web Failed to start server: failed to open listener, WEBServer.cpp:179

Onebutterfly-67 commented 6 years ago

Issue and Steps to Reproduce

Describe your issue and tell us how to reproduce it.

WebUI will not load after install and basic configuration.

Default NSClient++ - 0.5.2.35 x64 install on Windows Server 2008 nscp web install --password myPassword nscp web add-user --user nscpuser --password myPassword nscp web add-role --role limited --grant nscpuser nscp test D core Loading plugin: WEBServer D web Using certificate: C:\Program Files\NSClient++/security/certificate.pem E web Failed to start server: failed to open listener c:\source\master\modules\WEBServer\WEBServer.cpp:179

And WebUI will not allow login. Auth dialog is repeatedly displayed following an http

PLEASE PROVIDE COMMAND HERE

Expected Behavior

Tell us what you think should happen.

Auth dialog presents, accepts username and password, loads WebUI

Actual Behavior

Tell us what happens instead.

Either the authentication dialog repeats in a loop, or a java exception is thrown. See log snippets below.

Details

NSClient++ version: 0.5.2.35 2018-01-28
OS and Version: Windows Server 2008
Checking from: Chrome and curl to WebUI address https://127.0.0.1:8443
Checking with: check_nrpe, check_nt, ...

Additional Details

NSClient++ nsclient.ini

``` # If you want to fill this file with all available options run the following command: # nscp settings --generate --add-defaults --load-all # If you want to activate a module and bring in all its options use: # nscp settings --activate-module --add-defaults # For details run: nscp settings --help ; in flight - TODO [/settings/default] ; Undocumented key password = ------- ; Undocumented key allowed hosts = 127.0.0.1 ; in flight - TODO [/settings/NRPE/server] ; Undocumented key verify mode = none ; Undocumented key insecure = true ; in flight - TODO [/modules] ; Undocumented key CheckExternalScripts = disabled ; Undocumented key CheckHelpers = disabled ; Undocumented key CheckEventLog = disabled ; Undocumented key CheckNSCP = disabled ; Undocumented key CheckDisk = disabled ; Undocumented key CheckSystem = disabled ; Undocumented key WEBServer = enabled ; Undocumented key NRPEServer = enabled ########### PLEASE PASTE LOG HERE ``` Java exception text ########### java.io.IOException: Stream closed java.io.BufferedInputStream.getBufIfOpen(Unknown Source) java.io.BufferedInputStream.reset(Unknown Source) com.netapp.autozapi.server.zapi.ZapiRequestHandler.handleRequest(ZapiRequestHandler.java:107) org.springframework.web.context.support.HttpRequestHandlerServlet.service(HttpRequestHandlerServlet.java:67) javax.servlet.http.HttpServlet.service(HttpServlet.java:722) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:369) com.netapp.transition.server.logging.PostSecurityAuditLoggerConfigFilter.doFilter(PostSecurityAuditLoggerConfigFilter.java:46) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381) org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109) org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381) org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381) org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381) org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381) org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381) org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381) waffle.spring.NegotiateSecurityFilter.doFilter(Unknown Source) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381) com.netapp.transition.server.logging.PreSecurityAuditLoggerConfigFilter.doFilter(PreSecurityAuditLoggerConfigFilter.java:46) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:381) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:168) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) ########### nsclient.log ---------- 2018-03-08 15:03:38: debug:c:\source\master\include\socket/server.hpp:111: Binding to: [::]:5666(ipv6) 2018-03-08 15:03:38: debug:c:\source\master\include\socket/server.hpp:214: Attempting to bind to: [::]:5666(ipv6) 2018-03-08 15:03:38: debug:c:\source\master\include\socket/server.hpp:107: Binding to: 0.0.0.0:5666(ipv4), reopen: true, reuse: true 2018-03-08 15:03:38: debug:c:\source\master\include\socket/server.hpp:214: Attempting to bind to: 0.0.0.0:5666(ipv4) 2018-03-08 15:03:38: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: NSCAClient 2018-03-08 15:03:38: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: NSCAServer 2018-03-08 15:03:38: debug:c:\source\master\modules\NSCAServer\NSCAServer.cpp:94: Allowed hosts definition: 127.0.0.1(255.255.255.255), ... 2018-03-08 15:03:38: debug:c:\source\master\modules\NSCAServer\NSCAServer.cpp:95: Starting server on: address: :5667, ssl disabled 2018-03-08 15:03:38: debug:c:\source\master\include\socket/server.hpp:111: Binding to: [::]:5667(ipv6) 2018-03-08 15:03:38: debug:c:\source\master\include\socket/server.hpp:214: Attempting to bind to: [::]:5667(ipv6) 2018-03-08 15:03:38: debug:c:\source\master\include\socket/server.hpp:107: Binding to: 0.0.0.0:5667(ipv4), reopen: true, reuse: true 2018-03-08 15:03:38: debug:c:\source\master\include\socket/server.hpp:214: Attempting to bind to: 0.0.0.0:5667(ipv4) 2018-03-08 15:03:38: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: NSClientServer 2018-03-08 15:03:38: debug:c:\source\master\modules\NSClientServer\NSClientServer.cpp:86: Allowed hosts definition: 127.0.0.1(255.255.255.255), ... 2018-03-08 15:03:38: debug:c:\source\master\include\socket/server.hpp:111: Binding to: [::]:12489(ipv6) 2018-03-08 15:03:38: debug:c:\source\master\include\socket/server.hpp:214: Attempting to bind to: [::]:12489(ipv6) 2018-03-08 15:03:38: debug:c:\source\master\include\socket/server.hpp:107: Binding to: 0.0.0.0:12489(ipv4), reopen: true, reuse: true 2018-03-08 15:03:38: debug:c:\source\master\include\socket/server.hpp:214: Attempting to bind to: 0.0.0.0:12489(ipv4) 2018-03-08 15:03:38: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: PythonScript 2018-03-08 15:03:38: debug:c:\source\master\modules\PythonScript\python_script.cpp:93: boot python 2018-03-08 15:03:38: debug:c:\source\master\modules\PythonScript\python_script.cpp:108: Prepare python 2018-03-08 15:03:38: debug:c:\source\master\modules\PythonScript\python_script.cpp:115: init python 2018-03-08 15:03:38: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: SMTPClient 2018-03-08 15:03:38: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: Scheduler 2018-03-08 15:03:38: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: SimpleCache 2018-03-08 15:03:38: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: SimpleFileWriter 2018-03-08 15:03:38: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: SyslogClient 2018-03-08 15:03:38: debug:c:\source\master\service\plugin_manager.cpp:227: Loading plugin: WEBServer 2018-03-08 15:03:38: debug:c:\source\master\modules\WEBServer\WEBServer.cpp:161: Using certificate: C:\Program Files\NSClient++/security/certificate.pem 2018-03-08 15:03:38: error:c:\source\master\modules\WEBServer\WEBServer.cpp:179: Failed to start server: failed to open listener 2018-03-08 15:03:38: debug:c:\source\master\service\NSClient++.cpp:317: NSClient++ - 0.5.2.35 2018-01-28 Started! 2018-03-08 15:03:38: debug:c:\source\master\service\plugin_manager.cpp:514: Found module: CommandClient... 2018-03-08 15:03:38: debug:c:\source\master\modules\CommandClient\CommandClient.cpp:133: Enter command to execute, help for help or exit to exit...

mintsoft commented 6 years ago

@jaimielives If you're constantly getting denied from the HTTP interface then it's most likely that you've not added the IP address of the machine you're trying to login from into allowed hosts.

You can put it in with your existing list:

allowed hosts = 127.0.0.1,10.36.52.248,10.36.4.63,10.80.15.24,10.36.4.64,10.80.15.32,10.67.6.34,172.23.5.100

or you can add a specific one for the WEBServer:

https://docs.nsclient.org/reference/generic/WEBServer/#allowed-hosts_1

Is the IP you're connecting from in there?

Secondly, do you have NSClient running as a windows service at the same time that you're running nscp test ? That would explain all the IP binding failures

Onebutterfly-67 commented 6 years ago

Thanks. I've done that. I've attempted from both localhost and other allowed addresses...

Jaimie

On Mar 10, 2018 17:21, "Rob Emery" notifications@github.com wrote:

@jaimielives https://github.com/jaimielives If you're constantly getting denied from the HTTP interface then it's most likely that you've not added the IP address of the machine you're trying to login from into allowed hosts .

You can put it in with:

allowed hosts = 127.0.0.1,aa.bb.52.248,aa.bb.4.63,aa.bb.15.24,aa.bb.4.64,aa.bb.15.32,aa.bb.6.34,172.aa.bb.cc

or you can add a specific one for the WEBServer:

https://docs.nsclient.org/reference/generic/WEBServer/#allowed-hosts_1

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mickem/nscp/issues/554#issuecomment-372071755, or mute the thread https://github.com/notifications/unsubscribe-auth/AjeHJL2qSzB9Pui9nMI0oLtAl_y7hzSVks5tdFHbgaJpZM4SjXEF .

mintsoft commented 6 years ago

@jaimielives Sorry I edited my reply, you may not have seen the edit:

Secondly, do you have NSClient running as a windows service at the same time that you're running nscp test ? That would explain all the IP binding failures

Onebutterfly-67 commented 6 years ago

Sorry for the delay in answering. I was away...

On my Windows 2008 box the service is named "ncsp" I was not attempting to run the ncsp test while the nscp service was running.

I have since attempted the installation again, on a new, fresh Win2K8 installation, and get the same basic results.

Onebutterfly-67 commented 6 years ago

So, here's the problem... There isn't a problem per se, just an unfortunate collision of events involving another application...

If there is an issue, it's with the implementation of the installer and nsclient logger.

The msi installer is not programmed with a check to see if the default webserver port (TCP/8443) is in use by any other application during the install, does not write the configured port binding into ncsclient.ini, and the nsclient logger does not log the port bindings attempted into the nsclient.log. All in all, this makes it a bit tiresome for folks not familiar with NSClient to figure out what is actually happening.

When NSClient++ is installed, the installer attempts to install the services on TCP/8443 using SSL, but does not check to see if that port is in use, and it does NOT present an option to change the port binding during the install. In this case, the issues described here were caused because the Windows server being used has another corporate mandated background service related to security installed and bound to TCP/8443.

Additionally, the installer builds a sparse nsclient.ini file that does NOT list the port binding (because it's a default...). If the installer is not going to check to make sure the defaults are valid for the local system environment, then at least write ALL the in use configuration options into the ini file so they can be easily parsed and investigated when needed.

Also, the logger didn't give any information about what port binding was attempted... just the error "WEBServer.cpp:179: Failed to start server: failed to open listener". The logger should at least be programmed to include a hint at what was attempted ("failed to open listener on TCP/8443" for example).

So, this has been resolved. netstat -ab is your friend.

mickem commented 6 years ago

Seems we should fix the installer in that case to make it report better errors...

mickem / nscp