Management
Reply
Contributor
Fahad_khan
Posts: 152
Registered: ‎10-21-2008
0

NSM client is unable to connect to NSM server (NSMXpress)

Dear folks,

 

NSM client is not connecting to NSM server (NSMXpress Appliance). I have added new certificates (on server and Client machine) both , but still unable to connect

 

Kindly help

 

regards,

Muhammad Fahad Khan
JNCIE-M/T # 756
Network Consultant
IBM Pakistan
+92-301-8247638 begin_of_the_skype_highlighting              +92-301-8247638      end_of_the_skype_highlighting
+92-321-2370510 begin_of_the_skype_highlighting              +92-321-2370510      end_of_the_skype_highlighting
Recognized Expert Recognized Expert
Recognized Expert
CB
Posts: 159
Registered: ‎05-09-2008
0

Re: NSM client is unable to connect to NSM server (NSMXpress)

Hi Fahad,

 

can you offer a little more information, such as :

  • what version of nsm are you currently running ?
  • what is the exact error you are getting (is the connection authenticated, hangng on loading data etc)


At a guess, i have seen some problems when connecting remotely, which was due to the TLS handshake not completing properly, to resolve you could try reducing the MTU of the network card.

 

Hope this helps

 

Kind regards

Colin 

If this worked for you please flag my post as an "Accepted Solution" so others can benefit.
Contributor
Fahad_khan
Posts: 152
Registered: ‎10-21-2008
0

Re: NSM client is unable to connect to NSM server (NSMXpress)

version is 2008.2r1

 

Client use to stuck on "connecting"

 

regards,

Muhammad Fahad Khan
JNCIE-M/T # 756
Network Consultant
IBM Pakistan
+92-301-8247638 begin_of_the_skype_highlighting              +92-301-8247638      end_of_the_skype_highlighting
+92-321-2370510 begin_of_the_skype_highlighting              +92-321-2370510      end_of_the_skype_highlighting
Contributor
Fahad_khan
Posts: 152
Registered: ‎10-21-2008
0

Re: NSM client is unable to connect to NSM server (NSMXpress)

further,

 

var/log/messages shows this

 

Aug 23 04:02:06 HOK-NSMXPRESS-DC-A rsyslogd: [origin software="rsyslogd" swVersion="2.0.5" x-pid="2077" x-info="http://www.rsyslog.com"][x-configInfo udpReception="No" udpPort="514" tcpReception="No" tcpPort="0"] restart
Aug 23 04:02:54 HOK-NSMXPRESS-DC-A su(pam_unix)[15499]: session opened for user nsm by (uid=0)
Aug 23 04:02:54 HOK-NSMXPRESS-DC-A su(pam_unix)[15499]: session closed for user nsm
Aug 23 04:02:54 HOK-NSMXPRESS-DC-A su(pam_unix)[15866]: session opened for user nsm by (uid=0)
Aug 23 04:02:55 HOK-NSMXPRESS-DC-A su(pam_unix)[15866]: session closed for user nsm
Aug 23 04:02:55 HOK-NSMXPRESS-DC-A su(pam_unix)[16202]: session opened for user nsm by (uid=0)
Aug 23 04:02:55 HOK-NSMXPRESS-DC-A su(pam_unix)[16202]: session closed for user nsm
Aug 23 04:03:55 HOK-NSMXPRESS-DC-A su(pam_unix)[16670]: session opened for user nsm by (uid=0)
Aug 23 04:03:55 HOK-NSMXPRESS-DC-A su(pam_unix)[16670]: session closed for user nsm
Aug 23 04:03:55 HOK-NSMXPRESS-DC-A su(pam_unix)[17038]: session opened for user nsm by (uid=0)
Aug 23 04:03:55 HOK-NSMXPRESS-DC-A su(pam_unix)[17038]: session closed for user nsm
Aug 23 04:03:55 HOK-NSMXPRESS-DC-A su(pam_unix)[17374]: session opened for user nsm by (uid=0)
Aug 23 04:03:55 HOK-NSMXPRESS-DC-A su(pam_unix)[17374]: session closed for user nsm

 

 

regards,

Muhammad Fahad Khan
JNCIE-M/T # 756
Network Consultant
IBM Pakistan
+92-301-8247638 begin_of_the_skype_highlighting              +92-301-8247638      end_of_the_skype_highlighting
+92-321-2370510 begin_of_the_skype_highlighting              +92-321-2370510      end_of_the_skype_highlighting
Recognized Expert Recognized Expert
Recognized Expert
CB
Posts: 159
Registered: ‎05-09-2008
0

Re: NSM client is unable to connect to NSM server (NSMXpress)

Hi Muhammad,

 

try running on the console of the nsmXpress server the following.

 

#tail -f /var/netscreen/GuiSvr/errorLog/guiDaemon.0

 

Then try connecting with your client, monitor for TLS connect, and success, if you fail to see this, then its a authentication failure, probably due to fragmentation.

 

Kind regards

Colin

If this worked for you please flag my post as an "Accepted Solution" so others can benefit.
Contributor
Fahad_khan
Posts: 152
Registered: ‎10-21-2008
0

Re: NSM client is unable to connect to NSM server (NSMXpress)

yes I am unable to see any TLS connect thing?? what should i do next??

 

thanks in advance

 

regards,

Muhammad Fahad Khan
JNCIE-M/T # 756
Network Consultant
IBM Pakistan
+92-301-8247638 begin_of_the_skype_highlighting              +92-301-8247638      end_of_the_skype_highlighting
+92-321-2370510 begin_of_the_skype_highlighting              +92-321-2370510      end_of_the_skype_highlighting
Recognized Expert
Daniele
Posts: 164
Registered: ‎11-06-2007
0

Re: NSM client is unable to connect to NSM server (NSMXpress)

Hi Muhammed,

check in the logfile:

/var/netscreen/GuiSvr/errorLog/guiDaemon.0

 

These are the logs when a GUI client tries to connnect:

 

=====

[08/30/2009 23:12:25.529] [Notice] [1266304-guiTlsPlug.c:1678] GUITLSPLUG: Started guiTlsPlugConstruct()
[08/30/2009 23:12:25.529] [Notice] [1266304-connectionMgr.c:2521] Incoming Tls Gui TCP connection from guiTls, device ip 172.30.73.137
[08/30/2009 23:12:25.529] [Notice] [1266304-connectionMgr.c:2552] connMgrIncomingGuiTlsPlugHandler: debug one
[08/30/2009 23:12:25.529] [Notice] [1266304-guiTlsPlug.c:207] guiTlsPlugSetupChannel: entry fd = 286
[08/30/2009 23:12:25.529] [Notice] [1266304-guiTlsPlug.c:1372] guiTlsPlugConnect: NETPLUG_CONNECT_ACCEPT phase channel = 0x86bcca48
[08/30/2009 23:12:25.529] [Notice] [1266304-guiTlsPlug.c:1891] guiTlsPlugStartup: port = 7808
[08/30/2009 23:12:25.529] [Error] [1266304-guiTlsPlug.c:1925] guiTlsPlugStartup:: exit
[08/30/2009 23:12:25.529] [Notice] [1266304-guiTlsPlug.c:858] guiTlsPlugSSLConnect entry plug state = 3
[08/30/2009 23:12:25.529] [Notice] [1266304-guiTlsPlug.c:861] guiTlsPlugSSLConnect: debug one
[08/30/2009 23:12:25.529] [Notice] [1266304-guiTlsPlug.c:893] GUITLSPLUG:     SSL_ERROR_WANT_READ
[08/30/2009 23:12:25.529] [Notice] [1266304-guiTlsPlug.c:937] GUITLSPLUG: guiTlsPlugSSLConnect success
[08/30/2009 23:12:25.529] [Notice] [1266304-connectionMgr.c:2559] connMgrIncomingGuiTlsPlugHandler: debug 1.5
[08/30/2009 23:12:25.529] [Notice] [1266304-connectionMgr.c:2563] connMgrIncomingGuiTlsPlugHandler: debug two - location = guiTls
[08/30/2009 23:12:25.529] [Notice] [1266304-connectionMgr.c:2568] connMgrIncomingGuiTlsPlugHandler: debug three
[08/30/2009 23:12:25.529] [Notice] [1266304-connectionMgr.c:2588] connMgrIncomingGuiTlsPlugHandler: exit
[08/30/2009 23:12:25.529] [Notice] [1266304-guiTlsPlug.c:2401] guiTlsPlugIncomingHandler: finished
[08/30/2009 23:12:25.613] [Notice] [1266304-guiTlsPlug.c:1984] GUITLSPLUG: Received HANDSHAKE state = 4
[08/30/2009 23:12:25.613] [Notice] [1266304-guiTlsPlug.c:858] guiTlsPlugSSLConnect entry plug state = 4
[08/30/2009 23:12:25.613] [Notice] [1266304-guiTlsPlug.c:893] GUITLSPLUG:     SSL_ERROR_WANT_READ
[08/30/2009 23:12:25.613] [Notice] [1266304-guiTlsPlug.c:937] GUITLSPLUG: guiTlsPlugSSLConnect success
[08/30/2009 23:12:26.653] [Notice] [1266304-guiTlsPlug.c:1984] GUITLSPLUG: Received HANDSHAKE state = 4
[08/30/2009 23:12:26.653] [Notice] [1266304-guiTlsPlug.c:858] guiTlsPlugSSLConnect entry plug state = 4
[08/30/2009 23:12:26.657] [Notice] [1266304-guiTlsPlug.c:893] GUITLSPLUG:     SSL_ERROR_WANT_READ
[08/30/2009 23:12:26.657] [Notice] [1266304-guiTlsPlug.c:937] GUITLSPLUG: guiTlsPlugSSLConnect success
[08/30/2009 23:12:26.701] [Notice] [1266304-guiTlsPlug.c:1984] GUITLSPLUG: Received HANDSHAKE state = 4
[08/30/2009 23:12:26.701] [Notice] [1266304-guiTlsPlug.c:858] guiTlsPlugSSLConnect entry plug state = 4
[08/30/2009 23:12:26.701] [Notice] [1266304-guiTlsPlug.c:931] GUITLSPLUG: ---- guiTlsPlugSSLConnect succeded ----
[08/30/2009 23:12:26.701] [Notice] [1266304-guiTlsPlug.c:809] guiTlsPlugSSLConnectComplete: state = NS_GUITLS_PLUG_DATA_TRANSFER_STATE
[08/30/2009 23:12:26.701] [Notice] [1266304-connectionMgr.c:1417] connMgrGuiTlsDataHandler: entry
[08/30/2009 23:12:26.701] [Notice] [1266304-connectionMgr.c:1472] connMgrGuiTlsDataHandler: else block
[08/30/2009 23:12:26.701] [Notice] [1266304-connectionMgr.c:1483] Incoming GuiClient TLS connection, from ac1e4989 ipaddr = -1407301239 port = 7808
[08/30/2009 23:12:26.701] [Notice] [1266304-gdNetConfig.c:955] incomingTlsGuiConnection: Incoming TLS GUI connection 47544c53
[08/30/2009 23:12:26.701] [Notice] [1266304-connectionMgr.c:826] Setting transport mask 10000000
[08/30/2009 23:12:26.701] [Notice] [1266304-guiTlsPlug.c:793] guiTlsPlugBuildStacksReq: success
[08/30/2009 23:12:26.701] [Notice] [1266304-guiTlsPlug.c:834] GUITLSPLUG: GUI Server finished TLS Handshake with GUI Client and is now in Data Transfer state.
[08/30/2009 23:12:26.701] [Notice] [1266304-guiTlsPlug.c:937] GUITLSPLUG: guiTlsPlugSSLConnect success
[08/30/2009 23:12:27.992] [Notice] [82924464-nsAuthGUIComm.c:325] client version(2009.1r1), server version(2009.1r1)
====

 

 

If you don't see the first lines, it can be a problem for the NSM client to reach the NSM server on port TCP/7808.

 

Ciao

Daniele

***Contributor at Router Freak blog***
sr
Regular Visitor
sr
Posts: 5
Registered: ‎08-24-2009
0

Re: NSM client is unable to connect to NSM server (NSMXpress)

I'm having also quite similar problem (NSM on RH5), after upgrading from 2008.1r2 to 2008.2r2a. Here's the end of the guiDaemon.0:

 

So far OK, as compared to Danieles post:

 

[01/12/2010 14:14:41.808] [Notice] [37772176-nsAuthGUIComm.c:325] client
version(2008.2r2a), server version(2008.2r2a)

 

Here start the problems:

[01/12/2010 14:14:45.722] [Error] [38103952-nsAccessCtrl.c:3533]
nsSetDbMgrFind() failed

[01/12/2010 14:14:45.722] [Error] [38103952-nsAccessCtrl.c:3669]
nsAccessCtrlHandleImplicitActivity failed for activity - ImplicitShared

[01/12/2010 14:14:45.722] [Error] [38103952-nsAccessCtrl.c:4005]
nsAccessCtrlProcessAdminSet(adminId=1) failed

[01/12/2010 14:14:45.722] [Error] [38103952-nsAccessCtrl.c:7640]
nsAccessCtrlUploadUserPerms(admin='xxx') failed

[01/12/2010 14:14:45.724] [Error] [38103952-gdPreproc.c:573]
nsAccessCtrlUserConstruct(adminName='xxx', domainPath='global')
failed

[01/12/2010 14:14:45.724] [Error] [38103952-syncNetAppAPI.c:3511]
Command rejected

[01/12/2010 14:14:46.401] [Error] [36694928-nsAccessCtrl.c:3533]
nsSetDbMgrFind() failed

[01/12/2010 14:14:46.401] [Error] [36694928-nsAccessCtrl.c:3669]
nsAccessCtrlHandleImplicitActivity failed for activity - ImplicitShared

[01/12/2010 14:14:46.401] [Error] [36694928-nsAccessCtrl.c:4005]
nsAccessCtrlProcessAdminSet(adminId=1) failed

[01/12/2010 14:14:46.401] [Error] [36694928-nsAccessCtrl.c:7640]
nsAccessCtrlUploadUserPerms(admin='xxx') failed

[01/12/2010 14:14:46.403] [Error] [36694928-gdPreproc.c:573]
nsAccessCtrlUserConstruct(adminName='xxx', domainPath='global')
failed

[01/12/2010 14:14:46.403] [Error] [36694928-syncNetAppAPI.c:3511]
Command rejected

[01/12/2010 14:14:47.068] [Error] [37772176-nsAccessCtrl.c:3533]
nsSetDbMgrFind() failed

[01/12/2010 14:14:47.068] [Error] [37772176-nsAccessCtrl.c:3669]
nsAccessCtrlHandleImplicitActivity failed for activity - ImplicitShared

[01/12/2010 14:14:47.068] [Error] [37772176-nsAccessCtrl.c:4005]
nsAccessCtrlProcessAdminSet(adminId=1) failed

[01/12/2010 14:14:47.068] [Error] [37772176-nsAccessCtrl.c:7640]
nsAccessCtrlUploadUserPerms(admin='xxx') failed

[01/12/2010 14:14:47.070] [Error] [37772176-gdPreproc.c:573]
nsAccessCtrlUserConstruct(adminName='xxx', domainPath='global')
failed

[01/12/2010 14:14:47.070] [Error] [37772176-syncNetAppAPI.c:3511]
Command rejected

[01/12/2010 14:14:47.672] [Error] [38103952-nsAccessCtrl.c:3533]
nsSetDbMgrFind() failed

[01/12/2010 14:14:47.672] [Error] [38103952-nsAccessCtrl.c:3669]
nsAccessCtrlHandleImplicitActivity failed for activity - ImplicitShared

[01/12/2010 14:14:47.672] [Error] [38103952-nsAccessCtrl.c:4005]
nsAccessCtrlProcessAdminSet(adminId=1) failed

[01/12/2010 14:14:47.672] [Error] [38103952-nsAccessCtrl.c:7640]
nsAccessCtrlUploadUserPerms(admin='xxx') failed

[01/12/2010 14:14:47.674] [Error] [38103952-gdPreproc.c:573]
nsAccessCtrlUserConstruct(adminName='xxx', domainPath='global')
failed

[01/12/2010 14:14:47.674] [Error] [38103952-syncNetAppAPI.c:3511]
Command rejected

[01/12/2010 14:14:48.328] [Error] [36694928-nsAccessCtrl.c:3533]
nsSetDbMgrFind() failed

[01/12/2010 14:14:48.328] [Error] [36694928-nsAccessCtrl.c:3669]
nsAccessCtrlHandleImplicitActivity failed for activity - ImplicitShared

[01/12/2010 14:14:48.328] [Error] [36694928-nsAccessCtrl.c:4005]
nsAccessCtrlProcessAdminSet(adminId=1) failed

[01/12/2010 14:14:48.329] [Error] [36694928-nsAccessCtrl.c:7640]
nsAccessCtrlUploadUserPerms(admin='xxx') failed

[01/12/2010 14:14:48.331] [Error] [36694928-gdPreproc.c:573]
nsAccessCtrlUserConstruct(adminName='xxx', domainPath='global')
failed

[01/12/2010 14:14:48.331] [Error] [36694928-syncNetAppAPI.c:3511]
Command rejected

[01/12/2010 14:14:48.983] [Error] [37772176-nsAccessCtrl.c:3533]
nsSetDbMgrFind() failed

[01/12/2010 14:14:48.983] [Error] [37772176-nsAccessCtrl.c:3669]
nsAccessCtrlHandleImplicitActivity failed for activity - ImplicitShared

[01/12/2010 14:14:48.983] [Error] [37772176-nsAccessCtrl.c:4005]
nsAccessCtrlProcessAdminSet(adminId=1) failed

[01/12/2010 14:14:48.983] [Error] [37772176-nsAccessCtrl.c:7640]
nsAccessCtrlUploadUserPerms(admin='xxx') failed

[01/12/2010 14:14:48.985] [Error] [37772176-gdPreproc.c:573]
nsAccessCtrlUserConstruct(adminName='xxx', domainPath='global')
failed

[01/12/2010 14:14:48.985] [Error] [37772176-syncNetAppAPI.c:3511]
Command rejected

[01/12/2010 14:14:49.587] [Error] [38103952-nsAccessCtrl.c:3533]
nsSetDbMgrFind() failed

[01/12/2010 14:14:49.587] [Error] [38103952-nsAccessCtrl.c:3669]
nsAccessCtrlHandleImplicitActivity failed for activity - ImplicitShared

[01/12/2010 14:14:49.587] [Error] [38103952-nsAccessCtrl.c:4005]
nsAccessCtrlProcessAdminSet(adminId=1) failed

[01/12/2010 14:14:49.587] [Error] [38103952-nsAccessCtrl.c:7640]
nsAccessCtrlUploadUserPerms(admin='xxx') failed

[01/12/2010 14:14:49.589] [Error] [38103952-gdPreproc.c:573]
nsAccessCtrlUserConstruct(adminName='xxx', domainPath='global')
failed

[01/12/2010 14:14:49.589] [Error] [38103952-syncNetAppAPI.c:3511]
Command rejected

 

What could be the reason?

 

Br,

 

hansk

sr
Regular Visitor
sr
Posts: 5
Registered: ‎08-24-2009
0

Re: NSM client is unable to connect to NSM server (NSMXpress)

Just to tell you, that my problem get solved by upgrading to 2009.1.

 

hansk

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.