cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CAS accessing AMD via proxy???

anthony_p2
Inactive

Hi Fellow presales engineers,

We have a need to setup a CAS to access an AMD via a proxy for a PoC . The reason for this is that only this permitted  PC can get to the AMD via a firewall.

The proxy does not have any authentication requirements...

We have done the following so far;

  1. Altered the CAS JVM parameters to allow Java it to use the proxy.
  2. Setup a Apache proxy on the permitted PC so we can fiddle with the proxy config
  3. Tested it with a browser on the CAS which seems to indicate the proxy works OK

However the CAS gives the following errors when polling the AMD...( from server.log)

E JUL 14-06-23 07:26:02.824 SEVERE:com.compuware.frameworks.security.client.impl.ManagementServiceClientCache$BulkUpdate:getSecurityBulkData:<Exception during BULK update from CSS: Service unavailable; ><<  exception >>
1 ADM 14-06-23 07:26:23.182 ServerState 10.158.141.90:9091/hid?id=b16ade7df4_80_rtm using GET, protocol HTTP, user compuware, authentication BASIC received response code 401. Change authentication. 
1 ADM 14-06-23 07:26:23.213 ServerState 10.158.141.90:9091/hid?id=b16ade7df4_80_rtm using GET, protocol HTTP, user compuware, authentication DIGEST received response code 401. Change authentication. 
1 ADM 14-06-23 07:26:23.650 ServerState 10.158.141.90:9091/hid?id=b16ade7df4_80_rtm using GET, protocol HTTP, user compuware, authentication BASIC received response code 401. Change authentication. 
1 ADM 14-06-23 07:26:23.650 ServerState 10.158.141.90:9091/hid?id=b16ade7df4_80_rtm using GET, protocol HTTP, user compuware, authentication DIGEST received response code 401. Change authentication. 
E RTM 14-06-23 07:26:23.650 Cannot get license information for probe -1 [10.158.141.90:9091].

OK so it cant get to do something with the CSS but...

It seems as if Apache is sending a 401 back to the CAS in response to its authentication attempt which it seems unable to process..

If a browser is used, filing out the login/password for the AMD works fine...

Are we "barking up the wrong tree" here? e.g has this problem been already solved?

Just thought I would ask before I commence the in-depth troubleshooting....

Regards

AP

 

3 REPLIES 3

adam_piotrowicz
Dynatrace Pro
Dynatrace Pro

This would require troubleshooting.

Would you please file a support ticket with Wireshark capture of this failed communication?

 

anthony_p2
Inactive

 

Hi Adam,

Thanks for the reply.

I have, its Case #00902719...

Just trying to procure traces now...

regards

 

AP

 

anthony_p2
Inactive

Hi all,

I managed to get  this working but not completely...e.g after about 8 hours I have to restart the CAS service if I wish to log in to the CAS...

OK for a PoC though.

But the CAS is talking to the AMD fine via the Apache proxy as long as the proxy does not reside on the same server as the CCS/ RUM console

This is what I did...

  1. Install Apache web server for windows on a none CCS or RUM console CAS. ( could be any windows server)
  2. Http.conf looks like below ( 141.168.21.84 is my new CAS). 
    Listen is 141.168.21.20:3128 and you need "load  proxy modules" list  un-commented etc.

    ProxyRequests On

    ProxyVia On

    <Proxy *>

    Order deny,allow

    Deny from all

    Allow from 141.168.21.84

    </Proxy>

  3. CAS Adlex Java parameter in NT registry line has this added. (CCS is .141.168.21.19)

    -DproxySet=true -DproxyHost=141.168.21.20 -DproxyPort=3128 -DnonProxyHosts=141.168.21.19

  4. So it looks like this 

    CAS3 ---------- >Proxy|CAS2-------- >FW---------- >AMD

    .84---------------->.20-------------------------------------->AMD

Hope this helps

 

Regards

 

AP