RUM Sniffer Probe 9.30 not inovking port 2020 in Windows 2012 Server R2 DC 64 Bit

Hi,

In our VMWare ESXi 5.5 based environment, We have installed HPE Rum Sniffer Probe on a Windows Server, the Windows firewall is kept OFF for purpose of making the HPE Rum Sniffer Probe only. There is not external /physical firewall involved here. 

Inspite of following troubleshooting carried out, we are hung up and unable to proceed further, as the port 2020 is not getting invoked on the Windows server where HPE RUM Sniffer Probe is installed.

Could any one of you please help us on priority with some more better solution.

1. We had removed the antivirus from the Windows Virtual Server.
2. After removing the Antivirus, we had re-started the machine, re-started the HPRumProbe service.
3. Even tried by UN-installing the HP RUM probe, and fresh re-installation (3rd time now)
4. kept the machine switched off for few mins and powered ON, we found the port 2020 getting invoked for few mins(refer time stamp in attached three screenshots)

After performing the above, still no luck on port 2020 getting operational by HP RUM Probe.
(still antivirus is not installed onlt  for the purpose of observing the behavior and affect the resolution)

 

Thanks and Regards

Hemant Vaswani

 

Parents
  • Hi HemantVaswani,

    I think you started at the wrong end.
    Starting some version ago, we had to close port 2020 for access, which simply means that you cannot see the port anymore.

    The valid method to verify whether or not the RUM sniffer probe works is to check <HPRumProbe>\output\log\capture.conf,
    if you find this or a similar line
    INFO collector <..\..\collector\main.cpp:363> - Startup was successful (RUM(r) probe Capture v9.25.80.0331 Win64 r16932)
    then at least it started up.

    Or more simple, check the RUM Engine Heath page:
    RUM Engine Console -> System Health -> Real User Monitor Sninner Probe Host <hostname>
    (icon to the right should be green)

    or
    RUM Engine Console -> Configuration -> Probe Management
    select your probe
    System Health -> Real User Monitor Sninner Probe Host <hostname>
    and click on the Probe Information button:

    Status: Probe is up and running
    Operating system: Microsoft Windows Server 2008 R2 Service Pack 1 (build 7601)
    Version: 9.25.80.0331
    Last configuration time: (GMT 01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna 11/13/2016 10:11:13 PM
    Last successful configuration time: (GMT 01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna 11/13/2016 10:11:13 PM

    Most likely your probe works fine, and you simply don't know ...

    Greetings
    Siggi

Reply
  • Hi HemantVaswani,

    I think you started at the wrong end.
    Starting some version ago, we had to close port 2020 for access, which simply means that you cannot see the port anymore.

    The valid method to verify whether or not the RUM sniffer probe works is to check <HPRumProbe>\output\log\capture.conf,
    if you find this or a similar line
    INFO collector <..\..\collector\main.cpp:363> - Startup was successful (RUM(r) probe Capture v9.25.80.0331 Win64 r16932)
    then at least it started up.

    Or more simple, check the RUM Engine Heath page:
    RUM Engine Console -> System Health -> Real User Monitor Sninner Probe Host <hostname>
    (icon to the right should be green)

    or
    RUM Engine Console -> Configuration -> Probe Management
    select your probe
    System Health -> Real User Monitor Sninner Probe Host <hostname>
    and click on the Probe Information button:

    Status: Probe is up and running
    Operating system: Microsoft Windows Server 2008 R2 Service Pack 1 (build 7601)
    Version: 9.25.80.0331
    Last configuration time: (GMT 01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna 11/13/2016 10:11:13 PM
    Last successful configuration time: (GMT 01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna 11/13/2016 10:11:13 PM

    Most likely your probe works fine, and you simply don't know ...

    Greetings
    Siggi

Children
  • Hi,

    I am glad to receive some feedback.

    Please note - we are using HPE Rum Probe Ver 9.30 only.

    Even the HPE support team is refering to the proper functionality(availibility) of Port # 2020 , we have been using the command in windows cmd prompt - netstat -ano and telnet rumprobe 2020 to verify. There is a requirement of port to be opened in unidirection and from probe server to engine only.

    I was able to find the following in the capture.log fie :

    2016-11-18 16:54:21 [3316] INFO  collector.MasterConfig <..\..\collector\config\MasterConfig.cpp:2644> - initialize log appenders
    2016-11-18 16:54:21 [3316] INFO  collector <..\..\collector\main.cpp:310> - JIT is supported by regular expressions library.
    2016-11-18 16:54:21 [3316] INFO  collector <..\..\collector\main.cpp:346> - XPath API initiated.
    2016-11-18 16:54:21 [3316] WARN  entropy.bbtime <..\..\entropy\BBTime.cpp:25> - System Time Calculation using vm: true
    2016-11-18 16:54:23 [3316] WARN  collector.MasterConfig <..\..\collector\config\MasterConfig.cpp:1441> - Setting global_skip_checksum = 1
    2016-11-18 16:54:23 [3316] INFO  collector <..\..\collector\main.cpp:419> - Startup was successful (RUM(r) probe Capture v9.30.50.0207 Win64 r0)

    ---------

    Please refer the screenshot of the error as seen in the RUM Engine console for , this is encountered while checking the probe server availibility.(RUM Engine Console -> Configuration -> Probe Management)

    also refer the screenshot of System Health -> Real User Monitor Sninner Probe Host <hostname>
    and we dont get the option to click on the Probe Information button

     

    kindly look into and help to affect resolution.

     

    Thanks and Regards

    Hemant Vaswani

     

     

     

     

  • Hi Hemant,

    Can you pls answer the following questions:

    1. Is it a new installation from scratch or you have upgraded from older RUM Version to 9.30?

    2. Can you resolve RUM Probe host from RUM engine?

    3. Can you pls review RUM engine logs for connection error - there should be a reason of failed connection.

    Best regards, Alexey

  • Hi Alexey,

    1. this is a fresh installation of HPE RUM Ver 9.30 (Windows Environment)

    2. Yes, I was able to resolve the probe hostname from engine using ping command

    3. please refer the error as seen in the attached screenshot of engine and config.manger.log

    kindly suggest what could be the nest step of troublesooting or resolution probably......

     

    Thanks and Regards

    Hemant Vaswani

     

  • Hi Hemant,

    2 Questions:

    1. What is the RUM Engine version?

    2. Did you open a support case already? Whithin this forum format i cannot even ask you for normal logs or WebEx.

    Alexey.

     

  • Hi Hemant,

    There are also few steps to troubleshoot:

    1. Switch off SSL at RUM Probe side. In the file "etc\rum_probe\rpsecurity.conf" change "use_ssl" parameter to "false". Save file. Restart Probe.

    2. Try to reach from RUM Engine side "http://<RUM Probe Host>:2020/status.xml" in the browser (or reconnect RUM Probe by HTTP).

    In case you see status XML at point 2 in the browser (or RUM Probe is connected successfully in RUM Engine) - we will continue to look issues with SSL. If not - it is pure connectivity issue (or port is busy, or blocked by antivirus or something similar)

    Best regards, Alexey 

  • Hi Alexey,

    i tried the SSL=false in rpsecurity.conf and as per steps mentioned in above post.

    still no luck. the browser says  - this page can't be dispalyed.

    Thanks and Regards

    Hemant Vaswani

  • Hi Hemant,

    In your second post, you said:

    "There is a requirement of port to be opened in unidirection and from probe server to engine only."

    It sounds like you have a firewall between the Engine and Probe, which is common.  However, I think it's supposed to be the other way round - the Engine initiates the connection with the Probe.  The Probe remains passive, just listening to incoming connections.

    Alexey / Siggi - can you confirm this?

    If so, you will have to get the firewall rule controlling traffic between the Engine and Probe updated.

    Regards,

    Tim

  • Tim,

    I agree on that, it's also shown in detail in the documentation:
    (9.30 Real User Monitor Deployment Planning Guide)

    RUM Components:
    ..
    Both types of probes receive their configuration from the RUM Engine and collected data is pulled by the Engine

    Communication Channels:

    RUM Engine -> RUM Probe:
    The communication is in one direction only, from the RUM Engine to the
    RUM Probe. This enables the placement of the RUM Probe in a less secure environment (such as DMZ),
    while keeping the engine in the internal LAN without the need to open another port in the firewall.

    Channel                                                                      Direction                             Default Port  Default Protocol
    Send configuration and get data from the RUM Probe  RUM Engine -> RUM Probe  2020             HTTPS

    Greetings
    Siggi

     

     

     

  • HI Hemant,

    So, it is not SSL issue, it is a pure connectivity issue not connected with RUM itself.

    You can check:

    1. See if port 2020 is occupied with other application. Shut down Probe and run "netstat -na". In case you see 2020 is listening - something is using it.

    2. Use "telnet" (google it) to check port availability externally.

    Best regards, Alexey

  • Hi Tim & Siggi,

    For the sake of troubleshooting purpose, the windows firewall state is put to "OFF"  for past week's time. this is for both RUM Engine and RUM Probe. Please guide in such scenario

    Hi Alexy,

    the output of command prompt  "netstat -ano | findstr "2020""is not listing any thing, i have been continoulsy checking it.

    also, the telnet to probe from engine and vice verse is failing for port 2020.

    Thanks to all for for helping to affect the resolution.

    Thanks and Regards

    Hemant Vaswani