Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] Unable to connect SRS to NSM; NSM not listening on port 15403

0

0

Article ID: KB8475 KB Last Updated: 13 Aug 2020Version: 6.0
Summary:

This article discusses the issue of why port 15403 may not be listening on the NSM, and how to correct this.

 

Symptoms:

A NSM (Network and Security Manager) server is already working, and the SRS (Statistical Report Server) is being added.  The guiSvr attempts to connect to the NSM on port 15403.

While reviewing the open and listening services, the NSM reveals that it is not open on port 15403, and hence the SRS server does not connect. This port is only used for the 4.x devices when they connect to the DC (Data Collector).

If the SRS server is unable to connect to the NSM Server, then it is that the MC process, a part of the GUI Server is not able to connect/login to the SRS server.

Also, the NSM will communicate with the SRS via tcp port 5432. NSM will access the database in SRS.

The typical report after installing both the NSM and the SRS on different Solaris boxes is that the SRS admin console fails to connect to guiSvr.  The following error messages are reported:

Cannot connect to GUI Server.
Please make sure the network connection from Statistical Report - Administration Console to GUI Server is up,
and the GUI Server is up.

While checking with both NSM and SRS, all services report running ok.

Checking with netstat, TCP 15403 is not up on guiSvr and all communication using tcp 5432 is not established.

root@nsm:/# netstat -an | grep LIST
*.32768 *.* 0 0 49152 0 LISTEN
*.5987 *.* 0 0 49152 0 LISTEN
*.898 *.* 0 0 49152 0 LISTEN
*.32769 *.* 0 0 49152 0 LISTEN
*.5988 *.* 0 0 49152 0 LISTEN
*.32770 *.* 0 0 49152 0 LISTEN
*.6991 *.* 0 0 49152 0 LISTEN
*.7801 *.* 0 0 49152 0 LISTEN
*.7800 *.* 0 0 49152 0 LISTEN
*.15400 *.* 0 0 49152 0 LISTEN
*.11122 *.* 0 0 49152 0 LISTEN
*.22 *.* 0 0 49152 0 LISTEN
root@nsm:/# 

On SRS, srSvr is not connected to srDb as netstat showing there is no tcp 5432 communication established.

 

Solution:

Perform the following steps.

  1. Always look for the message "historicalReports connected" in the pro.mc.log

  2. Confirm that the DB table name, username, and password is correct setup in both NSM and SRS.  All of this information is "netscreen" by default, except password.

Check the file in NSM, /var/netscreen/GuiSvr/server_table.nml. Here is portion of this file related to SRS communication parameters.

:masterController (
:pro_customer_authenticate ("ZULrkz71yZru")
:mc_smemc_init_debug_on (false)
:mc_smemc_init_info_on (true)
:db_ip_addr ("172.27.10.251") <--- This is SRS server
:db_name ("netscreen") <--- Database name
:db_choice ("pgsql")
:db_passwd ("ZULrkz71yZru") <--- DB password. This is "netscreen"
:db_port ("5432") <--- SRS will monitor access via tcp port 5432
:db_user_id ("netscreen") <--- This is DB login name
:mc_smemc_email_enable (false)
:mc_smemc_email_server ("netscreen.com")
:mc_smemc_email_from_id ("gpro@netscreen.com")
:mc_smemc_email_to_id ("admin@netscreen.com")
:mc_smemc_interval_dupl_err_msg (10)

Note: It is recommended to use the /usr/netscreen/GuiSvr/utils/setSrsDbParams.sh to modify the above file.

The Parameters listed above must match with the SRS server; the configuration file in the SRS server is:  /var/netscreen/SrDb/SrDb.cfg.

  1. On the SRS server, confirm the SRS server is monitoring tcp port 5432:

spgsun:/#netstat -a | grep 5432
*.5432 *.* 0 0 49152 0 LISTEN
*.5432 *.* 0 0 49152 0 LISTEN
spgsun.5432 spgsun2.32794 49048 0 49352 0 ESTABLISHED
spgsun.5432 spgsun2.32795 48396 0 49640 0 ESTABLISHED
spgsun.5432 spgsun2.32796 49476 0 49132 0 ESTABLISHED
spgsun.5432 spgsun2.32797 49476 0 48865 0 ESTABLISHED
spgsun.5432 spgsun2.32798 49476 0 49132 0 ESTABLISHED
spgsun.5432 spgsun2.32799 49476 0 49132 0 ESTABLISHED
spgsun.5432 spgsun2.32800 49476 0 49132 0 ESTABLISHED
spgsun.5432 spgsun2.32801 49476 0 49132 0 ESTABLISHED
spgsun.5432 spgsun2.32802 49476 0 49132 0 ESTABLISHED
spgsun.5432 spgsun2.32803 49476 0 49132 0 ESTABLISHED
*.5432 *.* 0 0 49152 0 LISTEN
70b3fe18 stream-ord 70b2a570 00000000 /tmp/.s.PGSQL.5432
spgsun:/#
  1. If the SRS server is installed on Solaris, there is a known problem between PostgreSql and Solaris. Perform the following:

Edit the /var/netscreen/SrDB/data/pg_hba.conf file. Replace the line 5:

host all all 127.0.0.1 255.255.255.255 password
to:
host all all 127.0.0.1/32 password

The notation 127.0.0.1/32 is equivalent to 127.0.0.1 and 255.255.255.255.

The latter is not accepted if DNS is not enabled in the machine.

If you do enable DNS, please try it.

Reboot both devices to ensure everything is clean, and once the DNS issue is sorted out, the connection should be established on TCP 5432.

Only after this TCP 5432 connection is established will NSM start listening on port 15403.

 

Modification History:
  • 2020-07-24: Removed broken link.

  • 2020-08-13: Marked for archive

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search