[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 500
  • Last Modified:

calling another system using IP and port

hi guys

My set up is i have a Websphere applicaiton server which
contains a java application. The java application is trying to invoke a URL http://19.140.3.1:54555  and get the response back.
But i get this following connection refused exception


[4/20/11 10:42:49:183 EDT] 0000002e SystemErr     R           org.apache.http.conn.HttpHostConnectException: Connection to http://19.140.3.1:54555 refused
[4/20/11 10:42:49:184 EDT] 0000002e SystemErr     R      at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:127)
[4/20/11 10:42:49:184 EDT] 0000002e SystemErr     R      at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147)
[4/20/11 10:42:49:184 EDT] 0000002e SystemErr     R      at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
[4/20/11 10:42:49:184 EDT] 0000002e SystemErr     R      at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
 
just spoke to the system admin :
http://19.140.3.1:54555  is basically a CICS box. So i am guessing my application is trying to invoke the
CICS box on port : 54555   and getting a connection refused exception

any idea where is the problem and how i can debug/fix it ?
any help appreciated.
thanks
0
royjayd
Asked:
royjayd
  • 7
  • 7
  • 5
  • +1
1 Solution
 
Bryan ButlerCommented:
I believe the CICS box is a mainframe.  Can you find out if a webserver is even running on the box?  If so, then try to bring up any page from the CICS box.  That will be the first step to debug it.  
0
 
HonorGodCommented:
No application is running on IP address 19.140.3.1 that is listening on port 54555, or some firewall could be blocking the request from your machine to the specified IP address.
0
 
royjaydAuthor Commented:
trying to inderstand the scenario. Is 19.140.3.1 the IP of some application or the CICS (mainframe) box itself?
thanks
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
HonorGodCommented:
It is the IP address of the target system to which the connection request is being sent...

This command may help you figure out what it actually is:


nslookup 19.140.3.1
0
 
Gary PattersonVP Technology / Senior Consultant Commented:
Your application is expecting to find an HTTP server running at 19.140.3.1 on port 54555.  When your application attempts to open a TCP connection to this service, the connection attempt fails.  

The fact that it is a "CICS box" probably means exactly nothing - at least when it comes to this problem.  

You're application is trying to connect to a web service, not CICS.  You're getting the "Connection refused" message because your application cannot successfully connect to that remote web service (or there's no web service running on that port).  

By the way, it looks like this IP address is owned by Ford Motor Company and is located in Dearborn Michigan.

There are numerous possible causes:

1) The remote system or application is performing some sort of filtering, and decided to reject your connection attempt for some reason.  Contact the remote application administrator and determine if authorization or registration is required to access this service.  This is a very likely cause.

2) The remote system is not responding quickly enough, and the connection attempt is timing out.  If this is happening, you'll typically see a message later in the stack trace.  Contact the remote system administrator to determine if there is a problem with the availability of the remote service, or modify your application to increase the connection timeout.

3) The remote application is not currently running (or is running, but on a different port).  Contact the remote system administrator for assistance.

4) A firewall or other network device is blocking the connection.  Contact your local network administrator and the remote network administrator for assistance in gaining access to the remote service.

Questions and suggestions:

- Are you sure the IP address and port are correct?

- Are you connecting to this system locally (same subnet) or remotely?  

- Is there a firewall, filtering router, or a VPN between your system and the remote host?

- Have you ever been able to access the remote service before?

- Attempt to PING and TRACEROUTE from your system to the remote system, and post your results here.

- If you'll explain what your application is doing (or attempting to do), we might be able to provide more focused troubleshooting assistance.

- Gary Patterson


0
 
Bryan ButlerCommented:
Excellent Gary.  That's a good article for anyone who has the "something is not connecting" issue.  Any luck royjayd?  Sounds like a security issue.  Are you sure you have the right credentials?  Do you have the API for the call?
0
 
royjaydAuthor Commented:
Thanks Gary and others
How can I ping and traceroute from my system?
Will the ping check if port on that ip is active?

I am using windows xp system
Thanks
0
 
royjaydAuthor Commented:
also i did a nslookup

C:\>nslookup 19.140.3.1
Server:  np555c2n1.lotus.com
Address:  160.74.115.2

*** np555c2n1.lotus.com can't find 19.140.3.1: Non-existent domain

guys for security reasons i cannot give the exact IP which i am trying. 19.140.3.1is a example IP.
Can anyone explain what the nslookup command above did?
I am guessing its not finding somehting?
thanks
0
 
Bryan ButlerCommented:
try:

traceroute -p 54555   19.140.3.1

http://en.wikipedia.org/wiki/Traceroute

ping 19.140.3.1

Here's some online tools the might help:

http://network-tools.com/
0
 
royjaydAuthor Commented:
C:\>traceroute -p 54555   19.140.3.1
'traceroute' is not recognized as an internal or external command,
operable program or batch file.
0
 
Bryan ButlerCommented:
Doh.  I mean nslookup, not traceroute.  And you had already done it before my post.  Looks like it's there try telnet just to see if it picks up:

telnet <ip>  <port>

You wont be able to get a response unless telnet is running on the host for the port, but if you don't get an error, then that port is listening and it's probably a security issue.  What type of security does it have?
0
 
Bryan ButlerCommented:
Use this page if you don't have things installed:


http://network-tools.com/ 
0
 
Gary PattersonVP Technology / Senior Consultant Commented:
No idea why developedtester advised to do an nslookup.  nslookup is a tool used to help resolve DNS problems.  Since you are not using DNS (you already know the IP address that you're trying to connect to), nslookup is a waste of time.  Forget about it.

In Windows, open a command prompt, and type

PING x.x.x.x

Where x.x.x.x is the numeric IP address of the remote system.   This will tell you if you can even establish a basic IP connection to the remote system.  If you get responses back, then you at least have verified that you can connect using the ICMP (PING's protocol) protocol.  There is still no guarantee that you can attach to a specific TCP service running on a specific port.  PING is just a good place to start.  If you cannot PING an IP address, it means that the host is either unavailable (offline, shut down), or that there is a firewall or other network filtering in place between you and the remote host, and you can stop wasting your time and ask for help from either your local network administrator, the remote administrator, or both in order to establish connectivity to the remote system.

If you cant' PING, try issuing a traceroute.  The Windows command is:

TRACERT x.x.x.x

(No idea where the "-p" option listed by developedtester comes from.  Suspect he/she just made it up.  Traceroute is not a TCP tool, and is certainly not port-specific.  Tracert issues ICMP packets, like PING).

This command, in essence, attempts to PING each router between you and the remote host, and if a remote system is unreachable, it can sometimes tell us about where in the route the connectivity issue lies.  Again, it does not use TCP, but ICMP, so there is no guarantee that if you can trace the route that you'll be able to connect to a specific service.

Finally, you were advised to attempt to connect with TELNET.  It is a good idea, but developedtester says "You won't be able to get a response unless telnet is running on the host for the port"...

That's not correct.  We're not looking for a Telnet server.  We're looking for a HTTP server, and the good news is that with a little basic knowledge of the HTTP protocol, you can use a telnet client to test connectivity to an HTTP server.

Follow these specific instructions (note that the instructions tell you to telnet to port 80.  In your specific case, you want to telnet to port 54555, since that's where the HTTP server is supposed to be according to your initial question.)

Test HTTP via Telnet Client
http://www.esqsoft.com/examples/troubleshooting-http-using-telnet.htm

Also, please go back and answer each of my questions.

Now that I know you posted a false IP address (please don't do this: I wasted time trying to diagnose the connection to that particular system.  If you need to obscure an address, tell us that right up front), I have one additional question:

Is the remote address a PUBLIC IP address on a different network, or a PRIVATE IP address on the SAME network as your system?  If you aren't sure, post the first two digits of each IP address, and we can make an informed guess.

- Gary Patterson
0
 
Gary PattersonVP Technology / Senior Consultant Commented:
I'm not meaning to be harsh about developedtester's advice.   I'm sure that he/she is just trying to help.  Problem is, incorrect advice can really confuse the issue.

Anway, developedtester and I agree on one thing:  this is probably a security or firewall issue, and you probably can't solve that without the help of the remote network or system administrator and/or your local network administrator.  You need to get them involved right now.

You'll probably save a lot of time if you perform the PING, TRACERT, and TELNET tests that I've described, and copy the results to both administrators when you ask for help.  ANd make sure you give them the REAL addresses involved.

Also, what happens when you just open up a browser and put in that URL?  I expect that you'll get an error or timeout there, too, but if not, it might be useful in diagnosing the original problem.

http://x.x.x.x:54555

- Gary Patterson
0
 
royjaydAuthor Commented:
Thanks Gary for taking the time and responding.
I am going to execute the commands, talk to cics
Admin and get back to you. The problem is I am in the java
Team and cics admin belongs to cics team so it takes
Time to get response from him.
0
 
Gary PattersonVP Technology / Senior Consultant Commented:
Happy to help.  Post back if you need additional assistance.

- Gary Patterson
0
 
Bryan ButlerCommented:
I was on an old "tranceroute" man page which had:

-p     Set the base UDP port number used in probes (default is  33434).
              Traceroute  hopes that nothing is listening on UDP ports base to
              base  +  nhops  -  1  at  the  destination  host  (so  an   ICMP
              PORT_UNREACHABLE message will be returned to terminate the route
              tracing).  If something is listening on a port  in  the  default
              range, this option can be used to pick an unused port range.

Sorry for the confusion.  This isn't an option anymore.  
0
 
royjaydAuthor Commented:
ran the ping and tracert
should it be
'telnet 19.140.3.1 54555   ?

thanks

0
 
Gary PattersonVP Technology / Senior Consultant Commented:
Depends on the telnet client you are using. From xp using the native Microsoft client, that is correct.
0
 
royjaydAuthor Commented:
Everything works great now, Thanks very much.
Any help with my next question will be greatly appreciated
http://www.experts-exchange.com/OS/Unix/Q_27037666.html
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 7
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now