23, 2015 7:46 am    Post subject: Reply with quote

Knight

Joined: 27 Oct 2003
Posts: 561

fj,

I hope I have achieved some understanding of your highly detailed last reply. Anyway, I tried:

bridged on all 4
telnet (9090) on 192.168.157.2 and 192.168.157.3
telnet (9090) on 192.168.17.2 and 192.168.17.3

all four of these attempts resulted in timeouts

host-only on all 4
telnet (9090) on 192.168.157.2 and 192.168.157.3
telnet (9090) on 192.168.17.2 and 192.168.17.3

all four of these attempts resulted in timeouts

telnet (9090) for 192.168.1.3

this attempt resulted in connection refused.


Is the connection refused error an indication of firewall blockage?
Back to top
View user's profile Send private message
fjb_saper
PostPosted: Tue Nov 24, 2015 5:20 am    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY

Connection timeout might have 2 origins (true timeout i.e. firewall, or nobody listening).
Connection refused is most likely either a firewall or lack of credentials.
Try again the connection refused with the credentials you prepared for DP. Use the browser this time.


_________________
MQ & Broker admin
Back to top
View user's profile Send private message Send e-mail
ivanachukapawn
PostPosted: Tue Nov 24, 2015 6:15 am    Post subject: Reply with quote

Knight

Joined: 27 Oct 2003
Posts: 561

FJ,

Unfortunately I do not have the luxury of presenting credentials on the connection attempt. The web page presented via :9090 is the DP WebUI login dialogue in which I would present credentials when prompted.

So I set all 4 to host-only and tried the browser connection attempt:

https://192.168.1.3:9090 which resulted in ERR_CONNECTION_REFUSED

then I set all 4 to bridged and tried the browser connection attempt:

https://192.168.1.3:9090 which resulted in ERR_CONNECTION_REFUSED

then I set all 4 to bridged with physical network connection state replicated and tried the browser connection attempt:

https://192.168.1.3:9090 which resulted in ERR_CONNECTION_REFUSED

The options available for network connection settings are:

bridged
bridged with replicated host network connection state
host-only
nat
custom (in which I specify an IP)
and LAN segment

on a flier, I set all 4 to NAT and tried the browser connection attempt:

https://192.168.1.3:9090 which resulted in ERR_CONNECTION_REFUSED

Also, for all of these tests, Kapersky has been turned off, and allow rules were specified for 9090 and 2300 in Windows 10 firewall.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Tue Nov 24, 2015 6:19 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447

If you disable Windows 10 firewall, and you still don't have anything listening on the ports, then the DP machine isn't coming up correctly inside the VM.

Which really means a PMR.
_________________
chmod -R ugo-wx /
Back to top
View user's profile Send private message
ivanachukapawn
PostPosted: Tue Nov 24, 2015 7:24 am    Post subject: Reply with quote

Knight

Joined: 27 Oct 2003
Posts: 561

I disabled Windows 10 Firewall (so as not to rely on the holes I punched for 9090 and 2300) and ran the test (on host-only) :

https://192.168.1.3:9090 which resulted in ERR_CONNECTION_REFUSED

I don't know how robust the analysis is regarding this problem but at least tentatively I am proceeding with the hypothesis that the DP VM is not listening on 9090 - I'm getting a DP VM license, and then will try to get a PMR open.

Thank you MQjeff and FJ for all the great help with this problem!
Back to top
View user's profile Send private message
ivanachukapawn
PostPosted: Tue Dec 08, 2015 8:49 am    Post subject: Reply with quote

Knight

Joined: 27 Oct 2003
Posts: 561

OMG!! I am so sorry (MQ Jeff and Mr Saper) - when I said that no CLI was allowed on the DP command line until the Web Management GUI license agreement was accepted, that was not strictly correct. After starting the DP and logged in as admin (with the changed admin password you specified when configuring DP the first time through) - show int - this command will display the IP assigned to eth0 (the host-only interface) - now I can access the Web Management GUI from a browser on the host machine. Thank you very much for all your help.
Back to top
View user's profile Send private message
mayheminMQ
PostPosted: Thu May 19, 2016 6:18 am    Post subject: Reply with quote

Voyager

Joined: 04 Sep 2012
Posts: 77
Location: UK beyond the meadows of RocknRoll

Hi,

Quick one and sorry if this is something you have already done.
Once you are in config, can you type web-mgmt and then do a show and place the output here.

I just want to see if the web mgmt has an IP and whats the port that has been setup.
Also I initially had problems opening the GUI in chrome and only IE worked.
_________________
A Colorblind man may appear disadvantaged but he always sees more than just colors...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Goto page Previous  1, 2, 3 Page 3 of 3

MQSeries.net Forum Index » WebSphere DataPower » Web GUI connection refused
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.