5 Replies Latest reply: Aug 16, 2012 6:56 AM by Ian Anderson RSS

Avamar Administrator behind NAT = Unable to connect to a login server?

SystemMangler

Hi,

 

I have recently configured a fully NAT'd Avamar 6.1 environment:

 

Our NameOur IP AddressClient IP AddressClient Name
syd1-g1-util.XXXXXX10.59.0.1010.128.36.140auglb001.YYYYYY
syd1-g1-ds00.XXXXXX10.59.0.1110.128.36.41auglb002.YYYYYY
syd1-g1-ds01.XXXXXX10.59.0.1210.128.36.42auglb003.YYYYYY
syd1-g1-ds02.XXXXXX10.59.0.1310.128.36.43auglb004.YYYYYY

 

We also NAT the client systems so we can fully browse and initiate backups and restores.

 

Our DNS points to IPs on OUR network

 

Their DNS is not configured yet, BUT the clients have hosts entries which are as follows:

 

10.128.36.140   auglb001.YYYYYY syd1-g1-util.XXXXXX

 

Firewall rules allow 80, 443, 7778-81, 27000, 28001, 28002, 29000, and Ping.

 

This all works fine so far; backups running fine.

 

My issue is with the Avamar Administrator Java GUI, which we install on the clients Admin systems to allow them to log in and monitor, backu, and restore systems.

 

I keep getting "com.avamar.asn.NetworkException: Unable to connect to a login server"; other posts and entries seem to imply this is a DNS issue, but from the admin systems I can ping any of 10.128.36.140/auglb001/syd1-g1-util without issue due to the hosts file entry.

 

Anyone experience this?

 

Any suggestions?

  • 1. Re: Avamar Administrator behind NAT = Unable to connect to a login server?
    Ian Anderson

    It's not really a DNS issue. Well, it is and it isn't.

     

    Communication between the Avamar Administrator GUI and the Avamar Administrator Server currently relies on an older technology called Remote Method Invocation (RMI). There is a field in mcserver.xml called rmi_address. This rmi_address is sent back to the GUI and used to initialize the connection between the GUI and the Server and if the field is blank, it sends back the primary IP address of the utility node (typically bond0). To resolve this issue, the rmi_address field should be set to the short name of the Avamar server (utility node or single node).

     

    Once the rmi_address has been updated, any systems where the GUI is running need to be able to resolve that short name to the IP address where the server can be reached in that environment. Typically this means having the local DNS updated so it correctly resolves the NAT IP of the utility node.

     

    RMI will be going away in an upcoming release and this will no longer be an issue.

  • 2. Re: Avamar Administrator behind NAT = Unable to connect to a login server?
    SystemMangler

    Wow, I was really not expecting to get such a comprehensive and logical answer so quickly!

     

    You can bet I will be testing this tomorrow. I am assuming That this might also impact server side client activation as I was getting the very same error there?

     

    Jonathan

     

    Sent from my iPad

  • 3. Re: Avamar Administrator behind NAT = Unable to connect to a login server?
    Ian Anderson

    There are a few members of the engineering team kicking around on the forums. We pride ourselves on comprehensive, logical and quick

     

    With server-side activation, the issue is likely a different one. The client agent listens on port 28002 and in order to activate a client from the server, the Administrator Server (also called the MCS) must be able to reach the client on that port.

     

    If this is 1:1 NAT (where the clients can be reached through the NAT), you should be able to get them to activate by manually setting their paging address so the server knows how to reach the agent on port 28002. If the clients aren't routable through the NAT, they will have to be activated from the client side.

  • 4. Re: Avamar Administrator behind NAT = Unable to connect to a login server?
    SystemMangler

    I am afraid to say, this doesn't seem to be working for me. I set it in the two mcserver.xml files (var/server_data/prefs/ & lib) and restarted the MCS.

     

    I still get the same issue; I wonder do I need to restart GSAN or anything else?

     

    Jonathan

     

    Sent from my iPad

  • 5. Re: Avamar Administrator behind NAT = Unable to connect to a login server?
    Ian Anderson

    You should not modify the lib version of mcserver.xml -- it's the gold copy. This RMI issue does not involve the GSAN at all so there's no need to restart it.

     

    One more thing to check -- is lm running on the utility node? That's lm as in login manager. If it's not running, that would explain the issue. You can check if it's running using ps -ef | grep lm. If you find that it's not running, run the following command as the root user to start it:

    service lm start

     

    If you find that lm is running, I would recommend opening a service request so support can take a look at the system directly.