Remote JConsole access does not work in a firewalled environment

Solution Verified - Updated 7 Aug 2024

Environment

Red Hat JBoss Enterprise Application Server (EAP)
- 5.x
- 4.x
Red Hat JBoss Web Server (JWS)
- 5.x
JDK
- 1.5
- 1.6
- 1.7
- 1.6

Issue

Connection with jconsole is working when jconsole is running on the same box as JBoss.
If I start jconsole from my workstation, however, I do not get a connection, but with netstat I see that I have an established tcp connection. What is necessary to configure JConsole access for 'real' remote access?

Resolution

JDK 5 / 6 and until JDK 7 update 3

To export the remote objects (RMIServer and RMIConnection) on a given port you need to create your own RMI connector server programmatically, as described in the section Mimicking Out-of-the-Box Management Using the JMX Remote API in the Content from download.oracle.com is not included.Java SE Monitoring and Management Guide. You must specify the JMXServiceURL as follows:

JMXServiceURL url = new JMXServiceURL("service:jmx:rmi://localhost:" + port1 + "/jndi/rmi://localhost:" + port2 + "/jmxrmi");

In the command above, port1 is the port number on which the RMIServer and RMIConnection remote objects are exported and port2 is the port number of the RMI Registry.

A good description of this problem can also be found in the article Content from www.componative.com is not included.Content from www.componative.com is not included.http://www.componative.com/content/controller/developer/insights/jconsole1/index.html, with Content from www.componative.com is not included.Part 3 containing a detailed description on how to work around it. Source code is available Content from www.componative.com is not included.here.

JDK 7 update 4 or later

You can specify RMI Server port by the system property -Dcom.sun.management.jmxremote.rmi.port=xxx . Please try adding the following system properties:

-Dcom.sun.management.jmxremote.port=12345 -Dcom.sun.management.jmxremote.rmi.port=12345

Root Cause

JMX remote connection does not use only a port (RMI registory port) which you specify with -Dcom.sun.management.jmxremote.port=xxx but it also use an additional port (RMI server port) which is a random port by default.
Besides the port defined by the com.sun.management.jmxremote.port management property, another port is being used for exporting the remote objects, which is randomly chosen.
See FAQ #7 of the Java SE Documentation: <Content from docs.oracle.com is not included.http://docs.oracle.com/javase/7/docs/technotes/guides/management/faq.html#rmi1>

Diagnostic Steps

Check if there is a firewall between the the server and the client.

SBR

JVM & Diagnostics

Product(s)

Red Hat JBoss Enterprise Application Platform

Components

jbossas

Category

Learn more

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.