Why... Why... Why?
This blog is dedicated to documenting error resolution and other tidbits that I discover while working as a Consultant in the Oracle EPM (Hyperion) field. As much of my job revolves around issue resolution, I see an opportunity to supplement the typical troubleshooting avenues such as the Oracle Knowledgebase and Oracle Forums with more pinpointed information about specific errors as they are encountered. Beware, the information found in this blog is for informational purposes only and comes without any warranty or guarantee of accuracy.

EPMVirt: Create your own Oracle Hyperion Virtual Environment:

Thursday, March 7, 2013

EPM Config Tool: The next hosts are unreachable.


When opening the config tool in 11.1.2.2 the utility actually tries to connect to every host in the EPM Registry. It show the error message if any hosts are unreachable.

I started down this path,

Checking closer it appears that the config tool uses the Java InetAddress isReachable() method.
Looking into the doc on the class,
http://docs.oracle.com/javase/6/docs/api/java/net/InetAddress.html


public boolean isReachable(int timeout)
                    throws IOException
Test whether that address is reachable. Best effort is made by the implementation to try to reach the host, but firewalls and server configuration may block requests resulting in a unreachable status while some specific ports may be accessible. A typical implementation will use ICMP ECHO REQUESTs if the privilege can be obtained, otherwise it will try to establish a TCP connection on port 7 (Echo) of the destination host.

I wrote up a simple test which confirmed the issue (Can't connect):
import java.net.InetAddress;
public class test
{
    public static void main(String[] args)
    throws Exception
    {

  
     InetAddress address =  InetAddress.getByName("hostname.fullyqualified.com");

     if (address == null) {
         System.out.println("Is null");
     }


     else if (! address.isReachable(3000)) {
         System.out.println("Cant connect");
     }

     else { 
         System.out.println("Host is reachable");
     }

     }


}


The host is pingable so ICMP traffic is being allowed. It's puzzling why the Java method cannot connect.

Further research on the web brings up some articles regarding why the isReachable method might fail, 
http://stackoverflow.com/questions/5126697/java-networking-issue

So this sort of pinpoints a firewall issue - Next I disabled the Windows Firewall - The method began working! 

About this time I came across John Goodwin's article while researching:
John had gone down almost the exact same path, written up nicely in his blog.

Final thoughts: 
  Why does Oracle introduce a new check in the config tool using a strange ICMP/TCP method that has nothing to do with the actual requirements of EPM? Crazy... Assuming you are implementing firewalls - you will need to include this as an additional requirement. 


By at
Labels:

2 comments:

  1. toygMarch 8, 2013 at 3:11 AM

    The rationale behind the check is sound -- making sure all servers are reachable avoids name resolution problems down the line (which we used to get, in previous versions). They went for the minimum common denominator with isReachable(), which is a far assumption considering most of the components are Java-based and could use something like that to check if a host is alive, and in the end they get a result: people drop firewalls during config, ensuring the config is done right, and only raise them later with all due exceptions put in, rather than hitting a block during config, opening a port, hitting another block, opening another port etc etc, resulting in a fragmented config experience which can generate further problems.

    ReplyDelete
  2. Nicholas KingMarch 8, 2013 at 4:11 AM

    I won't harp on this too much as like you say there is valid reason to ensure hosts are up. However, assuming the config tool is a one time action is incorrect. During normal operation there are routine patches and password rotations which require config tool. I don't like having to frequently bring up and down firewall for this - I think its best to to put the rule in up front.

    ReplyDelete

Subscribe to: Post Comments (Atom)