ADNM console over Internet

Hello all

Having some difficulty using the ADNM console to remotely manage AMS servers. The ADNM guide states:

For accessing the AMS by a remote console • Open the ports tcp/16102 and udp/6000 on the firewall (gateway), and have them redirected to the AMS itself. • In the console, use the public (WAN) IP address of the gateway as the AMS address.

No problem. This is done on the edge Cisco device, and forwarding requisite ports to the AMS server in question.

However, I am unable to log in, as the “server is actively refusing the connection”

My first guess is that perhaps port 443 is also requisite for communication due to SSL? Any other thoughts?

Welcome to the forum.

Either that, or the avast management server service isn’t running on the server.

Can you access the ADNM console on the server that is hosting it?

I don’t use the console remotely, so I can’t say for sure yet, but if you have those ports open, it should be working. I don’t think it needs 443 though.

If it’s actively refusing the connection, it seems like your request is getting there, but something else is wrong. Again, like the service isn’t running, or possibly the license file can’t be found, or loaded, or maybe it’s expired.

I am able to access it internally (over private network). This AMS has been in production for about 6 months, and all is well.

Going to try to replicate scenario in a controlled test environment rather than messing with production equipment. But, for now, I am stuck.

Quick update:

This works per documentation on a server sitting on public IP space, with requisite (documented) ports open through Windows Firewall. No NAT.

The situation where it doesn’t work, yet, is through NAT. Documentation implies this is possible…

Could you give me a little description about the network topology here?

Are you trying to remotely manage the console from the same subnet/LAN, or from some other building across town through a relay or VPN or something?

I’m confused. You have the ports open in your Cisco, is there anything else that needs port forwarding setup? Another router or something else?

The production environment is pretty straightforward. AMS sits behind Cisco router, and is assigned an “internal” private IP address. Ports for remote AMS console are forwarded from a public “external” IP address, through the router (NAT), to the AMS. This still does not seem to work.

The test environments, that both work now:

1: Aforementioned Windows box w/ AMS, assigned public IP, exceptions made in Windows Firewall for AMS. No NAT.
2: Windows 2008 SBS with private IP address, ports forwarded through a Smoothwall. NAT is used.

So, its become a config boondoggle in the production environment that I can’t really troubleshoot at this point. Though, I have proven that AMS is contactable behind firewall/NAT so, really this is resolved as far as Avast is concerned :slight_smile:

did you open the ports on the side that YOU are on too?

Yeah, that’s the only other thing that I can tell. The ports on your end.

If the only thing standing between you and the AMS server is the cisco router, then I’d be trying to make sure that packets were passing through it on those ports.

I’ve never had the need, nor the privilege to have a cisco router to work on, but I’m sure there would be some sort of log or some other way to see if those ports were open correctly, and passing through to the right IP address on the other end.

Don’t know how, but I’m sure there’s a way.