Remote JMX connection

how to get jmx port in linux
visualvm remote jmx
jmx monitoring tools
how to use jmx
jmx query
jmx metrics port
jmx connection string
jmx port argument

I'm trying to open a JMX connection to java application running on a remote machine.

The application JVM is configured with the following options:

  • com.sun.management.jmxremote
  • com.sun.management.jmxremote.port=1088
  • com.sun.management.jmxremote.authenticate=false
  • com.sun.management.jmxremote.ssl=false

I'm able to connect using localhost:1088 using jconsole or jvisualvm. But I'm not able to connect using xxx.xxx.xxx.xxx:1088 from a remote machine.

There is no firewall between the servers, or on the OS. But to eliminate this possibility I telnet xxx.xxx.xxx.xxx 1088 and I think it connects, as the console screen turns blank.

Both servers are Windows Server 2008 x64. Tried with 64-bit JVM and 32-bit, neither work.

Had it been on Linux the problem would be that localhost is the loopback interface, you need to application to bind to your network interface.

You can use the netstat to confirm that it is not bound to the expected network interface.

You can make this work by invoking the program with the system parameter java.rmi.server.hostname="YOUR_IP", either as an environment variable or using

java -Djava.rmi.server.hostname=YOUR_IP YOUR_APP

Java VisualVM - Connecting to JMX Agents Explicitly, Remote JMX Connections. Right click anywhere in the blank area under the application tree and select Add JMX Connection. Provide the machine name and port number for a running JMX agent, that has been started with the appropriate system properties to allow remote management. The JVM software exposed via the JMX connection can now be monitored and managed via Java VisualVM. Remote JMX Connections. You can also make explicit JMX connections to applications running on remote hosts, as explained below: Right click anywhere in the blank area under the application tree and select Add JMX Connection.

I've spend more than a day trying to make JMX to work from outside localhost. It seems that SUN/Oracle failed to provide a good documentation on this.

Be sure that the following command returns you a real IP or HOSTNAME. If it does return something like 127.0.0.1, 127.0.1.1 or localhost it will not work and you will have to update /etc/hosts file.

hostname -i

Here is the command needed to enable JMX even from outside

-Dcom.sun.management.jmxremote 
-Dcom.sun.management.jmxremote.authenticate=false 
-Dcom.sun.management.jmxremote.ssl=false 
-Dcom.sun.management.jmxremote.port=1100
-Djava.rmi.server.hostname=myserver.example.com

Where as you assumed, myserver.example.com must match what hostname -i returns.

Obviously, you need to be sure that the firewall does not block you, but I'm almost sure that this is not your problem, the problem being the last parameter that is not documented.

Monitoring and Management Using JMX Technology, Remote monitoring, for a client management application running on a remote Any remote user who knows (or guesses) your JMX port number and host name  I'm trying to open a JMX connection to java application running on a remote machine. The application JVM is configured with the following options: com.sun.management.jmxremote com.sun.management.

In my testing with Tomcat and Java 8, the JVM was opening an ephemeral port in addition to the one specified for JMX. The following code fixed me up; give it a try if you are having issues where your JMX client (e.g. VisualVM is not connecting.

-Dcom.sun.management.jmxremote.port=8989
-Dcom.sun.management.jmxremote.rmi.port=8989

Also see Why Java opens 3 ports when JMX is configured?

Lesson: Remote Management (The Java™ Tutorials > Java , Java technology-based clients. The client end of a connector exports essentially the same interface as the MBean server. Remote JMX Connection example using JConsole JConsole SSL with Password Authentication Memory Profiling Detecting memory leak in Java using JConsole with example code Find memory leak in your Java application using this quick JConsole hack Heap dump analysis using Eclipse Memory Analyzer Tool (MAT)

http://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole

If you are trying to access a server which is behind a NAT - you will most probably have to start your server with the option

-Djava.rmi.server.hostname=<public/NAT address>

so that the RMI stubs sent to the client contain the server's public address allowing it to be reached by the clients from the outside.

Enabling a JMX port for monitoring, number. From a command line, go to the bin directory in the <JRE_HOME> directory that contains the Java Runtime Environment (JRE) implementation, for example jre/bin. Then add a new JMX connection (enter Tomcat's Public IP address and the port number that you have specified in variables.conf ). In a few seconds your connection will be established and your application will appear in the list with remote connections. Also you'll see short overview of your server,

it seams that your ending quote comes too early. It should be after the last parameter.

This trick worked for me.

I noticed something interesting: when I start my application using the following command line:

java -Dcom.sun.management.jmxremote.port=9999
     -Dcom.sun.management.jmxremote.authenticate=false
     -Dcom.sun.management.jmxremote.ssl=false

If I try to connect to this port from a remote machine using jconsole, the TCP connection succeeds, some data is exchanged between remote jconsole and local jmx agent where my MBean is deployed, and then, jconsole displays a connect error message. I performed a wireshark capture, and it shows data exchange coming from both agent and jconsole.

Thus, this is not a network issue, if I perform a netstat -an with or without java.rmi.server.hostname system property, I have the following bindings:

 TCP    0.0.0.0:9999           0.0.0.0:0              LISTENING
 TCP    [::]:9999              [::]:0                 LISTENING

It means that in both cases the socket created on port 9999 accepts connections from any host on any address.

I think the content of this system property is used somewhere at connection and compared with the actual IP address used by agent to communicate with jconsole. And if those address do not match, connection fails.

I did not have this problem while connecting from the same host using jconsole, only from real physical remote hosts. So, I suppose that this check is done only when connection is coming from the "outside".

Enabling and disabling JMX, The most common way to enable remote JMX access to your JVM is to specify a TCP/IP port number and some basic security settings when you start the JVM. So now we know how to write JMX Client program that can connect to remote MBean server and create MBean proxy to use attributes and operations exposed by MBean. JMX Role Based Authentication Let’s start configuring our MBean for role based authentication.

Remote JMX Connection example using JConsole, Remote JMX Connection example. How to set the JMX Port number. Establishing a connection with authentication using a password. The Server Configuration Tool and the Ant tasks can configure a default secure JMX connection, which includes the definition of a JMX remote port, and the definition of authentication properties. They modify tomcat_install_dir /bin/setenv.bat and tomcat_install_dir /bin/setenv.sh to add these options to CATALINA_OPTS :

How do I use JMX Remote Monitoring?, In JConsole, select "Remote Process" and connect to the server and port that you'​ve specified in your artifactory.default (or default) file. The ActiveMQ broker should appear in the list of local connections, if you are running JConsole on the same host as ActiveMQ. JMX remote access. Remote connections to JMX are not enabled by default in the activemq.xml for security reasons. Please refer to Java Management guide to configure the broker for remote management.

Enabling Remote JMX, To open the JMX port on the remote JVM, you must enter the port number to use for the JMX RMI connection. Be sure to specify an unused port  Monitoring and Managing JBoss Web Introduction. Monitoring is a very important question today. Looking inside the running server, grab some statistic data or reconfigure some aspects are daliy adminstration tasks. Enabling JMX Remote

Comments
  • Probably related to stackoverflow.com/questions/151238/…
  • Here is detailed guide stackoverflow.com/a/11654322/99834
  • Don't forget about hostname -i, see stackoverflow.com/a/11654322/99834 for details.
  • Worked! In our environment we use VMWare virtual machines. The server was on a VM. The VM was deployed fenced so it has internal and an external IP addresses. We started the server java process with -Djava.rmi.server.hostname=<external-ip-address>.
  • To set the host ip or change the localhost ip this link would be useful.
  • I have two questions here - 1) What if one wants to use JMXMP rather than JMX. What would be the configs for that? and 2) Is it possible to make the JMX connection without loading the RMI protocol?
  • Adding -Djava.rmi.server.hostname=myserver.example.com did the trick! Thanks!
  • I took the liberty of opening a JDK docs bugs for this: bugs.openjdk.java.net/browse/JDK-8066405
  • "Be sure that the following command returns you a real IP or HOSTNAME. If it does return something like 127.0.0.1, 127.0.1.1 or localhost it will not work and you will have to update /etc/hosts file." What?
  • Just a quick not, the java.rmi.server.hostname=<Public DNS name from AWS EC2 console for the instance>. Hope this helps someone.
  • What do you mean by "your ending quote comes too early"? I have the same problem, I see the TCP connection being made, but eventually jconsole claims it failed to connect.
  • I don't know, if I remember correctly, there was a quote open somewhere and this quote was not at the end of parameters. Maybe it was in a batch script, I can't remember. But I must admit this answer makes no sense regarding the question... Maybe the question has been edited? No edited notification under the question... I don't know, I'm sorry.
  • Can you tell me why is it binding to 0.0.0.0 and not to a specific IP