![]() | Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition | ||
|
|
![]() |
||||||||||||
Solution Type Technical Instruction Sure Solution 1006926.1 : iLOM JavaRconsole through a NAT firewall
PreviouslyPublishedAs 209595 Applies to:Sun Fire X4640 Server - Version Not Applicable and laterSun Fire X4800 M2 - Version Not Applicable and later Sun Fire X2250 Server - Version Not Applicable and later Sun Fire X2270 M2 Server - Version Not Applicable and later Sun Fire X2270 Server - Version Not Applicable and later All Platforms GoalWhen trying to access the JavaRconsole on X86 Sun Fire[TM] Servers through NAT - Network Address Translation (commonly used in conjunction with firewalls), the Webstart applet may not be able to connect to the ILOM because it embeds its actual IP address in the javaws file, not the IP address that is visible to the client. This document describes how to configure your network settings so that iLOM's Java Remote Console can be accessed through a NAT router or firewall. Fix
Browse https://<ILOM IPAddress or Hostname>/ Enter "root" or appropriately setup username Enter your password Click on the "Remote Control" tab Click on the "Launch Redirection" button and then tells the browser to run (or open depending on your browser) the file it downloaded. However, if there is a NAT firewall between the client and the ILOM, an error might pop up saying "unable to launch JavaRConsole" with two buttons, "OK" and "Details". Under "Details" the message: An error occurred while launching/running the application. Title: JavaRConsole Vendor: Sun Microsystems Category: Download Error Unable to load resource: https://10.10.50.38:443/cgi-bin/jnlpgenerator-8 The problem here is that the ILOM embeds it's actual IP address in the XML file that it sends to the client, and not the IP address that the client sees. NAT is changing this address in between the ILOM and the client. Thus when the client executes the file, it attemps to connect to an address that may not actually be reachable, and is not the address that the ILOM is visible to the client as. So for example, if the ILOM is actually configured at 10.10.50.38, but is behind a NAT firewall, the client may really see it at 205.43.63.21. The solution is to, instead of running the jnlp file when clicking on "launch redirection", save the file jnlpgenerator-8 (or -16) to some convenient place. Then edit the file, and replace the actual ip address (10.10.50.38 in this example) with the NAT IP address (205.43.63.21 in this example). Be sure to leave the :443 in the first location. An example jnlp file is shown here: ----------begin jnlpgenerator-16------------ <?xml version="1.0" encoding="UTF-8"?> <jnlp spec="1.0+" codebase="https://205.43.63.21:443/" <----- here href="cgi-bin/jnlpgenerator-16"> <information> <title>JavaRConsole</title> <vendor>Sun Microsystems</vendor> <description kind="one-line">JavaRConsole Console Redirection Application</description> <description kind="tooltip">JavaRConsole Console Redirection Application</description> <description kind="short"> JavaRConsole enables a user to view the video display of a Galaxy computer equipped with a service processor. It also enables the user to redirect his local keyboard, mouse, CD-ROM and floppy drives to the remote computer to give him complete control over the remote machine. </description> </information> <security> <all-permissions/> </security> <resources> <j2se version="1.5+"/> <jar href="Java/JavaRConsole.jar"/> <jar href="Java/RedirLib.jar"/> </resources> <resources os="Linux" arch="i386"> <nativelib href="Java/linuxi386.jar"/> </resources> <resources os="Windows" arch="x86"> <nativelib href="Java/win32.jar"/> </resources> <resources os="SunOS" arch="x86"> <nativelib href="Java/solarisx86.jar"/> </resources> <resources os="SunOS" arch="sparc"> <nativelib href="Java/solarissparc.jar"/> </resources> <application-desc> <argument>205.43.63.21</argument> <------- and here <argument>16</argument> </application-desc> </jnlp> ----------end jnlpgenerator-16------------ With that completed, simply run the file manually. On Microsfort Windows, double click it. On Solaris[TM] Operating System, in a terminal window, type "javaws jnlpgenerator-16". This will allow javaws to connect with the correct IP address. Now there may also be a second issue if connecting through a firewall. That is that the ports needed by the remote console may be blocked as a matter of security practice. If the JavaRConsole window is now able to pop up and let you log in, but then it times out as unable to connect, check to be sure that the following ports listed in the ILOM documentation are open and directed to the ILOM: http://docs.oracle.com/cd/E19203-01/819-1160-13/remote_console_app.html#pgfId-1001433 (TABLE 8-2 Remote Console Ports and Interfaces) 443 TCP HTTPS With these ports open, it is possible to not only access the JavaRConsole on a Sunfire ILOM, but it is even possible to attach a local dvd/cd drive to a system that is remotely 800 miles away, and to have the remote server "boot cdrom" off of your local DVD/CD. All the devices available on the "Devices" menu of the JavaRConsole are available. Should you need to do this, please be patient. In this case, the server took close to an hour to boot into single user mode, but it did it on the first try as if the DVD was physically in it's drive.
Attachments This solution has no attachment |
||||||||||||
|