Sun Fire X4150 Server
 
Sun Fire X4440 Server
 
Sun Fire X4540 Server
 
Sun Fire X4200 Server
 
Sun Fire X4250 Server
 
Sun Fire X4275 Server
 
Sun Fire X4200 M2 Server
 
Sun Fire X4600 M2 Server
 
Sun Server X3-2
 
Sun Fire X4240 Server
 
Sun Fire X2270 Server
 
Sun Fire X4140 Server
 
Sun Server X3-2L
 
Sun Fire X4470 Server
 
Sun Server X2-8
 
Sun Fire X4100 M2 Server
 
Sun Fire X4170 Server
 
Sun Fire X4270 M2 Server
 
Sun Fire X2250 Server
 
Sun Fire X4100 Server
 
Sun Fire X4600 Server
 
Sun Fire X4270 Server
 
Sun Fire X4640 Server
 
Sun Fire X2270 M2 Server
 
Sun Fire X4800 Server
 
Sun Fire X4170 M2 Server
 
Sun Fire X4500 Server
 
Sun Fire X4450 Server
 
Sun Server X2-4
 

PLA-Support>Sun Systems>x64>Server>SN-x64: SERVER 64bit
 

Applies to:

Goal

When trying to access the JavaRconsole on X86 Sun Fire[TM] Servers through NAT - Network Address Translation (commonly used in conjunction with firewalls), the Webstart applet may not be able to connect to the ILOM because it embeds its actual IP address in the javaws file, not the IP address that is visible to the client. 

This document describes how to configure your network settings so that iLOM's Java Remote Console can be accessed through a NAT router or firewall.

Fix

Steps to Follow
When one accesses the remote console on these boxes, one normally logs in via web browser pointed to:

Browse https://<ILOM IPAddress or Hostname>/

Enter "root" or appropriately setup username

Enter your password

Click on the "Remote Control" tab

Click on the "Launch Redirection" button

and then tells the browser to run (or open depending on your browser) the file it downloaded.

However, if there is a NAT firewall between the client and the ILOM, an error might pop up saying "unable to launch JavaRConsole" with two buttons, "OK" and "Details". Under "Details" the message:

 An error occurred while launching/running the application.

Title: JavaRConsole
Vendor: Sun Microsystems
Category: Download Error

 Unable to load resource: https://10.10.50.38:443/cgi-bin/jnlpgenerator-8

The problem here is that the ILOM embeds it's actual IP address in the XML file that it sends to the client, and not the IP address that the client sees. NAT is changing this address in between the ILOM and the client. Thus when the client executes the file, it attemps to connect to an address that may not actually be reachable, and is not the address that the ILOM is visible to the client as.

So for example, if the ILOM is actually configured at 10.10.50.38, but is behind a NAT firewall, the client may really see it at 205.43.63.21.

The solution is to, instead of running the jnlp file when clicking on "launch redirection", save the file jnlpgenerator-8 (or -16) to some convenient place. Then edit the file, and replace the actual ip address (10.10.50.38 in this example) with the NAT IP address (205.43.63.21 in this example). Be sure to leave the :443 in the first location.

An example jnlp file is shown here:

----------begin jnlpgenerator-16------------
<?xml version="1.0" encoding="UTF-8"?>

<jnlp spec="1.0+" codebase="https://205.43.63.21:443/"    <----- here
href="cgi-bin/jnlpgenerator-16">
<information>
<title>JavaRConsole</title>
<vendor>Sun Microsystems</vendor>
<description kind="one-line">JavaRConsole Console Redirection Application</description>
<description kind="tooltip">JavaRConsole Console Redirection Application</description>
<description kind="short">
JavaRConsole enables a user to view the video display of a
Galaxy computer equipped with a service processor.  It also enables
the user to redirect his local keyboard, mouse, CD-ROM and floppy
drives to the remote computer to give him complete control over the
remote machine.
</description>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.5+"/>
<jar href="Java/JavaRConsole.jar"/>
<jar href="Java/RedirLib.jar"/>
</resources>
<resources os="Linux" arch="i386">
<nativelib href="Java/linuxi386.jar"/>
</resources>
<resources os="Windows" arch="x86">
<nativelib href="Java/win32.jar"/>
</resources>
<resources os="SunOS" arch="x86">
<nativelib href="Java/solarisx86.jar"/>
</resources>
<resources os="SunOS" arch="sparc">
<nativelib href="Java/solarissparc.jar"/>
</resources>
<application-desc>
<argument>205.43.63.21</argument>         <-------  and here
<argument>16</argument>
</application-desc>
</jnlp>
----------end jnlpgenerator-16------------

With that completed, simply run the file manually. On Microsfort Windows, double click it. On Solaris[TM] Operating System, in a terminal window, type "javaws jnlpgenerator-16".

This will allow javaws to connect with the correct IP address.

Now there may also be a second issue if connecting through a firewall. That is that the ports needed by the remote console may be blocked as a matter of security practice.

If the JavaRConsole window is now able to pop up and let you log in, but then it times out as unable to connect, check to be sure that the following ports listed in the ILOM documentation are open and directed to the ILOM:

http://docs.oracle.com/cd/E19203-01/819-1160-13/remote_console_app.html#pgfId-1001433 (TABLE 8-2 Remote Console Ports and Interfaces)

443  TCP  HTTPS

5120 TCP  Remote CD
5121 TCP  Remote keyboard and mouse
5123 TCP  Remote Floppy
6577 TCP  CURI (API) - TCP and SSL
7578 TCP  Video Data
161  UDP  SNMP V3 Access
3072 UDP  Trap Out (outgoing only)  

With these ports open, it is possible to not only access the JavaRConsole on a Sunfire ILOM, but it is even possible to attach a local dvd/cd drive to a system that is remotely 800 miles away, and to have the remote server "boot cdrom" off of your local DVD/CD. All the devices available on the "Devices" menu of the JavaRConsole are available.

Should you need to do this, please be patient. In this case, the server took close to an hour to boot into single user mode, but it did it on the first try as if the DVD was physically in it's drive.

@ Previously Published As 87061

This solution has no attachment