Solved

Host IPS installed on Server -functionality of Web Application impaired w/ IPS, FW & AB off

Posted on 2012-12-28
3
520 Views
Last Modified: 2013-12-09
I have a proprietary Web appliction running on Win 2008 x64, Tomcat 7 and Active MQ (JMS) as it is also a web service.   The client application connects to the Server using SSL via standard port 443 and to active MQ via the standard ssl port 61617.
 
Functionality between  works before I install the HIPS 7 module (latest patch).  Then, I install the HIPS module (IPS, NIPS, AB, and FW disabled/off) it still functions...UNTIL I restart the Tomcat 7 service.  At this point is when the connection between the client and server will fail when the conncetion is intitated by the client.  It appears someone (either client or server) closes the connection during the handshake.  
 
HIPS is NOT installed on the client to eliminate that from being the issue as we test and narrow the problem down..
 
I suspect is is an issue with SSL, I but need to know if HIPS, even turned off, changes anything with how the Server can use SSL configured a specific way so I can get the developers to fix it as the certificates and keystore are installed and configured using their own utilities in their application rather than manually.
 
Since it works before HIPS is installed up until Tomcat is restarted and then works after HIPS is uninstalled (with a reboot), everything is pointing to HIPS.  If I knew what could be blocked or not allowed even with all items turned off in HIPS, I could try to go that direction as well.
 
I have followed most of what is in this document except the Microsoft Debug Diagnostic Tool.  This also includes using wireshark and nothing stands out.
https://mysupport.mcafee.com/eservice/TemplatePage.aspx?sURL=3

 
All HIPS logs are put into verbose debut, but during this time and there are no VIOLATIONS picked up and there are no BLOCKED PID's.  Actually the logs really don't detect anything.
 
So, I have also tried putting FW with an ANY ANY ANY rule to see if it would work to narrow down the issue and perhaps see something in the logs.
 
Uninstalleing the NDIS driver did not help either among other steps I have take, which will take too much time to write out.
 
With all relevant troubleshooting steps I even took extra steps turning services on and off and rebooting to make sure.
 
I even resorted to trying HIPS 8 with everything off and had the same exact results.
 
 
Appreciate any help.
0
Comment
Question by:bmcdowell540
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 6

Expert Comment

by:traoher
ID: 38728537
You may want to check for port conflict.  Some of the applications may conflict with the port you are trying to use.
0
 
LVL 1

Author Comment

by:bmcdowell540
ID: 38735497
I thought of that and changed some port numbers on the application.  

Do you know of a good way of checking port conflicts?
0
 
LVL 6

Accepted Solution

by:
traoher earned 500 total points
ID: 38735507
from the command prompt, you can check to see which application is listening to a specific port.  If your application doesn't start because of port conflict, you can see it the application that has taken it.  here is the syntax:

netstat -nao

if you want to filter it, do


netstat -nao | find "portnumber"  where portnumber is 80 if http is your expect port.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question