Ethernet Switching
Highlighted
Ethernet Switching

Cannot access J-Web on EX4200

‎06-23-2014 03:57 AM

Hi All,

 

For some reason I seem to have lost J-Web access to one of our switches. I can still SSH to it and have tried running:

 

set system services web-management http 

commit

 

but still cannot access over http. Do I need to allow management traffic somehow? Bit of a noob when it comes to Juniper!

 

Thanks for any help you can offer.

13 REPLIES 13
Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎06-23-2014 04:04 AM

Do you have httpd running?

 

run show system processes extensive | match http

 

Do you see the HTTP requests hitting the RE of the switch?

 

Do a monitor traffic interface <interface_that_should_receive_the_packets>

 

 

 

=====

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎06-23-2014 04:23 AM

Thanks for your reply. Seems httpd is running:

 

{master:0}[edit]
root# run show system processes extensive | match http
66261 nobody 6 111 0 7720K 5020K ucond 5358.0 90.58% httpd
66254 root 1 96 0 6636K 4240K select 0:02 0.00% httpd-gk

 

Unsure what interface I need to apply the monitor to. It's 2 x Ex4200 in a VC with one of the OOB management ports connected.

Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎06-23-2014 04:28 AM

For some reasons, httpd has 90% CPU.

 

Can you delete web-management, commit and then add it back?

 

What is the CPU usage after this?

 

 

 

=====

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎06-23-2014 04:39 AM

Did:

 

{master:0}[edit]
root# delete system services web-management

commit

 

set system services web-management http

commit

 

{master:0}[edit]
root# run show system processes extensive | match http
66261 nobody 2 132 0 7720K 4956K RUN 5358.2 87.94% httpd
29693 root 1 108 0 6632K 3744K select 0:00 0.00% httpd-gk
29695 nobody 1 103 0 7088K 4460K select 0:00 0.00% httpd

Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎06-23-2014 04:51 AM

I see that you still have the HTTPD process from before the delete/add:

 

66261 nobody 2 132 0 7720K 4956K RUN 5358.2 87.94% httpd

 

You could restart httpd(restart web-management) or disable httpd, check if you have any httpd processes running, kill if there is any and then enable back http.

 

 

 

=====

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎06-23-2014 04:56 AM

Thanks again for your help. Would you be able to provide me the syntax for those commands?

Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎06-23-2014 05:03 AM

{master:0}[edit]
root@EX4200# run show system processes extensive | match http
49259 root 1 96 0 17464K 8376K select 0:00 0.00% httpd-gk
49268 nobody 1 96 0 7420K 3224K select 0:00 0.00% httpd

{master:0}[edit]
root@EX4200# run restart web-management
Web management gatekeeper process started, pid 49278

{master:0}[edit]
root@EX4200# run show system processes extensive | match http
49278 root 1 96 0 17464K 8376K select 0:00 3.15% httpd-gk
49287 nobody 1 96 0 7420K 3224K select 0:00 0.70% httpd

{master:0}[edit]
root@EX4200#

 

Just be careful what process are you killing.

 

root@EX4200:RE:0% ps axu | grep http
root 49278 0.0 0.8 17464 8376 ?? S 11:57AM 0:00.10 /usr/sbin/httpd-
nobody 49287 0.0 0.3 7420 3224 ?? S 11:57AM 0:00.04 /usr/sbin/httpd
root 49291 0.0 0.1 2444 1084 u0 S+ 11:57AM 0:00.01 grep http
root@EX4200:RE:0% kill -9 49278
root@EX4200:RE:0% ps axu | grep 49278
root 49308 0.0 0.1 2444 1084 u0 S+ 11:58AM 0:00.01 grep 49278
root@EX4200:RE:0%

 

 

 

=====

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎06-23-2014 06:10 AM

Thanks for that. Have run all the below but doesnt seem to have made any difference:

 

root# run show system processes extensive | match http
66261 nobody 2 130 0 7720K 4956K RUN 5359.5 89.21% httpd
31382 root 1 121 0 6632K 3732K select 0:00 0.00% httpd-gk
31345 nobody 1 96 0 7088K 4464K select 0:00 0.00% httpd

 

Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎06-23-2014 06:14 AM

Did you try 'kill -9 66261'?

 

 

 

=====

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

 

Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎06-23-2014 01:56 PM

Could be that the http system infrastructure has become corrupted. You could reinstall the System OS if you can schedule some downtime after hours (about 10 - 15 minutes); this almost alwasy fix the issue. Or search the forum for your issue and see what others have had to do. Deleting and readding the web services, restarting the http process works for some, others it does not.

Can you post the output:

root@EX#show system services

Also, did you recently apply a firewall filter that may not have accounted for web traffic?

Here is a slighlty longer process, but if you remember the exact day when you lost access, you run another command:

>show system rollback.

Look if the date you stop getting access was a date when you had made some changes. You can load that rollback and them compare it to the active/running config to se if any of those changes could have been a problem. When finished comparing, simply enter "rollback 0" to clear the loaded config and not affect the running config.

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎06-25-2014 12:57 PM

Hi Jon_Gee;

 

You can also check  /var/log/httpd.log file . There may be useful logs about problem.

 

Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎06-29-2014 11:36 PM

HI,

 

2 more thing which needed to be checked when we see the issue with not able to access the web.

 

1) make sure there is an directory by name "empty" under /var

2) secondly

 

Verify the contents of file httpd.conf under /jail/var/etc

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16427&actp=search&viewlocale=en_US&searchid...

 

Thanks,

Partha

Highlighted
Ethernet Switching

Re: Cannot access J-Web on EX4200

‎07-14-2014 04:39 AM

J-Web available from internet? I saw same situation with httpd. Found out that someone trying to hack my password at rate 10 attempts per second.