CAS accessing AMD via proxy???
Hi Fellow presales engineers,
We have a need to setup a CAS to access an AMD via a proxy for a PoC . The reason for this is that only this permitted PC can get to the AMD via a firewall.
The proxy does not have any authentication requirements...
We have done the following so far;
- Altered the CAS JVM parameters to allow Java it to use the proxy.
- Setup a Apache proxy on the permitted PC so we can fiddle with the proxy config
- Tested it with a browser on the CAS which seems to indicate the proxy works OK
However the CAS gives the following errors when polling the AMD...( from server.log)
| E JUL 14-06-23 07:26:02.824 SEVERE:com.compuware.frameworks.security.client.impl.ManagementServiceClientCache$BulkUpdate:getSecurityBulkData:<Exception during BULK update from CSS: Service unavailable; > | << exception >> |
| 1 ADM 14-06-23 07:26:23.182 ServerState 10.158.141.90:9091/hid?id=b16ade7df4_80_rtm using GET, protocol HTTP, user compuware, authentication BASIC received response code 401. Change authentication. | |
| 1 ADM 14-06-23 07:26:23.213 ServerState 10.158.141.90:9091/hid?id=b16ade7df4_80_rtm using GET, protocol HTTP, user compuware, authentication DIGEST received response code 401. Change authentication. | |
| 1 ADM 14-06-23 07:26:23.650 ServerState 10.158.141.90:9091/hid?id=b16ade7df4_80_rtm using GET, protocol HTTP, user compuware, authentication BASIC received response code 401. Change authentication. | |
| 1 ADM 14-06-23 07:26:23.650 ServerState 10.158.141.90:9091/hid?id=b16ade7df4_80_rtm using GET, protocol HTTP, user compuware, authentication DIGEST received response code 401. Change authentication. | |
| E RTM 14-06-23 07:26:23.650 Cannot get license information for probe -1 [10.158.141.90:9091]. |
OK so it cant get to do something with the CSS but...
It seems as if Apache is sending a 401 back to the CAS in response to its authentication attempt which it seems unable to process..
If a browser is used, filing out the login/password for the AMD works fine...
Are we "barking up the wrong tree" here? e.g has this problem been already solved?
Just thought I would ask before I commence the in-depth troubleshooting....
Regards
AP
This would require troubleshooting.
Would you please file a support ticket with Wireshark capture of this failed communication?
Hi Adam,
Thanks for the reply.
I have, its Case #00902719...
Just trying to procure traces now...
regards
AP
Hi all,
I managed to get this working but not completely...e.g after about 8 hours I have to restart the CAS service if I wish to log in to the CAS...
OK for a PoC though.
But the CAS is talking to the AMD fine via the Apache proxy as long as the proxy does not reside on the same server as the CCS/ RUM console
This is what I did...
- Install Apache web server for windows on a none CCS or RUM console CAS. ( could be any windows server)
- Http.conf looks like below ( 141.168.21.84 is my new CAS).
Listen is 141.168.21.20:3128 and you need "load proxy modules" list un-commented etc.ProxyRequests On
ProxyVia On
<Proxy *>
Order deny,allow
Deny from all
Allow from 141.168.21.84
</Proxy>
- CAS Adlex Java parameter in NT registry line has this added. (CCS is .141.168.21.19)
-DproxySet=true -DproxyHost=141.168.21.20 -DproxyPort=3128 -DnonProxyHosts=141.168.21.19
- So it looks like this
CAS3 ---------- >Proxy|CAS2-------- >FW---------- >AMD
.84---------------->.20-------------------------------------->AMD
Hope this helps
Regards
AP
Community Member of the Month
September 2018
Announcing Dynatrace's Community Member of the Month for September 2018, Muthu P.! Click here to read more! Employee Member of the Month
September 2018
Announcing Dynatrace's Employee Member of the Month for September 2018, Kris Z.! Click here to read more! 