Troubleshooting Reflection X Advantage Domain Connections

This technical note describes how to troubleshoot problems connecting the X Manager for Domains to a Reflection X Advantage domain controller.

There are many reasons why a connection attempt may fail. After a failure occurs, a related message is shown in the bottom of the X Manager for Domains user-interface that may help identify the problem. For example:

Use the guidelines in the sections below to troubleshoot the failed connection. This note is organized into the following troubleshooting topics:

Additional detail regarding the problem may be available in log files created by both the X Manager for Domains and the Reflection X Advantage domain controller. For more information, see the Logging section below.

Network Firewall

Note: Beginning in Reflection X Advantage 4.0, predefined ports are used. If your environment has a network firewall, you need to upgrade to 4.0.

A network firewall cannot be running between any Reflection X Advantage 3.x or earlier domain nodes, including those running the X Manager for Domains and those running a Reflection X Advantage domain controller. This is because in domain mode, Reflection X Advantage uses random, ephemeral ports for communication between all of its components. If a network firewall is running, you may see one of the following messages:

• “Failed to establish bidirectional communication with the domain controller.”

• “Failed to connect to host <hostname>.”

Resolution: Upgrade to Reflection X Advantage 4.0 or disable the network firewall between the Reflection X Advantage domain nodes.

Note: Personal firewalls can be used if they work at the application level, as the Microsoft Windows Firewall does. For information about configuring Reflection X Advantage for use with the Windows Firewall, see KB 7021818.

Network Address Translation

Note: Beginning in version 4.0, you can configure Reflection X Advantage to work in a NAT environment.

Network Address Translation (NAT) must not exist between nodes running Reflection X Advantage 3.x or earlier. This is because Reflection X Advantage components provide IP address information to other Reflection components for communication, which would not be updated by the NAT tables. You may see the following error message:

Resolution: Upgrade to Reflection X Advantage 4.0 or disable the Network Address Translation between nodes that run Reflection X Advantage.

Logging into a Reflection X Domain

When the X Manager for Domains is launched, the following login window displays.

User name and password fields

The input required depends on how the applicable Reflection X Advantage domain controller was set up. Multiple authentication mechanisms are supported and the default mechanism varies based on operating system.

For example, if the domain controller is running on a UNIX or Linux operating system, Pluggable Authentication Modules (PAM) is the default authentication mechanism, so your UNIX or Linux user name and password would likely be required. If the domain controller is running on a Windows operating system, Windows Domain (or Windows local) is the default authentication mechanism, so your Windows domain (or Windows local) credentials would likely be required. There are other authentication mechanisms as well, such as LDAP. If you are unsure which credentials to use, check with the domain administrator.

Domain field

The name or IP address of the host running the Reflection X Advantage domain controller should be entered here.

Note: Do not enter your Windows domain in this field.

Resolution: Follow these examples.

Example 1: Logging into a Reflection X Advantage domain controller running on a UNIX host

Example 2: Logging into a Reflection X Advantage domain controller running on a Windows host

Windows Domain and Local Authentications

When Reflection X Advantage is installed on a Windows operating system and a Reflection X Advantage domain controller is created, the default authentication mechanism is a Windows domain. The Windows domain configured by default will depend on how the Windows session was logged into before installing Reflection X Advantage.

For example, if the Windows session was logged into with a user from a domain (such as ‘attachmate’), the domain configured by the Reflection X Advantage domain controller will be ‘attachmate’. If the Windows session was logged into with an account local to the Windows machine, and the PC name is ‘rxa-dc.attachmate.com’, the domain configured by the Reflection X Advantage domain controller will be ‘RXA-DC’.

Understanding which domain has been configured for a Reflection X Advantage domain controller on Windows enables users to input the appropriate credentials.

Resolution: If you are unsure which domain has been configured, check with the host or Reflection X Advantage administrator.

Mixing Versions of Reflection X Advantage

All components in a Reflection X Advantage domain must be running the same version. If attempting to use the X Manager for Domains to log into a Reflection X Advantage domain running a different version, then you may see the following message:

Resolution: Upgrade the earlier version of Reflection X Advantage to match the newer installation.

Machines with Multiple Network Adapters

If the Reflection X Advantage domain controller has more than one network adapter, there is a chance the wrong one may be utilized by the domain controller. The correct adapter can be configured by editing the rxs.conf file on the domain controller. In that file, there will be a few entries like the following:

Resolution: Add another entry, using the next number in sequence, and the keyword and value combination below:

After making this change, restart the RX service.

Domains on Linux

Note: This information in this section does not apply to version 4.0 or higher.

When you try to log on to a Reflection X Advantage domain, you receive a "Permission Denied," "Failed to connect to domain," or "Domain communication error" message.

Machines used with Reflection X Advantage must have a host name that is resolvable either through DNS or by an entry in a hosts file. Some Linux distributions place an entry in /etc/hosts that maps the machine’s host name to an address in the local loopback space (127.0.0.2 or 127.0.1.1, for example); using a local loopback address causes communication issues in Reflection X Advantage.

Resolution: Upgrade to Reflection X Advantage version 4.0, or remove entries in /etc/hosts that map the host name to a local loopback address, or add an entry containing the machine’s true IP address and host name to the hosts file.

Connections to Domain Nodes

You may be able to log into the domain, but when you try to start a session, a message like the following displays:

This message may display if there is a firewall blocking access to the node, or if there is a problem resolving the IP address (for example, in a NAT environment). If the problem is due to an incorrect or unusable IP address, starting in version 4.0, an alternate address can be configured as a fallback. The alternate address can be created using the rxsconfig command line utility or the X Administrative Console.

Request Technical Support

If you have worked through this technical note and are still unable to connect, contact Attachmate Technical Support. For information about contacting Attachmate technical support, see https://support.microfocus.com/contact/.

If you are asked to send in a log file, follow the steps below.

Logging

Logs are generated for the X Manager for Domains, the Reflection X Advantage domain controller, and the Reflection X Advantage domain nodes. See the log locations below, along with information about how to increase logging if needed..

Note: All log files in version 3.0 and earlier are named output.txt. Beginning with version 4.0 loging information has been broken down into a larger number of files, each with a descriptive name such as “xmanager.log” and “domain.log”.

X Manager for Domains:

Reflection X Advantage domain controller:

Sometimes a higher level of logging is required than what is provided by default. You can enable debug logging by using the file provided here for download from the Attachmate Download Library: log.xml.

To use the log.xml file, follow the steps below.

1. Download and save the file into the appropriate directory on each system running Reflection X Advantage that you want to increase debugging on.

2. Edit this file entry to specify the location and name for the debug log:

3. Restart the X Manager for Domains and RX Service on the domain controller so that the new logging will take effect.

Note: All Reflection X Advantage logging will be redirected to the files specified. Once the debug log has been taken or the connection problem resolved, we recommend you remove the log.xml file and restart the appropriate Reflection X Advantage component(s).

Sending a Trace to Support

If you are already working with Technical Support, see the instructions at https://support.microfocus.com/kb/doc.php?id=7024990 on how to upload any files gathered.  If you experience issues with getting the FTS credentials from the Support Portal, contact your Support Engineer who can assist and provide the URL, username, and password for the upload.

Legacy KB ID

This document was originally published as Attachmate Technical Note 2466.