Re: Abnormal behavior HP-UX 11i

Edgar Arroyo · ‎06-13-2004

Hi, I recently upgraded to HP-UX 11i and now when I telnet into the box it disconnects and after this it will not allow any incoming traffic, as if it had an "ignore" on outside traffic. How and where can I troubleshoot this behavior? Thanks. By the way, I am not using any type of firewall on them as they are behind a Win XP machine doing ICS.

Joseph Loo · ‎06-13-2004

hi,

too many unanswer questions:

1) did u try login from the console
2) were u using root to access?
3) r u able to ping the server via hostname and ip address?
4) r u able to ftp then?
5) have u set any restriction on the file /var/adm/inetd.sec?

there r more questions, but for now, these will do.

regards.

what you do not see does not mean you should not believe

Edgar Arroyo · ‎06-13-2004

1) did u try login from the console
yes, it works fine on the console.

2) were u using root to access?
it will do it from any account, including root.

3) r u able to ping the server via hostname and ip address?
yes, it does ping via both hostname and IP.

4) r u able to ftp then?
no, it will not let me ftp either when it does the disconnect.

5) have u set any restriction on the file /var/adm/inetd.sec?
no, I haven't but will post content of inetd.sec

# bunch of example stuff
#
dtspc allow 127.0.0.1 unix1
ftp allow
telnet allow

Joseph Loo · ‎06-13-2004

hi,

okay. is the machine on trusted or recently converted to trusted?

if so, the login may have be deactivated:

# /usr/lbin/getprpw root
what is the value for lockout parameters. look at the other accounts as well.

regards

what you do not see does not mean you should not believe

Edgar Arroyo · ‎06-13-2004

System is not trusted.

Also on this machine when I run VNCSERVER :1 and try to connect with VNCVIEWER from another machine, it gives me a Gray background with an X (the x server without the manager) and on the other one it works... I have a feeling im missing files?

Edgar Arroyo · ‎06-13-2004

Ok, I was on my other machine, the 1st machine didn't have either ftp or telnet in the inetd.sec file. I added them on there, rebooted the machine and it seems to work (but it did disconnect me once) Let me continue to test this...

Let me know how to troubleshoot the dtmw, its not running on the machine

Edgar Arroyo · ‎06-13-2004

Here is what is doing (still, after adding FTP and TELNET)

HP-UX unix1 B.11.11 U 9000/785 (tc)

login: root
Password:

Connection to host lost.

C:\Documents and Settings\Owner>telnet unix1
Connecting To unix1...Could not open connection to the host, on port 23: Connect
failed

C:\Documents and Settings\Owner>telnet unix1
Connecting To unix1...Could not open connection to the host, on port 23: Connect
failed

C:\Documents and Settings\Owner>

Edgar Arroyo · ‎06-13-2004

after the disconnect, not even VNC lets me connect, its kinda like blocking all traffic, like if it had a firewall or something running that's blocking all incoming traffic...

Joseph Loo · ‎06-13-2004

hi edgar,

u have too many questions? should u try to solve one thing at a time?

for the VNC, has it ever work or is it the first time u r running it? for the gray background, it could be the extra options/argument and also the wrong environment variables u have to pass to vncserver :1?

by the way, what is the permission of /tmp?

regards.

what you do not see does not mean you should not believe

Edgar Arroyo · ‎06-13-2004

Here is a login from the other Unix machine:

[/root@unix2] # telnet unix1
Trying...
Connected to unix1.edgar.
Escape character is '^]'.
Local flow control off
Connection closed by foreign host.
[/root@unix2] # telnet unix1
Trying...
telnet: Unable to connect to remote host: Connection refused
[/root@unix2] #

Edgar Arroyo · ‎06-13-2004

drwxrwxrwx 8 bin bin 1024 Jun 13 22:42 tmp

Joseph Loo · ‎06-13-2004

hi,

for server unix1, check from the console if root file system is full:

# bdf
or
# /sbin/init.d/inetd stop
# /sbin/init.d/inetd start
to restart inetd services

for VNC, u have not mention if vnc ever got working. also, what is the content of xstartup (u may like to reply the output) and where did u download the vnc software? i had setup on quite a number of servers and know your problem.

regards

what you do not see does not mean you should not believe

Edgar Arroyo · ‎06-14-2004

on the free space I have to get back with you but df showed it had some space left.

on the vnc server I get the gray screen with black x on there, it has never shown other than that. I do get a connection. on both servers I have the same xstartup and one of them works fine.

when I get home I will post the xstartup I am using along with the free space (bdf) output.

Todd McDaniel_1 · ‎06-14-2004

This may seem rather simplistic, but have you checked /etc/services and /etc/inetd.conf to see that telnet is enabled...?

root:/root
# grep telnet /etc/inetd.conf
telnet stream tcp nowait root /usr/localcw/opt/sysguard/internal/tcpd/
usr/lbin/telnetd

root:/root
# grep telnet /etc/services
telnet 23/tcp # Virtual Terminal Protocol

------------------------------------------------------
I know you said not trusted, but make sure if you have anything in /etc/hosts.allow and /etc/hosts.deny that you include a few lines like the following.

you could some or all of these....

# cat /etc/hosts.allow
#all : all : banners=/usr/localcw/opt/sysguard/banners : allow
ftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
telnetd : all : banners=/usr/localcw/opt/sysguard/banners : allow
tftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
logind : all : banners=/usr/localcw/opt/sysguard/banners : allow
rlogind : all : banners=/usr/localcw/opt/sysguard/banners : allow
remshd: all : banners=/usr/localcw/opt/sysguard/banners : allow
sidftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow
rexecd : all : banners=/usr/localcw/opt/sysguard/banners : allow
sshd : all : banners=/usr/localcw/opt/sysguard/banners : allow

Unix, the other white meat.

Edgar Arroyo · ‎06-14-2004

Todd,

It connects, after a bit it disconnects and it doesn't allow any connection for a while, and out of the blue it will allow again, but shortly disconnect. And meantime it's blocking connections the box works fine (mozilla can browse with no pause or hickups...)

It's very odd, like what the subject says..

Edgar Arroyo · ‎06-14-2004

Here is the bdf info...

Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol3 204800 75726 121068 38% /
/dev/vg00/lvol1 299157 45300 223941 17% /stand
/dev/vg00/lvol8 1036288 637564 376268 63% /var
/dev/vg00/lvol7 1683456 1485648 186094 89% /usr
/dev/vg00/lvol4 204800 1504 190634 1% /tmp
/dev/vg00/lvol6 724992 588619 129813 82% /opt
/dev/vg00/lvol5 20480 1109 18168 6% /home

========================================

Here is the xstartup I am using...

#!/bin/sh

xsession=/usr/dt/bin/Xsession
[ -r $xsession ] && exec $xsession
# Fall back if the script wasn't readable or the exec failed
xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
dtwm &

I got VNC from http://www.csun.edu/~swalton/VNC/

Thanks.

Joseph Loo · ‎06-14-2004

hi edgar,

just got into office.

the xstartup looks okay. i use twm but if u r saying one of the VNC is working with dtwm, we shall stick with that.

did u create a separate user to launch VNC or only uses root?

also, for xhost, how did u pass the server access? i used, .dtprofile and the last line, i inserted:

xhost +

did u also see anything unusual at the :.log file?

regards.

what you do not see does not mean you should not believe

Edgar Arroyo · ‎06-14-2004

I am running both from root

I am running GNOME and under GDM Configurator under the "Gnome" session on both I have the last line xhost +localhost

I saw nothing unusual on the .log file, I will attach one now for you to see if you see anything unusual

NOTE: The computer's IP is 192.168.0.254

=============================================

14/06/04 21:21:42 Xvnc version 3.3.3r2
14/06/04 21:21:42 Copyright (C) AT&T Laboratories Cambridge.
14/06/04 21:21:42 All Rights Reserved.
14/06/04 21:21:42 See http://www.uk.research.att.com/vnc for information on VNC
14/06/04 21:21:42 Desktop name 'X' (unix1:1)
14/06/04 21:21:42 Protocol version supported 3.3
14/06/04 21:21:42 Listening for VNC connections on TCP port 5901
14/06/04 21:21:42 Listening for HTTP connections on TCP port 5801
14/06/04 21:21:42 URL http://unix1:5801
AUDIT: Mon Jun 14 21:21:45 2004: 21225 Xvnc: client 1 rejected from IP 192.168.0.254 port 57387
AUDIT: Mon Jun 14 21:21:45 2004: 21225 Xvnc: client 1 rejected from IP 192.168.0.254 port 57388
AUDIT: Mon Jun 14 21:21:46 2004: 21225 Xvnc: client 1 rejected from IP 192.168.0.254 port 57389
AUDIT: Mon Jun 14 21:21:46 2004: 21225 Xvnc: client 1 rejected from IP 192.168.0.254 port 57390
AUDIT: Mon Jun 14 21:21:52 2004: 21225 Xvnc: client 1 rejected from IP 192.168.0.254 port 57391
AUDIT: Mon Jun 14 21:21:53 2004: 21225 Xvnc: client 1 rejected from IP 192.168.0.254 port 57392
AUDIT: Mon Jun 14 21:21:54 2004: 21225 Xvnc: client 1 rejected from IP 192.168.0.254 port 57393

Edgar Arroyo · ‎06-14-2004

And here is one connecting locally (I can't connect remotely because of that strange behavior....

==============================================

14/06/04 21:26:58 Xvnc version 3.3.3r2
14/06/04 21:26:58 Copyright (C) AT&T Laboratories Cambridge.
14/06/04 21:26:58 All Rights Reserved.
14/06/04 21:26:58 See http://www.uk.research.att.com/vnc for information on VNC
14/06/04 21:26:58 Desktop name 'X' (unix1:1)
14/06/04 21:26:58 Protocol version supported 3.3
14/06/04 21:26:58 Listening for VNC connections on TCP port 5901
14/06/04 21:26:58 Listening for HTTP connections on TCP port 5801
14/06/04 21:26:58 URL http://unix1:5801
AUDIT: Mon Jun 14 21:27:01 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57603
AUDIT: Mon Jun 14 21:27:01 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57604
AUDIT: Mon Jun 14 21:27:02 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57605
AUDIT: Mon Jun 14 21:27:02 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57606
AUDIT: Mon Jun 14 21:27:02 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57607
AUDIT: Mon Jun 14 21:27:03 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57608
AUDIT: Mon Jun 14 21:27:04 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57609
AUDIT: Mon Jun 14 21:27:05 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57610

14/06/04 21:27:06 Got connection from client 192.168.0.254
14/06/04 21:27:06 Protocol version 3.3
AUDIT: Mon Jun 14 21:27:06 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57612
AUDIT: Mon Jun 14 21:27:07 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57613
14/06/04 21:27:08 Pixel format for client 192.168.0.254:
14/06/04 21:27:08 8 bpp, depth 8
14/06/04 21:27:08 true colour: max r 7 g 7 b 3, shift r 0 g 3 b 6
14/06/04 21:27:08 no translation needed
14/06/04 21:27:08 Using raw encoding for client 192.168.0.254
AUDIT: Mon Jun 14 21:27:09 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57614
AUDIT: Mon Jun 14 21:27:10 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57615
AUDIT: Mon Jun 14 21:27:11 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57616
AUDIT: Mon Jun 14 21:27:12 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57617
14/06/04 21:27:12 Client 192.168.0.254 gone
14/06/04 21:27:12 Statistics:
14/06/04 21:27:12 key events received 0, pointer events 288
14/06/04 21:27:12 framebuffer updates 285, rectangles 746, bytes 910218
14/06/04 21:27:12 raw rectangles 746, bytes 910218
14/06/04 21:27:12 raw bytes equivalent 910218, compression ratio 1.000000
AUDIT: Mon Jun 14 21:27:13 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57618
AUDIT: Mon Jun 14 21:27:14 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57619
AUDIT: Mon Jun 14 21:27:15 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57620
AUDIT: Mon Jun 14 21:27:16 2004: 21343 Xvnc: client 1 rejected from IP 192.168.0.254 port 57621

Edgar Arroyo · ‎06-14-2004

Very interesting thing happened with the VNC... On the working one I hit "EXIT" (I usually just close the window out) and now I am *ALSO* getting the gray background with black X cursor on both.

I will reboot both machines and see if they both work... I'll post results...

In the meantime, is there a way to restart the CDE desktop without me having to reboot? (IF it does restart CDE desktop after reboot)

Edgar Arroyo · ‎06-14-2004

Ok, back from the reboot now both are broken. Now I know how it broke... hitting "EXIT" on the CDE Desktop.

Question, can I make it where my main screen is shared as the VNC Server? (kinda like pcAnywhere on a PC)

I would rather have GNOME when I VNC into the machines when I put them outside my home network.

Edgar Arroyo · ‎06-14-2004

Ok, I played with this all night and here is what I found out:

If I login to GNOME desktop I can't run VNCSERVER and make it load CDE, but if I logout of GNOME and drop to Console and run it then, it loads a CDE desktop on :1 (where I told it to) and then I can login as GNOME and run VNCVIEWER and see my desktop then.

Is there a fix for this? I run Ximian GNOME 1.4 and I want the CDE desktop not to vanish when I hit the EXIT on the CDE, maybe a script that will loop over and over?

Thanks.

Mohanasundaram_1 · ‎06-14-2004

Hi Edgar,

As Joseph indicated you need to address the problems one by one. If your telnet sessions are randomly disconnecting, then fix that first. Then move on to the CDE/VNC part.

From your description of the problem, I would suspect there is a duplicate IP address problem. If you had checked all other options mentioned earlier and still the problem continues, then it is worth a try.

do,
# netfmt -Nlf /var/adm/nettl.LOG00 > /tmp/log00.out

then view the /tmp/log00.out file for the messages "Trying to be our IP" or "Duplicate IP". If you do find such a message, then you will also find the MAC address of the other system using the same IP. It will help you in finding the other system with the same IP. Rectify the situation and check your telnets.

You can also post the log00.out so we can have a look.

Just a thought in a different angle.

Cheers,
Mohan.

Attitude, Not aptitude, determines your altitude

Edgar Arroyo · ‎06-15-2004

Here is the log file. But that's funny because I don't have another machine *UNLESS* my wireless router has an IP of 192.168.0.254 and I don't know it. Could that be possible? I will try to telnet to 192.168.0.254 with the machine off to see if I get a login for the wireless router...

Thanks.

***********************************STREAMS/UX*******************************@#%
Timestamp : Tue Jun 08 EDT 2004 04:15:02 PM.024212
Process ID : [ICS] Subsystem : STREAMS
User ID ( UID ) : -1 Log Class : ERROR
Device ID : 0 Path ID : 0
Connection ID : 0 Log Instance : 0
Location : 00123
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 16:15:02 685302 1 T.. 0 0 IP: Hardware address '00:07:40:6a:45:41' trying to be our address 192.168.000.254!

***********************************STREAMS/UX*******************************@#%
Timestamp : Wed Jun 09 EDT 2004 04:29:48 PM.109993
Process ID : [ICS] Subsystem : STREAMS
User ID ( UID ) : -1 Log Class : ERROR
Device ID : 0 Path ID : 0
Connection ID : 0 Log Instance : 0
Location : 00123
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 16:29:48 7341810 1 T.. 0 0 IP: Hardware address '00:07:40:6a:45:41' trying to
be our address 192.168.000.254!

***********************************STREAMS/UX*******************************@#%
Timestamp : Thu Jun 10 EDT 2004 10:04:48 PM.031027
Process ID : [ICS] Subsystem : STREAMS
User ID ( UID ) : -1 Log Class : ERROR
Device ID : 0 Path ID : 0
Connection ID : 0 Log Instance : 0
Location : 00123
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 22:04:48 8012903 1 T.. 0 0 IP: Hardware address '00:07:40:6a:45:41' trying to
be our address 192.168.000.254!

***********************************STREAMS/UX*******************************@#%
Timestamp : Mon Jun 14 EDT 2004 12:06:06 PM.824801
Process ID : [ICS] Subsystem : STREAMS
User ID ( UID ) : -1 Log Class : ERROR
Device ID : 0 Path ID : 0
Connection ID : 0 Log Instance : 0
Location : 00123
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 12:06:06 30370482 1 T.. 0 0 IP: Hardware address '00:07:40:6a:45:41' trying to be our address 192.168.000.254!

Edgar Arroyo · ‎06-15-2004

Sure enough my Buffalo AirStation was on the same IP. I called my buddy I got it from and he verified that .254 was the IP he had set. I changed it, let's see what happens now...

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Abnormal behavior HP-UX 11i

Abnormal behavior HP-UX 11i