Problem with multi-server clustering in CF2016

New Here ,
Feb 11, 2021 Feb 11, 2021

Copy link to clipboard

Copied

Does anyone have tips on getting clustering wroking across multiple servers in fully patched CF 2016?  Update patch 14 added extra security to the AJP connector in the form of a secret value and it limits what addresses an AJP connector listen on, apparently.  I have two servers in a cluster and I can see from the logs that server WEB01 is trying to connect to server WEB02 but the connections are refused.  specifically the error is this:

ajp_connect_to_endpoint::jk_ajp_common.c (1124): (WEB02LocalClusterInstance_x.x.x.x) Failed opening socket to (x.x.x.x:8012)

The port number is correct for the WEB02 instance.  In the WEB02 instance's server.xml, the connector tag has the matching secret attribute, allowedRequestAttributesPattern=".*" and I've tried various values in the address attribute, with no success.

 

Does anyone have any suggestions for how to troubleshoot or fix this connection issue?

 

Thanks

Andy

Views

55

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Feb 12, 2021 Feb 12, 2021

Copy link to clipboard

Copied

Are you sure this is a CF problem? It sounds to me like your OS is just not accepting requests, if the port is shown as open in the CF configuration.

 

Dave Watts, Eidolon LLC

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 12, 2021 Feb 12, 2021

Copy link to clipboard

Copied

Well, that was my initial thought as well, but I don't think that's the case.  IT has assured me that since the servers are on the same subnet they aren't going through the network firewall, for testing I opened up all ports between the two servers on the windows firewalls, I can start and stop the instance on WEB02 from the instance manager on WEB01 and I can open CF admin on WEB02 from the WEB01 instance manager.  If the ports are open, would there be something in windows that would prevent WEB02 from listening to outside requests on port 8012, outside of firewall settings?

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Feb 12, 2021 Feb 12, 2021

Copy link to clipboard

Copied

LATEST

Andy, you list multiple things you did, but did you take that ip address (x.x.x.x) and put it in as the  address line on the very connector line where you made the other changes?

 

As you say, this is all due to changes in u14. The details are discussed in its technote (and the subsequent ones point to it). Or see a blog post I did on the matter in March 2020 when the update came out. 

 

https://coldfusion.adobe.com/2020/03/three-reasons-sites-may-break-fix-applying-mar-2020-update-cf20...

 

Let us know of it helps. 


/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines