Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Unable to access back up routing engine via J-Web/http

0

1

Article ID: KB36362 KB Last Updated: 29 Dec 2020Version: 1.0
Summary:

This article explains why both routing engines cannot be accessed via J-Web/http at the same time.

Symptoms:

First, make sure that J-web is running in the MX device.

Note that starting from Junos OS 15.1, the J-Web package is included in junos-install. Therefore, it will not be available on the Juniper Networks Download Software site. 
For junos-install packages, the J-Web package is built-in and optional, which means that it can be enabled when required.

Reference: KB32651 - [MX] Installing the included J-Web package in Junos OS

Use the following command to see if J-web is already enabled:

 > show system software | match "jweb"


If J-web is not enabled in the platform, no output is displayed (as shown above). Use the following command to enable J-web:

> request system software add optional://jweb
Verified jweb signed by PackageProductionEc_2018 method ECDSA256+SHA256

Use the command again to see if it is already enabled. This time the package is displayed:

 > show system software | match "jweb"           
jweb-x86-32-20180316.180938_builder_junos_174_r1_s2  --  jweb

After the J-web package is installed, verify the configuration and make sure that under the services hierarchy, web-management http is enabled.

If web-management http is not enabled, run the following command and commit the configuration:
# set system services web-management http  

# show | compare
[edit system services]
+    web-management {
+        http;
+    }
Once the package is enabled as well as the web-management configuration, it is time to test access to the device.

There are no problems connecting through http to RE0 (primary).

http://<ip address of the management interface>
http://10.85.162.22


The problem occurs when trying to access the Back Up RE.

http://<ip address of the management interface>
http://10.85.162.23

An error appears:

Cause:

During testing, different causes for the issue was found.

The first cause is that RPD was not running on the back up routing engine.

RPD was running as expected in the primary routing engine.

re0> show system processes extensive | match rpd
20535 root      20    0  1154M   181M kqread  3   0:02   0.00% rpd 
20535 root      20    0  1154M   181M kqread  3   0:01   0.00% rpd 
20569 root      20    0   873M  8116K kqread  3   0:00   0.00% rpdtmd
20535 root      20    0  1154M   181M kqread  0   0:00   0.00% rpd{krtio-th}

RPD is not running in the back up routing engine (this is an expected behavior).

re1> show system processes extensive | match rpd

Enable RDP in the back up routing engine by enabling NSR (Nonstop Active Routing). However, this will not solve the Jweb access issue.

Reference: Configuring Nonstop Active Routing

NSR was configured to show that even when RPD is running on both REs, the problem still occurs. RDP can be seen running now on both REs:

re0> show system processes extensive | match rpd
26962 root      20    0  1154M   184M kqread  3   0:44   0.00% rpd 
26962 root      20    0  1154M   184M kqread  3   0:10   0.00% rpd 
27002 root      20    0   873M 10824K kqread  2   0:01   0.00% rpdtmd
26962 root      20    0  1154M   184M kqread  2   0:00   0.00% rpd{krtio-th}

re1> show system processes extensive | match rpd
38735 root      20    0  1135M   172M kqread  1   0:04   0.00% rpd 
38735 root      20    0  1135M   172M kqread  2   0:03   0.00% rpd 
38735 root      20    0  1135M   172M kqread  1   0:00   0.00% rpd{krtio-th}

The cause of this issue is that httpd does not run in the back up routing engine.

This can by verified in the following outputs:

{MASTER}
labroot@madras-re0> show system processes extensive | match http
27042 nobody    20    0 17540K  5556K select  1   0:00   0.00% httpd 
26984 root      20    0   713M  4672K select  1   0:00   0.00% httpd-gk

 
labroot@madras-re1> show system processes extensive | match http
Solution:

The daemons referenced by J-Web (httpd and httpd-gk) do not run on the back up routing engine, so httpd and httpd-gk will not be on the back up RE.

To manage RE1 via J-web, install the J-web package as it was done in the primary RE.

re1> request system software add optional://jweb
Verified jweb signed by PackageProductionECP256_2020 method ECDSA256+SHA256
 
re1> show system software | match jweb
jweb-x86-32-20200828.051203_builder_junos_193_r3  --  jweb

Complete a routing primary role change (this will disable J-web access on RE0).

re1> request chassis routing-engine master switch
warning: Traffic will be interrupted while the PFE is re-initialized
Toggle mastership between routing engines ? [yes,no] (no) yes
 
Resolving mastership...
Complete. The local routing engine becomes the master.

After this, login via J-web into RE1 was successful:




 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search