Firewall rules might cause Sun Java System Application Server startup
failures.
If you have a personal firewall installed, you might experience this
problem. The presence of strict firewall rules on the same machine as a Sun Java System Application Server installation
might cause startup failures of the Admin Server and App Server instances.
Specifically, the Admin Server and App Server instances attempt to establish
local connections within the Sun Java System Application Server environment. Since these
connection attempts access ports using the host name of the system rather
than localhost, local firewall rules might block such attempts.
The local firewall might also inadvertently generate alerts saying that
either the “Portal of Doom Trojan” attack (for example, TCP connection
attempts on port 3700) or similar attacks have occurred when, in fact, such
access attempts have been made by the Sun Java System Application Server and are in no way
a security threat to your machine. Under some conditions, the port number
which the Sun Java System Application Server uses for various local communications might
overlap with port numbers used in known popular attacks. Some symptoms of
this problem:
-
An attempt to start the Sun Java System Application Server using the Microsoft
Windows program group item “Start Application Server” fails with
this message:
Could not start the instance: domain1:admin-server
server failed to start: abnormal subprocess termination ...
-
The administrative and server instance log files contain connection
exceptions followed by this message: CORE3186: Failed to set configuration
Solution
Modify the firewall policy to allow the Sun Java System Application Server to make
connection attempts to ports on the local system.
To avoid inaccurate alerts concerning possible attacks, either modify
the relevant rules or change the conflicting port number(s) used by the Sun Java System Application Server.
To determine the port numbers used by the Admin Server and App Server
instances, see the server.xml file in the following location
of your Sun Java System Application Server installation:
domain_config_dir/domain1/admin-server/config/server.xml domain_config_dir/domain1/server1/config/server.xml
where domain_config_dir is the location of
your initial server configuration. For example:
Microsoft Windows: install_dir/domains/...Solaris 9 and above integrated install: /var/appserver/domains/...Solaris 8, 9 and above unbundled install: /var/opt/SUNWappserver7/domains/...
Look for the port settings in the <iiop-listener>
and <jms-service> elements. You can either change
these port numbers to other unused port numbers, or you can modify your firewall
policy to allow connection attempts from clients on the local machine to these
port numbers on the same machine.
|