Can't access Crowd from servers other than localhost

I have installed Crowd 2.2.2 on a test server (172.17.79.230) and restored to it the XML backup from my production server (10.74.47.118). The problem I'm having is that Crowd works perfectly when accessed from a browser on the local machine. I can authenticate via the URLs http://172.17.79.230:8095/crowd/console OR http://localhost/crowd:8095/console. What I can't do is access the Crowd server from any other machine. Requests simply time out. I have been assured by IT that port 8095 is open and is not being blocked by the network config.

I found a reference in CWD-2315 that imples that the problem lies with the cwd_application_address table still pointing to the production Crowd server (10.74.47.118).

The database on the test server shows the following:

mysql> select * from cwd_application_address where application_id = 3;
+------------------+--------------------------+-----------------------+---------------------+
| application_id   | remote_address           | remote_address_binary | remote_address_mask |
+------------------+--------------------------+-----------------------+---------------------+
|              3   | 10.74.47.118             | Ckovdg==              |                   0 |
|              3   | 127.0.0.1                | fwAAAQ==              |                   0 |
|              3   | localhost                | NULL                  |                   0 |
|              3   | usindtbx01d.corp.eng.com | NULL                  |                   0 |
+------------------+--------------------------+-----------------------+---------------------+

If I read the above correctly, I should update the cwd_application_address table on with an entry for the test server:

mysql> insert into cwd_application_address values ("3","172.17.79.230","TBD TBD TBD","0");

I hesitate to start fooling with the database directly, but there's a certain amount of logic there. Has anyone else faced this problem and is this solution logical?

2 answers

1 accepted

This widget could not be displayed.

D'oh! The solution had nothing to do with Crowd. The problem was that the Linux firewall was enabled and didn't have ports 8095 or 8080 open. I opened the ports and problem solved.

This widget could not be displayed.

Hi, can you please explain what is failing? Can you access the Crowd URL from outside? If you can't even get to the Crowd URL and get any web page to display - this is definitely a network/connectivity/firewall issue somewhere within your network.

If you can but it fails to login, then it will potentially have to do with the remtoe address. Since you can login locally, I believe you can change this within the Crowd interface. Crowd authentication is itself an application within Crowd and there is a section to enter any remote addresses / interfaces.

From localhost the Crowd UI will serve. I can log in, make changes, et cetera. From any other machine if I try to open the Crowd UI the request simply times out.

I have also tried moving Crowd from port 8095 to port 8080 in order to test whether port 8095 really is blocked (despite assurances from IT). Instructions are located here. That brings with it a whole raft of other problems, as the Crowd app will serve on localhost:8080 but attempts to log in fail.

Log sample from login error (truncated):

2012-09-26 17:00:19,375 http-8080-2 ERROR [xfire.transport.http.HttpChannel] java.net.ConnectException: Connection refused
27 2012-09-26 17:00:19,377 http-8080-2 INFO [service.soap.client.SecurityServerClientImpl] Existing application token is null, authenticating ...
28 2012-09-26 17:00:19,379 http-8080-2 ERROR [xfire.transport.http.HttpChannel] java.net.ConnectException: Connection refused
29 2012-09-26 17:00:19,379 http-8080-2 ERROR [crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter] Unable to unset Crowd SSO token
30 org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Couldn't send message.

Hi, if it will work on 8080 and 8095, that means that port or something to do with the port is blocked somewhere.

It should work on 8080 after correctly making the change. Can you attach the full log?

Attached is a logfile sample from the failed attempt to log in. The root logger is set to debug, so it's a bit large. I can provide the log from server startup if that's more illuminating. One thing that's clear (and very odd) is that while I've tried to root out any config file that uses port 8095, the server still won't really move there. The GUI will serve on 8080 but the logfiles still have entries mentioning port 8095.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Feb 27, 2018 in Crowd

The Crowd team is looking for feedback on Server & Data Center customers' identity strategies!

Do you own more than one Server or Data Center product? Do you have challenges provisioning users across your Atlassian products? Are you spending a lot of time integrating each Atlassian product wit...

1,452 views 6 14
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you