All Apps and Add-ons

Splunk Add-on for Java Management Extension: ERROR - Failed to retrieve RMIServer stub

choehser
Explorer

Even after disabling the Firewalls on the Splunk Server, and on the JMX server (WebSphere Application Server), I get these errors:

2015-08-14 15:48:33,810 - com.splunk.modinput.ModularInput -610084 [Thread-7] ERROR  - Failed to retrieve RMIServer stub: javax.naming.NamingException: Error during resolve [Root exception is org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible  vmcid: IBM  minor code: E07  completed: No]
2015-08-14 15:48:33,852 - org.exolab.castor.mapping.Mapping -610126 [Thread-7] INFO   - Loading mapping descriptors from jar:file:/opt/splunk/etc/apps/Splunk_TA_jmx/bin/lib/jmxmodinput.jar!/mapping.xml
2015-08-14 15:48:33,957 - com.splunk.modinput.ModularInput -610231 [Thread-7] INFO   - 1 servers found in stanza jmx://_Splunk_TA_jmx_:Splunk_TA_jmx:PerformanceMonitoring

Any help is welcome!

Regards Chris

jenshaizmann
Explorer

Hello,

I found a solution to get the addon working on a splunk indexer with WAS jmx connection and enabled administrative security.

1. Download IBM SDK
download version 7 from http://www.ibm.com/developerworks/java/jdk/eclipse

2. Set environment variables

JAVA_HOME=D:\ibm_sdk70
SPLUNK_HOME=D:\Splunk

3. copy WAS' trust store to splunk instance
copy trust store to "D:/Splunk/etc/apps/Splunk_TA_jmx/trust.p12"

4. Enhance addon's jmx.py

# Set to True to use the MX4J JMX implementation
# USE_MX4J = True

# Set to True to test SSL
#TEST_SSL = True
TEST_SSL = False

[...]

#BOOTPATH = build_classpath(sep.join([MODINPUT_HOME, 'bin', 'lib', 'boot']), psep)
#if USE_MX4J:
#    BOOTPATH = BOOTPATH + build_classpath(sep.join([MODINPUT_HOME, 'bin', 'lib', 'mx4j_boot']), psep)
#"-Xbootclasspath/p:" + BOOTPATH,

JAVA_ARGS = [JAVA_EXECUTABLE, "-classpath", CLASSPATH,
    #"-Dcom.ibm.CORBA.enableClientCallbacks=true", # unknown property was set while testing
    "-Dcom.ibm.CORBA.ConfigURL=file:D:\\Splunk\\etc\\apps\\Splunk_TA_jmx\\sas.client.props", # required for a secure connection to WAS
    "-Dcom.ibm.SSL.ConfigURL=file:D:\\Splunk\\etc\\apps\\Splunk_TA_jmx\\ssl.client.props", # required for a secure connection to WAS
    #"-Dcom.ibm.CORBA.Debug=true", # enable this to debug
    #"-Dcom.ibm.CORBA.CommTrace=true", # enable this to debug
    #"-Dcom.ibm.CORBA.Debug.Output=D\\Splunk\\etc\\apps\\Splunk_TA_jmx\\corba.log", # enable this to debug
    "-Xms" + MIN_HEAP,
    "-Xmx" + MAX_HEAP, "-Dconfighome=" + CONFIG_HOME,
    "-Dsplunkhome=" + SPLUNK_HOME, JAVA_MAIN_CLASS]
if TEST_SSL:
    TEST_SSL_ARGS = "-Djavax.net.ssl.trustStore=" + SPLUNK_HOME + "/etc/apps/Splunk_TA_jmx/bin/mx4j.ks"
    JAVA_ARGS.insert(-1, TEST_SSL_ARGS)

5. copy sas.client.props from WAS & edit

com.ibm.CORBA.securityEnabled=true

[...]

com.ibm.CORBA.authenticationTarget=BasicAuth
com.ibm.CORBA.authenticationRetryEnabled=true
com.ibm.CORBA.authenticationRetryCount=3
com.ibm.CORBA.validateBasicAuth=false
com.ibm.CORBA.securityServerHost=
com.ibm.CORBA.securityServerPort=
com.ibm.CORBA.loginTimeout=300
com.ibm.CORBA.loginSource=properties

# RMI/IIOP user identity
com.ibm.CORBA.loginUserid=<admin user>
com.ibm.CORBA.loginPassword=<password>

[...]

# Does this client support stateful sessions?
com.ibm.CSI.performStateful=true

# Does this client support/require BasicAuth (userid/password) client authentication?
com.ibm.CSI.performClientAuthenticationRequired=false
com.ibm.CSI.performClientAuthenticationSupported=true

# Does this client support/require SSL client authentication? 
com.ibm.CSI.performTLClientAuthenticationRequired=false
com.ibm.CSI.performTLClientAuthenticationSupported=false

# Note: You can perform BasicAuth (uid/pw) and SSL client authentication (certificate)
# simultaneously, however, the BasicAuth identity will always take precedence at the server.

# Does this client support/require SSL connections?
com.ibm.CSI.performTransportAssocSSLTLSRequired=true
com.ibm.CSI.performTransportAssocSSLTLSSupported=true

# Does this client support/require 40-bit cipher suites when using SSL?
com.ibm.CSI.performMessageIntegrityRequired=false
com.ibm.CSI.performMessageIntegritySupported=true

# Note: This property is only valid when SSL connections are supported or required.
# Does this client support/require 128-bit cipher suites when using SSL?
com.ibm.CSI.performMessageConfidentialityRequired=false
com.ibm.CSI.performMessageConfidentialitySupported=true

6. copy ssl.client.props from WAS & edit

# TrustStore information
com.ibm.ssl.trustStoreName=ClientDefaultTrustStore
com.ibm.ssl.trustStore=D:/Splunk/etc/apps/Splunk_TA_jmx/trust.p12
com.ibm.ssl.trustStorePassword=<password>
com.ibm.ssl.trustStoreType=PKCS12
com.ibm.ssl.trustStoreProvider=IBMJCE
com.ibm.ssl.trustStoreFileBased=true
com.ibm.ssl.trustStoreReadOnly=false

7. copy some WAS libs to addon
Copy following files from D:/IBM/WebSphere/AppServer/runtimes (WAS instance) to D:/Splunk/etc/apps/Splunk_TA_jmx/bin/lib (splunk indexer)

com.ibm.ws.admin.client_8.5.0.jar
com.ibm.ws.ejb.thinclient_8.5.0.jar
com.ibm.ws.orb_8.5.0.jar

Regards, Jens

vu_le
New Member

Hi,

Just wondering if any one has found a solution to his?

Can't seem to move past this.

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

I'm wondering if you've followed the WAS directions (http://docs.splunk.com/Documentation/AddOns/latest/IBMWAS/About ), which call for an IIOP connection rather than an RMI connection?

0 Karma

choehser
Explorer

I tried to follow the "guide", but not sure if I understood everything the way it was meant, but I tried to...

The URL used, is
service:jmx:iiop://badportal/jndi/corbaname:iiop:badportal:10034/WsnAdminNameService#JMXConnector
this is about what is written as sample in the guide.

I read this as :
jmx over iiop.

Hope it helps to get over this

Thx, Chris

0 Karma

jenshaizmann
Explorer

Hello,

I've the same problem. Did you have already found any solution for this?

Regards Jens

0 Karma

choehser
Explorer

Hi Jens,

sorry, no helping answer so far 😞
In case I get an answer, or get itz to work somehow, I will let all know, as I thought, that others might stumble at this point as well.

Cheers, Chris

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...