Guest

Preview Tool

Cisco Bug: CSCtc68915 - Problem with tomcat after port scan

Last Modified

Feb 07, 2017

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

7.0(2)

Description (partial)

Symptom:

After a port scan, web browsing the UCXN would stop working. Show open port on the servers reveals that port 8443 does not LISTEN anymore. Also seen the RTMT error about exceeding threads for the Tomcat service.


Severity: Critical
App ID: Cisco AMC Service
Message: : 53: Oct 06 00:14:43.394 UTC :
%CCM_RTMT-RTMT-2-RTMT-ERROR-ALERT: RTMT Alert
Name:TotalProcessesAndThreadsExceededThreshold Detail: From Mon Oct 05
19:15:13 EDT 2009 to Mon Oct 05 20:14:43 EDT 2009 on node
<node_name>, there are 1
TotalProcessesAndThreadsExceededThresholdStart alarm(s) and 0
TotalProcessesAndThreadsExceededThresholdEnd alarm(s) received. On Mon
Oct 05 20:14:14 EDT 2009, the last
TotalProcessesAndThreadsExceededThreshold alarm generated:
TotalProcessesAndThreadsExceededThresholdStart NumberOfProcesses : 193
NumberOfThreads : 1809 Reason : Total processes and threads have
exceeded the maximum tasks [2000] ProcessWithMostInstances : Process
[unityoninit] has instances [41] ProcessWithMostThreads : Process
[tomcat] has Thread Count [375] AppID : Cisco RIS Data Collector


Conditions:

1.     After running a port scanner against two Unity Connection servers:  The scanner attempts to connect via web on multiple tries (ports 80 and 443).  You can see that from the Tomcat log below.  

[03/Oct/2009:21:49:06 -0400]<ip_addr_of_server> - 80 GET /niet564343161.htm  404 0
[03/Oct/2009:21:49:06 -0400] <ip_addr_of_server> - 443 GET /cuadmin/info2www  404 0
[03/Oct/2009:21:49:06 -0400] <ip_addr_of_server> - 80 GET /niet69527704.jsp  404 0
[03/Oct/2009:21:49:06 -0400] <ip_addr_of_server> - 80 GET /niet101545433.asp  404 0

2.      Correctly, the servers provide 404s to the port scanner.  However, because UCOS redirects port 80 to 8080 and port 443 to 8443, these attempts are causing the tomcat errors 

Oct 3, 2009 9:49:41 PM
SEVERE: Endpoint ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=8080] ignored
exception: java.net.SocketException: Permission denied
java.net.SocketException: Permission denied

3.      After the scan is completed, web browsing the UCXN is not working:  Port 8443 not LISTENING anymore.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.