Remote JMX connection

L

12

108

I'm trying to open a JMX connection to java application running on a remote machine.

The application JVM is configured with the following options:

com.sun.management.jmxremote
com.sun.management.jmxremote.port=1088
com.sun.management.jmxremote.authenticate=false
com.sun.management.jmxremote.ssl=false

I'm able to connect using localhost:1088 using jconsole or jvisualvm. But I'm not able to connect using xxx.xxx.xxx.xxx:1088 from a remote machine.

There is no firewall between the servers, or on the OS. But to eliminate this possibility I telnet xxx.xxx.xxx.xxx 1088 and I think it connects, as the console screen turns blank.

Both servers are Windows Server 2008 x64. Tried with 64-bit JVM and 32-bit, neither work.

Lard answered 7/5, 2009 at 13:12 Comment(2)

Probably related to #151738 – Lard 7/5, 2009 at 16:46

Here is detailed guide https://mcmap.net/q/202598/-remote-jmx-connection – Hazelwood 25/7, 2012 at 16:25

A

129

Had it been on Linux the problem would be that localhost is the loopback interface, you need to application to bind to your network interface.

You can use the netstat to confirm that it is not bound to the expected network interface.

You can make this work by invoking the program with the system parameter java.rmi.server.hostname="YOUR_IP", either as an environment variable or using

java -Djava.rmi.server.hostname=YOUR_IP YOUR_APP

Amenity answered 7/5, 2009 at 13:31 Comment(4)

Don't forget about hostname -i, see https://mcmap.net/q/202598/-remote-jmx-connection for details. – Hazelwood 25/7, 2012 at 16:26

Worked! In our environment we use VMWare virtual machines. The server was on a VM. The VM was deployed fenced so it has internal and an external IP addresses. We started the server java process with -Djava.rmi.server.hostname=<external-ip-address>. – Allodial 28/10, 2013 at 21:39

To set the host ip or change the localhost ip this link would be useful. – Halloran 28/4, 2014 at 10:27

I have two questions here - 1) What if one wants to use JMXMP rather than JMX. What would be the configs for that? and 2) Is it possible to make the JMX connection without loading the RMI protocol? – Kursh 17/2, 2015 at 12:12

H

75

I've spend more than a day trying to make JMX to work from outside localhost. It seems that SUN/Oracle failed to provide a good documentation on this.

Be sure that the following command returns you a real IP or HOSTNAME. If it does return something like 127.0.0.1, 127.0.1.1 or localhost it will not work and you will have to update /etc/hosts file.

hostname -i

Here is the command needed to enable JMX even from outside

-Dcom.sun.management.jmxremote 
-Dcom.sun.management.jmxremote.authenticate=false 
-Dcom.sun.management.jmxremote.ssl=false 
-Dcom.sun.management.jmxremote.port=1100
-Djava.rmi.server.hostname=myserver.example.com

Where as you assumed, myserver.example.com must match what hostname -i returns.

Obviously, you need to be sure that the firewall does not block you, but I'm almost sure that this is not your problem, the problem being the last parameter that is not documented.

Hazelwood answered 25/7, 2012 at 16:24 Comment(5)

Adding -Djava.rmi.server.hostname=myserver.example.com did the trick! Thanks! – Profitable 4/4, 2014 at 16:22

I took the liberty of opening a JDK docs bugs for this: bugs.openjdk.java.net/browse/JDK-8066405 – Felly 2/12, 2014 at 9:44

"Be sure that the following command returns you a real IP or HOSTNAME. If it does return something like 127.0.0.1, 127.0.1.1 or localhost it will not work and you will have to update /etc/hosts file." What? – Essieessinger 7/5, 2015 at 13:40

Just a quick not, the java.rmi.server.hostname=<Public DNS name from AWS EC2 console for the instance>. Hope this helps someone. – Suspensive 14/2, 2016 at 21:18

@PedroD: YOu need to an an entry to /etx/hosts with your public IP and the hostname you use for "-Djava.rmi.server.hostname" – Pye 13/10, 2020 at 21:58

P

28

In my testing with Tomcat and Java 8, the JVM was opening an ephemeral port in addition to the one specified for JMX. The following code fixed me up; give it a try if you are having issues where your JMX client (e.g. VisualVM is not connecting.

-Dcom.sun.management.jmxremote.port=8989
-Dcom.sun.management.jmxremote.rmi.port=8989

Also see Why Java opens 3 ports when JMX is configured?

Primaveria answered 5/10, 2016 at 18:14 Comment(0)

B

12

http://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole

If you are trying to access a server which is behind a NAT - you will most probably have to start your server with the option

-Djava.rmi.server.hostname=<public/NAT address>

so that the RMI stubs sent to the client contain the server's public address allowing it to be reached by the clients from the outside.

Beefy answered 8/9, 2011 at 21:4 Comment(0)

B

8

it seams that your ending quote comes too early. It should be after the last parameter.

This trick worked for me.

I noticed something interesting: when I start my application using the following command line:

java -Dcom.sun.management.jmxremote.port=9999
     -Dcom.sun.management.jmxremote.authenticate=false
     -Dcom.sun.management.jmxremote.ssl=false

If I try to connect to this port from a remote machine using jconsole, the TCP connection succeeds, some data is exchanged between remote jconsole and local jmx agent where my MBean is deployed, and then, jconsole displays a connect error message. I performed a wireshark capture, and it shows data exchange coming from both agent and jconsole.

Thus, this is not a network issue, if I perform a netstat -an with or without java.rmi.server.hostname system property, I have the following bindings:

 TCP    0.0.0.0:9999           0.0.0.0:0              LISTENING
 TCP    [::]:9999              [::]:0                 LISTENING

It means that in both cases the socket created on port 9999 accepts connections from any host on any address.

I think the content of this system property is used somewhere at connection and compared with the actual IP address used by agent to communicate with jconsole. And if those address do not match, connection fails.

I did not have this problem while connecting from the same host using jconsole, only from real physical remote hosts. So, I suppose that this check is done only when connection is coming from the "outside".

Bignonia answered 18/6, 2010 at 10:27 Comment(2)

What do you mean by "your ending quote comes too early"? I have the same problem, I see the TCP connection being made, but eventually jconsole claims it failed to connect. – Unseasonable 3/4, 2013 at 22:28

I don't know, if I remember correctly, there was a quote open somewhere and this quote was not at the end of parameters. Maybe it was in a batch script, I can't remember. But I must admit this answer makes no sense regarding the question... Maybe the question has been edited? No edited notification under the question... I don't know, I'm sorry. – Bignonia 5/4, 2013 at 7:13

I

7

the thing that work for me was to set /etc/hosts to point the hostname to the ip and not to the loopback interface and than restart my application.

cat /etc/hosts

127.0.0.1      localhost.localdomain localhost
192.168.0.1    myservername

This is my configuration:

-Dcom.sun.management.jmxremote.port=1617 
-Dcom.sun.management.jmxremote.ssl=false 
-Dcom.sun.management.jmxremote.authenticate=false

Its answered 2/12, 2014 at 9:1 Comment(1)

Yeah, it works for me too. So what does hostname do indeed? – Dermot 28/10, 2021 at 9:46

R

5

Thanks a lot, it works like this:

java -Djava.rmi.server.hostname=xxx.xxx.xxx.xxx -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=25000 -jar myjar.jar

Risorgimento answered 11/3, 2014 at 14:42 Comment(0)

A

2

I know this thread is pretty old, but there's an additional option that will help greatly. See here: https://realjenius.com/2012/11/21/java7-jmx-tunneling-freedom/

-Dcom.sun.management.jmxremote.rmi.port=1099

Antiar answered 18/9, 2018 at 18:12 Comment(0)

V

2

Try this, I tested to access JMX inside docker container

-Dcom.sun.management.jmxremote=true -Djava.rmi.server.hostname=localhost -Dcom.sun.management.jmxremote.port=16000 -Dcom.sun.management.jmxremote.rmi.port=16000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false

Then

$ jconsole localhost:16000

Vanya answered 29/5, 2020 at 0:14 Comment(0)

R

1

To enable JMX remote, pass below VM parameters along with JAVA Command.

    -Dcom.sun.management.jmxremote 
    -Dcom.sun.management.jmxremote.port=453
    -Dcom.sun.management.jmxremote.authenticate=false                               
    -Dcom.sun.management.jmxremote.ssl=false 
    -Djava.rmi.server.hostname=myDomain.in

Renaud answered 4/12, 2017 at 8:36 Comment(2)

Can you tell me why is it binding to 0.0.0.0 and not to a specific IP – Gareri 18/4, 2018 at 6:12

0.0.0.0 is special and mean "all ips" – Deerhound 24/9, 2021 at 0:41

W

0

I have the same issue and I change any hostname that matches the local host name to 0.0.0.0, it seems to work after I do that.

Recommended topics

Hot tags