I've got a Spring Boot Java application that sends emails via SMTP port 465 (non-gmail email). My configuration:
spring:
mail:
host: ssl0.ovh.net
port: 465
username: mailer#external.pl
password: mailerPassword
Locally everything works fine. When I deploy it on GCP Kubernetes cluster I've got a connection reset exception. I've read that GCP recommends some external paid providers but for my solution it's too much of a complication. Additionally I know that port 25 is disabled on GCP -> I've got port 465.
I've tried to simply add a firewall egress rule to enable traffic on every port for my VPC but it also didn't help.
What am I missing? Can anybody help my solve this puzzle?
Additional info:
My Java application is served as a simple deployment in k8s. It is exposed through LoadBalancer service on port 80.
Making a curl from given managed pod works - I receive a correct 2xx responses from various sites.
It turned out that my config map port changed from 456 to 465 but I forgot to restart the app. It works like a charm without any NAT configuration or firewall rules. Thanks for your support.
IIS is redirecting to Tomcat but SSL is not occurring, basically web page opens but AD user is not "captured" in the process.
Application triggers - "User not Informed" error which is a designed error when AD account is not registered in the system. In our tests users are registered so I can conclude windows authentication does not occurs correctly
I get browser error:
Generic Connector Communication Error:
Please check and adjust your setup:
Ensure that Tomcat is running on given host and port.
If this is a timeout error consider adjusting IIS timeout by changing executionTimeout attribute in web.config (see manual).
connection between Tomcat and IIS experienced error. Please check logat BonCodeAJP13.BonCodeAJP13ServerConnection.p_CreateConnection(BonCodeAJP13PacketCollection packetsToSend)
at BonCodeIIS.BonCodeCallHandler.ProcessRequest(HttpContext context)
Are there any extra settings should I run in IIS or some IIS logs I could check to confirm which AD user is actually accessing tomcat?
Important notes:
IIS8 (Windows SErver 2012) / apache-tomcat-7.0.64 / jdk-7u79-windows-x64
Tomcat service is impersonating (log on as) an AD service account which connects to a SQL 2012 database. Connection to the database occurs through Microsoft JDBC driver.
Only IIS root has a web.config file, application itself does not.
Anonymous + Windows Authentication (Kerberos) are enabled in IIS.
Please let me know of any other relevant information should I provide to help on this troubleshooting.
Thank you so much for all help!
BR
I was able to figure out the problem and fix it.
It was a misconfiguration on Tomcat server.xml "Connector" settings, Added up tomcatauthentication-"false" and now it works flawless.
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false"/>
I'm trying to monitor my WLP v8.5.5 with JConsole.
My Liberty profile is up and running and has SSL properlly configured.
I also have configured as features the monitor-1.0 and restConnector-1.0.
After that I sftp'ed from my WLP the restConnector.jar to my machine and created a keystore on my machine as described here
After that I'm trying to start JConsole with this command:
jconsole -J-Djava.class.path="C:\Program Files\Java\jdk1.7.0_67\lib\jconsole.jar;
C:\Program Files\Java\jdk1.7.0_67\lib\tools.jar;
<whereIDownloaded>\restConnector.jar"
-J-Djavax.net.ssl.keyStore="<locationToCreated>\keystore.jks"
-J-Djavax.net.ssl.keyStorePassword=<password>
-J-Djavax.net.ssl.keyStoreType=jks
-J-Dcom.ibm.ws.jmx.connector.client.disableURLHostnameVerification=true
However, when I try to connect to my WLP via remote with the string:
service:jmx:rest://<ip>:<httpsPort>/IBMJMXConnectorREST
As a credential I'm passing a user configured on <administrator-role>.
I get a JConsole error saying:
Secure connection failed. Retry insecurely?
I don't get why I'm seeing this error, and I don't see any logs to see why it failed.
My next step if getting the keystore from WLP and try that on my machine but I don't think that makes much sense.
Does anyone have any suggestion on where should I look for logs or on that I'm doing wrong?
Thanks in advance!
Reference:
http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.wlp.nd.doc/ae/twlp_mon.html?cp=SSAW57_8.5.5%2F1-3-11-0-6&lang=en
Ensure you don't have localConnector-1.0 feature. If you have that, please remove it. You can find more details here Remote monitoring of Liberty with Health Center. Although it discusses Health Center connection, I was testing using JConsole also.
UPDATE
You might be invoking console with incorrect params - it should be trustStore not keystore see below. And for start use key.jks copied from Liberty (as you need Liberty certificate as trusted)
jconsole -J-Djava.class.path=%JAVA_HOME%/lib/jconsole.jar;
%JAVA_HOME%/lib/tools.jar;
%WLP_HOME%/clients/restConnector.jar
-J-Djavax.net.ssl.trustStore=key.jks
-J-Djavax.net.ssl.trustStorePassword=Liberty
-J-Djavax.net.ssl.trustStoreType=jks
For details check Configuring secure JMX connection to the Liberty
As an additional note - you must not have a webAppSecurity entry with loginFormURL set in your server.xml as this will cause the JMX login to fail (e.g., <webAppSecurity loginFormURL="login.html"/> is problematic). Each individual WAR needs to set their own login-config and not rely on any global method of configuring logins.
`
What is the problem? Can't connect to database?
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (
Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.)
This is the actual cause of the problem:
Caused by:
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
Communications link failure
You have a database communication link problem. Make sure that your application have network access to your database (and the firewall isn't blocking ports to your database).
I had the same problem with localhost in the source URL.
I resolved with 127.0.0.1 instead of localhost.
This is a network problem. Check out your database connectivity.
Either your database connection link, username and password is wrong or your database server is stopped.
Here it was caused by avast antivirus. You can disable the avast firewall and let only windows firewall active.
I encounter same problem when I setup tomcat and mysql server on VirtualBox VM using chef.
in this case, I think true problem is VirtualBox seems to assign non-localhost address to eth0 like
[vagrant#localhost webapps]$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:60:FC:47
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
then auto-detection feature of chef's recipe using 10.0.2.15 as mysql server bind address.
so specify bind address for node params of chef's recipe solve problem in my case. I hope this information helps people using chef with vagrant.
{
"name" : "db",
"default_attributes" : {
"mysql" : {
"bind_address" : "localhost"
...
}
This specific issue may arise in localhost also. We cannot rule out this is because network issue or internet connectivity issue. This issue will come even though all the database connection properties are correct.
I have faced the same issue when i have used host name. Instead use ip address. It will get resolved.
This happens because firewall blocks the database connection.
Disable the firewall and then try running the program again. It worked for me... :D
I changed the driver version in pom.xml and helped me
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>42.2.2</version>
</dependency>
Go to my.ini file at the below path in windows
C:\ProgramData\MySQL\MySQL Server 8.0\my.ini
and comment the below line
#bind-address=127.0.0.1
Then restart the MySQL server and connect.
Then you would be able to connect to MySQL from other IP address/machine.
In my case the solution was to remove the attribute
validationQuery="select 1"
from the (Derby DB) resource tag.
The problem could be due to too many users accessing the db at the same time. Either increase number of users that can concurrently access the db or kick out existing users (or apps). Use "Show processlist;" in the host DB to check connected users;
I came across another reason, catalina.policy file, could prohibit accessing specific IP/PORT
try
jdbc:sqlserver://hostname:port;databaseName=TEST
It worked for me after adding colon before port number instead of a comma
In case if you are using database in cloud & you get this issue:
In my case GCP SQL instance - Mysql.
Go to instance, add a name & network to allow. As in the screenshot below.
It should work then.
If you use apache tomcat 8.0 version, instead of it, use tomcat 7.0
I had tried localhost to 127.0.0.1 and power off firewall but not working, but use tomcat 7.0 and now working
I had a similar error. Changing the JDBC URL to use 127.0.0.1 instead of localhost helped.
Also had tried changing entries in catalina.policy file but that did not help.
The entry I changed was for - java.net.SocketPermission
I've been trying all day to set Tomcat 6.0 up for SSL. I know it shouldn't be that hard. I've followed the Tomcat documentation in creating my own Certificate, configuring the connectors in the server.xml file.
When I go to https://localhost:8443, (8443 is the port I defined in the connector) my certificate does not render on the screen, and my browser tells me that it was unable to make a secure connection to the server and that my client may not have the certificate.
My question is, why isn't my certificate rendering for the user to say "Trust" or "Not"?
There's a full documentation on SSL Howto for Tomcat 6. I don't know how far you've gone to setting up your SSL for me to help you.
Make sure that in server.xml in APACHE_HOME/conf has both Connector for port 8080 and 8443 enabled.
Do you happen to have a tcnative-1.dll file in apache-tomcat-6.xxx\bin\ folder?
If so, it will not work with your current <Connector/> configuration. Remove the file or rename the extension and restart the tomcat server again.
This is stated in "Edit the Tomcat Configuration File" section of http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
I ended up figuring it out.
The issue was regarding to my protocol variable in my Connector:
This is what I had: protocol="HTTP/1.1"
Now I have this: protocol="org.apache.coyote.http11.Http11Protocol"
The only issue now is that chrome or IE won't run the site as HTTPS because i signed the certificate myself and am not a CA.