5 Replies Latest reply on Dec 6, 2017 10:28 AM by tdanner

    Get-SwisData and REST API terminating remote connections to Information Service

    admin101

      I am having issues returning any data from the Information Service via Powershell or REST API, from any machine other than the actual Solarwinds server itself.

       

      On the solarwinds server, this works:

      Import-Module SwisPowerShell

      $creds = Get-Credential '(DOMAIN)\(Username)'

      $swis = Connect-Swis -Credential $creds -Hostname (solarwinds Hostname)

      Get-SwisData $swis 'SELECT NodeID, Caption FROM Orion.Nodes'

       

      Using a local Orion account (non ActiveDirectory user account) on the solarwinds server, also works:

      Import-Module SwisPowerShell

      $swis = Connect-Swis -UserName (local orion username) -Password (password) -Hostname (solarwinds Hostname)

      Get-SwisData $swis 'SELECT NodeID, Caption FROM Orion.Nodes'

       

      on any remote host I get this:

      Import-Module SwisPowerShell

      $creds = Get-Credential '(DOMAIN)\(Username)'

      $swis = Connect-Swis -Credential $creds -Hostname (Orion Hostname)

      Get-SwisData $swis 'SELECT NodeID, Caption FROM Orion.Nodes'

       

      Get-SwisData : The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was

      '00:00:59.9934985'.

      At line:2 char:1

      + Get-SwisData $swis 'SELECT NodeID, Caption FROM Orion.Nodes'

      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : NotSpecified: (:) [Get-SwisData], CommunicationException

          + FullyQualifiedErrorId : System.ServiceModel.CommunicationException,SwisPowerShell.GetSwisData

       

       

      I can see Ports 17777 and 17778 are bound to the Network card and listening

      C:\> netstat -an

       

      Active Connections

        Proto  Local Address          Foreign Address        State

       

        TCP    0.0.0.0:17777          0.0.0.0:0              LISTENING

        TCP    0.0.0.0:17778          0.0.0.0:0              LISTENING

       

      I can see a TCP reset happening at the Solarwinds server itself immediately when I run Get-SwisData ....

      So I know it's not a firewall between the remote hosts and the Solarwinds server.

       

      I've tried using Postman to send a call to the REST service as per this:

      https://loop1.com/swblog/using-the-rest-api-to-get-the-most-out-of-solarwinds-part-1/

       

      I get back:
      Could not get any responseThere was an error connecting to https://(solarwinds server hostname):17778/SolarWinds/InformationService/v3/Json?query=SELECT%20Caption,%20IPAddress%20FROM%20Orion.Nodes%20WHERE%20Vendor%20=%20'Cisco;.

       

      It acts like the SolarWinds server isn't listening for anything other than connections to Localhost, but netstat confirms that's not the case.

        • Re: Get-SwisData and REST API terminating remote connections to Information Service
          tdanner

          Use "curl -v" to get more details about what happened between when the connection was opened and when it was forced closed.

            • Re: Get-SwisData and REST API terminating remote connections to Information Service
              admin101

              I hope this information helps identify what is going wrong. Please excuse my ignorance - I'm a windows admin, so curl is new to me.

              After reading countless posts, I verified the .NET version on the Solarwinds box as some suggested if it was pre 4.5, then you could have TLS issues. I've verified .Net 4.5.2 is on the box, so I don't think that's the issue.

              Does any of the info below help ? Could it be due to self-signed certificates on the box, causing SSL connections from remote hosts to fail? I'm clutching at straws here, because I can't find any Thwack post with a solution.

              As I mentioned in the orignal post, it's only when running queries from any host other than the Solarwinds box. Running them locally works fine, but trying them from elsewhere, the Solarwinds server terminates the connection immediately.

               

               

              $ curl -v -u (username):(password) http://nigshssolar02:17777/SolarWinds/InformationService/v3/Json/Query?query=SELECT+IPAddress+FROM+Orion.Nodes

              * timeout on name lookup is not supported

              *   Trying 10.68.2.195...

              * TCP_NODELAY set

                % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                               Dload  Upload   Total   Spent    Left  Speed

                0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to nigshssolar02 (10.68.2.195) port 17778 (#0)

              * Server auth using Basic with user '(username)'

              > GET /SolarWinds/InformationService/v3/Json/Query?query=SELECT+IPAddress+FROM+Orion.Nodes HTTP/1.1

              > Host: nigshssolar02:17777

              > Authorization: Basic d2lsZGVtYXN0aC10ZXN0OnRlc3Q=

              > User-Agent: curl/7.50.3

              > Accept: */*

              >

              * Recv failure: Connection was reset

              * Curl_http_done: called premature == 1

              * stopped the pause stream!

                0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

              * Closing connection 0

              curl: (56) Recv failure: Connection was reset

               

               

               

               

              $ curl -v -u (username):(password) https://nigshssolar02:17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+IPAddress+FROM+Orion.Nodes

              * timeout on name lookup is not supported

              *   Trying 10.68.2.195...

              * TCP_NODELAY set

                % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                               Dload  Upload   Total   Spent    Left  Speed

                0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to nigshssolar02 (10.68.2.195) port 17778 (#0)

              * ALPN, offering h2

              * ALPN, offering http/1.1

              * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH

              * successfully set certificate verify locations:

              *   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

                CApath: none

              * TLSv1.2 (OUT), TLS header, Certificate Status (22):

              } [5 bytes data]

              * TLSv1.2 (OUT), TLS handshake, Client hello (1):

              } [512 bytes data]

              * Unknown SSL protocol error in connection to nigshssolar02:17778

              * Curl_http_done: called premature == 1

              * stopped the pause stream!

                0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

              * Closing connection 0

              curl: (35) Unknown SSL protocol error in connection to nigshssolar02:17778

              • Re: Get-SwisData and REST API terminating remote connections to Information Service
                admin101

                Additionally, if I use a web browser on the solarwinds box and go to 'https://nigshssolar02:17778/SolarWinds/InformationService' I get a certificate warning (due to the self-signed certificate in use) that I can ignore and continue. However if I try that same URL from any other pc on the network it fails with 'This site can’t be reached. The connection was reset'

                 

                In the SolarWinds.InformationService.Service.exe.config file it has bindings to 'localhost'. Is that the issue? should the bindings be set to the name of the server, and not 'localhost' ?

                 

                 

                <endpoint

                          contract="SolarWinds.InformationService.Core.IInformationService"

                          address="net.tcp://localhost:17777/SolarWinds/InformationService/v3/Orion/ad"

                          binding="netTcpBinding"

                          bindingConfiguration="Windows">

                        </endpoint>

                        <endpoint name="NetTcpCertificate"

                          contract="SolarWinds.InformationService.Core.IInformationService"

                          address="net.tcp://localhost:17777/SolarWinds/InformationService/v3/Orion/certificate"

                          binding="netTcpBinding"

                          bindingConfiguration="Certificate">

                        </endpoint>

                • Re: Get-SwisData and REST API terminating remote connections to Information Service
                  admin101

                  After days of searching, we FINALLY managed to narrow it down to a corporate firewall dropping the traffic (but not logging it) to port 17778.

                  A dedicated firewall rule to allow traffic to port 17777 and 17778 has fixed the problem.