Error "Unable to connect due to authentication failure" in EAP 7

Latest response

Hi all,

Domain Controller...: 192.168.244.146
HC1...: 192.168.244.147

I'm trying to set up a test env of one Domain Controller and 2 Host Controllers using EAP7 ati Linux. The Domain Controller is up and running fine, but when i try to add a HC to this domain controller, i get the following error:

[...]
[Host Controller] 18:57:28,797 INFO [org.jboss.as.remoting] (MSC service thread 1-1) WFLYRMT0001: Listening on 192.168.244.147:9999
[Host Controller] 18:57:29,034 WARN [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0001: Could not connect to remote domain controller remote://192.168.244.146:9999 -- java.lang.IllegalStateException: WFLYHC0043: Unable to connect due to authentication failure.
[Host Controller] 18:57:29,034 WARN [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0147: No domain controller discovery options remain.
[Host Controller] 18:57:29,034 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0002: Could not connect to master. Aborting. Error was: java.lang.IllegalStateException: WFLYHC0120: Tried all domain controller discovery option(s) but unable to connect
[Host Controller] 18:57:29,120 INFO [org.jboss.as] (MSC service thread 1-4) WFLYSRV0050: JBoss EAP 7.0.0.GA (WildFly Core 2.1.2.Final-redhat-1) stopped in 79ms
[Host Controller]
18:57:29,481 INFO [org.jboss.as.process.Host Controller.status] (reaper for Host Controller) WFLYPC0011: Process 'Host Controller' finished with an exit status of 99
18:57:29,486 INFO [org.jboss.as.process] (Thread-8) WFLYPC0017: Shutting down process controller
18:57:29,488 INFO [org.jboss.as.process] (Thread-8) WFLYPC0016: All processes finished; exiting

Here is my slave's "host-slave.xml", important parts:

<domain-controller>
    <remote username="jbossadm" security-realm="ManagementRealm">
        <discovery-options>
            <static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address}" port="${jboss.domain.master.port:9999}"/>
        </discovery-options>
    </remote>
</domain-controller>
<interfaces>
    <interface name="management">
        <inet-address value="${jboss.bind.address.management:192.168.244.147}"/>
    </interface>
    <interface name="public">
        <inet-address value="${jboss.bind.address:192.168.244.147}"/>
    </interface>
</interfaces>

The SSH is configured for the "jboss" operating system user and i am starting the HC (domain.sh) as jboss user. The JBoss administrator, configured at installation is "jbossadm"

I am using the following startup script, at the slave:

./domain.sh -Djboss.domain.master.address=192.168.244.146 --host-config=host-slave.xml

... sorry, but i am quite new on the JBoss world.

Any help will be very helpful.

Thanks

Responses

did you get it working ?

I am also getting similar kind of error , can some one help me on this

[Host Controller] 08:53:10,297 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0002: Could not connect to master. Aborting. Error was: java.lang.IllegalStateException: WFLYHC0120: Tried all domain controller discovery option(s) but unable to connect

I faced the same issue but after adding "name" property in host-slave.xml. This problem was resolved !! Please try and let me know. host xmlns="urn:jboss:domain:5.0" name="slave"

It's not working

Hola, en telecom argentina tenemos el mismo problema, saben que solución hay para esto?

Estimados, Brothers,

Pude resolver el problema, hay que hacer lo siguiente: I can solve the problem, you must do the following:

  1. Generar un usuario (gcplnxdevdg02)en el Domain Controller, copiar el Secret value obtenido.
  2. Modificar el archivo host.xml o host-slave.xml del Host Controller agregando el secret value: Agregar el valor name como sigue, este valor debe tener el mismo nombre del usuario que generamos en el paso 1. IMPORTANTE
  3. Asegurar que los valores de conexión, ip y puerto sean correctos: Donde gcplnxdevdg01 es el Domain Controller.
  4. Reiniciar el Host Controller en este caso es gcplnxdevdg02
  5. Listo, ya te conectas sin problema.

Saludos

All,

Why are some of us replying in Spanish? This makes the solution for non Spanish readers at least confusing, if not unreadabe. Google translate is not Always our friend.

Regards,

Jan Gerrit

P.S. If I would use my native language may be 1 or 2 Red Hat customers would understand. E.g. "Nimmen kin dit lêse, tink ik".

It soe it lestich wêze om te lêzen sûnder Google Oersetting, hoewol it ticht genôch is foar myn Dútske taalfeardichheden om hast bepaald te bestimmen.

the following is not a translation, but to underscore the point Jan Gerrit made, that we really ought to only be using English in this forum, as Red Hat has mentioned in previous discussions.

Dear Fabricio,

Let's see if this configuration steps can help you:

Assuming you've already created a management user for the host-controller, or you can simply add a new one by entering the following command:

# /$JBOSS_HOME/bin/add-user.sh

Choose the right options (for example):

 a) Management User (mgmt-users.properties)
username: node1user
password:  ***
What groups do you want ... [ ]: optional
About to add user 'node1' for realm 'ManagementRealm'
Is this correct yes/no? yes
Is this new user going to be used for one AS process to connect to another AS process? 
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? yes

Save the generated base64 password:

To represent the user add the following to the server-identities definition <secret value="MTIzNDU=" />

In your host-controller node, open the following file under $JBOSS_HOME/domain/configuration:

$ vim host-slave.xml

Edit the 3rd line from this file changing this (with the name of the previously created user):

<host xmlns="urn:jboss:domain:4.1">

to this:

<host name="node1" xmlns="urn:jboss:domain:4.1">

Also, change the value with your newly created base64 password:

<server-identities>
<!-- Replace this with either a base64 password of your own, or use a vault with a vault expression -->
     <secret value="MTIzNDU="/>
</server-identities>

And add the username information under :

<domain-controller>
        <remote security-realm="ManagementRealm" username="node1user">
            <discovery-options>
                <static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:192.168.50.50}" port="${jboss.domain.master.port:9999}"/>
            </discovery-options>
        </remote>
    </domain-controller>

Start you domain controller, and then you can start you host controller with the new settings:

sudo -u jboss ./domain.sh -Djboss.domain.base.dir=$YOUR_DOMAIN_BASE_DIR -Djboss.domain.master.address=$MASTER_IP --host-config=host-slave.xml

PS. If you had exported the domain/configuration folder to some different path, you need to rewrite your custom configuration files in order to keep your host-controller user stored in the mgmt-users.properties file (you can use the command "sudo -u jboss /{JBOSS-HOME}/bin/add-user.sh -dc /{CUSTOM-DIR}/domain/configuration").

Hi,

The step you mentioned "And add the username information under:", should that be in the doco Red_Hat_JBoss_Enterprise_Application_Platform-7.0-Configuration_Guide-en-US.pdf - chapter 8.5.2?

This solved my problem. Thank you.

Hello , I am new in jboss Administration. I want to configure jboss in domain mode.My Eap version is 7.2. My host controller not connected to domain controller & the Configuration is given below

My Host-master.xml configuration is given below

<local/> <expose-resolved-model/> <expose-expression-model/> <remoting-connector/>

===================================== My Host-slave.xml configuration is given below

My output is

[Host Controller] 12:12:33,301 WARN [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0001: Could not connect to remote domain controller remote+http://192.168.100.6:9990: java.net.ConnectException: WFLYPRT0053: Could not connect to remote+http://192.168.100.6:9990. The connection failed