Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,463,198
Community Members
 
Community Events
176
Community Groups

Can't access Crowd from servers other than localhost

I have installed Crowd 2.2.2 on a test server (172.17.79.230) and restored to it the XML backup from my production server (10.74.47.118). The problem I'm having is that Crowd works perfectly when accessed from a browser on the local machine. I can authenticate via the URLs http://172.17.79.230:8095/crowd/console OR http://localhost/crowd:8095/console. What I can't do is access the Crowd server from any other machine. Requests simply time out. I have been assured by IT that port 8095 is open and is not being blocked by the network config.

I found a reference in CWD-2315 that imples that the problem lies with the cwd_application_address table still pointing to the production Crowd server (10.74.47.118).

The database on the test server shows the following:

mysql> select * from cwd_application_address where application_id = 3;
+------------------+--------------------------+-----------------------+---------------------+
| application_id   | remote_address           | remote_address_binary | remote_address_mask |
+------------------+--------------------------+-----------------------+---------------------+
|              3   | 10.74.47.118             | Ckovdg==              |                   0 |
|              3   | 127.0.0.1                | fwAAAQ==              |                   0 |
|              3   | localhost                | NULL                  |                   0 |
|              3   | usindtbx01d.corp.eng.com | NULL                  |                   0 |
+------------------+--------------------------+-----------------------+---------------------+

If I read the above correctly, I should update the cwd_application_address table on with an entry for the test server:

mysql> insert into cwd_application_address values ("3","172.17.79.230","TBD TBD TBD","0");

I hesitate to start fooling with the database directly, but there's a certain amount of logic there. Has anyone else faced this problem and is this solution logical?

2 answers

1 accepted

1 vote
Answer accepted

D'oh! The solution had nothing to do with Crowd. The problem was that the Linux firewall was enabled and didn't have ports 8095 or 8080 open. I opened the ports and problem solved.

0 votes

Hi, can you please explain what is failing? Can you access the Crowd URL from outside? If you can't even get to the Crowd URL and get any web page to display - this is definitely a network/connectivity/firewall issue somewhere within your network.

If you can but it fails to login, then it will potentially have to do with the remtoe address. Since you can login locally, I believe you can change this within the Crowd interface. Crowd authentication is itself an application within Crowd and there is a section to enter any remote addresses / interfaces.

From localhost the Crowd UI will serve. I can log in, make changes, et cetera. From any other machine if I try to open the Crowd UI the request simply times out.

I have also tried moving Crowd from port 8095 to port 8080 in order to test whether port 8095 really is blocked (despite assurances from IT). Instructions are located here. That brings with it a whole raft of other problems, as the Crowd app will serve on localhost:8080 but attempts to log in fail.

Log sample from login error (truncated):

2012-09-26 17:00:19,375 http-8080-2 ERROR [xfire.transport.http.HttpChannel] java.net.ConnectException: Connection refused
27 2012-09-26 17:00:19,377 http-8080-2 INFO [service.soap.client.SecurityServerClientImpl] Existing application token is null, authenticating ...
28 2012-09-26 17:00:19,379 http-8080-2 ERROR [xfire.transport.http.HttpChannel] java.net.ConnectException: Connection refused
29 2012-09-26 17:00:19,379 http-8080-2 ERROR [crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter] Unable to unset Crowd SSO token
30 org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Couldn't send message.

Hi, if it will work on 8080 and 8095, that means that port or something to do with the port is blocked somewhere.

It should work on 8080 after correctly making the change. Can you attach the full log?

Attached is a logfile sample from the failed attempt to log in. The root logger is set to debug, so it's a bit large. I can provide the log from server startup if that's more illuminating. One thing that's clear (and very odd) is that while I've tried to root out any config file that uses port 8095, the server still won't really move there. The GUI will serve on 8080 but the logfiles still have entries mentioning port 8095.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events