We trying to connect to a AWS Managed AD from an external data integration tool (not with in an AWS VPC). This tool has a LDAP connector option.
When we test the connection, we are getting the error; "Error: Server Down"
Error stack;
java.lang.Exception: Failed to connect to <AD controller IPs/
application access URL> Port = 636. Using a secure connection. Error:
Server Down at
org.jitterbit.integration.client.ui.interchange.locatable.actions.TestConnectionResultDisplayer.showResult(TestConnectionResultDisplayer.java:64)
at
org.jitterbit.integration.client.ui.interchange.locatable.actions.TestConnectionJob.runImpl(TestConnectionJob.java:55)
at org.jitterbit.application.ui.job.UiJob$2.run(UiJob.java:529) at
org.jitterbit.application.worker.DefaultApplicationWorker$RunnableWrapper.run(DefaultApplicationWorker.java:105)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at
com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:131)
at
com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:74)
at
com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:82)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
We have tried with the controller IPs and and application access URL. All options return the same error.
How can we establish a connection to the managed AD? Any configurations to be done on AWS?
Related
I am trying to push logs to Cloudwatch from a RHEL Instance. Originally I was getting the error:
[outputs.cloudwatchlogs] Aws error received when sending logs to LogGroup/LogStream: RequestError: send request failed caused by: Post "https://logs.<region>.amazonaws.com/": dial tcp xx.xx.xx.xx:443: i/o timeout
I tried everything I could think of, I saw some things online that it could be Proxy related. I have a proxy server instance on the AWS account.
I added the following into the common-config.toml for Cloudwatch:
[proxy] http_proxy = "htttp://${PROXY_SERVER}:$PORT" https_proxy = "http://${PROXY_SERVER}:$PORT" no_proxy = "XX.XX.XX.XX"
The error I am getting now is:
[outputs.cloudwatchlogs] Aws error received when sending logs to LogGroup/LogStream: RequestError: send request failed caused by: Post "https://logs.<region>.amazonaws.com/": proxyconnect tcp: dial tcp: lookup http on XX.XX.XX.XX:53: server misbehaving
I am in a private VPC and I can't ping public sites as I get 100% packet loss. I can manually run the AWS Cli command to push an entry into the log stream. For now I am just trying to push /var/log/messages from my instance. Can anyone help with why the CloudWatch logs aren't pushing?
Some thing I have tried that didn't work for the original error:
exporting no_proxy
adding AWS_STS_REGIONAL_ENDPOINTS as an env variable
Ensuring port 443 is open on SG's
Ensuring IAM profile has correct permissions for CW and EC2
Is it possible to connect to on-prem kafka cluster using Kerberos authentication from cloud deployed service.
When we are trying to connect we are getting below error:
Caused by: KrbException: Generic error (description in e-text) (60) - Unable to locate KDC for realm "ABC.COM"
this is my jaas config:
com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true keyTab="/pathtokeytab" principal="principal_name#ABC.COM" ;
Please help me if anyone has faced such error.
From this link under heading Network connectivity to Kerberos, they say its challenging to connect to on-prem kafka server from cloud deployed services. Is it unachievable or requires some other configs:
https://blog.cloudera.com/how-to-configure-clients-to-connect-to-apache-kafka-clusters-securely-part-1-kerberos/
I created a redshift in aws console. the I went to cluster created and based on the information I got in the console I used them in SQL Workbench/J.
To set up sql workbench/J I used the following:
https://docs.aws.amazon.com/redshift/latest/mgmt/connecting-using-workbench.html
So here is my setup:
Now when I try to connect to it I get the following:
Any idea how I can fix it or what is going on?
UPDATE
I also gave inbound security group of the VPC which I had my redshift in full access to the IP address I am conncting and the same issue
Also here is the full logs:
2018-01-18 16:39:36 ERROR Error connecting to the database using
URL=jdbc:redshift://hamedtest.cb1dy4xxxxxxxxxxx [Amazon](500150) Error
setting/closing connection: Connection timed out: connect. [SQL
State=HY000, DB Errorcode=500150]
java.sql.SQLException: [Amazon](500150) Error setting/closing
connection: Connection timed out: connect.
at com.amazon.redshift.client.PGClient.connect(Unknown Source)
at com.amazon.redshift.client.PGClient.<init>(Unknown Source)
at com.amazon.redshift.core.PGJDBCConnection.connect(Unknown Source)
at com.amazon.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
at com.amazon.jdbc.common.AbstractDriver.connect(Unknown Source)
at com.amazon.redshift.jdbc.Driver.connect(Unknown Source)
at workbench.db.DbDriver.connect(DbDriver.java:513)
at workbench.db.ConnectionMgr.connect(ConnectionMgr.java:255)
at workbench.db.ConnectionMgr.getConnection(ConnectionMgr.java:182)
at workbench.gui.components.ConnectionSelector.doConnect(ConnectionSelector.java:22
7)
Caused by: com.amazon.support.exceptions.GeneralException: [Amazon](500150)
Error setting/closing connection: Connection timed out: connect.
Did you choose "Publicly accessible" YES (radio button) when creating your cluster? If that is set to NO then you can only access the cluster from inside your VPC.
You easily change this in the console by navigating to the cluster, clicking the Cluster ˅ button, clicking Modify. Then change the "Publicly accessible" selection and click the blue Modify button.
I have a problem with the cf log. If I'm using cf logs, I get the following error
C:\Users\Z003PCEU> cf logs hello-spring-cloud FAILED Error dialing
traffic controller server: dial tcp 139.25.25.200:4443: connectex: A
connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed
because connected hos t has failed to respond.. Please ask your Cloud
Foundry Operator to check the platform configuration (traffic
controller is wss://doppler.sys.de.c
loudfoundry.it-platforms.net:4443).
Using Curl to get access provides the following info
Proxy error
503
the proxy is only needed for communication outside the company. Cf should net use it.
Removing the proxy from console results in
Failed to connect to 10.0.0.17 port 4443: Connection refused
10.X.X.X is the cloud internal network.
Anyone an Idea?
It was a firewall problem. The port 4443 was not open. After changing the configuration within the firewall it works
I am trying to integrate the Mule Amazon SNS connector behind the corporate proxy and having much trouble to bypass the proxy. It always give me this error:
[[snstest].HTTP_Listener_Configuration.worker.01]
com.amazonaws.http.AmazonHttpClient: Unable to execute HTTP request:
Connection to https://sns.us-east-1.amazonaws.com refused
Exception stack is:
Unable to execute HTTP request: Connection to https://sns.us-east-1.amazonaws.com refused
Failed to invoke createTopic. Message payload is of type: NullPayload
org.mule.modules.sns.processors.CreateTopicMessageProcessor:129
I believe the issue is the proxy trying to block the connection between the application and the amazon endpoint. When I try it at home with direct internet, it worked. Also, I have also tried http:connector and http:proxy to configure the proxy and it has not worked at all.
Check the secret key and access key. Issue is not with proxy its problem in credentials.