Administration port - network channel for admin traffic

I am trying to configure a separate channel for Administration traffic on weblogic. I followed the oracle docos and configured the SSL, domain wide admin port, server listen address, ‘admin’ channel.
The issue is admin traffic in not happening through the newly created channel.
L2 network is not getting used. I can’t see any activity in the monitoring tab of new Channel. Also the netstat is showing that the port 9101/9102 is getting used on the 192.168.100.218 and not on 10.254.252.849.
I also tried by setting up the newly created channel weight as 51, but no luck.
Is JMX connectivity related to admin channel?
Any help is highly appreciated. Thanks.
Ipconfig:
Admin: adminserver701.mycompany.internal, 192.168.100.238, 10.254.252.808
Managed: appserver701.mycompany.internal, :192.168.100.218, 10.254.252.849
Domain wide admin port: 9101
Admin:
Listen address –> adminserver701.mycompany.internal
Channel –> admin -> 10.254.252.808/9101
Startup -> -Dweblogic.admin.ListenAddress=admin://10.254.252.808:9101
Managed:(appserver701)
Listen address –> appserver701.mycompany.internal
Admin port override: 9102
Channel –> admin -> 10.254.252.849/9102
Startup -> -Dweblogic.admin.ListenAddress=admin://10.254.252.849:9102
AdminServer Logs:
####<Feb 18, 2013 1:53:33 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159613346> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://adminserver701.mycompany.internal:9101/jndi/weblogic.management.mbeanservers.runtime .>
####<Feb 18, 2013 1:53:33 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159613353> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://adminserver701.mycompany.internal:9101/jndi/weblogic.management.mbeanservers.edit .>
####<Feb 18, 2013 1:53:33 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159613367> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://adminserver701.mycompany.internal:9101/jndi/weblogic.management.mbeanservers.domainruntime .>
####<Feb 18, 2013 1:53:36 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159616699> <BEA-002613> <Channel "DefaultAdministration" is now listening on 192.168.100.238:9101 for protocols admin, ldaps, https.>
####<Feb 18, 2013 1:53:36 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361159616700> <BEA-002613> <Channel "Channel-0" is now listening on 10.254.252.808:9101 for protocols admin, ldaps, https.>
####<Feb 18, 2013 1:55:12 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <cd259038c7dcf5a8:-26ac3ba0:13ceb6f767d:-8000-000000000000001a> <1361159712920> <BEA-002613> <Channel "Default" is now listening on 192.168.100.238:7001 for protocols iiop, t3, ldap, snmp, http.>
####<Feb 18, 2013 1:55:12 PM EST> <Notice> <Server> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <cd259038c7dcf5a8:-26ac3ba0:13ceb6f767d:-8000-000000000000001a> <1361159712920> <BEA-002613> <Channel "DefaultSecure" is now listening on 192.168.100.238:7002 for protocols iiops, t3s, ldaps, https.>
ManagedServer Logs:
####<Feb 18, 2013 2:54:19 PM EST> <Info> <JMX> <appserver701.mycompany.internal> <adp_ms01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361163259911> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://appserver701.mycompany.internal:9102/jndi/weblogic.management.mbeanservers.runtime .>
####<Feb 18, 2013 2:54:20 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361163260350> <BEA-002613> <Channel "Channel-0" is now listening on 10.254.252.849:9102 for protocols admin, CLUSTER-BROADCAST-SECURE, ldaps, https.>
####<Feb 18, 2013 2:54:20 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1361163260350> <BEA-002613> <Channel "DefaultAdministration" is now listening on 192.168.100.218:9102 for protocols admin, CLUSTER-BROADCAST-SECURE, ldaps, https.>
####<Feb 18, 2013 2:54:58 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <d3208ed6c2482016:-46ac5fed:13ceba69a8e:-7ffe-000000000000000e> <1361163298045> <BEA-002613> <Channel "DefaultSecure" is now listening on 192.168.100.218:7102 for protocols iiops, t3s, CLUSTER-BROADCAST-SECURE, ldaps, https.>
####<Feb 18, 2013 2:54:58 PM EST> <Notice> <Server> <appserver701.mycompany.internal> <adp_ms01> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <d3208ed6c2482016:-46ac5fed:13ceba69a8e:-7ffe-000000000000000e> <1361163298045> <BEA-002613> <Channel "Default" is now listening on 192.168.100.218:7101 for protocols iiop, t3, CLUSTER-BROADCAST, ldap, snmp, http.>
AdminServer logs update while starting managed:
####<Feb 18, 2013 2:54:57 PM EST> <Info> <JMX> <adminserver701.mycompany.internal> <soa_as> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <cd259038c7dcf5a8:-26ac3ba0:13ceb6f767d:-8000-0000000000000162> <1361163297488> <BEA-149506> <Established JMX Connectivity with adp_ms01 at the JMX Service URL of service: jmx:admin://appserver701.mycompany.internal:9102 /jndi/weblogic.management.mbeanservers.runtime.>
Admin Server :
[oracle@adminserver701 bin]$ netstat -an | grep 9101
tcp 0 0 10.254.252.808:9101 0.0.0.0:* LISTEN
tcp 0 0 192.168.100.238:9101 0.0.0.0:* LISTEN
tcp 0 0 192.168.100.238:9101 192.168.100.218:59038 ESTABLISHED
I am wondering if the JMX connectivity is using the server listen address (adminserver701.mycompany.internal) which will by default resolve to 192.168.100.238. Is there a way to force JMX to use 10.254.252.808?

Hi
For first question the answer is no. With the administration port, you enable the SSL between the admin server and Node manager-managed Servers. You can still use the web console.
For teh second question, you can use ANT or can use the WLS Scripting ..you can get more details in dev2dev.bea.com
Jin

Similar Messages

  • Checking for open ports and looking for unauthorized traffic

    I would like to know if there is an easy way to look at all the ports on the computer and if so how to determine which one are authorized and how to detect suspicious traffic. thanks
    Jeff

    Jeff,
    Here are a few links to help you answer your question:
    1. Using a firewall to protect your computer
    2. Setting advanced firewall options
    3. How Firewalls Work
    These sites will test your installation:
    1. Sheilds UP!
    2. Sygate Online Services
    If you are worried about suspicious traffic, Little Snitch is often recommended. It listed in Detecting and avoiding malware and spyware, by Dr. Smoke.
    ;~)

  • Admin network channel setup

    I have some multihome machines running managed servers and want to partition the
    admin traffic on each machine to a specific interface. I have set up an admin
    network channel but how to I tell the Admin server to now use this interface instead
    of the domain wide administration port?

    Is this request for Windows Phone?
    Count me in for a WP version of the very useful Connectivity Analyzer app for Symbian by Nokia.

  • SA520 Optional port WAN mode for isolated network?

    Long story short, client bought 2 SA520's, one for each site due to it's ability to have a second wan/lan port (Optional Port).  They have a 2nd WAN connection installed that does not have internet.  Esentially it is a hospital link that was install to gain access to some Citrix systems and custom web portals for hispital use. 
    The IDEA was to enable optional port for WAN mode.  Then I was going to add a route statement that any traffic destined to the hospital network would route to the optional wan port,
    Problem - When just enabling WAN port in Optional settings, the WAN port won't come online.  I have to chose load balancing or failover.  Neither of which are true;  I don't want balancing or failover since it isn't a real "internet" connection.
    I thought about setting port to LAN mode but it appears that simply makes the router a 5 port switch instead of 4.  I was hoping I could just simply create a second LAN segment and route to it as well for certain traffic.  Once I enable LAN mode however all configuration disappears and the Networking>LAN menu shows no specific Optional Port configuration options.
    ???  Can this not be configured as such?  Saying it offers a optional port for LAN/WAN/DMZ configurations sort of means doing what I need it to do.  I'm missing something, somewhere.
    Help!
    Eric

    Hi Eric,
    One thing you can do is to enable the Optional WAN port.  Set the 'WAN Mode' to load balancing.  Then use the 'Protocol' Bindings' to handle your routes.  You would configure your Hospital network IP network range as the destination network and select your Optional WAN.  Another rule would be a destination of ANY for the Destination that would go out the dedicated WAN.  You may have to add a rule for DNS resolution to go through your hospital network so the local hospital DNS entries resolve.
    Hope this helps.
    Chris

  • Reg:-10901: Database error: [Microsoft][ODBC SQL Server Driver][DBNETLIB]General network error. Check your network documentation.. Contact your Business Objects administrator or database supplier for more information. (Error: WIS 10901)

    Hi Friends,
    When i schedule the report in infoview ,i am getting this error, could you please let me know how to solve this error.
    10901: Database error: [Microsoft][ODBC SQL Server Driver][DBNETLIB]General network error. Check your network documentation.. Contact your Business Objects administrator or database supplier for more information. (Error: WIS 10901)
    Thanks
    sreedhar

    Hi,
    I am able to refresh the report in Infoview and data is dispalying , but when i schedule the report in infoview i am getting that error.
    I am not clear on below one could you please elaborate on this
    You need to create ODBC for SQL server.Check your BO server is able to connect SQL Server.
    Thanks
    sreedhar

  • One or two LAG port-channel for 5508 v7.4 in HA setup?

    Hi group
    I have a question regarding LAG in HA setup; do you configure two port-channel, one for each controller or, only one port-channel for both?
    I have a stack of 3 x 3750x, and 2 x 5508 with each two Gigabit uplink in use.
    Active controler (5508-1) is connected to stack switch 1 and stack switch 2.
    Standby controller (5508-2) is connected to stack switch 2 and stack switch 3.
    I cannot find any documentation or guidelines for configurations of LAG in HA setup.
    P.S. my question is not how to configure LAG or LACP, it only if you use one port-channel consist of 4 gigabit ports, or you have two with each 2 gigabit port to each controller.
    TIA,
    Peter

    Thanks Stephen for your reply.
    The switch doesn’t see which of the two port-channel that is on the active controller right?
    If WLC01 is the active one in PO1 and standby is WLC02 in PO2, the MAC of the active controller (WLC01) will be sending on PO1.
    When failover to standby, the MAC of WLC02 will be sending on PO2. As I see it, it is same IP address (management IP address of WLC01) but different MAC address – from WLC02.
    So why could it not be one Port-channel, both controller will use one and same config when it become active?
    TIA
    Peter

  • Weblogic redirects to administration port, not ssl port, for confidential

    Using WLS 9.2 MP2.
    I added the following into web.xml to make sure all requests are using https.
    It works fine when the administration port is not enabled (weblogic redirects the request to the ssl port).
    But when the administration port is enabled, weblogic redirects the request to the administration port, not the ssl port, and hence get a 404 error for the page.
    I opened BEA case 759384 in Nov last year, and CR354916 was filed, but have not heard back.
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>All Pages</web-resource-name>
    <description>These pages are only accessible by over SSL.</description>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    </web-resource-collection>
    <user-data-constraint>
    <description>This is how the user data must be transmitted</description>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>

    setting the setDomainEnv solved the issue.
    set MEM_ARGS=-Xms256m -Xmx512m -XX:PermSize=128m
    Regards,
    Sam.

  • The access to our new chess hall may be blocked by your local firewall. You would need to reconfigure your firewall to open port 15010 for TCP traffic.

    How do I do the following so I can get into my chess program??
    The access to our new chess hall may be blocked by your
    local firewall. You would need to reconfigure your firewall to open port 15010
    for TCP traffic.

    This is not really Firefox related.
    What you need to do here is to read the firewall manual which usually explains how to create a rule for what you want to do.
    If you're using the Windows XP firewall, see this Microsoft article: http://windows.microsoft.com/en-US/windows-vista/Firewall-frequently-asked-questions

  • Which network is Oracle using for RAC traffic ? where you will get info ? ?

    Hi,
    I am using two node RAC on Oracle 10g R2 (10.2.0.3.0) version on SUN Solaris 10 . I want to know "Which network is Oracle using for RAC traffic ? where you will get info "
    --Kumar                                                                                                                                                                                                                                                                                                                                                                                           

    Hi Kumar,
    In 10g, you can query x$ksxpia. If the cluster_interconnect information is stored in OCR (default), you will get
    SQL> select INST_ID,PUB_KSXPIA,PICKED_KSXPIA, NAME_KSXPIA,IP_KSXPIA from x$ksxpia;
    If you specified the cluster_interconnects parameter in your init.ora:
    Columns to look in : INST_ID P PICK NAME_KSXPIA IP_KSXPIA
    And also you can use 'oradebug ipc' to see which interconnects the database is using:
    SQL> oradebug setmypid
    SQL> oradebug ipc
    Hope it helps...
    Thanks
    LaserSoft

  • SRE External Gig port for WCCP traffic?

    Has anyone been successful with using the external Gig port on the SRE modules for WCCP traffic?  Has anyone tried it?
    I'd like to reduce the CPU on my ISR-G2 routers that have the SRE modules running WCCP GRE.  I'd like to use the external gig port on the SRE module for the WCCP traffic, which will allow me to use WCCP L2.  Is this even feasible?  Or maybe I just need to add WCCP L2 on an SRE as a New Feature request to Cisco?
    According the to Cisco documentation....
    The external service-module interface can be used to monitor LAN traffic. You can also select the external interface as the management interface for the SM. The external interface cannot be used for downloading applications.
    Visible only to the SM software on the Cisco SM-SRE, the external service-module interface is the Gigabit Ethernet interface connector on the Cisco SM-SRE faceplate. The external interface supports data requests and data transfers from outside sources, and it provides direct connectivity to the LAN through an RJ-45 connector.

    Tammy,
    What is preventing you from configuing WAAS on SRE with L2 WCCP / Mask assignment via the internal interface?   This is totally feasible.
    If you are trying to decrease CPU utilization on your router, don't expect switching from GRE to L2 to make a drastic difference.  The ISR G2 is a software based platform, as such WCCP (whether L2 or GRE) is processed by the CPU with CEF assistance. 
    True removing the GRE encapsulation will save some processing overhead, but in the end it's the PPS (packets per second) your router is handling that's driving the CPU.
    Remember when you add WCCP / WAAS to the flow it's no longer packet in/ packet out on the router.  Compressed data in on WAN, out to WAAS, uncompressed from WAAS back to Router, out on the LAN, then the reverse... uncompressed data on the LAN in to the router, out to WAAS, compressed from WAAS out to the router, then out on the WAN.  So depending on the compression observed you will see > 2x the amount of traffic being processed by the router. 

  • Splitting the app traffic from the cluster and admin traffic

    Hi,
    We currently have a 10.3.2.0 setup where an admin server is behind a firewall and is running on the Administration Port and is connected to two managed servers in front of a first firewall in the DMZ.
    On each managed server there is two network interfaces one for management and one for apps/DB connections.
    So I was wanting to know how to you get the managed server to split the traffic??
    If I set the managed servers listening address to the management interface then it starts up fine as that what the admin server behind the firewall can see, BUT it means app and JDBC Connections dont work and the server goes to ADMIN state first before you have to manually resume it.
    If I set the managed servers listening address to the app interface then it can't start up and the app interfaces address is block from the admin server to the managed server via the firewall.
    If I set the managed server to have no listening address and leave it blank in the interface field, it starts up and listens on all interfaces, BUT can't find a route to the admin server.
    So what is the answer, can you do something with Network Channels?? Or is it the case you just can't do it and just to have one interface and one listening address as the admin traffic is split by the default administration channel anyway.
    Would be get to know.
    Alistair.

    Are you using cellular data? If yes, try to use Wi-Fi and see if the app works better by using a faster data connection. If you have no problem using Wi-Fi and maps, see if you can have a faster cellular connection by switching to 3G, 4G to LTE service in Settings/Cellular.

  • Doesn't Managed Server's sip channel support udp traffic by default ?

    Hi All,
    I am new to the WebLogic Server. I have tried to set up a Managed Server via an AdminConsole of BEA WebLogic 9.2.
    My configurations in config.xml are as shown below. In the AdminConsole, I could startup the Managed Server successfully. However, when I generated a SIP message (to the listening port of Managed Server, which is 5068) using sipp, the Managed Server could not receive the sip message.
    When, I used "netstat -a" to check listening ports. It showed that the Managed Server (Server-5) listened on tcp port 5068 but NOT on udp port 5068. And, since my sipp generated a sip message to udp port 5068, the Managed Server could not obtain the sip message.
    I read the online document and it states that when a channel is created for a server, it will automatically support both tcp and udp traffic. Therefore, from my understanding, the Managed Server should automatically listen on both udp and tcp port when it starts up. In fact, I have checked that my Admin Server listens on both udp port and tcp port (in this case, port 5060).
    I doubt that I may miss something in the configuration of the Managed Server. I woud be appreciated if someone could enlighten me up.
    Kind Regards,
    Kirati
    <server>
    <name>Server-5</name>
    <machine>Machine-0</machine>
    <listen-port>7007</listen-port>
    <web-server>
    <web-server-log>
    <number-of-files-limited>false</number-of-files-limited>
    </web-server-log>
    </web-server>
    <listen-address>10.252.8.241</listen-address>
    <network-access-point>
    <name>Channel-8</name>
    <protocol>sip</protocol>
    <listen-address>10.252.8.241</listen-address>
    <public-address>10.252.8.241</public-address>
    <listen-port>5068</listen-port>
    <public-port>5068</public-port>
    <http-enabled-for-this-protocol>false</http-enabled-for-this-protocol>
    <tunneling-enabled>false</tunneling-enabled>
    <outbound-enabled>true</outbound-enabled>
    <enabled>true</enabled>
    <two-way-ssl-enabled>false</two-way-ssl-enabled>
    <client-certificate-enforced>false</client-certificate-enforced>
    </network-access-point>
    </server>
    Edited by: user10871458 on Jan 30, 2009 1:17 AM

    I have found an answer to my question.
    I simply forgot to load a sip-container service to my new created server..

  • Administration ports without SSL

    Hi!
    Is there any way of using administration ports (to get the separation of real/admin traffic) without using SSL?
    We have a secured network (good enough anyway) so the SSL is not of any great use for us, it's just a complex factor that creates a lot of work.
    thanks.
    H. Waller

    The port setting under the Advanced tab for the account preferences is for the incoming mail server only. You can select "Use SSL" for the .Mac incoming mail server which will change the incoming mail server port from 143 to 993 automatically.
    To change the port setting for the account's SMTP server, go to Mail > Preferences > Accounts and under the Account Information tab for the account preferences at the SMTP server selection, select the Server Settings button below for the .Mac SMTP server.
    Enter 587 in place of 25 in the Server Port field and when finished, select OK to save the changed setting.

  • Domain-wide administration port?

    Hi,
    I tried to start a cluster of 2 servers across 2 physical machines, I got error and server starting failed:
    "Starting Managed Servers in Standby mode requires the domain-wide administration port."
    My topology is as following:
    Domain A is created in machine A and copy to machine B:
    Machine A: admin serverr at port 8001. Managed server at port 8088 of cluster1.
    Machine B: Managed server at port 8088 of the same cluster1.
    What is wrong? Why I cannot start cluster? Why I got error " need domain-wide administration port"? What is "domain-wide administration port"? Why my created domain admin server at Machine A didn't work?
    Your prompt help is highly appreciated. I am waiting for your help.
    Thank you in advance

    Hi,
    First of all the domain-wide administration port enables you to start a WebLogic Server instance in STANDBY state. It also allows you to separate administration traffic from application traffic in your domain.
    so check in ur console whether u have specified the start up mode as STANDBY.if so change it to Running and try restarting the server:-
    You can do that by chking the below link:-
    http://e-docs.bea.com/wls/docs92/ConsoleHelp/taskhelp/startstop/SpecifyAStartupMode.html.
    Domain-wide administration port is used when you have configured ssl for ur servers. Refer http://e-docs.bea.com/wls/docs103/ConsoleHelp/taskhelp/domainconfig/EnableTheDomainwideAdministrationPort.html for more info.

  • Administration Port / command line /  console gui question

    In the Admin_ref.pdf doc it says "After enabling the administration port, all Administration Console traffic must connect via the administration port". Does this mean that you can no longer use the web gui console to manage the servers?
    I would like the option to script deployments (deploy ears, stop start servers etc.) via command line to reduce the possibility of user error during routine deployments.
    I do config mgmt. and am not a developer so I may be getting hung up on the language here.
    Thanks,
    gj

    Hi
    For first question the answer is no. With the administration port, you enable the SSL between the admin server and Node manager-managed Servers. You can still use the web console.
    For teh second question, you can use ANT or can use the WLS Scripting ..you can get more details in dev2dev.bea.com
    Jin

Maybe you are looking for