Having some difficulty using the ADNM console to remotely manage AMS servers. The ADNM guide states:
For accessing the AMS by a remote console
• Open the ports tcp/16102 and udp/6000 on the firewall (gateway), and have
them redirected to the AMS itself.
• In the console, use the public (WAN) IP address of the gateway as the AMS
address.
No problem. This is done on the edge Cisco device, and forwarding requisite ports to the AMS server in question.
However, I am unable to log in, as the “server is actively refusing the connection”
My first guess is that perhaps port 443 is also requisite for communication due to SSL? Any other thoughts?
Either that, or the avast management server service isn’t running on the server.
Can you access the ADNM console on the server that is hosting it?
I don’t use the console remotely, so I can’t say for sure yet, but if you have those ports open, it should be working. I don’t think it needs 443 though.
If it’s actively refusing the connection, it seems like your request is getting there, but something else is wrong. Again, like the service isn’t running, or possibly the license file can’t be found, or loaded, or maybe it’s expired.
The production environment is pretty straightforward. AMS sits behind Cisco router, and is assigned an “internal” private IP address. Ports for remote AMS console are forwarded from a public “external” IP address, through the router (NAT), to the AMS. This still does not seem to work.
The test environments, that both work now:
1: Aforementioned Windows box w/ AMS, assigned public IP, exceptions made in Windows Firewall for AMS. No NAT.
2: Windows 2008 SBS with private IP address, ports forwarded through a Smoothwall. NAT is used.
So, its become a config boondoggle in the production environment that I can’t really troubleshoot at this point. Though, I have proven that AMS is contactable behind firewall/NAT so, really this is resolved as far as Avast is concerned
Yeah, that’s the only other thing that I can tell. The ports on your end.
If the only thing standing between you and the AMS server is the cisco router, then I’d be trying to make sure that packets were passing through it on those ports.
I’ve never had the need, nor the privilege to have a cisco router to work on, but I’m sure there would be some sort of log or some other way to see if those ports were open correctly, and passing through to the right IP address on the other end.