Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

flexera license grid daemon (lmgrd) cannot find route to another ec2 instance which is running the server

0

Hi I am trying to run software using Flexera's lmgrd daemon (ports 5280-5281) running vendor (server) daemons, security groups allow both inbound and outbound ports from any sub-net (0.0.0.0), both EC2 instances ("server" and clients) are on the same subnet, same region yet "no route to host" error type is reported. Has anyone already dealt with that? Reachability checker shows it reachabe, btw.

Argomenti
Networking e distribuzione di contenutiComputazionali
Tag
Amazon VPCAmazon EC2Networking e distribuzione di contenuti
Lingua
English
Momchil
posta 10 mesi fa218 visualizzazioni
2 Risposte
1
Risposta accettata

Client and server are in the same subnet (in the same VPC, in the same account), and inbound & outbound 5280/tcp & 5281/tcp are allowed in the security group.

Are there any ACLs associated with either instance?

Which operating system are the EC2s running, and is there a host-based firewall running on either? This would be likely be ufw on Ubuntu, or firewalld on Fedora/RHEL/CentOS.

Confirm the licence manager is definitely running and listening on those port(s), check with netstat -tulpn.

ncat https://nmap.org/ncat/guide/index.html can be useful for troubleshooting port issues, the package should be available to install from the standard repos and I believe is part of the nmap package (Ubuntu) or nmap-ncat (Fedora/RHEL/CentOS).

profile picture
ESPERTO
Steve_M
con risposta 10 mesi fa
  • Momchil
    10 mesi fa

    thanks for the direction RWC, indeed - It turned out that it was the host-os/firewalld being enabled, while I was assuming was disabled and this issue handled by AWS Security Group policies exclusively...

0

Hi, did you validate that the additional status checks of your various instances made by EC2 supervision are "full green"?

See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html

In particular, the system status check (see doc section) validates network connectivity. You should make sure that you're good on this side.

The next steps that I would suggest :

  • extends your current security groups to allow ICMP protocol to test via ping between server and clients
  • finally try to connect via telnet between clients and server to see if you get the proper connection or more diagnosis / debugging info.

I personally often use telnet to debug my tcp connectivity issues: see https://netbeez.net/blog/telnet-to-test-connectivity-to-tcp/

Hope it helps Didier

profile pictureAWS
ESPERTO
Didier_Durand
con risposta 10 mesi fa
  • Momchil
    10 mesi fa

    Hi Didier, thank you for the response and the suggested telnet debug. It turned out that it was the host-os/firewalld being enabled, while I was assuming was disabled and this issue handled by AWS Security Group policies exclusively...

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente