By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

flexera license grid daemon (lmgrd) cannot find route to another ec2 instance which is running the server

0

Hi I am trying to run software using Flexera's lmgrd daemon (ports 5280-5281) running vendor (server) daemons, security groups allow both inbound and outbound ports from any sub-net (0.0.0.0), both EC2 instances ("server" and clients) are on the same subnet, same region yet "no route to host" error type is reported. Has anyone already dealt with that? Reachability checker shows it reachabe, btw.

Topics
Networking & Content DeliveryCompute
Tags
Amazon VPCAmazon EC2Networking & Content Delivery
Language
English
Momchil
asked 10 months ago213 views
2 Answers
1
Accepted Answer

Client and server are in the same subnet (in the same VPC, in the same account), and inbound & outbound 5280/tcp & 5281/tcp are allowed in the security group.

Are there any ACLs associated with either instance?

Which operating system are the EC2s running, and is there a host-based firewall running on either? This would be likely be ufw on Ubuntu, or firewalld on Fedora/RHEL/CentOS.

Confirm the licence manager is definitely running and listening on those port(s), check with netstat -tulpn.

ncat https://nmap.org/ncat/guide/index.html can be useful for troubleshooting port issues, the package should be available to install from the standard repos and I believe is part of the nmap package (Ubuntu) or nmap-ncat (Fedora/RHEL/CentOS).

profile picture
EXPERT
Steve_M
answered 10 months ago
  • Momchil
    10 months ago

    thanks for the direction RWC, indeed - It turned out that it was the host-os/firewalld being enabled, while I was assuming was disabled and this issue handled by AWS Security Group policies exclusively...

0

Hi, did you validate that the additional status checks of your various instances made by EC2 supervision are "full green"?

See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html

In particular, the system status check (see doc section) validates network connectivity. You should make sure that you're good on this side.

The next steps that I would suggest :

  • extends your current security groups to allow ICMP protocol to test via ping between server and clients
  • finally try to connect via telnet between clients and server to see if you get the proper connection or more diagnosis / debugging info.

I personally often use telnet to debug my tcp connectivity issues: see https://netbeez.net/blog/telnet-to-test-connectivity-to-tcp/

Hope it helps Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 10 months ago
  • Momchil
    10 months ago

    Hi Didier, thank you for the response and the suggested telnet debug. It turned out that it was the host-os/firewalld being enabled, while I was assuming was disabled and this issue handled by AWS Security Group policies exclusively...

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content