5 Replies Latest reply on Aug 28, 2015 2:27 PM by Mike Reider

    NSH proxy setup issues

    Mike Reider

      Hi all, Im trying to setup a very basic NSH proxy connection in order to run Nexec vs managed hosts with auth via appserver

      the attached Visio shows my current setup. We have 13 BSA appservers, 1 of which (APP01) is setup to be an NSH proxy with ProxySvcPort 9842

       

      I want to run Nexec from my windows console desktop, using APP01 as the proxy to run cmds against the managed hosts

      Im encountering 2 errors,


      Error #1

       

       

      first when I open CMD prompt on the win console desktop, and type 'nsh', I get the SSO error shown in the Visio. Theres a 2 min delay before the error shows up on CMD prompt as it tries to contact the appserver, getting this in appserver log

       

       

      [28 Aug 2015 12:20:47,471] [Nsh-Proxy-Thread-0] [WARN] [Anonymous:Anonymous:10.9.97.166] [BLSSOPROXY] java.net.SocketTimeoutException: Read timed out

      com.bladelogic.sso.engine.ClientDisconnectedException: java.net.SocketTimeoutException: Read timed out

           at com.bladelogic.sso.engine.StreamMessaging.receiveMessage(StreamMessaging.java:123)

         at com.bladelogic.sso.engine.StreamMessaging.receiveToken(StreamMessaging.java:203)

           at com.bladelogic.om.infra.mfw.net.BlSessionServerConnection.authenticate(BlSessionServerConnection.java:176)

         at com.bladelogic.om.infra.mfw.net.BlSessionNshServerConnection.internalHandshake(BlSessionNshServerConnection.java:78)

      at com.bladelogic.om.infra.mfw.net.BlSessionNshServerConnection.doHandshake(BlSessionNshServerConnection.java:50)

             at com.bladelogic.om.infra.mfw.fw.BlSessionNshProxyPair.setupClient(BlSessionNshProxyPair.java:104)

           at com.bladelogic.om.infra.mfw.fw.BlSessionNshProxyPair.init(BlSessionNshProxyPair.java:75)

           at com.bladelogic.om.infra.mfw.fw.NshProxyWorkerThread.execute(NshProxyWorkerThread.java:106)

         at com.bladelogic.om.infra.mfw.fw.NshProxyWorkerThread.execute(NshProxyWorkerThread.java:17)

          at com.bladelogic.om.infra.app.service.thread.BlBlockingThread.run(BlBlockingThread.java:95)

       

      The appserver settings for timeouts:

      SocketConnectTimeout:60

      SocketOperationTimeout:7200

      SocketTimeout:600

      SocketsBindAddress:all

       

       

      Error #2, when I run Nexec cmd, I get the 2nd error.


      If I go through the Console, and right click onthe managed host, do NSH Here, no issues. Blcred works, the authProfile is valid, the cred is cached (I did blcred destroy, then blcred acquire to make sure its a fresh cred). Not sure where else to look to fix this.
      NSHProxy.png

        • 1. Re: NSH proxy setup issues
          Bill Robinson

          after you run blcred and authenticate, can you run 'blcred cred -list' and show the output ?

           

          your home directory seems to be picked up as /home/unknown - that seems wrong...  or do you have a .nshrc file setting the location of the cache file or something else like that ?

           

          what host is 10.9.97.166 ?

          • 2. Re: NSH proxy setup issues
            Mike Reider

            hi Bill, this is the output

             

            nsherr.png

             

            Dont have any rc files setup, the home dir is wrong but Im not sure where its picking it up from, for some reason its thinking its on a NIX box, not Win, I tried searching for bl_sessoc file on the win desktop, cant find it anywhere.


            10.9.97.166 is the win desktop

             

            also tried increasing SocketConnectTimeout to 3 min (180) but still getting that error #1

            • 3. Re: NSH proxy setup issues
              Mike Reider

              found the bl_sesscc file, its under

              C:\Users\mreider\AppData\Roaming\BladeLogic

               

              but the contents look correct,

               

               

               

               

              <MessageObject>

                <username>mreider@OAK.FG.xxx.COM</username>

                <site/>

                <serviceURL>service:authsvc.bladelogic:blauth://ulvblgd01.devfg.xxx.com:9840</serviceURL>

                <AuthProtocolMsg>

                  <SessionCredential employedAuthType="ADK_PASSWORD" updateSRPPasswordOnly="false">

                    <clientAddress>10.9.97.166</clientAddress>

                    <destinationServiceURLs>

                      <serviceURL>service:appsvc.bladelogic:blsess://ulvblgd01.devfg.xxx.com:9841</serviceURL>

                      <serviceURL>service:appsvc.bladelogic:blsess://10.241.165.123:9841</serviceURL>

                      <serviceURL>service:proxysvc.bladelogic:blsess://ulvblgd01.devfg.xxx.com:9842</serviceURL>

                      <serviceURL>service:proxysvc.bladelogic:blsess://10.241.165.123:9842</serviceURL>

                    </destinationServiceURLs>

                    <authorizedRoles>

                      <role>

                        <id>1000010</id>

                        <name>BLAdmins</name>

                      </role>

                      <role>

                        <id>3</id>

                        <name>RBACAdmins</name>

                      </role>

                    </authorizedRoles>

                    <expirationTime>2015-08-28 21:26:52.784 EDT</expirationTime>

                    <maximumLifetime>2015-08-28 21:26:52.784 EDT</maximumLifetime>

                    <serviceTicket>MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEggPoPFNl

              cnZpY2VUaWNrZXRDb250ZW50PgogIDxJc3N1aW5nQXV0aFN2Y1VSTD5zZXJ2aWNlOmF1dGhzdmMu

              YmxhZGVsb2dpYzpibGF1dGg6Ly91bHZibGdkMDEuZGV2ZmcucmJjLmNvbTo5ODQwPC9Jc3N1aW5n

              QXV0aFN2Y1VSTD4KICA8ZW1wbG95ZWRBdXRoVHlwZT5BREtfUEFTU1dPUkQ8L2VtcGxveWVkQXV0

              aFR5cGU+CiAgPHNpdGUvPgogIDx1c2VybmFtZT5tcmVpZGVyQE9BSy5GRy5SQkMuQ09NPC91c2Vy

              bmFtZT4KICA8Y2xpZW50QWRkcmVzcz4xMC45Ljk3LjE2NjwvY2xpZW50QWRkcmVzcz4KICA8ZGVz

              dGluYXRpb25TZXJ2aWNlVVJMcz4KICAgIDxzZXJ2aWNlVVJMPnNlcnZpY2U6YXBwc3ZjLmJsYWRl

              bG9naWM6YmxzZXNzOi8vdWx2YmxnZDAxLmRldmZnLnJiYy5jb206OTg0MTwvc2VydmljZVVSTD4K

              ICAgIDxzZXJ2aWNlVVJMPnNlcnZpY2U6YXBwc3ZjLmJsYWRlbG9naWM6YmxzZXNzOi8vMTAuMjQx

              LjE2NS4xMjM6OTg0MTwvc2VydmljZVVSTD4KICAgIDxzZXJ2aWNlVVJMPnNlcnZpY2U6cHJveHlz

              dmMuYmxhZGVsb2dpYzpibHNlc3M6Ly91bHZibGdkMDEuZGV2ZmcucmJjLmNvbTo5ODQyPC9zZXJ2

              aWNlVVJMPgogICAgPHNlcnZpY2VVUkw+c2VydmljZTpwcm94eXN2Yy5ibGFkZWxvZ2ljOmJsc2Vz

              czovLzEwLjI0MS4xNjUuMTIzOjk4NDI8L3NlcnZpY2VVUkw+CiAgPC9kZXN0aW5hdGlvblNlcnZp

              Y2VVUkxzPgogIDxhdXRob3JpemVkUm9sZXM+CiAgICA8cm9sZT4KICAgICAgPGlkPjEwMDAwMTA8

              L2lkPgogICAgICA8bmFtZT5CTEFkbWluczwvbmFtZT4KICAgIDwvcm9sZT4KICAgIDxyb2xlPgog

              ICAgICA8aWQ+MzwvaWQ+CiAgICAgIDxuYW1lPlJCQUNBZG1pbnM8L25hbWU+CiAgICA8L3JvbGU+

              CiAgPC9hdXRob3JpemVkUm9sZXM+CiAgPGV4cGlyYXRpb25UaW1lPjIwMTUtMDgtMjggMjE6MjY6

              NTIuNzg0IEVEVDwvZXhwaXJhdGlvblRpbWU+CiAgPG1heGltdW1MaWZldGltZT4yMDE1LTA4LTI4

              IDIxOjI2OjUyLjc4NCBFRFQ8L21heGltdW1MaQSBvmZldGltZT4KICA8dXBkYXRlU1JQUGFzc3dv

              cmRPbmx5PmZhbHNlPC91cGRhdGVTUlBQYXNzd29yZE9ubHk+CiAgPGF0cml1bVNzb1Rva2VuSWQ+

              UEVPVUxUUFRLUE1BV1RYTlpFVVhRVFFXT1FQWFdXWEJOT01WQUxRV05YV09OT09QTVZLQUJNTU9Y

              QU1MRUFNTDwvYXRyaXVtU3NvVG9rZW5JZD4KPC9TZXJ2aWNlVGlja2V0Q29udGVudD4AAAAAAACg

              gDCCAqIwggGKoAMCAQICBgFJPYG9CjANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhob3N0bmFt

              ZTAeFw0xNDEwMjIxNDU1NTNaFw0xNzEwMjIxNDU1NTNaMBMxETAPBgNVBAMTCGhvc3RuYW1lMIIB

              IDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAw1BfQ7sHMjvIqzI6OGToFO8cSjkSx08fjO+y

              9TLCfydSeBJ9QRaOgc1GhZ9TQ04+hURcuNtMskVGuncmRsMPwbCPOQjKUIwR31ncfTi6fdyxJGzM

              bvFQR9/e1SZfjmrkiEbT1zPzMFZWvfLDCIVKRmqltBmSGFdNuJqv78uaYI7qWCuyP1wZTzfZInF1

              FkqsUBtb2cIaY5ym8aDhpCFOfBI/9vQSCmPatU8UC35s7/C3xnPVFRAV48sLMIKiNgeoua7/zU1g

              9sBMRzuuS3Kdb+JgZrk/o0iK3VlfnjB2+agNGQL2QIU2bqQhvjGc4Gr5/2g9/7PS9yiXXmziTwwt

              vQIBAzANBgkqhkiG9w0BAQUFAAOCAQEAuTvUGLwT4lQXw5FBUUGuKe7wsG6qXqkA1hBpOr8AsB3K

              ZmEDCDSuTcd4++zOfrZfROlt2gA+5LYy0IwS7Ohcp6u08w2HuCSCRvcoBwE+/uOpIRWvyWBc2Qvo

              WMNTwTViRfE7WwQ/exCDY7tY+nnIg61E+szzhiMwDLAW/hs2TtELtShC8P+5YO3UZHrEjbsfN2nJ

              FprgPUjzdl3JbLIuLBAlw1baVNr19wRwlMwSV9zywTheDA7T2cIFrlctpbFZQU7/vTCEOZukGbwE

              GW3WJVw7CdsWlneCoP0yvOXbrcsk2pdJtnBP2848qC6iqEwd9elTbm2njPk/I/qAutsiHQAAMYIB

              ozCCAZ8CAQEwHTATMREwDwYDVQQDEwhob3N0bmFtZQIGAUk9gb0KMAkGBSsOAwIaBQCgXTAYBgkq

              hkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTA4MjgxNTI2NTJaMCMGCSqG

              SIb3DQEJBDEWBBShxumYp2JeJyJWHHifNoLWIXpH0DANBgkqhkiG9w0BAQEFAASCAQCnhR0c4YrW

              XQ1eQlgYfBvq/bdTMa8i9n/cmvONYECgNH6ueVsUCWnyCOqpMz8ab1oDgob22J3I/LB6HHNpBRQT

              dGC22Ls9HY6vKyVVFD7nsMT7888j7Yq2xKL/e1WxVvrXVTiOrOwPh34jaJc9UHtygiF98a6wGC+2

              EFO82TWE3me30PFEArFp+F7RYIYYiyCkBXEeb+Fm0t1id8+6sf0wT9wcHSYj4sP5Dpx70FbGytsU

              WhxplsXfacv2srfidZYGO8FIEKFdXHicNvqNxcUyLJYAKfu1uLk5h8c5KqYyMhCHiLcL7LLd1huH

              OregscWKL+tPHz4/d9RbTl4cWRUdAAAAAAAA</serviceTicket>

                    <clientType>NA</clientType>

                    <atriumSsoTokenId>PEOULTPTKPMAWTXNZEUXQTQWOQPXWWXBNOMVALQWNXWONOOPMVKABMMOXAMLEAML</atriumSsoTokenId>

                  </SessionCredential>

                </AuthProtocolMsg>

              </MessageObject>

              • 4. Re: NSH proxy setup issues
                Bill Robinson

                in both nsh and cmd can you run 'set' and redirect the output to a file and attach or email it ?

                • 5. Re: NSH proxy setup issues
                  Mike Reider

                  both files attached