Skip to main content
B
bmelendy
Known Participant
January 28, 2011
Question

Multiserver Monitor Permission Denied...

  • January 28, 2011
  • 1 reply
  • 10652 views

So I've been dealing with this for years now, since version 8 and now with version 9 of

Coldfusion.  I can't ever get my multi-server monitor to monitor more than the local server from which I run the multiserfver monit

or.  I've edited the multiservermonitor-access-policy.xml to use the following line:

<allow-access-from domain="*" />

However, that doesn't work even after restarting Coldfusion.

Does anyone have this working?  I think I'm about to buy fusion-reactor so I can actually monitor my servers but it's always frustrating when something that should be pretty simple just doesn't work right.  Thanks in advance for any input.

...Brad

    This topic has been closed for replies.

    1 reply

    S
    StevenErat
    Inspiring
    January 28, 2011

    Could do a real quick packet sniff to capture the status codes and content?

    I would confirm that the file is being requested, sent, and that it has the

    expected content.

    Try Wireshark.

    B
    bmelendyAuthor
    Known Participant
    January 28, 2011

    A better question might be if there are any special firewall requirements for the communication between servers?  I wonder what port they use?  I was trying out the new Coldfusion Server Manager and it lets you add multiple servers with a very similar interface with the only difference being that it works?!  Same servers added through the Multiserver Monitor get permission denied?  Likewise, no problems when trying the Fusion-Reactor server.  I wonder how many people actually use the multi-server monitor? 

    I probably won't go to the trouble of trying to sniff packets, it's cheaper to buy a third party solution.  Thanks for your response Steven.

    S
    StevenErat
    Inspiring
    January 29, 2011

    Since I was actually on the ColdFusion 8.0 engineering team at Adobe and personally tested the multiservermonitor back in 2006/7, I find it very surprising to learn that /crossdomain.xml is now required in the webroot INSTEAD of /CFIDE/multiservermonitor-access-policy.xml.

    I did some testing on a couple local ColdFusion 9.01 servers, and to force the requirement of the access file, I loaded the CF Admin Multiserver Monitor over localhost (127.0.0.1) and then tried to add a different CF instance to the monitor using the other interface for the same machine 192.168.1.104.  As expected, I got Permission Denied.  I then went to the target server that I was trying to add, and I enabled the multiservermonitor-access-policy.xml by uncommenting the appropriate line.  I was really stunned to find that the target server still showed a Permission Denied status (Figure 1).

    Upon examining the console (Figure 2) where I started the target server, I found a series of error messages for

    "error Requested resource '/crossdomain.xml' (%2fcrossdomain.xml) not found",

    logged every time the Server Monitor attempted to refresh the view (every 20 seconds).

    I went back to the Server Monitor console and switched to the Errors tab (Figure 3) where I found a very helpful message:

    "Ensure that you have allowed access to this server by changing the crossdomain.xml file."

    With that information in hand, I Googled "multiservermonitor-access-policy.xml" + "crossdomain.xml" and came across the following references:

    1. A blog comment by Adobe QA Engineer Jayesh Viradiya. "simply Ignore the multiserver-access-policy file and put the following  crossdomain.xml file, with appropriate client machine permissions where  you are running multiserver Monitor, and put this crossdomain under the  CF Server wwwroot, which you are trying to connect to"
    2. The ColdFusion 9 Documentation on Multiserver Monitor. "Note:  The cross domain details need to be mentioned in the crossdomain.xml file and this file must be placed directly under webroot. Previously, this file was placed under <webroot>/CFIDE/multiservermonitor-access-policy.xml. For more information, see www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html "
    3. ColdFusion bug 79603. "The workaround is: If multiservermonitor-access-policy.xml is renamed as crossdomain.xml and it is placed directly under webroot rather than CFIDE,then it works."

    This one went completely under my radar as this is the first time that I found out about this change.  When I made the change to my server test, I found it then worked with /crossdomain.xml on the target server.

    This should do it for you.  Let us know.

    Figure 1

    Figure 2

    Figure 3

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices