[ACCEPTED]-Connecting remote tomcat JMX instance using jConsole-jconsole

Accepted answer
Score: 63

I had a similar, if not the same, problem. I 6 could connect to the JMX server if I started 5 jconsole locally on the machine.

It appears 4 the RMI server was not listening on the 3 correct ip. So, as was suggested in this related question, I 2 added the following:

-Djava.rmi.server.hostname=<host ip>

to JAVA_OPTS as well, and then 1 it worked.

Score: 36

I've collected information spread over the 21 net, found with hints from other members.

Most 20 pain caused by JMX is (imo) the fact that 19 JMX opens a second dynamically allocated 18 network port. A firewall (like iptables) will 17 block this.

Solution for tomcat on linux 16 :

use tomcat 6.0.24 or newer download catalina-jmx-remote.jar 15 from apache tomcat extras (use browse on 14 tomcat download page) copy it in the $CTALINA_HOME\lib

This 13 allows you to set both ports used by JMX

edit 12 Server section in your server.xml

<Server port="8005" ..>
  ...
  <Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="9840" rmiServerPortPlatform="9841"/>

set some 11 environment variables (e.g. in setenv.sh)

CATALINA_OPTS="
  -Djava.rmi.server.hostname=IP-TO-LISTEN
  -Dcom.sun.management.jmxremote.password.file=$CATALINA_BASE/conf/jmxremote.password 
  -Dcom.sun.management.jmxremote.access.file=$CATALINA_BASE/conf/jmxremote.access 
  -Dcom.sun.management.jmxremote.ssl=false"

this 10 activates access control for JMX

jmxremote.access 9 will look like

monitorRole readonly
controlRole readwrite

end jmxremote.password will 8 be

monitorRole tomcat
controlRole tomcat

(just simple spaces)

restart tomcat.

Now 7 configure firewall on the server (e.g. iptables)

/etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9840 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9841 -j ACCEPT

and 6 /etc/sysconfig/ip6tables

-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 9840 -j ACCEPT
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 9841 -j ACCEPT

restart iptables 5

Done!

Now use VisualVM or JConsole on your 4 workstation to establish a connection to 3 rmiRegistryPortPlatform, 9840 in our sample.

If 2 there are no more firewalls between workstation 1 and server it should work.

Score: 13

Tried with Java 8

1. Add this to your java tomcat startup script:

-Dcom.sun.management.jmxremote.port=1616
-Dcom.sun.management.jmxremote.rmi.port=1616
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.local.only=false
-Djava.rmi.server.hostname=localhost

for example add into bin/setenv.sh this:

export CATALINA_OPTS="$CATALINA_OPTS \
-Dcom.sun.management.jmxremote.port=1616 \
-Dcom.sun.management.jmxremote.rmi.port=1616 \
-Dcom.sun.management.jmxremote.local.only=true \
-Dcom.sun.management.jmxremote.authenticate=false \
-Dcom.sun.management.jmxremote.ssl=false "

2. Execute this on your computer.

  • Windows users:

    putty.exe -ssh user@remote-host -L 1616:remote-host:1616

  • Linux and Mac Users:

    ssh user@remote-host -L 1616:remote-host:1616

3. Start jconsole on your computer

jconsole localhost:1616

4. Have fun!

  • P.S.: during step 2, using ssh and -L you specify that the port 1616 on the local (client) host is to be forwarded to the remote side.
  • P.S.2.: you can specify same port for JMX and RMI conversations

0

Score: 8

what string are you using as the JMX connection 5 url. I don't mean to point out the obvious 4 but JConsole has a terrible interface and 3 to me requires an overly complex url before 2 it will connect to a remote jmx app. Mine 1 looks like this:

service:jmx:rmi:///jndi/rmi://(hostname):(jmxport)/jmxrmi
Score: 3

Enable JMX in Tomcat8, successfully tested in my POC

1/ Download the catalina-jmx-remote.jar from apache website and 6 place in $CATALINA_HOME/lib.

2/ Take server.xml / setenv.sh backup. Make the 5 changes to server.xml like below-

<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" />

3/ Make the changes 4 to $CATALINA_BASE/bin/setenv.sh like -

[...]

JVM_OPTS="[...] 
-Dcom.sun.management.jmxremote 
-Dcom.sun.management.jmxremote.authenticate=true 
-Djava.rmi.server.hostname=<eth:0_IP>| <`hostname -i`> 
-Dcom.sun.management.jmxremote.password.file=/apps/data/apache-tomcat-8_8080/conf/jmxremote.password 
-Dcom.sun.management.jmxremote.access.file=/apps/data/apache-tomcat-8_8080/conf/jmxremote.access 
-Dcom.sun.management.jmxremote.ssl=false 
-Dcom.sun.management.jmxremote.local.only=false 
-Dcom.sun.management.jmxremote=true "

4/ Create these two files as 3 - $touch $CATALINA_BASE/conf/jmxremote.password containing:

admin letmein

$touch $CATALINA_BASE/conf/jmxremote.access containing:

admin 2 readwrite

$ chmod 600 jmxremote.password

5/ Restart tomcat and test on jconsole 1 tool :)

$echo|telnet 10.105.14.90 10001
Score: 2

What exactly do you mean when you say "But 7 can't connect successfully."? Is there 6 an error message? Try turning on logging 5 in jconsole and see if that helps debug 4 it.

To turn on jconsole logging, edit a file 3 named logging.properties in the directory 2 you will be running jconsole in, add:

handlers= java.util.logging.ConsoleHandler

.level=INFO

java.util.logging.FileHandler.pattern = %h/java%u.log
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter

java.util.logging.ConsoleHandler.level = FINEST
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter

javax.management.level=FINEST
javax.management.remote.level=FINEST

Then, start 1 jconsole with:

jconsole -J-Djava.util.logging.config.file=logging.properties
Score: 2

if you are working on linux, modify the 22 catalina.sh file adding:

                CATALINA_OPTS="-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=<HOST_IP> -Dcom.sun.management.jmxremote.port=<HOST_PORT> -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
            export CATALINA_OPTS

or modify the /etc/profile 21 file as root and rerun the file (source 20 /etc/profile)

if you are working on windows 19 and you are starting tomcat from the command 18 line, use the environment variable CATALINA_OPTS

if 17 you are working on windows and you are starting 16 tomcat as a service, you'll need to use 15 the monitor service utility to configure 14 the service initialization parameters (neither 13 setenv.bat, catalina.bat or env-vars will 12 work). for that you'll need the service 11 name that appears listed in services.msc 10 (for example jasperreportsTomcat). After, you'll 9 need to open a console as administrator 8 and execute (for example): tomcat6w.exe 7 //MS//jasperreportsTomcat

with this command 6 will appear a tray icon where you can open 5 a panel. In the "Java" tab now you can modify 4 the jmx options. Be careful to not add trailing 3 whitespaces and use the "[enter]" symbol 2 to separate each option line by line.

-Dcom.sun.management.jmxremote
-Djava.rmi.server.hostname=192.168.61.101
-Dcom.sun.management.jmxremote.port=9999
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false

Hope 1 it helps

Score: 1

I got something for all of you, in order 13 to complete the investigation of this whole 12 thing. There is a trick, it happens that 11 profiler tool connnects with the jvm using 10 a port, but the jvm continues the conversation 9 using another random port. If the jvm is 8 running inside a remote machine (for example 7 : a tomcat web-app server), and the remote 6 machine has protection against outgoing 5 and incoming connections, you must set the 4 java system property com.sun.management.jmxremote.rmi.port to the same value 3 of the property named com.sun.management.jmxremote.port

Source : https://serverfault.com/questions/308662/how-do-i-fix-a-failed-to-retrieve-rmiserver-stub-jmx-error And also 2 check this out : http://blog.cantremember.com/debugging-with-jconsole-jmx-ssh-tunnels/

Hope to contribute guys!

And 1 good luck!

Score: 1

Check if your server is behind the firewall. JMX 8 is base on RMI, which open two port when 7 it start. One is the register port, default 6 is 1099, and can be specified by the com.sun.management.jmxremote.port 5 option. The other is for data communication, and 4 is random, which is what cause problem. A 3 good news is that, from JDK6, this random 2 port can be specified by the com.sun.management.jmxremote.rmi.port 1 option.

add the line in you {tomcat_dir}/bin/setenv.sh:

export CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8991 -Dcom.sun.management.jmxremote.rmi.port=8991 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false"
Score: 0

Changing the /etc/hosts on linux, where I replaced 3 the localhost address associated to my account 2 to the machine ip, solved this problem for 1 me.

Score: 0

Well, I had this problem in a Linux box 11 (virtual machine) and I fixed it using -Djava.rmi.server.hostname 10 property but there's a thing I can't understand. My 9 machine has 5 tomcat servers, all of them 8 has jmx enabled in consecutive ports (8008,8018,8028...) and 7 only one of them had this issue connecting 6 JMX. No firewall, no -Djava.rmi.server.hostname 5 property in any tomcat....

So the thing is 4 that I understand the problem but I can't 3 understand why 4 of my tomcats worked and 2 1 of them not.

P.D: My english is very poor, I 1 know. My Apologies.

Score: 0

PROTIP: You need to fix (as in having a 6 known number) the RMI Registry and JMX/RMI 5 Server ports. You do this by putting jar-file 4 in the lib-dir and configuring a special 3 listener. (And ofcourse the usual flags 2 for activating JMX

    -Dcom.sun.management.jmxremote  \
    -Dcom.sun.management.jmxremote.port=8999 \
    -Dcom.sun.management.jmxremote.ssl=false \
    -Dcom.sun.management.jmxremote.authenticate=false \
    -Djava.rmi.server.hostname=<HOSTNAME> \

See: JMX Remote Lifecycle 1 Listener at http://tomcat.apache.org/tomcat-6.0-doc/config/listeners.html

More Related questions