SecurID^® Discussions

BadrHoussni · ‎2019-12-17

Hi,
Can someone explain to me why our webtiers tries to contact our AM's on TCP/7006 ?

I can't find anywhere somehting related to this port.

Thank you.

AM : 8.4 P8

WT : GNU/Linux Red Hat

EdwardDavis · ‎2019-12-17

Port 7006 is not needed and not used. But weblogic on the Primary AM server does log the attempts.

My 8.4.0.8.0 AM Primary system does have a log file indicating errors connecting to my webtier 10.101.99.162 on port 7006, but it doesn't need this...this must be some leftover in the code where weblogic is trying a full list of options, but we don't happen to need port 7006 to actually connect to a webtier. So, this error is really something to ignore...

From a log file in my AM Primary /opt/rsa/am/server/logs directory:

INFO | jvm 1 | main | 2019/10/17 11:03:24 | java.net.ConnectException: Tried all: 1 addresses,

but could not connect over HTTPS to server: 10.101.99.162 port: 7006".

-----------------------------------------------------------------------------------------------------------------------------------------------

More about what webtiers need, and ports in use.

(a) My 8.4.0.8.0 webtier (as well as all webtiers) only uses tcp/7022 for communication to the primary.

No other ports are needed.

example

webtier is 10.101.99.162, AM primary is 10.101.99.150

tcp 0 0 10.101.99.162:42196 10.101.99.150:7022 ESTABLISHED

(b) there is nothing on my webtier using port 7006 at all

(c) on my AM server, it does uses tcp port 7006 to connect to itself, port 7006 does not

ever need to connect to anything off the machine itself, no replicas, no webtiers...etc.

But the log does show unsuccessful attempts.

(NOTE: in my lab setup there are zero iptables and zero firewalls between AM Primary and my webtier 10.101.99.162, so I do allow port

7006 to connect if it could, but of course there is no port 7006 on the webtier.)

(d) Investigating port 7006 on my primary: it belongs to AdminServer (connecting to itself, no other machine)

This is for 'weblogic server wrappers' for various internal weblogic functions.

netstat -Tnlutp | egrep '^(tcp|udp)' | awk '{split($NF,p,"/");pscmd="ps --no-heading -fp " p[1] "|tr -s [:space:]";pscmd|getline psout;close(pscmd);split(psout,ps," ");x=index(psout,"-Dweblogic.Name=");if(x>0){split(substr(psout,x+16,20),pn," ");pname="AM: " pn[1];}else{x=index(psout,ps[8]);pname=substr(psout,x);}; printf("PID: %15s %3s | CONNECT: %-30s | %8s | PROCESS: %s\n",$NF,$1,$4,ps[1],pname); }'

INFO | jvm 1 | main | 2019/12/13 16:15:07 | <Dec 13, 2019 4:15:07,139 PM EST> <Notice> <Server> <BEA-002613> <Channel "AdminChannel" is now listening on 10.101.99.150:7006 for protocols admin, ldaps, https.>

(e) Investigating all ports on my webtier, AdminServer uses it's own connections to itself: none are 7006

netstat -nlutp | egrep '^(tcp|udp)' | awk '{split($NF,p,"/");pscmd="ps --no-heading -fp " p[1] "|tr -s [:space:]";pscmd|getline psout;close(pscmd);split(psout,ps," ");x=index(psout,"-Dweblogic.Name=");if(x>0){split(substr(psout,x+16,20),pn," ");pname="AM: " pn[1];}else{x=index(psout,ps[8]);pname=substr(psout,x);}; printf("PID: %15s %3s | CONNECT: %-30s | %8s | PROCESS: %s\n",$NF,$1,$4,ps[1],pname); }'

PID: 9328/java tcp | CONNECT: 127.0.0.1:32001 | rsaadmin | PROCESS: AM: AdminServer

---

All I can suggest is what you are seeing is a function that is not used, and has not been completely stripped out, so it is harmless and part of routine weblogic operations on the AM primary.

View solution in original post

EdwardDavis · ‎2019-12-17