Skip to main content
F
forrestmahannah
Inspiring
July 10, 2021
Answered

Is it possible to change the DNS host name coldfusion 2021 was installed under?

  • July 10, 2021
  • 4 replies
  • 2766 views

When I installed CF 2021 Ent I accepted the defaults like I normally do and set up the instances and all run just fine. BUT now I want to use performance monitoring toolset to monitor those instances from a remote machine and cannot make it work. CF is running everything on the internal server as localhost or 127.0.0.1 and since those are not reachable from a remote machine PMT will not connect to each instance. If I use the domain name assigned to the IIS site for an instance and port 8500, the result is a server 500 error.

 

I assume that when I installed CF I should have specified the DNS hostname for the EC2 server instead of localhost in order to make this work, but server is in production and I cannot re-install coldfusion.

 

So is there any way to edit config files for the internal web server used for admin and PMT to use the hostname of the server instead of localhost or 127.0.0.1?

 

Thanks

    This topic has been closed for replies.
    Correct answer forrestmahannah

    OK here is the update and the fix that worked for me. Vikram at Adobe support was very helpful and tried hard to find a resolution. In the process of both of us testing connections from PMT running on one network and a CF instance running on another network (AWS EC2) I finally came up with a solution that worked for me.

     

    First make sure all the ports needed are opened both ways as others have instructed.

     

    Some background: On the CF server the PMT datastore had been set to my PMT server's external IP address.

    On the PMT server the datastore service would only start up when I set the network.host setting in the elasticsearch.yml config file to my PMT servers INTERNAL IP address. So the CF machine was told to use the external IP reachable from one network to the other, but the PMT datasource running on my server in the office was bound to the internal IP address.

     

    When trying to connect to a remote CF instance from PMT it would fail with a 500 page error showing as the content in the little error icon mouseover. Logs for PMT did not show anything.

     

    Checking logs on the CF instance that I tried to connect to I found a ton of errors like this in the coldfusion-error.log,

    even though the connection failed it starts some elassticsearch sniffer process on the CF server that was trying to connect to my internal datastore IP instead of the external one configured in coldfusion. Even worse these did not stop filling the logs until I shut down both my local PMT service and the datastore and restarted the CF instance!

     

    Jul 19, 2021 4:43:39 PM org.elasticsearch.client.sniff.Sniffer error
    SEVERE: error while sniffing nodes
    java.net.ConnectException: Timeout connecting to [/192.168.254.71:9250]

     

    So I knew the issue was on the PMT side which was bound to my internal IP. So that is what it was telling the CF server to use for the datastore. And Datastore would not start if bound to my external IP.

     

    We tried all kinds of things and today I discovered that the Elasticsearch datastore can bind to multiple hosts/ips AND it can use a different host/ip for incoming and outgoing traffic.

     

    So, after stopping both the datastore and the PMT service on my office server, in my elasticsearch.yml file in the datastore/config folder where you installed PMT file I did these things:

     

    Comment out with a # as the first character the entries for these items if they are in your file:
    network.host:

    transport:host

     

    Then below those add two new entries, replacing the values in <> brackets with your IPs or hosts:

    network.bind_host: <Your Internal IP or host name>
    network.publish_host: <Your External IP or host name>

     

    Save your changes, then restart the datasource service and the PMT service.

    If you had already tried to connect PMT to a remote CF instance and have not restarted that instance

    since the failure do that first. Then try to connect PMT to your remote instance.

     

    For me this worked first try after trying without success for days ... I hope someone else finds it helpful.

     

    Thanks to Vikram at Adobe for all the effort he put in as well!

     

     

    4 replies

    F
    forrestmahannahAuthorCorrect answer
    Inspiring
    July 19, 2021

    OK here is the update and the fix that worked for me. Vikram at Adobe support was very helpful and tried hard to find a resolution. In the process of both of us testing connections from PMT running on one network and a CF instance running on another network (AWS EC2) I finally came up with a solution that worked for me.

     

    First make sure all the ports needed are opened both ways as others have instructed.

     

    Some background: On the CF server the PMT datastore had been set to my PMT server's external IP address.

    On the PMT server the datastore service would only start up when I set the network.host setting in the elasticsearch.yml config file to my PMT servers INTERNAL IP address. So the CF machine was told to use the external IP reachable from one network to the other, but the PMT datasource running on my server in the office was bound to the internal IP address.

     

    When trying to connect to a remote CF instance from PMT it would fail with a 500 page error showing as the content in the little error icon mouseover. Logs for PMT did not show anything.

     

    Checking logs on the CF instance that I tried to connect to I found a ton of errors like this in the coldfusion-error.log,

    even though the connection failed it starts some elassticsearch sniffer process on the CF server that was trying to connect to my internal datastore IP instead of the external one configured in coldfusion. Even worse these did not stop filling the logs until I shut down both my local PMT service and the datastore and restarted the CF instance!

     

    Jul 19, 2021 4:43:39 PM org.elasticsearch.client.sniff.Sniffer error
    SEVERE: error while sniffing nodes
    java.net.ConnectException: Timeout connecting to [/192.168.254.71:9250]

     

    So I knew the issue was on the PMT side which was bound to my internal IP. So that is what it was telling the CF server to use for the datastore. And Datastore would not start if bound to my external IP.

     

    We tried all kinds of things and today I discovered that the Elasticsearch datastore can bind to multiple hosts/ips AND it can use a different host/ip for incoming and outgoing traffic.

     

    So, after stopping both the datastore and the PMT service on my office server, in my elasticsearch.yml file in the datastore/config folder where you installed PMT file I did these things:

     

    Comment out with a # as the first character the entries for these items if they are in your file:
    network.host:

    transport:host

     

    Then below those add two new entries, replacing the values in <> brackets with your IPs or hosts:

    network.bind_host: <Your Internal IP or host name>
    network.publish_host: <Your External IP or host name>

     

    Save your changes, then restart the datasource service and the PMT service.

    If you had already tried to connect PMT to a remote CF instance and have not restarted that instance

    since the failure do that first. Then try to connect PMT to your remote instance.

     

    For me this worked first try after trying without success for days ... I hope someone else finds it helpful.

     

    Thanks to Vikram at Adobe for all the effort he put in as well!

     

     

      BKBK
      Community Expert
      BKBKCommunity Expert
      Community Expert
      July 20, 2021

      @forrestmahannah , Great description. 

      Thanks for sharing the solution.

      F
      forrestmahannahAuthor
      Inspiring
      July 20, 2021

      Now that I have PMT running and connceting to remote instances, I see a couple other issues I don't understand. Should I create a new post or add to this one?

       

      Thanks everyone!

      Charlie Arehart
      Community Expert
      Charlie ArehartCommunity Expert
      Community Expert
      July 14, 2021

      Forrest, any update on your progress? Did anything from BKBK or me perhaps help get you any further? Any new lessons learned that you might share for the sake of others? 

      /Charlie (troubleshooter, carehart. org)
      F
      forrestmahannahAuthor
      Inspiring
      July 15, 2021

      I contacted Adobe support at the cfinstal@adobe.com address and have been working with them to debug and resolve the issue with commecting PMT to an instance on an outside network. He spent quite some time today with me in screen share working to resolve it and finally got some error messages that he is using to work on a fix. When we do get it running I will post everything we found here for others who might have similar issues. Right now the main problem seems to be an issue with the datasource where CF is trying to use my datasource internal IP which is not reachable instead of my external IP, even though all config files specify the external IP

       

      I will post here when resolved hopefully soon

       

      Thanks

        BKBK
        Community Expert
        BKBKCommunity Expert
        Community Expert
        July 15, 2021

        Thanks, @forrestmahannah , for the update. 

        BKBK
        Community Expert
        BKBKCommunity Expert
        Community Expert
        July 11, 2021

        This doesn't sound to me like a ColdFusion or PMT question. It sounds like the kind of question Server Admins have from breakfast.

         

        ColdFusion may be installed on the "local" machine, but 127.0.0.1 is NOT the IP that the rest of the world would use to get access. On your home computer or on a computer abroad, which IP and port or domain-name do you use to gain access to the ColdFusion application? Those are the details PMT needs.

         

        PMT is on a separate machine, which may be hosted, say, in Outer Mongolia. It should still be able to have access to the ColdFusion application. Get your Server Admin to set the necessary firewall rules in place, if necessary.

         

        The settings that PMT needs for connecting to any ColdFusion instance are:
        https://helpx.adobe.com/coldfusion/performance-monitoring-toolset/configure-coldfusion-performance-monitoring-toolset-settings.html )

        • Server name
          IP address or the host name of the machine where ColdFusion is running.

        • Port
          The port of the server where ColdFusion is running.

        • J2EE context
          Because the J2EE environment supports multiple, isolated web applications running in a server instance, J2EE web applications running in a server are each rooted at a unique base URL, called a context root (or context path). The J2EE application server uses this initial portion of the URL (that is, the portion immediately following http://hostname) to determine which web application services an incoming request.

          For example, if you are running ColdFusion with a context root of cf1, you display the ColdFusion Administrator using the URL http://localhost/cf1/CFIDE/administrator/index.cfm.

          Specify the context only in case of a J2EE server.

        • Monitoring shared secret

         

         

         

        BKBK
        Community Expert
        BKBKCommunity Expert
        Community Expert
        July 11, 2021

        A previous, related discussion:

        https://community.adobe.com/t5/coldfusion/performance-monitoring-toolset-server-config-howto/m-p/11507720 

        Charlie Arehart
        Community Expert
        Charlie ArehartCommunity Expert
        Community Expert
        July 11, 2021

        And BKBK, I had pointed that link you offer in a reply to  another thread Forrest had opened this week, which is why I'd not repeated it here. (I had hinted at that in my first reply.) But fair enough to repeat it for the sake of others. Again, I foresee a compilation of such pmt resources, in addition to a how-to on understanding and resolving such issues. Otherwise many are left "stuck in the mud", as Forrest feels here. 

        /Charlie (troubleshooter, carehart. org)
        Charlie Arehart
        Community Expert
        Charlie ArehartCommunity Expert
        Community Expert
        July 10, 2021

        Forrest you'll be writing a book on configuring the pmt soon. Or the answers we offer here could form the start of one. 🙂 So, first there's no option during the install that configured localhost for the cf admin and builtin web server (biws) . All you're asked to confirm is the choice of port, 8500 by default.

         

        And to be clear, what you may use to get to iis doesn't relate directly to the biws, in that by default we can no longer access the CF Admin via IIS. But sure, if there's a domain name you use with IIS that resolves to the server, then a request using that WOULD be passed to the biws if you also use its port.

         

        But what you're encountering (I suspect) is instead how the ip address FROM WHICH you can reach the admin can be limited. And you can control that in the cf admin itself, in the Security>Allowed IP Addresses page, and it's SECOND section. 

         

        If you add the ip of the machine from which you want to run the pmt, does that solve it? No cf restart should be required. 

         

        Related to this, there IS in fact an option in the installer to control that/those initial ip address values. But only if you choose production+secure as the deployment type (which I'd argue is a mistake on Adobe's part, as anyone may want to set that then). But again it's not the domain name.

         

        And actually, since cf2018 the installer new DOES have an additional screen that offers a field with the default value of the machine name. That is indeed for the sake of the pmt, and some internal config that it makes. That's discussed also in that Adobe video I referred to in another comment earlier this week, and in some doc or blog post of theirs.

         

        But I don't think that's your issue and the info above should help. If it doesn't, there may be yet another tweak needed, if the http connector (not the ajp connector) in the cfusion/runtime/conf/server.xml may have a host value needing to be tweaked.  I'm not at my computer as I write this. 

         

        I can update things to confirm that no, by default, there's not something in the server.xml that limits access from off of localhost. I really didn't think there was, but I wanted to give you that possibility to consider if the other "Allowed IP Addresses" feature wasn't the solution. There IS indeed a defaulthost="localhost" value in the Engine element, but I can confirm that (as I suspected) I am able to access my CF admin and that BIWS from off the host and using a domain name that resolves to the IP of the machine (assuming of course that the firewall has been set to allow access to the biws port for the IP from which I'm making the test, or I am VPNed into its network.)

         

        Let's see how you fare and then I or others can help if you're still stuck. As I've noted in other threads, the pmt is a fairly complex beast to get setup unless everything's on the same machine...which is not the way adobe recommends it be installed....or at least on the same network. It can be done. It just leads to the very issues you are hitting, and that others have. 

        /Charlie (troubleshooter, carehart. org)
        F
        forrestmahannahAuthor
        Inspiring
        July 10, 2021

        IP addresses are already allowed in CF admin.

         

        Yes it was in the CF2021  install where it asked for the dns hostname for PMT that I messed up

        and left it at the default.

         

        A request to the servers hostname and port 8500 appears to be going to the IIS server and returning a 500 error page, but I find that strange because IIS only listens on 80 and 443, so if the request is getting to the CF internal web server then why does it return a 500 error?

         

        The main reason my client upgraded to Enterprise was for separate instances allowing application isolation and the PMT being used to monitor instances remotely. Installing PMT and Datastore on the production CF server is not recommended and would require too many system resources so why can't I find specific instructions for using it from a remote server?

         

        Sorry but this is getting frustrating. Do you know of anyone who has managed to set up PMT to monitor a remote instance outside of the local network?

         

        As always I appreciate the efforts to help.

        Charlie Arehart
        Community Expert
        Charlie ArehartCommunity Expert
        Community Expert
        July 11, 2021

        Well, that host name is indeed something you can change after the install. See the CF admin, and its pmt button/monitoring settings page. Again these things are covered more in the docs and that video is mentioned. 

         

        I appreciate your frustration. I'm just a volunteer here trying to help you. If you need more and no one else steps up to satisfy your expectations, especially from Adobe, reach out to them directly via cfinstal@adobe.com. That's for free install support, and this fits that I'd think. 

         

        If you somehow can't get satisfaction, the purchase of enterprise is not lost. The ability to create instances is just one of many benefits to buying enterprise, not to mention that an enterprise license covers 8 cores while Standard only covers 2.

         

        Finally, others who found the pmt not suitable for whatever reason have generally been very satisfied with fusionreactor instead (fusion-reactor.com). No, it's not free. I help people use it every day, solving problems for hundreds of engagements per year. Only a few use the pmt, so the number of variations I see are indeed limited.

         

        Again, perhaps others will step up for you, but in the meantime I'll keep trying. 

        /Charlie (troubleshooter, carehart. org)
        Terms & ConditionsAccessibility statement
        Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices