Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1006926.1
Update Date:2008-05-28
Keywords:
Solution Type  Technical Instruction Sure

Solution  1006926.1 :   iLOM JavaRconsole through a NAT firewall  

Related Items 
    

  • Sun Fire X4200 M2 Server
    •  
  • Sun Fire X4100 Server
    •  
  • Sun Fire X4100 M2 Server
    •  
  • Sun Fire X4200 Server
    •  
Related Categories 
    

  • GCS>Sun Microsystems>Servers>x64 Servers
    •  

PreviouslyPublishedAs
209595 


Description
When trying to access the JavaRconsole on Sun Fire[TM] X4100/X4200/X4600 Servers and the M2 series through NAT - Network Address Translation (commonly used in conjunction with firewalls), the Webstart applet may not be able to connect to the ILOM because it embeds its actual IP address in the javaws file, not the IP address that is visible to the client.


Steps to Follow
When one accesses the remote console on these boxes, one normally logs in via web browser pointed to:


 https://<ILOM ipaddress or hostname>/
enter appropriate login
click "remote control" tab
click "launch redirection" button


and then tells the browser to run (or open depending on your browser) the file it downloaded.


However, if there is a NAT firewall between the client and the ILOM, an error might pop up saying "unable to launch JavaRConsole" with two buttons, "OK" and "Details". Under "Details" the message: 


 An error occurred while launching/running the application.


 Title: JavaRConsole
Vendor: Sun Microsystems
Category: Download Error


 Unable to load resource: https://10.10.50.38:443/cgi-bin/jnlpgenerator-8


The problem here is that the ILOM embeds it's actual IP address in the XML file that it sends to the client, and not the IP address that the client sees.  NAT is changing this address in between the ILOM and the client.  Thus when the client executes the file, it attemps to connect to an address that may not actually be reachable, and is not the address that the ILOM is visible to the client as.


So for example, if the ILOM is actually configured at 10.10.50.38, but is behind a NAT firewall, the client may really see it at 205.43.63.21. 


The solution is to, instead of running the jnlp file when clicking on "launch redirection", save the file jnlpgenerator-8 (or -16) to some convenient place.  Then edit the file, and replace the actual ip address (10.10.50.38 in this example) with the NAT IP address (205.43.63.21 in this example).  Be sure to leave the :443 in the first location.


An example jnlp file is shown here:


----------begin jnlpgenerator-16------------
<?xml version="1.0" encoding="UTF-8"?>


<jnlp spec="1.0+" codebase="https://205.43.63.21:443/"    <----- here
href="cgi-bin/jnlpgenerator-16">
<information>
<title>JavaRConsole</title>
<vendor>Sun Microsystems</vendor>
<description kind="one-line">JavaRConsole Console Redirection Application</description>
<description kind="tooltip">JavaRConsole Console Redirection Application</description>
<description kind="short">
JavaRConsole enables a user to view the video display of a
Galaxy computer equipped with a service processor.  It also enables
the user to redirect his local keyboard, mouse, CD-ROM and floppy
drives to the remote computer to give him complete control over the
remote machine.
</description>
</information>
<security>
<all-permissions/>
</security>
<resources>
<j2se version="1.5+"/>
<jar href="Java/JavaRConsole.jar"/>
<jar href="Java/RedirLib.jar"/>
</resources>
<resources os="Linux" arch="i386">
<nativelib href="Java/linuxi386.jar"/>
</resources>
<resources os="Windows" arch="x86">
<nativelib href="Java/win32.jar"/>
</resources>
<resources os="SunOS" arch="x86">
<nativelib href="Java/solarisx86.jar"/>
</resources>
<resources os="SunOS" arch="sparc">
<nativelib href="Java/solarissparc.jar"/>
</resources>
<application-desc>
<argument>205.43.63.21</argument>         <-------  and here
<argument>16</argument>
</application-desc>
</jnlp>
----------end jnlpgenerator-16------------


With that completed, simply run the file manually. On Microsfort Windows, double click it. On Solaris[TM] Operating System, in a terminal window, type "javaws jnlpgenerator-16".


This will allow javaws to connect with the correct IP address.


Now there may also be a second issue if connecting through a firewall. That is that the ports needed by the remote console may be blocked as a matter of security practice.  


If the JavaRConsole window is now able to pop up and let you log in, but then it times out as unable to connect, check to be sure that the following ports listed in the ILOM documentation are open and directed to the ILOM:


http://www.sun.com/products-n-solutions/hardware/docs/html/819-1160-12/remote_console_app.html#pgfId-998799(Document Not Available)


443  TCP  HTTPS
5120 TCP  Remote CD
5121 TCP  Remote keyboard and mouse
5123 TCP  Remote Floppy
6577 TCP  CURI (API) - TCP and SSL
7578 TCP  Video Data
161  UDP  SNMP V3 Access
3072 UDP  Trap Out (outgoing only)  


With these ports open, it is possible to not only access the JavaRConsole on a Sunfire ILOM, but it is even possible to attach a local dvd/cd drive to a system that is remotely 800 miles away, and to have the remote server "boot cdrom" off of your local DVD/CD.  All the devices available on the "Devices" menu of the JavaRConsole are available.


Should you need to do this, please be patient.  In this case, the server took close to an hour to boot into single user mode, but it did it on the first try as if the DVD was physically in it's drive.


Product
RoHS Sun Fire X4100 Server

Sun Fire X4100 Server

Sun Fire X4100 M2 Server

Sun Fire X4200 Server

Sun Fire X4200 M2 Server

RoHS Sun Fire X4200 Server


 Internal Comments

 The following machines iLOM has not been verified yet on whether the steps provided will work or not.



 
Please feel free to inform the author of this docs if you have a verified working steps.


 
x2100

 x4500


 Galaxy, ILOM, NAT, firewall, x4100, x4200, x4600, x4500, x2100, x4100M2, x4200M2, x4600M2

 Previously Published As

 87061



 Change History

 Date: 2007-01-02

 User Name: 97961

 Action: Approved

 Comment: - Converted to STM formatting for better readability

 - Tidied up formatting

 - Applied trademarking where it is missing

 - Audience changed to "Contract" per FvF  http://kmo.central/howto/FvF.html

   Also refer to: http://kmo.central/howto/content/voyager-contributor-standards.html

 - Made simple sentence/grammatical corrections

 Version: 3

 Date: 2007-01-02

 User Name: 97961

 Action: Accept

 Comment: 

 Version: 0



 Date: 2007-01-02

 User Name: 89705

 Action: Approved

 Comment: Removed the x2100 from the description text. Change "thru" to "through". Added the x4600 into the list. x2100 and x4500 needs to be verify later and add if possible. But for now, the document is good enough to go live. Still woundering of the word iLOM and JavaRconsole requires a [TM] or not...

 Version: 0



 Date: 2006-12-12

 User Name: 89705

 Action: Accept

 Comment: 

 Version: 0



 Product_uuid

 72ebd254-12cb-11db-afaa-080020a9ed93|RoHS Sun Fire X4100 Server

 54e2ac49-df71-11d9-89e6-080020a9ed93|Sun Fire X4100 Server

 5b03d0ed-216d-11db-a023-080020a9ed93|Sun Fire X4100 M2 Server

 c6e795ef-df6f-11d9-89e6-080020a9ed93|Sun Fire X4200 Server

 c15f7881-216e-11db-a023-080020a9ed93|Sun Fire X4200 M2 Server

 6da9d89d-ae38-11da-857a-080020a9ed93|RoHS Sun Fire X4200 Server



Attachments

This solution has no attachment


















       

Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.

 Feedback