Cannot access Threat Analytics server over port 3000 and port 8443
Article ID: 279235
Updated On: 02-20-2024
Products
Issue/Introduction
The Threat Analytics (TA) server when up and running requires port 3000 and port 8443 to be listening. Sometime after running for a while, these two ports were found closed externally and further found that ports were not in listening state.
Working Scenario
1. Both port 3000 and port 8443 are LISTENing, the "netstat -an" command will return the LISTEN state as shown below. Also, the "systemctl status nginx" command on the ESX web console of TA server shows that nginx service is "Active".
Failing Scenario
A reboot did not resolve the issue as nginx service fails to start automatically. In addition, usage of "systemctl start nginx" command also does not start the nginx service and fails as shown below:
Environment
All supported Threat Analytics versions
Cause
The nginx service cannot start up on the TA server with error "host not found in upstream". Essentially, the DNS translation was not possible due to either DNS server in a stopped state or a firewall restricted the access from the TA server to the DNS server.
Resolution
The resolution can be achieved in the following three ways depending on the root cause of the issue (highlighted in Light Yellow)
1. If the DNS service is found to be in stopped state, then restart the DNS service. You can either reboot the TA server or manually issue the command "systemctl start nginx".
2. If a firewall exists between the TA server and the DNS server. Remove the firewall rule, you can either reboot the TA server or manually issue the command "systemctl start nginx".
3. If DNS service remains inaccessible , you can use the IP address instead of the hostname in the TA configuration files, navigate to /usr/local/interlock/config/nginx and in these three .conf files (namely, admin_app.conf, TAPtoPAM.conf and TAPui.conf) and use IP addresses instead of hostnames. Then you can either reboot the TA server or manually issue the command "systemctl start nginx".
4. Note that During the deployment of the TA server, DNS settings can be provided.
Please ensure the following:
1. The nameserver switches need to be in resolv.conf file located in /etc directory of the TA server. Add "nameserver IP_ADDRESS_OF_DNS_SERVER" " for as many DNS servers you have configured.
2. Test using nslookup.
3. Once nslookup resolves correctly, now you can go to the /usr/local/interlock/config/nginx and in these three .conf files (namely, admin_app.conf, TAPtoPAM.conf and TAPui.conf) use the $hostname instead of explicit IP addresses.
Additional Information
None.
Feedback
