1 2 Previous Next 28 Replies Latest reply: Jul 2, 2012 1:48 PM by Bill Robinson Go to original post RSS
  • 15. Session credential rejected ?
    Bill Robinson

    the error in the log is this:

     

    ticket: /172.24.0.1 != /172.28.2.45

     

     

    something is either changing the IP of your workstation, or perhaps you are going through a load balancer to get the appserver ?

     

    on the appserver where you see this log, how do you connect?  directly or through a load balancer ?

  • 16. Session credential rejected ?
    Blas P

    No load balancer is used. I am directly connected to this.

  • 17. Re: Session credential rejected ?
    Bill Robinson

    What is 172.24.0.1 ?  is this a network device?

  • 18. Session credential rejected ?
    Bill Robinson

    what else is running on that dns server?  because for some reason, from the log, that server is initiating a request to your bladelogic config server w/ your credentials, that were obtained from your workstation.

  • 19. Re: Session credential rejected ?
    swyns

    Could be some Network Adress Translation.

     

    We noticed the same behaviour once and used the blasadmin command to solve this.

     

    blasadmin -a set appserver ValidateClientIpAddress true

     

    The only remark is: it only seems to work for the application server, not for NSH proxies.

     

    I'm running 7.6.0.313 and am looking for a way to solve this error when going through a NAT device when connecting to a NSH proxy.

     

    [16 May 2012 08:40:02,972] [Nsh-Proxy-Thread-2] [WARN] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] Connection closed by /192.168.0.10:63338 before pre-authentication handshake could be completed.

    [16 May 2012 08:40:02,972] [Nsh-Proxy-Thread-2] [INFO] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] failure establishing session with proxy service

    [16 May 2012 08:40:02,972] [Nsh-Proxy-Thread-2] [INFO] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] NSH Proxy Connection closed

    [16 May 2012 08:40:38,456] [Scheduled-System-Tasks-Thread-3] [INFO] [System:System:] [Memory Monitor] Total JVM (B): 414842880,Free JVM (B): 361679728,Used JVM (B): 53163152,VSize (B): 546754560,RSS (B): 490541056

    [16 May 2012 08:41:23,457] [Nsh-Proxy-Thread-1] [WARN] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] client's IP address does not match that written into ticket: /192.168.0.10 != /192.168.2.15

    [16 May 2012 08:41:23,457] [Nsh-Proxy-Thread-1] [WARN] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] Client's session credential was rejected

    com.bladelogic.mfw.util.BlException: Client's session credential was rejected

    at com.bladelogic.mfw.net.BlSessionServerConnection.authenticate(BlSessionServerConnection.java:194)

    at com.bladelogic.mfw.net.BlSessionServerConnection.doHandshake(BlSessionServerConnection.java:98)

    at com.bladelogic.mfw.net.BlSessionNshServerConnection.doHandshake(BlSessionNshServerConnection.java:48)

    at com.bladelogic.mfw.fw.BlSessionNshProxyPair.setupClient(BlSessionNshProxyPair.java:109)

    at com.bladelogic.mfw.fw.BlSessionNshProxyPair.init(BlSessionNshProxyPair.java:75)

    at com.bladelogic.mfw.fw.NshProxyWorkerThread.execute(NshProxyWorkerThread.java:105)

    at com.bladelogic.mfw.fw.NshProxyWorkerThread.execute(NshProxyWorkerThread.java:17)

    at com.bladelogic.app.service.thread.BlBlockingThread.run(BlBlockingThread.java:92)

    [16 May 2012 08:41:23,457] [Nsh-Proxy-Thread-1] [INFO] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] failure establishing session with proxy service

    [16 May 2012 08:41:23,457] [Nsh-Proxy-Thread-1] [INFO] [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] NSH Proxy Connection closed

  • 20. Session credential rejected ?
    Blas P

    Hi Swyns,

     

    Check with this following line in the log

     

    [Anonymous:Anonymous:192.168.0.10] [BLSSOPROXY] client's IP address does not match that written into ticket: /192.168.0.10 != /192.168.2.15

     

    what is these two Ip Address ?

  • 21. Re: Session credential rejected ?
    Blas P

    Try with the followings:

     

    1)Check your DB connection.

    2)Delete the file bl_sesscc (\%\AppData\Roaming\Bladelogic)

     

    Before deleting keep a back up of the same.

     

    The above error occured twice in my environment. once caused due to database connection failure and second time its the vmware Network Adapter that is causing the error, disabling the same from the control panel-> network connection fix the issue (In my test environment).

  • 22. Session credential rejected ?
    swyns

    One is my client's ip, the other one seems to be some network device in between ( My guess is NAT translation)

     

    Offcource i've changed the ip's with more generic ones, but the error actually occurs on a WAN connection.

  • 23. Re: Session credential rejected ?
    Bill Robinson

    There is a validateclientip address setting in blasadmin you can turn off, or you can change your network device to pass through the actual client’s ip I think.

  • 24. Re: Session credential rejected ?
    swyns

    Hi Bill,

     

    I've looked for that but it seems to exist only on the appserver instances. Our NSH proxy is a standalone one (a seperate appserver instance on the same server)

     

    When trying to set them via blasadmin:

    bladmin>set appserver ValidateClientIpAddress false

    Attribute ValidateClientIpAddress was not found in deployment nshproxy1 (file clientConnectionService.xml does not exist).

    bladmin>set appserver ValidateRequestUrl false

    Attribute ValidateRequestURL was not found in deployment nshproxy1 (file clientConnectionService.xml does not exist).

    bladmin>

     

    any ideas ?

  • 25. Session credential rejected ?
    Joe Piotrowski

    I didn't see this mentioned: are you using IP addresses or names? If names, do you have bad DNS records where one name is pointing to multiple IP addresses?

  • 26. Session credential rejected ?
    Bill Robinson

    what version of BSA is this?

     

    in my 8.2 appserver i created a new instance and selected only nsh_proxy as the type and i have the validateclientipaddress and validaterequesturl settings.

  • 27. Session credential rejected ?
    swyns

    Hi Bill,

     

    I've noticed it exists in 8.2 as well. But the environment where I have the problem is still 7.6.

     

     

    Hi Joe,

     

    I'm using names but they are correct. I really think it's the NAT device in between that causes me trouble. I have to talk to telco about it some time

  • 28. Session credential rejected ?
    Bill Robinson

    then i would try and get the source ips to pass through properly to the appservers.  i checked my 7.6 env and i don't see the settings there either.  you could possibly try and run the nsh proxy w/ a config instance and see if the config's validate settings apply to the proxy part as well.

1 2 Previous Next