Troubleshooting Multiserver Monitoring

Report · Oct 29, 2008

We have multiple CF8 Enterprise Servers that I had configured in the MultiServer Monitor. However they recently stopped working except on the server from which they were called (i.e. localhost). I have added all the ip's for the range that traffic should be coming from but it seems to be coming from somthing else. Is there a way I can log where the requests are coming from on the other servers so I can modify the multiservermonitor-access.xml file accordingly.

Report · Oct 29, 2008

Turns out that with the latest release of Flash the security model was changed which caused the Monitor to stop working. I ended up having to add a crossdomain.xml file to the root the the CF Instances (C:\JRun4\servers\{ServerName}\cfusion.ear\cfusion.war) with the following code in it.

Report · Oct 30, 2008

I'm surprised by an assertion that this was due to a change in "the latest release of Flash". This cross-domain security model is quite long-standing. I'll say I'm sorry I didn't see your question earlier, because I wrote about this subject at length in part 4 of a 4-part series I did on the Server Monitor. (That's also further testament that this isn't a "new" issue.)

I also would point out that while you changed it to permit "all" IPs, from a security perspective you can choose instead to create an entry for each IP or domain name of servers from which the Multiserver Monitor will be launched. You need to specify the domain names/ips on separate XML entries. And note that it's NOT about the IP of the client running the monitor, but simply that from which the MultiserverMonitor is launched (and the entries need to be made in the XML file of the server being monitored frmo the MS Monitor).

Hope that helps, even if just other readers, if you're happy to leave it at "all". For more, the specific section of the article on the MultiServer Monitor and Cross-Domain XML is here, and the start of all the articles is here.

/Charlie (troubleshooter, carehart. org)

Report · Oct 30, 2008

Just to clarify in case anyone else runs into this issue. The October 2008 Flash Updates increased the security policy to strict which caused flash to ignore my multiservermonitor-access.xml files. I simply created a "Master" policy file and added a meta-policy line to allow the multiservermonitor-access policy, which does restrict the IP's from which the monitor can be accessed. The issue was there was no crossdomain.xml file and their was no meta policy defined. Found this by using the Debug Flash Player and looking at the PolicyFiles.txt file that was created.

Report · Oct 30, 2008

Wow, that's pretty huge news. Thanks so much for sharing, AGICroeder.

I did some digging and just found this Adobe article that explains it more (and the top of the article has an update about the very October 2008 updates). It explains it also in the context of versions of Flash that are rolling out these new policies.

http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html

(It turns out that's also the same page that the error message points to, though it names it http://www.adobe.com/go/strict_policy_files.)

So what are people to do? AGICroeder said he 'simply created a "Master" policy file and added a meta-policy line to allow the multiservermonitor-access policy'. Rather than ask him/her, I tried things out myself and here's what I did. S/he can clarify if they did anything difference.

I created a crossdomain.xml file (we didn't need one before) and placed it in the root of the web server (above where the CFIDE is, which is where the multiservermonitor-access-policy.xml was needed per the previous instructions for CF8. See the article I had written, mentioned above, for more on where that may be located for you.)

In that file, I placed these lines:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM " http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>

(I've pasted some XML code above. If it doesn't show up, I'll create a new note with the code as an attachment.)

Note that, I discuss in the article, if you make changes to these XML files, you may still see errors (or things not working right) despite your change, but that's just because the browser/flash caching the XML. You can either force a hard refresh (hold down shift while refreshing the page), or close and reopen the browser.

Hope that helps someone.

I wonder if Adobe may come out with a CF technote about all this, as it's sure to eventually bite anyone using the MultiServer monitor, but CFers are often unaware of such changes in the Flash platform. I'll blog about it, for sure, but that won't be as far-reaching as a new technote. And I'll be sure you credit you for identifying it. (Would you mind sharing your name, or do you prefer to be listed just as AGICroeder?)

/Charlie (troubleshooter, carehart. org)

Report · Nov 17, 2008

I am just glad that I can possibly help someone else from having to dig through this issue.

Chad Roeder