Infrastructure Manager port configuration

alexmcclements
Contributor

Hi

I am trying to configure Infrastructure Manager, I have my firewire rules in place and I have installed Infrastructure Manager, however it doesn't appear to be listening on the port that JAMF recommend. I get this error which usually denotes that nothing is listening on that port.

Error: javax.naming.CommunicationException: 109.171.129.139:8389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]
Suggestion: Ensure you can connect to ldap://109.171.129.139:8389

I can't find any documentation on how to specify the listening port but according to this line from the page on Network Ports JAMF uses it would appear it is something you need to specifiy.

"The port on which the LDAP Proxy will listen for these incoming requests is configured when enrolling with the Jamf Pro server."

Does anyone have any ideas?

6 REPLIES 6

talkingmoose
Moderator
Moderator

In your JSS, choose JSS Settings > LDAP Servers. Your Jamf Infrastructure Manger (JIM) instance should appear here. You can set its port to 8389 or any port you choose. Be sure your network firewall allows traffic on whatever port you choose.

You can verify your JIIM is listening on the port you're using by running this command from a Mac outside your network:

nc -z jimaddress.domain.com 8389

You're looking for a response that says "succeeded".

oliver
New Contributor III
New Contributor III

Not enough information here to say if this is your problem, but here's one common gotcha that trips people up... on the JIM itself, ping the JIM's enrolled hostname (e.g. ping jim.org.org). It will show the IP address that it gets back when it tries to resolve "jim.org.org". That needs to be the internal IP address on the JIM host, not the external IP address that Jamf Cloud will be contacting. If this is not right, you will see the below in the JIM logs because there's no network adaptor on the JIM server that has that external IP address...

2016-08-30 14:43:21,839 ERROR c.j.j.l.LpsServerSocketListener [lps: /13.93.87.150:31337 (ssl)] Failed to obtain server socket for address /13.93.87.150:31337
com.jamfsoftware.jsam.lps.LpsException: Failed to bind server socket to [/13.93.87.150:31337] at com.jamfsoftware.jsam.lps.socket.LpsSocketSupplier.bindServerSocket(LpsSocketSupplier.java:136) ~[11:ldap-proxy:0.0.1.20160714202842]

The solution is to have split-scope DNS (Jamf Cloud resolves jim.org.org to the external IP address, the JIM resolves jim.org.org to it's own internal IP address. Or, just edit /etc/hosts and add a line for the enrolled hostname so it never even has to ask DNS...

<local.ip.address> jim.org.org

Then restart the JIM/LDAP Proxy service and that startup error will be gone.

alexmcclements
Contributor

Thanks for your responses, when I tried nc -z jimaddress.domain.com 8389 from outside my network it seemed to just time out with no error message or any message of any kind.

I checked the status of the JIM and got

● jamf-im.service - LSB: JAMF Infrastructure Manager Loaded: loaded (/etc/init.d/jamf-im; bad; vendor preset: enabled) Active: active (running) since Mon 2017-10-09 08:18:04 AST; 9min ago Docs: man:systemd-sysv-generator(8) CGroup: /system.slice/jamf-im.service └─13460 /usr/bin/java -Dcom.jamfsoftware.jsam.configDirBase=/etc/jamf-im -Dlog4j.configurationFile=/etc/jamf-im/jsam/logging/log4j2-jamf-im-launcher.xml -DjsamLogPath=/var/log -jar jsam-launcher-1.3.0.jar

Oct 09 08:18:04 lthjamf systemd[1]: Starting LSB: JAMF Infrastructure Manager...
Oct 09 08:18:04 lthjamf systemd[1]: Started LSB: JAMF Infrastructure Manager.

I had a look in the logs and see this

2017-10-09 08:32:40,369 INFO c.j.j.l.LpsServerSocketListener [lps: /109.171.129.139:8389 (ssl)] Sleeping for 5000 ms before retry of server socket bind for address /109.171.129.139:8389
2017-10-09 08:32:45,369 INFO c.j.j.l.LpsServerSocketListener [lps: /109.171.129.139:8389 (ssl)] Waking for retry of server socket bind for address /109.171.129.139:8389
2017-10-09 08:32:45,375 ERROR c.j.j.l.LpsServerSocketListener [lps: /109.171.129.139:8389 (ssl)] Failed to obtain server socket for address /109.171.129.139:8389
com.jamfsoftware.jsam.lps.LpsException: Failed to bind server socket to [/109.171.129.139:8389] at com.jamfsoftware.jsam.lps.socket.LpsSocketSupplier.bindServerSocket(LpsSocketSupplier.java:136) at com.jamfsoftware.jsam.lps.socket.LpsSocketSupplier.createSslServerSocket(LpsSocketSupplier.java:61) at com.jamfsoftware.jsam.lps.LpsServerSocketListener.safeCreateServerSocket(LpsServerSocketListener.java:151) at com.jamfsoftware.jsam.lps.LpsServerSocketListener.bindServerSocket(LpsServerSocketListener.java:115) at com.jamfsoftware.jsam.lps.LpsServerSocketListener.execute(LpsServerSocketListener.java:94) at com.jamfsoftware.jsam.lps.LpsServerSocketListener.run(LpsServerSocketListener.java:73)
Caused by: java.net.BindException: Cannot assign requested address (Bind failed) at java.net.PlainSocketImpl.socketBind(Native Method) at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:387) at java.net.ServerSocket.bind(ServerSocket.java:375) at java.net.ServerSocket.bind(ServerSocket.java:329) at com.jamfsoftware.jsam.lps.socket.LpsSocketSupplier.bindServerSocket(LpsSocketSupplier.java:132) ... 5 more
2017-10-09 08:32:45,376 INFO c.j.j.l.LpsServerSocketListener [lps: /109.171.129.139:8389 (ssl)] Sleeping for 5000 ms before retry of server socket bind for address /109.171.129.139:8389

I checked /etc/hosts and there is already an entry for the local IP address so going to try and setup a split DNS.

oliver
New Contributor III
New Contributor III

Alex, what is 109.171.129.139? Is that the actual internal IP address of the server where you are running JIM?

What do you get when you ping the enrolled hostname on the JIM server?

alexmcclements
Contributor

That's the external address, I've concluded the issue is that in order to get the port to bind on the JIM I have to use the hostname, the external IP address won't resolve (I tried adding it to /etc/hosts without any luck) so the port won't bind. The issue now is that the hostname isn't public and so when my JAMF Cloud tries to connect to the hostname it can't connect as its not listed on the Firewall. So a bit of a catch 22.

The network and linux team are now arguing over what to do next, I miss having an internal JSS!

talkingmoose
Moderator
Moderator

@alexmcclements, didn't catch earlier you were using an IP address. As @oliver mentioned, you'll need an external DNS name that's resolvable from the Internet.

The external DNS doesn't need to be the same as your host name. Typically, it's an alias or CNAME.

  1. Create an external DNS name that points to your JIM's public IP address.
  2. Edit he host file of your server to point the external DNS name to your server's internal IP address. You may need to restart your server after this change. (This isn't necessary if your server has its own dedicated public IP address and the DNS resolves to that.)
  3. On your server, ping the public DNS name. Because of your host file change, it should return your internal IP address. (Again, only if you did Step 2.)
  4. Install JIM.
  5. Run the nc -z server.domain.com 8389 command from a Mac that's outside your network (maybe go to a local coffee shop?) to test the port is open and listening.

If your server is responding, you can then go to your LDAP settings in your Jamf Cloud server and choose your JIM server there. You generally don't need to edit anything else with your LDAP settings. The change should be fairly immediate. Test by logging in to your Jamf Cloud instance with your directory service account.