Cannot connect to ANI server - Topology services

Unanswered Question
Apr 18th, 2009
User Badges:

I'm running LMS 3.1 on Solaris 9 on a Sunfire 480. My client PC is using IE 6.0.2900.2180 with jre 1.6.0_05 which was down loaded when initially entering Topology services in Campus. I consistently get the Campus Manager Error "Cannot connect to ANI server" with Probable Cause "Unknown Error". ANIServer is running and restarting Campus Manager does not resolve the issue. I tried changing nameserver.usedns to false, as well as reinitdb.pl -restore but nothing seems to work. There is only one interface on the system, so gatekeeper.ior does not exist and multi-homing is not an issue. The error occurs during Applet initialization. When responding (clicking OK) to the error message, the dialog box closes but the Topology Services Applet windows remains open for a prolonged period in state "Initializing Applet" - up to several minutes before closing on its own. This happens when using a web connection to the Solaris or Windows-based CiscoWorks servers. If using a remote desktop to Windows-based CW servers and running CW from that session, Topology services can be run with no problems. It appears to be a client-side java or browser security issue or blocked ports. Any ideas on how to troubleshoot this further?


Thanks for any help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Sat, 04/18/2009 - 19:57
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You need to make sure the client can resolve the hostname of the server and that TCP ports 42342 and 43242 are open between the client and server.

kviola1 Sun, 04/19/2009 - 06:39
User Badges:

The client PC can resolve the server via DNS and local hosts file. Using netstat -a, the ports show they are in a LISTEN state on the server and the server has several ESTABLISHED connections to itself on those ports. There are many connections to the client PC in a TIME_WAIT state and 1 ESTABLISHED but not on those ports. When Topology services is initially kicked off, there are 6 additional connections ESTABLISHED between client and server - but on different ports. After the task fails, one ESTABLISHED port connection remains.


Could there be a local browser problem?

Joe Clarke Sun, 04/19/2009 - 11:09
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

It sounds like these two ports are not reachable from the client. From the client, telnet to the server on those ports. Verify you get a successful connection, and that you do not get a timeout or connection refused.

kviola1 Sun, 04/19/2009 - 11:33
User Badges:

Joe - it looks like the client is trying to connect to the server on 42342 but it retransmits twice without getting an acknowledgement. I also tried telneting to the server on those ports but I was not successful. The following were from a netmon capture when attempting to open Topology services:


Tcp: Flags=......S., SrcPort=3879, DstPort=42342, PayloadLen=0, Seq=4107114195, Ack=0, Win=64240 ( Negotiating scale factor 0x0 ) = 64240


Tcp: [SynReTransmit #2534]Flags=......S., SrcPort=3879, DstPort=42342, PayloadLen=0, Seq=4107114195, Ack=0, Win=64240 ( Negotiating scale factor 0x0 ) = 64240


Tcp: [SynReTransmit #2534]Flags=......S., SrcPort=3879, DstPort=42342, PayloadLen=0, Seq=4107114195, Ack=0, Win=64240 ( Negotiating scale factor 0x0 ) = 64240


Connections and data are exchanged on other ports:


Tcp: Flags=...AP..., SrcPort=3771, DstPort=HTTPS(443), PayloadLen=446, Seq=1459000151 - 1459000597, Ack=4084167731, Win=64217 (scale factor 0x0) = 64217


Tcp: Flags=...AP..., SrcPort=HTTPS(443), DstPort=3771, PayloadLen=207, Seq=4084167731 - 4084167938, Ack=1459000597, Win=49815 (scale factor 0x0) = 49815


I need to run test again to see if server is seeing the packets coming in on 42342.


Any other thoughts?


Joe Clarke Sun, 04/19/2009 - 11:38
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The ports are blocked. These ports are CRITICAL for CORBA to work. Talk to your firewall administrators to make sure those two TCP ports are open between your clients and server.

Actions

This Discussion