Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Can't access Crowd from servers other than localhost

Logan G Hawkes
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 26, 2012

I have installed Crowd 2.2.2 on a test server (172.17.79.230) and restored to it the XML backup from my production server (10.74.47.118). The problem I'm having is that Crowd works perfectly when accessed from a browser on the local machine. I can authenticate via the URLs http://172.17.79.230:8095/crowd/console OR http://localhost/crowd:8095/console. What I can't do is access the Crowd server from any other machine. Requests simply time out. I have been assured by IT that port 8095 is open and is not being blocked by the network config.

I found a reference in CWD-2315 that imples that the problem lies with the cwd_application_address table still pointing to the production Crowd server (10.74.47.118).

The database on the test server shows the following:

mysql> select * from cwd_application_address where application_id = 3;
+------------------+--------------------------+-----------------------+---------------------+
| application_id   | remote_address           | remote_address_binary | remote_address_mask |
+------------------+--------------------------+-----------------------+---------------------+
|              3   | 10.74.47.118             | Ckovdg==              |                   0 |
|              3   | 127.0.0.1                | fwAAAQ==              |                   0 |
|              3   | localhost                | NULL                  |                   0 |
|              3   | usindtbx01d.corp.eng.com | NULL                  |                   0 |
+------------------+--------------------------+-----------------------+---------------------+

If I read the above correctly, I should update the cwd_application_address table on with an entry for the test server:

mysql> insert into cwd_application_address values ("3","172.17.79.230","TBD TBD TBD","0");

I hesitate to start fooling with the database directly, but there's a certain amount of logic there. Has anyone else faced this problem and is this solution logical?

2 answers

1 accepted

1 vote
Answer accepted
Logan G Hawkes
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 26, 2012

D'oh! The solution had nothing to do with Crowd. The problem was that the Linux firewall was enabled and didn't have ports 8095 or 8080 open. I opened the ports and problem solved.

0 votes
Harry Chan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 26, 2012

Hi, can you please explain what is failing? Can you access the Crowd URL from outside? If you can't even get to the Crowd URL and get any web page to display - this is definitely a network/connectivity/firewall issue somewhere within your network.

If you can but it fails to login, then it will potentially have to do with the remtoe address. Since you can login locally, I believe you can change this within the Crowd interface. Crowd authentication is itself an application within Crowd and there is a section to enter any remote addresses / interfaces.

Logan G Hawkes
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 26, 2012

From localhost the Crowd UI will serve. I can log in, make changes, et cetera. From any other machine if I try to open the Crowd UI the request simply times out.

I have also tried moving Crowd from port 8095 to port 8080 in order to test whether port 8095 really is blocked (despite assurances from IT). Instructions are located here. That brings with it a whole raft of other problems, as the Crowd app will serve on localhost:8080 but attempts to log in fail.

Log sample from login error (truncated):

2012-09-26 17:00:19,375 http-8080-2 ERROR [xfire.transport.http.HttpChannel] java.net.ConnectException: Connection refused
27 2012-09-26 17:00:19,377 http-8080-2 INFO [service.soap.client.SecurityServerClientImpl] Existing application token is null, authenticating ...
28 2012-09-26 17:00:19,379 http-8080-2 ERROR [xfire.transport.http.HttpChannel] java.net.ConnectException: Connection refused
29 2012-09-26 17:00:19,379 http-8080-2 ERROR [crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter] Unable to unset Crowd SSO token
30 org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Couldn't send message.

Harry Chan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 26, 2012

Hi, if it will work on 8080 and 8095, that means that port or something to do with the port is blocked somewhere.

It should work on 8080 after correctly making the change. Can you attach the full log?

Logan G Hawkes
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 26, 2012

Attached is a logfile sample from the failed attempt to log in. The root logger is set to debug, so it's a bit large. I can provide the log from server startup if that's more illuminating. One thing that's clear (and very odd) is that while I've tried to root out any config file that uses port 8095, the server still won't really move there. The GUI will serve on 8080 but the logfiles still have entries mentioning port 8095.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events