-
15. Session credential rejected ?
Bill RobinsonJan 9, 2012 9:11 AM (in response to Abhishek Tundalwar)
the error in the log is this:
ticket: /172.24.0.1 != /172.28.2.45
something is either changing the IP of your workstation, or perhaps you are going through a load balancer to get the appserver ?
on the appserver where you see this log, how do you connect? directly or through a load balancer ?
-
16. Session credential rejected ?
Monoj Padhy Jan 10, 2012 12:55 AM (in response to Bill Robinson)No load balancer is used. I am directly connected to this.
-
17. Re: Session credential rejected ?
Bill RobinsonJan 10, 2012 6:51 AM (in response to Monoj Padhy)
What is 172.24.0.1 ? is this a network device?
-
18. Session credential rejected ?
Bill RobinsonJan 12, 2012 2:42 PM (in response to Bill Robinson)
what else is running on that dns server? because for some reason, from the log, that server is initiating a request to your bladelogic config server w/ your credentials, that were obtained from your workstation.
-
19. Re: Session credential rejected ?
Steven Wyns May 16, 2012 2:37 AM (in response to Bill Robinson)Could be some Network Adress Translation.
We noticed the same behaviour once and used the blasadmin command to solve this.
blasadmin -a set appserver ValidateClientIpAddress true
The only remark is: it only seems to work for the application server, not for NSH proxies.
I'm running 7.6.0.313 and am looking for a way to solve this error when going through a NAT device when connecting to a NSH proxy.
[16 May 2012 08:40:02,972] [Nsh-Proxy-Thread-2] [WARN] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] Connection closed by /192.168.0.10:63338 before pre-authentication handshake could be completed.
[16 May 2012 08:40:02,972] [Nsh-Proxy-Thread-2] [INFO] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] failure establishing session with proxy service
[16 May 2012 08:40:02,972] [Nsh-Proxy-Thread-2] [INFO] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] NSH Proxy Connection closed
[16 May 2012 08:40:38,456] [Scheduled-System-Tasks-Thread-3] [INFO] [System:System:] [Memory Monitor] Total JVM (B): 414842880,Free JVM (B): 361679728,Used JVM (B): 53163152,VSize (B): 546754560,RSS (B): 490541056
[16 May 2012 08:41:23,457] [Nsh-Proxy-Thread-1] [WARN] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] client's IP address does not match that written into ticket: /192.168.0.10 != /192.168.2.15
[16 May 2012 08:41:23,457] [Nsh-Proxy-Thread-1] [WARN] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] Client's session credential was rejected
com.bladelogic.mfw.util.BlException: Client's session credential was rejected
at com.bladelogic.mfw.net.BlSessionServerConnection.authenticate(BlSessionServerConnection.java:194)
at com.bladelogic.mfw.net.BlSessionServerConnection.doHandshake(BlSessionServerConnection.java:98)
at com.bladelogic.mfw.net.BlSessionNshServerConnection.doHandshake(BlSessionNshServerConnection.java:48)
at com.bladelogic.mfw.fw.BlSessionNshProxyPair.setupClient(BlSessionNshProxyPair.java:109)
at com.bladelogic.mfw.fw.BlSessionNshProxyPair.init(BlSessionNshProxyPair.java:75)
at com.bladelogic.mfw.fw.NshProxyWorkerThread.execute(NshProxyWorkerThread.java:105)
at com.bladelogic.mfw.fw.NshProxyWorkerThread.execute(NshProxyWorkerThread.java:17)
at com.bladelogic.app.service.thread.BlBlockingThread.run(BlBlockingThread.java:92)
[16 May 2012 08:41:23,457] [Nsh-Proxy-Thread-1] [INFO] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] failure establishing session with proxy service
[16 May 2012 08:41:23,457] [Nsh-Proxy-Thread-1] [INFO] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] NSH Proxy Connection closed
-
20. Session credential rejected ?
Monoj Padhy May 16, 2012 5:32 AM (in response to Steven Wyns)Hi Swyns,
Check with this following line in the log
[Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] client's IP address does not match that written into ticket: /192.168.0.10 != /192.168.2.15
what is these two Ip Address ?
-
21. Re: Session credential rejected ?
Monoj Padhy May 16, 2012 6:08 AM (in response to Monoj Padhy)Try with the followings:
1)Check your DB connection.
2)Delete the file bl_sesscc (\%\AppData\Roaming\Bladelogic)
Before deleting keep a back up of the same.
The above error occured twice in my environment. once caused due to database connection failure and second time its the vmware Network Adapter that is causing the error, disabling the same from the control panel-> network connection fix the issue (In my test environment).
-
22. Session credential rejected ?
Steven Wyns May 16, 2012 8:01 AM (in response to Monoj Padhy)One is my client's ip, the other one seems to be some network device in between ( My guess is NAT translation)
Offcource i've changed the ip's with more generic ones, but the error actually occurs on a WAN connection.
-
23. Re: Session credential rejected ?
Bill RobinsonMay 16, 2012 8:51 AM (in response to Steven Wyns)
1 of 1 people found this helpfulThere is a validateclientip address setting in blasadmin you can turn off, or you can change your network device to pass through the actual client’s ip I think.
-
24. Re: Session credential rejected ?
Steven Wyns Jun 6, 2012 3:49 AM (in response to Bill Robinson)Hi Bill,
I've looked for that but it seems to exist only on the appserver instances. Our NSH proxy is a standalone one (a seperate appserver instance on the same server)
When trying to set them via blasadmin:
bladmin>set appserver ValidateClientIpAddress false
Attribute ValidateClientIpAddress was not found in deployment nshproxy1 (file clientConnectionService.xml does not exist).
bladmin>set appserver ValidateRequestUrl false
Attribute ValidateRequestURL was not found in deployment nshproxy1 (file clientConnectionService.xml does not exist).
bladmin>
any ideas ?
-
25. Session credential rejected ?
Joe Piotrowski Jun 6, 2012 2:30 PM (in response to Steven Wyns)I didn't see this mentioned: are you using IP addresses or names? If names, do you have bad DNS records where one name is pointing to multiple IP addresses?
-
26. Session credential rejected ?
Bill RobinsonJun 12, 2012 2:50 PM (in response to Steven Wyns)
what version of BSA is this?
in my 8.2 appserver i created a new instance and selected only nsh_proxy as the type and i have the validateclientipaddress and validaterequesturl settings.
-
27. Session credential rejected ?
Steven Wyns Jun 13, 2012 12:40 AM (in response to Bill Robinson)Hi Bill,
I've noticed it exists in 8.2 as well. But the environment where I have the problem is still 7.6.
Hi Joe,
I'm using names but they are correct. I really think it's the NAT device in between that causes me trouble. I have to talk to telco about it some time
-
28. Session credential rejected ?
Bill RobinsonJul 2, 2012 1:48 PM (in response to Steven Wyns)
then i would try and get the source ips to pass through properly to the appservers. i checked my 7.6 env and i don't see the settings there either. you could possibly try and run the nsh proxy w/ a config instance and see if the config's validate settings apply to the proxy part as well.