If the port used by a website is not open in the firewall of the web server, the webpage will not be accessible. "nc" can be used to verify if a network port is open and available on a server. Below result indicates port 7042 is open on server serverName.
$ nc -zv serverName 7042
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connected to 167.xx.xx.50:7042.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
If nothing is listening on port 7042, "nc" gives a different result and does not tell if port is the problem.
$ netstat -tuanp | grep 7042
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
$ nc -zv serverName 7042 <= run it on another server
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: Connection refused.
So make sure the Apps service is working correctly and running before using "nc" to check port's status. When the port is used on the server, "nc" message No route to host tells us that the port is blocked by firewall of the server.
$ netstat -tuanp | grep 7043
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp6 0 0 167.xx.xx.50:7043 :::* LISTEN 2915615/java
tcp6 0 0 167.xx.xx.50:52210 167.xx.xx.50:7043 ESTABLISHED 2922169/java
$ nc -zv serverName 7043 <= run it on another server
Ncat: Version 7.92 ( https://nmap.org/ncat )
Ncat: No route to host.
wget may give similar failure message if WLS webservice is listening on port 7043:
$ wget serverName.domain.com:7043/console
... ...
Connection ... ... failed: No route to host
root is able to check and see the list of open ports on the firewall of the server:
$ echo $USER
applmgr
$ sudo su -
[sudo] password for applmgr:
Hostname: serverName.domain.com <= ONLY if sudo root is granted to applmgr
OS: Red Hat Enterprise Linux release 8.10 (Ootpa)
Arch: x86_64
[root@serverName ~]# cd /etc/firewalld
[root@serverName ~]# which firewall-cmd
/usr/bin/firewall-cmd
[root@serverName firewalld]# firewall-cmd --list-all
internal (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: cockpit dhcpv6-client mdns samba-client ssh
ports: ... 443/tcp 7042/tcp 7051/tcp 7052/tcp 8004/tcp 4484/tcp ... 757/udp 17430/udp ...
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@serverName firewalld]#
Troubleshooting case. In a multi-node EBS instance, ADOP fs_clone failed on 2nd node with message "The admin server for the patch file system is not running". I started WebLogic services in patch filesystem of Primary node serverName successfully:
$ sh adadminsrvctl.sh start forcepatchfs
... ...
adadminsrvctl.sh: exiting with status 0
... ...
$ grep s_wls_adminport $CONTEXT_FILE
<wls_adminport oa_var="s_wls_adminport" oa_type="PORT" base="7001" step="1" range="-1" label="WLS Admin Server Port">7043</wls_adminport>
But, the problem was console webpage serverName.domain.com:7043/console did not work and showed generic errors on browser. Too many Java errors and messages in WebLogic logfiles under folder $FMW_HOME/user_projects/domains/EBS_domain/servers/AdminServer/logs
made logs not useful as well. Finally, I found the root cause is port 7043 was not open on the server. After it was added to the firewall by Linux Admin, the WebLogic website became accessible from browsers and then fs_clone worked.
No comments:
Post a Comment