Articles in this section

See more

DataCenter 8 GUI requires Command Server DNS Name (host name) to connect

Avatar
Jon
  • Updated
Follow

Related to KB article: 'DataCenter 8 requires host names of nodes involved in backup to be resolvable to IPv4 address'.

Note: DataCenter 8 GUI (Java GUI) does not support FQDN (Fully Qualified Domain Name) address or IP address for the "Server" address field, you will need to use the host name of the Command Server and only the host name can be utilized (additionally 127.0.0.1 or localhost can only be utilized if running the GUI directly from the Command Server machine).  Make sure you can 'ping hostname' of Command Server and it resolves to IPv4 address, from the machine you are running the GUI from.  Note: FQDN and IP address methods worked in versions prior to 8 but no longer.  And DataCenter 8 can't work if the host name of the Command Server node contains underscore characters ( _ ); it will not allow login to either the Java or Web GUI if so.

Extra steps may be necessary if attempting to utilize the DataCenter GUI (Java and Web) from a computer that is not the Command Server.  This a how to that can be used to determine if that is an issue and how to resolve it.  Versions of DataCenter older than 8 did not use SSL for the connection so everything could be connected to by IP address, in v8 this is no longer the case.  The GUI now requires the Command Server to be resolvable by the Certificate Subject Alt Name DNS Name(s) property that is stored in the SSL cert on the Command Server.  This is not much of an issue if all of your systems are on the same domain but for mixed environments it can be, or if not all machines have DNS records.  A similar issue can be seen with nodes involved in backup if those nodes use an IP address for the 'Default Address' property seen in Nodes Management.  Everything needs to resolve by DNS/host name now in version 8.

It is important to know that connection attempts via the Java GUI v8 will fail if the DNS Name (host name) of the Command Server cannot be resolved to the IPv4 address and it will not allow connection via IP addressYou will not be able to connect to the Java GUI via IPv4 address, other than using 127.0.0.1/localhost directly from the Command Server machine.  DataCenter 8 contains many changes on the back end so that all client nodes and GUI connections to the Command Server are done over SSL/TLS as standard now, and the DNS name stored in the SSL certificate on the Command Server require that proper DNS name addressing to authenticate to it.  The IPv4 address is not part of the SSL certificate, other than 127.0.0.1.  Older versions of DataCenter did not utilize SSL connections so you were able to address everything via IP address and connect via IP and that worked, but that is no longer the case.  This is not an issue if you are utilizing the GUI directly from the Command Server, but if you want to access either the Java GUI or the Web GUI from another computer/device then it would need to be resolvable by host name, this is to due with the change in version 8 whereby the host name is stored as a parameter (Certificate Subject Alt Name) in the SSL certificate that the Command Server uses to authorize connections to it.  Please read and understand this KB article prior to continuing: 'DataCenter 8 requires host names of nodes involved in backup to be resolvable to IPv4 address'.

[Terminology definitions for this article: Java GUI = "DC Management Console" shortcut installed by DataCenter 8 using the GUI installer, normally installed a secondary workstation computer as to avoid having to remote in to the Command Server via RDP.  Web GUI = "DC Web Console" shortcut installed by DataCenter 8 using the Command Server installer, and then that shortcut is copied to a secondary computer such as a Windows workstation, where you just want to access the Web GUI from a browser on that machine, as to not have to remote in to the Command Server computer via RDP or utilize the Web GUI via a browser directly from the Command Server computer.  IPv4 is IP version 4, this is the only IP address type that DataCenter supports, if you have IPv4 and IPv6 enabled on a computer, then IPv6 will never be utilized by DataCenter software.  Certificate Subject Alt Name is a property of the SSL certificate that is generated at installation time for Command Server and is utilized by the NovaStor DC Command Server and Database services in DataCenter Command Server 8.  It contains DNS Names and IP address of the Command Server, and will only allow connections to it based on those DNS addresses and IP addresses.  All client nodes as well as connections from the Java GUI and the Web GUI browser connection talk to that certificate on the Command Server over SSL/TLS protocols and will be denied that connection if not accessed based on a connection to an address that is in the Subject Alt Names portion of that SSL certificate (this is the single .cer file located in the /etc/ folder) that is installed on the Command Server.  You can double-click on the file to read the Subject Alt Names property via the Command Server machine directly, or you can utilize the Web GUI via a browser on the Command Server directly to then view the SSL certificate properties inside the local web browser.  RHEL is Red Hat Enterprise Linux (which some other Linux variants use as a base such as CentOS) which is the example operating system utilized by the Command Server for Linux in the example, the example Linux Command Server is installed using the 'RHEL / Centos 7 DataCenter Command Server 64-bit' installer, compatible with RHEL Linux 7.x.  NotePad++ and 'notepad.exe' are text editors available for Windows, that can be used to edit the Windows hosts file.  nano and vi are two text editor applications that are available in pretty much every variant of Linux, which can be used to edit the Linux hosts file.]

Connecting to the Command Server Java GUI and Web GUI from a computer other than the Command Server requires the host name of the Command Server to be resolvable to the IP address of the Command Server.  In some cases such as for Linux Command Server's the Linux computer is not part of an actual domain as compared to the Windows computers in the business which are normally joined to an active directory domain.  This means that if you were to attempt to install the DataCenter GUI on a computer that is not the Command Server, and you then want to connect to the Command Server's Java GUI or Web GUI, you find that you are not able to do so and the error may be shown as SSL cert error.  From that other separate computer, if you were to attempt to ping the Linux Command Server by host name you may find you are unable to, since it is not on the domain or in DNS.  If that is the case, you will need to add a "hosts" entry to the computer in question that you are attempting to use to make the connection to the Command Server, whether that be the computer you want to utilize the Java GUI or Web GUI from, or as a client node to communicate to the Command Server.  This can also be the case if your Windows Command Server is in a Workgroup, and all of your other computers are on an Active Directory Domain, or you have a mix of Workgroup, Domain, and Linux computers which are not in an actual domain that Windows will recognize.  For instance Red Hat Enterprise Linux (RHEL) variants of Linux utilize ".localdomain" domain added to the end of the base host name for example by default, so 'hostname.localdomain or hostname.domain.local even', whereas Ubuntu variants of Linux do not normally append a domain to the end of the host name like that.  Since DataCenter 8 requires TLS 1.2+ and SSL connection to communicate with whatever object is trying to reach it, then it requires to match the domain names that were generated in the SSL certificate at the time of installation on the Command Server, and will only allow connections from machines other than the Command Server machine itself via IP address of the Command Server (127.0.0.1 or localhost can be utilized directly from the Command Server but not by any other computer).

Here is an example of a Linux RHEL 7.6/CentOS 7 system whereby we installed Command Server 8.1.7 on it and we now want a Windows system on the Active Directory domain to be to run the GUI application on a Windows workstation computer for instance, however we realize early on this machine is not able to resolve the host name of the Linux Command Server via ping command.  We will need to find out what host name was detected during the installation of the Linux Command Server 8.1.7, which we can do via the Linux command 'hostname' and 'cat /etc/hostname' commands, which should show the same output for both commands.  We can also open the .cer file in /opt/NovaStor/DataCenter/etc/, which is the SSL certificate used by the Command Server machine to authenticate connections to it.  The property of the SSL certificate we are looking for is "Certificate Subject Alt Name", which will show two DNS Names and one IP Address, the first DNS Name will be the actual host name of the Linux Command Server machine, the second DNS Name will always be 'localhost' and the IP address will always be just '127.0.0.1'.  Notice how there is no IP Address which equates to the LAN adapter, which means you won't be able to utilize that IP address to connect to the Command Server from another computer.  Here we are viewing the SSL certificate via the web browser directly from the Linux Command Server, which shows the properties of the SSL cert for what DNS and IP addresses it has stored.

rhel75jf_Linux_Command_Server_cert_subject_alt_names_highlighted.PNG

On the secondary Windows computer, the one that we want to utilize the Java GUI and the Web GUI on to connect to the Linux Command Server, we find that using the Java GUI or Web GUI, we are not able to connect to the 'hostname' of the Linux Command Server computer since there is no entry for that currently in DNS and it is not even in the same domain as the Windows computer.  The host name of the Linux Command Server is not able to resolve to an IP address when we issue a ping command, which is 'ping rhel75jf.localdomain' in this example.  From this secondary Windows computer neither the Java GUI nor the Web GUI is able to connect to the host name that is seen in the primary Subject Alt Names DNS Name property of the SSL certificate contains on the Command Server.  Neither the Java GUI or the Web GUI can connect, and at this point we can't resolve the Command Server host name to IPv4 address, and there is no DNS Host A record entry, and there is no hosts file mapping on the secondary Windows machine to deal with that yet.

rhel75jf_Windows_workstation_side_GUI2_whattodo_with_highlighting.png

In an additional test from the secondary Windows computer, we are able to connect to the Web GUI by ignoring the SSL certificate mismatch in the web browser from the secondary Windows machine, where we also have the Java GUI installed, but when we attempt to utilize the Java GUI to connect to the Linux Command Server using the same short host name address as the web browser was able to connect with, we found that we get a "The server's SSL certificate may not be available in the local certificate store" error, in this case it is all to do with the fact that the SSL certificate on the Command Server side does not contain the short host name as a DNS Address, in the case of Linux Command Server's it will read the current host name value, which it got by running the command 'hostname' when the Linux Command Server was originally installed.  In our case when installing the CentOS 7 Command Server on a RHEL 7.5 Linux computer, it read the hostname value in Linux and that host name had .localdomain appended to the end, and is not allowing the connection in the Java GUI using Server address: 'rhel75jf' for the host name.  In this case we are able to connect to the Web GUI using that same short address, so the Web GUI is not as strict, and possibly can also be accessed via IPv4 address, as compared to the strict host checking that the Java GUI requires now that it utilizes SSL.  The additional test example:

rhel75jf_Windows_workstation_side_GUI3_whattodo_with_highlighting.png

How-to Instructions / Steps:

Instructions for a Windows computer that is attempting to utilize the Java GUI or Web GUI from that Windows computer to connect to a Command Server (the Command Server can either be Linux or Windows):

Now we will either need to add a DNS Host A record entry or a hosts file entry must be added to the Windows hosts file for the Linux Command Server, on the secondary Windows computer, to be able to map the full host name to an IPv4 address.  In some cases the DNS Host A record will be either not feasible to add, possibly because the system is not on an existing domain, like in the RHEL Linux example Command Server's case where it is not a recognized domain even ('.localdomain'), or it could be the Command Server is in a Workgroup which can't have a DNS Host A record added, or you just do not have access to administer the DNS servers utilized across your environment.  This will allow the secondary Windows computer to connect via both the Java GUI and the Web GUI.  We can't cover how to add a DNS Host A record to your DNS server as there are too many different DNS server packages and platforms out there.  We can however explain how to perform the easier hosts file method.  This hosts file technique will work with every version of any Windows OS.  It is recommended to utilize the program NotePad++ for the editing of the Windows hosts file, but you could use the built in notepad.exe as well, notepad just requires more steps because of its design.

  1. First attempt to ping the full host name of your Command Server, that being the DNS address that appears in the first DNS Name field in the Certificate Subject Alt Names property.  If you cannot resolve that DNS address to the correct IPv4 address then you won't be able to run the Java GUI from this secondary Windows computer to connect to the Command Server computer (another computer), and you likely will have issues using the Web GUI as well.  If the host name cannot resolve to the correct IPv4 address of the Command Server machine then proceed to Step 2.
  2. Using Windows Explorer navigate to C:\Windows\System32\drivers\etc\ and using NotePad++ or notepad.exe edit the existing file 'hosts' in this folder.
  3. In the empty space at the bottom of the hosts file add an entry to map your Command Server to the correct IPv4 address, our example entry would look like: '192.168.0.219 rhel75jf.localdomain', do not include the quotes.  The entry we added from this example:mceclip1.png
  4. Save the file, if you attempt to save it using NotePad++ it will ask do you want to elevate to Admin mode and then it will allow you to directly save the file to replace the existing with no additional steps.  If attempting to save the file using notepad.exe, it will not allow saving over top the original and will request you to instead make a copy of the save to your Documents folder and you can specify where else you want to save other than to the original folder, choose Desktop or Documents here, then exit out of notepad.  Now navigate to the folder you told notepad to save to, notice it added .txt file extension to the end of the filename (that is if you show file extensions is enabled in Windows), and copy the hosts.txt file that it will save in Desktop or Documents, to C:\Windows\System32\drivers\etc\, then rename the existing 'hosts' file as 'hosts_backup' and then rename the hosts.txt file as 'hosts', with no file extension.
  5. Verify the file contents to make sure that the new line of text you added in Step 2 is actually there.
  6. Note: As soon as you save / overwrite the hosts file it will make the change apply instantly, so there is no need to perform an ipconfig /flushdns and ipconfig /registerdns command, as it is not necessary when using the hosts file directly in the OS.
  7. Now start an Admin Command Prompt session and attempt to resolve the host name that you added to the hosts file, to see if it can resolve to the correct IPv4 address of the Command Server machine.  To do that you will issue the following command:
  8. 'ping hostname', so in our example it would be 'ping rhel75jf.localdomain'.  If you get a resolve to the correct IPv4 address of the Command Server then you are done here.

Instructions for a Linux computer that is attempting to utilize the Java GUI or Web GUI from that Linux computer to connect to a Command Server (the Command Server can either be Linux or Windows):

Now we will either need to add a DNS Host A record entry or a hosts file entry for the Linux Command Server to the Windows hosts file, on the secondary Windows computer, to be able to map the full host name to an IPv4 address, which will allow the secondary Windows computer to connect via both the Java GUI and the Web GUI.  We can't cover how to add a DNS Host A record to your DNS server as there are too many different DNS server packages and platforms out there.  We can however explain how to perform the easier hosts file method.  This hosts file technique will work with most Linux variants, you can do a Google search to see if your Linux utilizes the /etc/hosts file but most do.  It is recommended to utilize the program nano for the editing of the Linux hosts file, but you could use the built in vi editor as well, use what you are comfortable with for that.

  1. First attempt to ping the full host name of your Command Server, that being the DNS address that appears in the first DNS Address field in the Certificate Subject Alt Names property.  If you cannot resolve that DNS address to the correct IPv4 address then you won't be able to run the Java GUI from this secondary Linux computer to connect to the Command Server computer (another computer), and you likely will have issues using the Web GUI as well.  If the host name cannot resolve to the correct IPv4 address of the Command Server machine then proceed to Step 2.
  2. Start a shell / terminal session, and navigate to the /etc/ folder.  You will use your favorite text file editor using nano or vi and edit the existing file 'hosts' in this folder.
  3. In the empty space at the bottom of the hosts file add an entry to map your Command Server to the correct IPv4 address, our example entry would look like: '192.168.0.219 rhel75jf.localdomain', do not include the quotes.  In this example we use a Ubuntu 18 workstation, the secondary Linux computer that we want to utilize the DataCenter Java GUI and Web GUI on to connect to our Linux Command Server computer.  The entry that we added to the hosts file is shown in yellow:mceclip4.png
  4. Save the file in the text editor that you utilized.
  5. Verify the file contents to make sure that the new line of text you added in Step 2 is actually there.
  6. Note: As soon as you save / overwrite the hosts file it will make the change apply instantly, so there is no need to perform any 'ifdown' or 'ifup' or other such commands to refresh the DNS, as it is not necessary when using the hosts file directly in the OS.
  7. In the same shell / terminal session as prior, attempt to resolve the host name that you added to the hosts file, to see if it can resolve to the correct IPv4 address of the Command Server machine.  To do that you will issue the following command:
  8. 'ping hostname', so in our example it would be 'ping rhel75jf.localdomain'.  If you get a resolve to the correct IPv4 address of the Command Server then you are done here.  Example:mceclip2.png

Here we show attempting to connect to both the Java GUI and the Web GUI from the secondary Windows computer, using the address that shows in the Certificate Subject Alt Names property for the primary DNS Address ('rhel75jf.localdomain'), which we were not able to do prior 100% to connect to the Linux Command Server.  We first test to see if we can resolve the full host name 'rhel75jf.localdomain' to an IPv4 address of the Linux Command Server computer and that is now able to resolve to the correct IPv4 address properly.  The Windows hosts file is what is allowing this to work from the secondary Windows machine to connect to the Linux Command Server.

rhel75jf_Windows_workstation_side_GUI_whattodo_with_highlighting.png

Now from the secondary Windows machine we are able to connect to both the Java GUI and the Web GUI using the original DNS Name (host name) of the Command Server.  This is due to adding the host file mapping on the secondary Windows machine.  We can now resolve the host name to the IPv4 address of the Command Server (Linux) computer, and show a valid ping, and we have connected to both the Java GUI and the Web GUI from that secondary Windows system:

mceclip5.png

Note: It is important to realize that version of DataCenter older than 8 were able to connect everything via IP address, and this is no longer the case in DataCenter 8.0+.

Note: DataCenter 8 can't work if the host name of the Command Server node contains underscore characters ( _ ); it will not allow login to either the Java or Web GUI if so.

Related articles