Consultor Eletrônico

Status: Unverified

SYMPTOM(s):

4GL client cannot connect to AppServer with following errors:

Name Server at Host <Host> Port <Port> is not responsive. (8239)

Application Service <Application Service> not found at NameServer at Host <Host> Port <Port>. (8245)

Application server connect failure. (5468)

<Host> in errors 8239 and 8245 is the virtual IP address of a cluster.

NameServer is running on the active node.

NameServer is listening on the port specified in errors 8239 and 8245.

Firewall between the client and the cluster.

Firewall allows traffic to/from the cluster virtual IP address.

Firewall blocks traffic to/from the IP address of each cluster node.

CAUSE:

This is a known issue.

When contacting the NameServer, the client correctly sends a UDP packet to the virtual IP address of the cluster. The NameServer sends its reply in a UDP packet originating from the IP address of the node on which it is running, instead of the virtual IP address of the cluster. The firewall is configured so that the UDP reply is blocked, and as a consequence the client issues error 8239, as if the NameServer were down.

FIX:

There are two possible workarounds to this issue:

1) Open the firewall to outgoing UDP traffic from the IP address of each node in the cluster, from the port on which the NameServer listens. This presents a very small security risk if you can manage your firewall policies down to this level of granularity.
2) Bypass the NameServer by connecting to the AppServer directly. This requires a change in the client connection parameters, from:

-H <cluster> -AppService <AppServer name> -S <NameServer port>

to

-H <cluster> -AppService <AppServer name> -DirectConnect -S <AppServer port>

Please note that, in the latter form, the port number after -S is the port on which the AppServer broker is listening.
Also, by applying this workaround you lose the location transparency and load balancing services provided by the NameServer.