CAS accessing AMD via proxy???
Hi Fellow presales engineers,
We have a need to setup a CAS to access an AMD via a proxy for a PoC . The reason for this is that only this permitted PC can get to the AMD via a firewall.
The proxy does not have any authentication requirements...
We have done the following so far;
- Altered the CAS JVM parameters to allow Java it to use the proxy.
- Setup a Apache proxy on the permitted PC so we can fiddle with the proxy config
- Tested it with a browser on the CAS which seems to indicate the proxy works OK
However the CAS gives the following errors when polling the AMD...( from server.log)
| E JUL 14-06-23 07:26:02.824 SEVERE:com.compuware.frameworks.security.client.impl.ManagementServiceClientCache$BulkUpdate:getSecurityBulkData:<Exception during BULK update from CSS: Service unavailable; > | << exception >> |
| 1 ADM 14-06-23 07:26:23.182 ServerState 10.158.141.90:9091/hid?id=b16ade7df4_80_rtm using GET, protocol HTTP, user compuware, authentication BASIC received response code 401. Change authentication. | |
| 1 ADM 14-06-23 07:26:23.213 ServerState 10.158.141.90:9091/hid?id=b16ade7df4_80_rtm using GET, protocol HTTP, user compuware, authentication DIGEST received response code 401. Change authentication. | |
| 1 ADM 14-06-23 07:26:23.650 ServerState 10.158.141.90:9091/hid?id=b16ade7df4_80_rtm using GET, protocol HTTP, user compuware, authentication BASIC received response code 401. Change authentication. | |
| 1 ADM 14-06-23 07:26:23.650 ServerState 10.158.141.90:9091/hid?id=b16ade7df4_80_rtm using GET, protocol HTTP, user compuware, authentication DIGEST received response code 401. Change authentication. | |
| E RTM 14-06-23 07:26:23.650 Cannot get license information for probe -1 [10.158.141.90:9091]. |
OK so it cant get to do something with the CSS but...
It seems as if Apache is sending a 401 back to the CAS in response to its authentication attempt which it seems unable to process..
If a browser is used, filing out the login/password for the AMD works fine...
Are we "barking up the wrong tree" here? e.g has this problem been already solved?
Just thought I would ask before I commence the in-depth troubleshooting....
Regards
AP
This would require troubleshooting.
Would you please file a support ticket with Wireshark capture of this failed communication?
Hi Adam,
Thanks for the reply.
I have, its Case #00902719...
Just trying to procure traces now...
regards
AP
Hi all,
I managed to get this working but not completely...e.g after about 8 hours I have to restart the CAS service if I wish to log in to the CAS...
OK for a PoC though.
But the CAS is talking to the AMD fine via the Apache proxy as long as the proxy does not reside on the same server as the CCS/ RUM console
This is what I did...
- Install Apache web server for windows on a none CCS or RUM console CAS. ( could be any windows server)
- Http.conf looks like below ( 141.168.21.84 is my new CAS).
Listen is 141.168.21.20:3128 and you need "load proxy modules" list un-commented etc.ProxyRequests On
ProxyVia On
<Proxy *>
Order deny,allow
Deny from all
Allow from 141.168.21.84
</Proxy>
- CAS Adlex Java parameter in NT registry line has this added. (CCS is .141.168.21.19)
-DproxySet=true -DproxyHost=141.168.21.20 -DproxyPort=3128 -DnonProxyHosts=141.168.21.19
- So it looks like this
CAS3 ---------- >Proxy|CAS2-------- >FW---------- >AMD
.84---------------->.20-------------------------------------->AMD
Hope this helps
Regards
AP
