Posted on 10-08-2017 07:05 AM
Hi
I am trying to configure Infrastructure Manager, I have my firewire rules in place and I have installed Infrastructure Manager, however it doesn't appear to be listening on the port that JAMF recommend. I get this error which usually denotes that nothing is listening on that port.
Error: javax.naming.CommunicationException: 109.171.129.139:8389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
Suggestion: Ensure you can connect to ldap://109.171.129.139:8389
I can't find any documentation on how to specify the listening port but according to this line from the page on Network Ports JAMF uses it would appear it is something you need to specifiy.
"The port on which the LDAP Proxy will listen for these incoming requests is configured when enrolling with the Jamf Pro server."
Does anyone have any ideas?
Posted on 10-08-2017 11:09 AM
In your JSS, choose JSS Settings > LDAP Servers. Your Jamf Infrastructure Manger (JIM) instance should appear here. You can set its port to 8389 or any port you choose. Be sure your network firewall allows traffic on whatever port you choose.
You can verify your JIIM is listening on the port you're using by running this command from a Mac outside your network:
nc -z jimaddress.domain.com 8389
You're looking for a response that says "succeeded".
Posted on 10-08-2017 12:20 PM
Not enough information here to say if this is your problem, but here's one common gotcha that trips people up... on the JIM itself, ping the JIM's enrolled hostname (e.g. ping jim.org.org). It will show the IP address that it gets back when it tries to resolve "jim.org.org". That needs to be the internal IP address on the JIM host, not the external IP address that Jamf Cloud will be contacting. If this is not right, you will see the below in the JIM logs because there's no network adaptor on the JIM server that has that external IP address...
2016-08-30 14:43:21,839 ERROR c.j.j.l.LpsServerSocketListener [lps: /13.93.87.150:31337 (ssl)] Failed to obtain server socket for address /13.93.87.150:31337
com.jamfsoftware.jsam.lps.LpsException: Failed to bind server socket to [/13.93.87.150:31337]
at com.jamfsoftware.jsam.lps.socket.LpsSocketSupplier.bindServerSocket(LpsSocketSupplier.java:136) ~[11:ldap-proxy:0.0.1.20160714202842]
The solution is to have split-scope DNS (Jamf Cloud resolves jim.org.org to the external IP address, the JIM resolves jim.org.org to it's own internal IP address. Or, just edit /etc/hosts and add a line for the enrolled hostname so it never even has to ask DNS...
<local.ip.address> jim.org.org
Then restart the JIM/LDAP Proxy service and that startup error will be gone.
Posted on 10-08-2017 11:47 PM
Thanks for your responses, when I tried nc -z jimaddress.domain.com 8389 from outside my network it seemed to just time out with no error message or any message of any kind.
I checked the status of the JIM and got
● jamf-im.service - LSB: JAMF Infrastructure Manager Loaded: loaded (/etc/init.d/jamf-im; bad; vendor preset: enabled) Active: active (running) since Mon 2017-10-09 08:18:04 AST; 9min ago Docs: man:systemd-sysv-generator(8) CGroup: /system.slice/jamf-im.service └─13460 /usr/bin/java -Dcom.jamfsoftware.jsam.configDirBase=/etc/jamf-im -Dlog4j.configurationFile=/etc/jamf-im/jsam/logging/log4j2-jamf-im-launcher.xml -DjsamLogPath=/var/log -jar jsam-launcher-1.3.0.jar
Oct 09 08:18:04 lthjamf systemd[1]: Starting LSB: JAMF Infrastructure Manager...
Oct 09 08:18:04 lthjamf systemd[1]: Started LSB: JAMF Infrastructure Manager.
I had a look in the logs and see this
2017-10-09 08:32:40,369 INFO c.j.j.l.LpsServerSocketListener [lps: /109.171.129.139:8389 (ssl)] Sleeping for 5000 ms before retry of server socket bind for address /109.171.129.139:8389
2017-10-09 08:32:45,369 INFO c.j.j.l.LpsServerSocketListener [lps: /109.171.129.139:8389 (ssl)] Waking for retry of server socket bind for address /109.171.129.139:8389
2017-10-09 08:32:45,375 ERROR c.j.j.l.LpsServerSocketListener [lps: /109.171.129.139:8389 (ssl)] Failed to obtain server socket for address /109.171.129.139:8389
com.jamfsoftware.jsam.lps.LpsException: Failed to bind server socket to [/109.171.129.139:8389]
at com.jamfsoftware.jsam.lps.socket.LpsSocketSupplier.bindServerSocket(LpsSocketSupplier.java:136)
at com.jamfsoftware.jsam.lps.socket.LpsSocketSupplier.createSslServerSocket(LpsSocketSupplier.java:61)
at com.jamfsoftware.jsam.lps.LpsServerSocketListener.safeCreateServerSocket(LpsServerSocketListener.java:151)
at com.jamfsoftware.jsam.lps.LpsServerSocketListener.bindServerSocket(LpsServerSocketListener.java:115)
at com.jamfsoftware.jsam.lps.LpsServerSocketListener.execute(LpsServerSocketListener.java:94)
at com.jamfsoftware.jsam.lps.LpsServerSocketListener.run(LpsServerSocketListener.java:73)
Caused by: java.net.BindException: Cannot assign requested address (Bind failed)
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:387)
at java.net.ServerSocket.bind(ServerSocket.java:375)
at java.net.ServerSocket.bind(ServerSocket.java:329)
at com.jamfsoftware.jsam.lps.socket.LpsSocketSupplier.bindServerSocket(LpsSocketSupplier.java:132)
... 5 more
2017-10-09 08:32:45,376 INFO c.j.j.l.LpsServerSocketListener [lps: /109.171.129.139:8389 (ssl)] Sleeping for 5000 ms before retry of server socket bind for address /109.171.129.139:8389
I checked /etc/hosts and there is already an entry for the local IP address so going to try and setup a split DNS.
Posted on 10-09-2017 03:59 PM
Alex, what is 109.171.129.139? Is that the actual internal IP address of the server where you are running JIM?
What do you get when you ping the enrolled hostname on the JIM server?
Posted on 10-12-2017 12:12 AM
That's the external address, I've concluded the issue is that in order to get the port to bind on the JIM I have to use the hostname, the external IP address won't resolve (I tried adding it to /etc/hosts without any luck) so the port won't bind. The issue now is that the hostname isn't public and so when my JAMF Cloud tries to connect to the hostname it can't connect as its not listed on the Firewall. So a bit of a catch 22.
The network and linux team are now arguing over what to do next, I miss having an internal JSS!
Posted on 10-12-2017 08:06 AM
@alexmcclements, didn't catch earlier you were using an IP address. As @oliver mentioned, you'll need an external DNS name that's resolvable from the Internet.
The external DNS doesn't need to be the same as your host name. Typically, it's an alias or CNAME.
nc -z server.domain.com 8389
command from a Mac that's outside your network (maybe go to a local coffee shop?) to test the port is open and listening.If your server is responding, you can then go to your LDAP settings in your Jamf Cloud server and choose your JIM server there. You generally don't need to edit anything else with your LDAP settings. The change should be fairly immediate. Test by logging in to your Jamf Cloud instance with your directory service account.