Troubleshooting
Problem
This document instructs you on how to check and see if your PC is being blocked by a closed firewall port in reference to Operations Console and HMC 5250 console applications. Both from IBM iAccess for Windows and Access Client Solutions (ACS).
Symptom
You are attempting to connect to a Console session from your PC but are not able to get a connection. However, you are able to ping the IP address and Domain name of your console session.
Cause
Cannot connect to console but ping communication is there.
Environment
Windows, Linux or Mac to IBM i V6R1M0 and later
Diagnosing The Problem
You can ping the Console IP address but you cannot connect to it via Operations Console or ACS
Resolving The Problem
First determine if you are able to ping the Console's IP address.
- run command ping <console IP or Qualified Domain Name>
Here are some examples of successful ping's:
!!!Note: If you cannot ping the Console IP address (or HMC address if HMC 5250) then a firewall blockage is not the issue!!!
Ports Used:
The list of ports that console uses are as follows:
- 2301= SSL
If any of the ports referenced above fail for your particular connection type (LAN Console or HMC 5250 Console) then that port will need to be opened on the firewall in order for the connection to work.
To Determine if you can ping the destination do the following:
- Open a DOS prompt (or Terminal if Linux or Apple)
Windows= Start -> All Programs -> Accessories -> Command Prompt
Apple = Launchpad -> Utilities -> Terminal
Linux (can depend on your flavor)= Application Browser -> Terminal
- run command ping <console IP or Qualified Domain Name>
Here are some examples of successful ping's:
!!!Note: If you cannot ping the Console IP address (or HMC address if HMC 5250) then a firewall blockage is not the issue!!!
Ports Used:
The list of ports that console uses are as follows:
- HMC
- 2301= SSL
- LAN Console
- Main ports you are concerned with are 3002, 3001 2323 and 2300
- Some other ports that are needed at times are:
- 67 and 68 (BootP, though firewalls can have individual settings to block BootP even if you have these opened)
- 449- Sort of applies to SLIC though you are able to run if this one is closed.
How to test:
IBM i Access for Windows
IBM i Access for Windows (Can only be done in Windows)
- Open a DOS prompt in Windows
- Once Opened run the following command:
cwbping <console IP> /port:<associated port>
- It will come back as successful or failed (as seen in screenshots below)
This is the result that you want to see:
This image indicates a successful connection through that port. If the message there says that it "Unsuccessfully connected to server application: 3002" then there is a firewall blockage and that will have to be take care of on your network firewall.
Access Client Solutions
1. Open a Terminal (or Dos prompt) session....Reference above for directions
2. You will need to navigate to the folder where ACS is unpacked:
Once you are in the location of ACS you can run the command below to find out if any firewall ports are blocked.
java -jar acsbundle.jar /PLUGIN=ping /SYSTEM=<HMC or CONSOLE IP> /PORTS=<port#>
GUI Option- Available in ACS Version 1.1.8.4 and later:
- Some other ports that are needed at times are:
- 67 and 68 (BootP, though firewalls can have individual settings to block BootP even if you have these opened)
- 449- Sort of applies to SLIC though you are able to run if this one is closed.
How to test:
IBM i Access for Windows
IBM i Access for Windows (Can only be done in Windows)
- Open a DOS prompt in Windows
- Once Opened run the following command:
cwbping <console IP> /port:<associated port>
- It will come back as successful or failed (as seen in screenshots below)
This is the result that you want to see:
This image indicates a successful connection through that port. If the message there says that it "Unsuccessfully connected to server application: 3002" then there is a firewall blockage and that will have to be take care of on your network firewall.
Access Client Solutions
1. Open a Terminal (or Dos prompt) session....Reference above for directions
2. You will need to navigate to the folder where ACS is unpacked:
Once you are in the location of ACS you can run the command below to find out if any firewall ports are blocked.
java -jar acsbundle.jar /PLUGIN=ping /SYSTEM=<HMC or CONSOLE IP> /PORTS=<port#>
GUI Option- Available in ACS Version 1.1.8.4 and later:
1. Open ACS Main GUI Interface:
2. Under the Management Section click System Configurations.
3. Select your system and click Edit
4. Select the Console Tab and you will see an option for Verify Connection
5. Depending on if this is a LAN Console or HMC 5250 console you should see the following:
LAN Console
HMC 5250 Console
If any of the ports referenced above fail for your particular connection type (LAN Console or HMC 5250 Console) then that port will need to be opened on the firewall in order for the connection to work.
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.1.0"}]
Was this topic helpful?
Document Information
Modified date:
31 July 2023
UID
nas8N1020642