CA Gen DTU tracing remote application shows successful initial connection but the Control Connection fails.

book

Article ID: 6617

calendar_today

Updated On:

Products

CA Gen CA Gen - Run Time Distributed

Issue/Introduction

Tracing a remote CA Gen application on Solaris server using the Windows Diagram Trace Utility (DTU). The initial connection from the server application to the DTU listening port 4567 is successful but the subsequent Control Connection back to the server fails. The DTU console log shows:

Listening started, port: 4567

Detected V3 Session 

Initiating session with "/server_ip:36610" 

Failed to establish Control Connection with "server_ip:36611" 

*** Not all debugging features will be available. 

*** Often caused by a firewall preventing connections back to the client. 

*** Reason: "java.net.ConnectException: Connection timed out: connect"

Cause

The Control Connection uses a random available port (ephemeral port) on the server which cannot be specified as a fixed value. Therefore the server firewall needs to be open for all possible ephemeral ports to allow the Control Connection to succeed.

Environment

CA Gen 8.5, 8.6

Tracing remote Gen server and block-mode applications.

Resolution

Open the firewall on the server for all possible ephemeral ports.

Additional Information

On Unix/Linux environments the ephemeral port range defaults to 32768-65535 but this can be controlled by changing  the kernel parameters "tcp_smallest_anon_port" and "tcp_largest_anon_port" 

For example for Solaris here is a link from the Oracle DB documentation: Setting UDP and TCP Kernel Parameters Manually