The BSA appserver talks to the target agent on port 4750/tcp (by default) to perform patch analysis (and any other 'jobs' that the appserver runs).
same thing w/ the 'verify'. gui talks to the appserver, appserver talks to the agent.
so a timeout means there is a connectivity issue between the appserver and agent.
Thanks a lot for the timely answer. Just, one more question... the GUI is located in patch team's desktop. Lets call it A. When they are trying to do that verify thing from their GUI, I captured some firewall logs. The logs indicate that their Machine (A) is contacting the target servers(machines to be patched) over 4750. And, the firewall receives a TCP Reset-0 from the machine. (meaning, the target machines are terminating the connection)
As per logs, the app server didn't come into the whole scene.Not even a single log stated that a connection was happening between app server and target machines. But i wanted to make sure whether my perception is correct??.Please advise.
Also, let me know if there are any documentations related to this. I've been into this issue for the entire week. ..
Again, thank you so much. I mean it
some operations will connect direct from the client to the server and bypass the appserver. the only operations that do this are 'custom commands' and nsh client access, if the 'NSH Proxy' is not being used (where the connection would be proxied through the bsa appserver). it seems like in your case the nsh proxy is not being used.
but neither of those actions (custom command, or nsh client access) would be used for patching activities.
can you clarify what exactly the user is doing in the bsa gui ? if they are running a 'patch analysis job' that would only be appserver to agent connectivity (or any other job type).
I remember them saying that it was a PA job. But let me confirm the job type and i'll post it.. But before I go and ask questions to the patch team, could you please tell me what questions I need to ask or say, what information would help you get a better insight of this issue? Then, i'll get the exact same info from them and post it here.
And, one more question. ( sorry for making this long, but am real confused). You said that the connectivity is gui->app server- > agent or target machines. Will the gui contact app server on port 4750 ever??? or is it only port 9841 between gui and app server.
Gui will talk to the appserver on 9840 (initial authentication) and then 9841 for normal gui usage. Gui never talks to the appserver on 4750. If the user runs a ‘custom command’ or uses the nsh client to talk to the agent on the appserver, then you would see a connection to the appserver from the client system on 4750.
I would get a copy of the job run log for the job they are running, the rscd log on the target system during the time of the job run and the appserver log(s) covering the time of the job run. that should let us trace through the entire path. and i’d also try and get an understanding of the network path between the appserver and agent.
These pages may help you:
BMC Server Automation architecture
BMC Server Automation ports