'wsman subscribe' not working for subscriber Linux and event source Windows Server 2012

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

'wsman subscribe' not working for subscriber Linux and event source Windows Server 2012

Rishi Dabre
Hello,

I want to use OpenWSMAN for subscribing for events from a Windows Server 2012 machine on a Linux machine. So far, I have installed wseventsink (wseventsink-0.0.3-5.61.x86_64.rpm) and wsman on my Linux machine. Also I have verified that wseventsink indeed listens to any POST requests on my designated port (999).

My subscribe command looks as follows:

wsman subscribe --hostname=<fqdn_of_windows_machine> --port=5985 --auth=gss --username=<username> --password=<password> --debug=6 --notification-uri=http://<fqdn_of_linux_machine>:999/eventsink --namespace=root/cimv2 -r 600 -H 2 -G push http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog --filter='<QueryList><Query Id="0"><SelectPath="Application">*</Select></Query></QueryList>' --noverifyhost

However, the response I receive each time from the server is as follows:

<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:x="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:e="http://schemas.xmlsoap.org/ws/2004/08/eventing" xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd" xmlns:p="http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd" xml:lang="en-US">
  <s:Header>
    <a:Action>http://schemas.xmlsoap.org/ws/2004/08/eventing/fault</a:Action>
    <a:MessageID>uuid:568466E1-7294-41B2-8E89-97D6E56E0D0A</a:MessageID>
    <a:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:To>
    <a:RelatesTo>uuid:b1bf5538-5163-1163-8002-55b78c565000</a:RelatesTo>
  </s:Header>
  <s:Body>
    <s:Fault>
      <s:Code>
        <s:Value>s:Sender</s:Value>
        <s:Subcode>
          <s:Value>e:EventSourceUnableToProcess</s:Value>
        </s:Subcode>
      </s:Code>
      <s:Reason>
        <s:Text xml:lang="">The connectivity test from the push subscription source to the client failed. This can happen if the client machine initiating the push subscription is unreachable from the server machine where the event source is located. Possible reasons include firewall or some other network boundary. Modify subscription to use Pull based subscription. </s:Text>
      </s:Reason>
      <s:Detail>
        <w:FaultDetail>http://schemas.dmtf.org/wbem/wsman/1/wsman/faultDetail/UnusableAddress</w:FaultDetail>
        <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2150858901" Machine="<fqdn_of_windows_machine>">
          <f:Message>The connectivity test from the push subscription source to the client failed. This can happen if the client machine initiating the push subscription is unreachable from the server machine where the event source is located. Possible reasons include firewall or some other network boundary. Modify subscription to use Pull based subscription. </f:Message>
        </f:WSManFault>
      </s:Detail>
    </s:Fault>
  </s:Body>
</s:Envelope>
Connection failed. response code = 500

Also please note that the console running wseventsink does receive some request and log it as follows:

Jun  7 12:25:09 [23193] Sock 4 accepted
Jun  7 12:25:09 [23193] Thread 554891008 handles sock 4
Jun  7 12:25:09 [23193] do_init: initialized context 0x7f121c0009a0
Jun  7 12:25:09 [23193] shttpd_add: ctx 0x7f121c0009a0, sock 4, conn 0x7f121c002b10
Jun  7 12:25:09 [23193] 4 readable
Jun  7 12:25:09 [23193] serve: enter 0x7f121c002b10: local 0.0.0, remote 0.0.0
Jun  7 12:25:09 [23193] serve: readremote returned 2526
Jun  7 12:25:09 [23193] handle: [POST /eventsink HTTP/1.1
Connection: Keep-Alive
Content-Type: application/soap+xml;charset=UTF-16
Authorization: Kerberos <authorization_header_value>
User-Agent: Microsoft WinRM Client
Content-Length: 0
Host: <fqdn_of_linux_machine>:999

]
Jun  7 12:25:09 [23193] Server callback started initialy. len = 4095, sent = 0
Jun  7 12:25:09 [23193] Connection: Keep-Alive
Jun  7 12:25:09 [23193] Content-Type: application/soap+xml;charset=UTF-16
Jun  7 12:25:09 [23193] Authorization: Kerberos <authorization_header_value>
Jun  7 12:25:09 [23193] User-Agent: Microsoft WinRM Client
Jun  7 12:25:09 [23193] Content-Length: 0
Jun  7 12:25:09 [23193] Host: <fqdn_of_linux_machine>:999
Jun  7 12:25:09 [23193] NULL request body. len = 0
Jun  7 12:25:09 [23193] Posted request: (null), wsman_msg len = 0
Jun  7 12:25:09 [23193] message len = 0
Jun  7 12:25:09 [23193] Response (status) 400 (No request body)
Jun  7 12:25:09 [23193] serve: exit 0x7f121c002b10: local 1.59.0, remote 0.2526.0
Jun  7 12:25:09 [23193] sock 4 ready to write from 0 to 59
Jun  7 12:25:09 [23193] serve: enter 0x7f121c002b10: local 1.59.0, remote 0.2526.0
Jun  7 12:25:09 [23193] writeremote: 59 59 59 0 0 0 [22: Invalid argument]
Jun  7 12:25:09 [23193] serve: writeremote returned 59
Jun  7 12:25:09 [23193] serve: exit 0x7f121c002b10: local 1.0.0, remote 0.2526.0
Jun  7 12:25:09 [23193] disconnecting 0x7f121c002b10
Jun  7 12:25:09 [23193] connection 0x7f121c002b10 is keeping alive for 2 secs
Jun  7 12:25:09 [23193] 4 readable
Jun  7 12:25:09 [23193] serve: enter 0x7f121c002b10: local 0.0.0, remote 0.0.0
Jun  7 12:25:09 [23193] serve: readremote returned 0
Jun  7 12:25:09 [23193] disconnecting 0x7f121c002b10
Jun  7 12:25:09 [23193] Thread 554891008 processed sock 4


Additional details:
  • Windows Firewall is turned OFF
  • 'iptables' service on Linux is STOPPED
  • Both machines are on the same domain (*.abc.com) and reachable (via ping) from each other

Could someone please help me resolve this issue? I would be very grateful for any kind of guidance. Thank you!

P. S. Kindly excuse the length of my email, I am posting on a mailing list for the first time and I intend to be as specific as possible.

Regards,
Rishi Dabre

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 'wsman subscribe' not working for subscriber Linux and event source Windows Server 2012

Klaus Kaempf
* Rishi Dabre <[hidden email]> [Jun 07. 2017 23:28]:
> Hello,
>
> I want to use OpenWSMAN for subscribing for events from a Windows Server
> 2012 machine on a Linux machine. So far, I have installed wseventsink (
> *wseventsink-0.0.3-5.61.x86_64.rpm*) and wsman on my Linux machine. Also I
> have verified that wseventsink indeed listens to any POST requests on my
> designated port (999).

Rishi,

lacking proper testing equipment, I can't help you much. I'd suggest
to use a 'packet sniffer' like Wireshark[1] to check the actual traffic
between the Windows and the Linux host.

Klaus
[1] https://en.wikipedia.org/wiki/Wireshark
--
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 'wsman subscribe' not working for subscriber Linux and event source Windows Server 2012

Rishi Dabre
Hi Klaus,

Thank you for the consideration!

I tried using Wireshark on Windows machine and tcpdump on Linux to analyze the packets. The Windows machine did receive the wsman subscribe SOAP envelope to which it responded with first an ACK immediately followed by a SOAP envelope talking about connectivity failure (mentioned in thread earlier).

Also, I was not sure if I had to but I installed 'sfcbd' on Linux. Though I am not able to run it as it says ClassProvider failed to start, rc:3. I do have 'sblim-cmpi-devel-2.0.3' installed. Could you help me understand if and how I should use this?

Thanks and regards,
Rishi Dabre

On Mon, Jun 12, 2017 at 6:15 AM, Klaus Kaempf <[hidden email]> wrote:
* Rishi Dabre <[hidden email]> [Jun 07. 2017 23:28]:
> Hello,
>
> I want to use OpenWSMAN for subscribing for events from a Windows Server
> 2012 machine on a Linux machine. So far, I have installed wseventsink (
> *wseventsink-0.0.3-5.61.x86_64.rpm*) and wsman on my Linux machine. Also I
> have verified that wseventsink indeed listens to any POST requests on my
> designated port (999).

Rishi,

lacking proper testing equipment, I can't help you much. I'd suggest
to use a 'packet sniffer' like Wireshark[1] to check the actual traffic
between the Windows and the Linux host.

Klaus
[1] https://en.wikipedia.org/wiki/Wireshark
--
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 'wsman subscribe' not working for subscriber Linux and event source Windows Server 2012

Klaus Kaempf
* Rishi Dabre <[hidden email]> [Jun 12. 2017 21:16]:
> Hi Klaus,
>
> Thank you for the consideration!
>
> I tried using Wireshark on Windows machine and tcpdump on Linux to analyze
> the packets. The Windows machine did receive the wsman subscribe SOAP
> envelope to which it responded with first an ACK immediately followed by a
> SOAP envelope talking about connectivity failure (mentioned in thread
> earlier).

The connectivity failure should appear in the wireshark logs.
Otherwise Windows isn't actually testing the connectivity.


>
> Also, I was not sure if I had to but I installed 'sfcbd' on Linux. Though I
> am not able to run it as it says *ClassProvider failed to start, rc:3*. I
> do have 'sblim-cmpi-devel-2.0.3' installed. Could you help me understand if
> and how I should use this?

You won't need sfcbd on Linux. sfcbd is a CIMOM to instrument Linux
resources. This is unrelated to receiving indications from Windows.

Klaus
--
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 'wsman subscribe' not working for subscriber Linux and event source Windows Server 2012

Rishi Dabre
Hi Klaus,

In Wireshark, three of the packets (in sequence) were as follows:
  1. POST WSMan request from Linux to Windows
  2. ACK from Windows to Linux
  3. POST from Windows to Linux with XML payload talking about connectivity failure
So I am wondering if this actually is a connectivity problem or something unrelated.

Besides, I found few traces with PTR record requests in the 'tcpdump' ouput on Linux filtered by its FQDN as the host name, though I was not able to totally understand them. But I have been trying different values for host name and notification URI in the subscribe command.

Could you think of any remote possibility off the top of your head which could be causing this problem? Also, has there ever been before a working example of WS-Eventing between Linux and Windows that you know of?

Thanks and regards,
Rishi Dabre

On Mon, Jun 12, 2017 at 11:39 PM, Klaus Kaempf <[hidden email]> wrote:
* Rishi Dabre <[hidden email]> [Jun 12. 2017 21:16]:
> Hi Klaus,
>
> Thank you for the consideration!
>
> I tried using Wireshark on Windows machine and tcpdump on Linux to analyze
> the packets. The Windows machine did receive the wsman subscribe SOAP
> envelope to which it responded with first an ACK immediately followed by a
> SOAP envelope talking about connectivity failure (mentioned in thread
> earlier).

The connectivity failure should appear in the wireshark logs.
Otherwise Windows isn't actually testing the connectivity.


>
> Also, I was not sure if I had to but I installed 'sfcbd' on Linux. Though I
> am not able to run it as it says *ClassProvider failed to start, rc:3*. I
> do have 'sblim-cmpi-devel-2.0.3' installed. Could you help me understand if
> and how I should use this?

You won't need sfcbd on Linux. sfcbd is a CIMOM to instrument Linux
resources. This is unrelated to receiving indications from Windows.

Klaus
--
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 'wsman subscribe' not working for subscriber Linux and event source Windows Server 2012

Klaus Kaempf
* Rishi Dabre <[hidden email]> [Jun 14. 2017 00:39]:

> Hi Klaus,
>
> In Wireshark, three of the packets (in sequence) were as follows:
>
>    1. POST WSMan request from Linux to Windows
>    2. ACK from Windows to Linux
>    3. POST from Windows to Linux with XML payload talking about
>    connectivity failure
>
> So I am wondering if this actually is a connectivity problem or something
> unrelated.

Windows isn't even trying to reach the Linux system.

Try to add credentials to the event endpoint url. Maybe Windows
expects an authenticated endpoint ?


Klaus
--
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 'wsman subscribe' not working for subscriber Linux and event source Windows Server 2012

Rishi Dabre
Hi Klaus,

My bad, I had a filter set for packets only through port 5985. On clearing it I observed that after receiving the subscribe request from Linux, Windows does send a POST response with content length 0 at the '/eventsink' endpoint. Then Linux responds back with HTTP 400 No request body after which Windows sends back the 'connectivity failure' message.

Adding delivery credentials to the subscribe request does not work either, but the response received this time is different as follows:
The WS-Management service cannot process a SOAP header in the request that is marked as mustUnderstand by the client.  This could be caused by the use of a version of the protocol which is not supported, or may be an incompatibility  between the client and server implementations.
But this time, I do not see any response on the 'wseventsink' console'.

I think I may have taken quite some time of yours on this. I shall continue debugging this more and seek your help if I am badly stuck again (unless there is some more that you could suggest and I have not tried out :)). Thank you for your kind help! :)

Best regards,
Rishi Dabre

On Wed, Jun 14, 2017 at 3:27 AM, Klaus Kaempf <[hidden email]> wrote:
* Rishi Dabre <[hidden email]> [Jun 14. 2017 00:39]:
> Hi Klaus,
>
> In Wireshark, three of the packets (in sequence) were as follows:
>
>    1. POST WSMan request from Linux to Windows
>    2. ACK from Windows to Linux
>    3. POST from Windows to Linux with XML payload talking about
>    connectivity failure
>
> So I am wondering if this actually is a connectivity problem or something
> unrelated.

Windows isn't even trying to reach the Linux system.

Try to add credentials to the event endpoint url. Maybe Windows
expects an authenticated endpoint ?


Klaus
--
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 'wsman subscribe' not working for subscriber Linux and event source Windows Server 2012

Klaus Kaempf
* Rishi Dabre <[hidden email]> [Jun 14. 2017 19:55]:
> Hi Klaus,
>
> My bad, I had a filter set for packets only through port 5985. On clearing
> it I observed that after receiving the subscribe request from Linux,
> Windows does send a POST response with content length 0 at the '/eventsink'
> endpoint. Then Linux responds back with HTTP 400 No request body after
> which Windows sends back the 'connectivity failure' message.

Hmm, this looks like a problem in the wseventsink implementation.

This tool was scribbled together to verify Openwsman's event
implementation. It's certainly not intended as a general event sink.

In case you manage to fix it, I happily accept patches or pull
requests[1] ;-)

Klaus

[1] https://github.com/Openwsman/wseventsink
--
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 'wsman subscribe' not working for subscriber Linux and event source Windows Server 2012

Rishi Dabre
Oh, I see. As of now, we are moving ahead with a different approach but sure I will produce my patch to you if I can fix it. Thanks again for your time and help, I really appreciate it! :)

Regards,
Rishi Dabre

On Mon, Jun 19, 2017 at 3:30 AM, Klaus Kaempf <[hidden email]> wrote:
* Rishi Dabre <[hidden email]> [Jun 14. 2017 19:55]:
> Hi Klaus,
>
> My bad, I had a filter set for packets only through port 5985. On clearing
> it I observed that after receiving the subscribe request from Linux,
> Windows does send a POST response with content length 0 at the '/eventsink'
> endpoint. Then Linux responds back with HTTP 400 No request body after
> which Windows sends back the 'connectivity failure' message.

Hmm, this looks like a problem in the wseventsink implementation.

This tool was scribbled together to verify Openwsman's event
implementation. It's certainly not intended as a general event sink.

In case you manage to fix it, I happily accept patches or pull
requests[1] ;-)

Klaus

[1] https://github.com/Openwsman/wseventsink
--
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel
Loading...