check the CMS logs to find a root cause of CMS Supervisor issue with connecting

[nortavaya]

Hi all

All users that having CMS Supervisors were unable to connect to the CMS, but using putty it works fine.
Later the issue was resolved without any intervention.!!

Can we have a specific logs on CMS Server that showing connections of CMS Supervisor to understand whats was causing this issue..?

Thank you

 

[kyle555]

putty works via telnet or ssh? maybe you have a ssh problem where putty uses its own thing and CMS Supervisor delegates to Windows SCHANNEL encryption stuff and one of those is happy with what CMS offers and one isn't?

 

[nortavaya]

Thanks kyle555 yes correct it was working for putty but only CMS Supervisor not working...
I checked logs on /var/adm, and I found this:

sshd[4463]: [ID 800047 auth.crit] fatal: Read from socket failed: Connection reset by peer

this means something relating ??

Thanks

 

[kyle555]

Yeah. That's CMS saying the thing that tried connecting quit trying connecting.

I'd wireshark the CMS supervisor's SSH negotiation and compare to the sshd config on CMS. Maybe your MS guys through some group policies tightened up and refuse older encyrption algorithms.

Happens with people with a new macbook too. Mac's terminal and ssh don't allow older encryption methods. You'll never get a new macbook to ssh to a CM 5.2 without tinkering with it's ssh settings in the OS

 

[nortavaya]

Hi kyle555
I think this is what was happened, now it is not possible to run Wireshark because all CMS Sups are connected.
The problem was resolved gradually after rebooting CMS...!!
I don't have logs on CMS to confirm this

 

[kyle555]

Linux CMS?

I was going to say wireshark from any CMSSup PC and not from the CMS itself. But if turning it off and on again fixed it, then I doubt ssh settings are in play. Sounds more like the user's connections hung up somehow.

 

[nortavaya]

Yes it is Linux, the only thing I found some logs on /var/adm talking about sshd issue.
If the issue happened again I think here I can run Wireskark

 

[kyle555]

This would make your CMS log packets. ctrl+c to stop.
tshark -i eth0 port 22 -w /tmp/myssh.pcap

Honestly, what I'd suspect is the CMS Supervisor session is locked up. You'd get that "other end reset the connection and dropped" if you logged in with CMS Supervisor on one PC while in on another. You could still ssh via putty. The difference - even though both run on port 22 - is that putty is just a terminal and cms supervisor invokes the application. You'd equally fail to log in to CMS Supervisor with the 'cms' user account.

Here's another silly idea: I've been in environments where there's some firewall doing session or packet inspection. Leave a putty terminal up for >5 minutes and it kills it - but not gracefully - my CM terminal is dead, not responsive and a few minutes after a key press, then it'll timeout. Maybe people leaving it on overnight without a realtime display going (or something to cause real traffic all the time) would make some security stuff in between the PC and the CMS kill the connection ungracefully and not releasing the CMS Supervisor session gracefully causing it to lockup.

maybe next time a user has it happen, do a 'netstat -tunap |grep 22' in cms would show you all established sockets on that port, and if the person's IP is in there with CMS closed, and can't log in with their account, and can login with some other user's account from the same PC, then I'd look at SSH in your network more than on the CMS server.

 

[nortavaya]

Good analysis Kyle555, I see now the mechanism more clearly as you explain...
Thank you

 

[montyzummer]

You can also simply type "who" when in bash , this will give you all current connections into the box with associated IP , i get this issue at one of my sites all the time "they utilise supervisor reports for the wallboards" and connections get hung and the license capacity is usually maxed out.

ACSS (UC/SBCE/SM/SME)

Not that they mean a thing anymore , get a brain dump pass the test crash the system.