To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

PM Proxy installation

MartinOza Posts: 8 Contributor

 Hi everyone

I can't install PM Proxy.

After installation and running /opt/f-secure/fspms/bin/fspms-config at the end of configuration I've got:


[....] Starting fspms (via systemctl): fspms.serviceJob for fspms.service failed because the control process exited with error code.
See "systemctl status fspms.service" and "journalctl -xe" for details.

Configuration is complete. You can manage the F-Secure Policy Manager Proxy
manually by typing '/etc/init.d/fspms {start|stop|restart|status}'.
Thank you for using F-Secure product.



I've tried to run proxy by /etc/init.d/fspms start but:


[....] Starting fspms (via systemctl): fspms.serviceJob for fspms.service failed because the control process exited with error code.
See "systemctl status fspms.service" and "journalctl -xe" for details.



systemctl status fspms.service:


● fspms.service - LSB: F-Secure Policy Manager Proxy
Loaded: loaded (/etc/init.d/fspms; generated; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2017-11-28 15:10:10 CET; 1min 3s ago
Docs: man:systemd-sysv-generator(8)
Process: 2430 ExecStart=/etc/init.d/fspms start (code=exited, status=1/FAILURE)
Tasks: 49 (limit: 4915)
CGroup: /system.slice/fspms.service
└─2326 /opt/f-secure/fspms/jre/bin/java -server -Xverify:none
e:/dev/./urandom -Djava.awt.headless=true -Dfspms.l
oggingConfigs=/opt/f-secure/fspms/config -Dfspms.logs=/var/opt/f-secure/fspms/logs -XX:ErrorFile
=/var/opt/f-secure/fspms/logs/hs_err_pid%p.log -DSTOP.PORT=8079 -DSTOP.KEY=secret -Dvertx.disabl
eDnsResolver=true -Dvertx.disableFileCPResolving=true -Dvertx.logger-delegate-factory-class-name
=io.vertx.core.logging.Log4j2LogDelegateFactory -XX:+UseG1GC -XX:+UseMontgomeryMultiplyIntrinsic
-XX:+UseMontgomerySquareIntrinsic -DtlsKeystore=/var/opt/f-secure/fspms/data/fspms.jks -Duser.l
anguage= -Duser.variant= -Dfspms.previousVersion= -Dfspms.firstInstallationTime=
1511774053000 -Dfspms.installationTime=1511774737000 -Djetty.libsetuid.path=/opt/f-secure/fspms/
lib/ext/ -Djetty.username=fspms -Djetty.groupname=fspms -DhostModulePort=81 -DhostMo
duleHttpsPort=443 -DausRedirectedPort=2380 -DdataPath=/var/opt/f-secure/fspms/data -Dguts2Channe
lsPath=/opt/f-secure/fspms/config/channels.json -DausBasePath=/opt/f-secure/fsaus -DausConfPath=
/etc/opt/f-secure/fsaus/conf -DupstreamPmHost= -DupstreamPmPort=443 -DadminPubLoca
tion=/var/opt/f-secure/fspms/data/ -DreversProxy=true -cp /opt/f-secure/fspms/lib/* com
lis 28 15:10:05 proxyfsec systemd[1]: Starting LSB: F-Secure Policy Manager Proxy...
lis 28 15:10:10 proxyfsec fspms[2430]: Starting F-Secure Policy Manager Proxy:......failed.
lis 28 15:10:10 proxyfsec systemd[1]: fspms.service: Control process exited, code=exited
lis 28 15:10:10 proxyfsec systemd[1]: Failed to start LSB: F-Secure Policy Manager Proxy
lis 28 15:10:10 proxyfsec systemd[1]: fspms.service: Unit entered failed state.
lis 28 15:10:10 proxyfsec systemd[1]: fspms.service: Failed with result 'exit-code'.



In /var/opt/f-secure/fspms/logs/launcher-erro.log there only is:


/etc/init.d/fspms:  3:  eval:  -cp: not found




  • Hi MartinOza,


    Please check fspms-stderrout.log and fspms-webapp-errors.log for exceptions. They might explain the reason… What is the OS version you are running?


  • BTW, also noticed that you’ve misspelled in reversProxy additional Java argument, it should be specified as reverseProxy. Could you please copy-paste content of fspms.conf, probably it contains obvious reasons…

  • MartinOza
    MartinOza Posts: 8 Contributor

    Thanks for your answer A-Grinkevitch.


    My OS is Debian 9.2


    After correcting reverseProxy I run  /opt/f-secure/fspms/bin/fspms-config again:


    [....] Starting fspms (via systemctl): fspms.serviceJob for fspms.service failed because the control process exited with error code.
    See "systemctl status fspms.service" and "journalctl -xe" for details.
    Configuration is complete. You can manage the F-Secure Policy Manager Proxy
    manually by typing '/etc/init.d/fspms {start|stop|restart|status}'.
    Thank you for using F-Secure product.


    systemctl status fspms.service

    ● fspms.service - LSB: F-Secure Policy Manager Proxy
       Loaded: loaded (/etc/init.d/fspms; generated; vendor preset: enabled)
       Active: failed (Result: exit-code) since Thu 2017-11-30 14:34:17 CET; 6min ago
         Docs: man:systemd-sysv-generator(8)
      Process: 502 ExecStart=/etc/init.d/fspms start (code=exited, status=1/FAILURE)
        Tasks: 46 (limit: 4915)
       CGroup: /system.slice/fspms.service
               └─519 /opt/f-secure/fspms/jre/bin/java -server -Xverify:none
    :/dev/./urandom -Djava.awt.headless=true -Dfspms.lo
    ggingConfigs=/opt/f-secure/fspms/config -Dfspms.logs=/var/opt/f-secure/fspms/logs -XX:ErrorFile=
    /var/opt/f-secure/fspms/logs/hs_err_pid%p.log -DSTOP.PORT=8079 -DSTOP.KEY=secret -Dvertx.disable
    DnsResolver=true -Dvertx.disableFileCPResolving=true -Dvertx.logger-delegate-factory-class-name=
    io.vertx.core.logging.Log4j2LogDelegateFactory -XX:+UseG1GC -XX:+UseMontgomeryMultiplyIntrinsic
    -XX:+UseMontgomerySquareIntrinsic -DtlsKeystore=/var/opt/f-secure/fspms/data/fspms.jks
    nguage= -Duser.variant= -Dfspms.previousVersion= -Dfspms.firstInstallationTime=1
    511774053000 -Dfspms.installationTime=1511774737000 -Djetty.libsetuid.path=/opt/f-secure/fspms/l
    ib/ext/ -Djetty.username=fspms -Djetty.groupname=fspms -DhostModulePort=81 -DhostMod
    uleHttpsPort=443 -DausRedirectedPort=2380 -DdataPath=/var/opt/f-secure/fspms/data -Dguts2Channel
    sPath=/opt/f-secure/fspms/config/channels.json -DausBasePath=/opt/f-secure/fsaus -DausConfPath=/
    etc/opt/f-secure/fsaus/conf -DupstreamPmHost= -DupstreamPmPort=443 -DadminPubLocat
    ion=/var/opt/f-secure/fspms/data/ -DreverseProxy=true -cp /opt/f-secure/fspms/lib/* com
    lis 30 14:34:11 proxyfsec systemd[1]: Starting LSB: F-Secure Policy Manager Proxy...
    lis 30 14:34:17 proxyfsec fspms[502]: Starting F-Secure Policy Manager Proxy:......failed.
    lis 30 14:34:17 proxyfsec systemd[1]: fspms.service: Control process exited, code=exited
    lis 30 14:34:17 proxyfsec systemd[1]: Failed to start LSB: F-Secure Policy Manager Proxy
    lis 30 14:34:17 proxyfsec systemd[1]: fspms.service: Unit entered failed state.
    lis 30 14:34:17 proxyfsec systemd[1]: fspms.service: Failed with result 'exit-code'.

    But there is a process of fspms in system and my PM proxy server appeard in 'Import new hosts' in FS Policy Manager Console.



    Here are my fspms-stderrout.log

    2017-11-30 14:34:49.792:INFO::main: Logging initialized @37374ms
    2017-11-30 14:34:54.858:INFO:cffur.NettyHttpServer:main: Started host interface connector at (native-epoll)
    2017-11-30 14:34:54.885:INFO:cffur.NettyHttpServer:main: Started host interface connector at (native-epoll, Netty/TomcatNative [BoringSSL - Static] 2.0.6.Final)
    2017-11-30 14:34:54.931:INFO:cffur.ShutdownMonitor:main: Opened stop port at (native-epoll)
    2017-11-30 14:34:55.706:INFO:cff.PolicyManagerProxyStarter:main: Started @38091 ms

    and first part of fspms-webapp-errors.log file:

    30.11.2017 14:34:55,452 ERROR [com.fsecure.fspms.service.dbupdate.DbUpdateFetcher] - Failed to read infopaks
    org.apache.http.conn.HttpHostConnectException: Connect to [/] failed: Połączenie odrzucone (Connection refused)
            at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect( ~[httpclient-4.5.2.jar:4.5.2]
            at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect( ~[httpclient-4.5.2.jar:4.5.2]
            at org.apache.http.impl.execchain.MainClientExec.establishRoute( ~[httpclient-4.5.2.jar:4.5.2]
            at org.apache.http.impl.execchain.MainClientExec.execute( ~[httpclient-4.5.2.jar:4.5.2]
            at org.apache.http.impl.execchain.ProtocolExec.execute( ~[httpclient-4.5.2.jar:4.5.2]
            at org.apache.http.impl.execchain.RetryExec.execute( ~[httpclient-4.5.2.jar:4.5.2]
            at org.apache.http.impl.client.InternalHttpClient.doExecute( ~[httpclient-4.5.2.jar:4.5.2]
            at org.apache.http.impl.client.CloseableHttpClient.execute( ~[httpclient-4.5.2.jar:4.5.2]
            at com.fsecure.backweb.client.BackwebClient.readResponse( ~[commons-java-backweb-1-SNAPSHOT.jar:17.43.83039 (origin/release/pm-13.00#20b905b9, 1508859824604)]
            at com.fsecure.backweb.client.BackwebClient.initBwClient( ~[commons-java-backweb-1-SNAPSHOT.jar:17.43.83039 (origin/release/pm-13.00#20b905b9, 1508859824604)]
            at com.fsecure.fspms.service.dbupdate.DbUpdateFetcher.getUpdatesIfBackwebAvailable( ~[fspms-webapp-1-SNAPSHOT.jar:13.00.83039 (origin/release/pm-13.00#20b905b9, 1508859824604)]
            at com.fsecure.fspms.service.dbupdate.DbUpdateFetcher.getUpdates( ~[fspms-webapp-1-SNAPSHOT.jar:13.00.83039 (origin/release/pm-13.00#20b905b9, 1508859824604)]



    Here is my config:




  • Ok, it is much better. As I see, Policy Manager Proxy has started successfully, but there is a problem with Automatic Update Server... Let's try to figure out why...


    First of all, let’s check if AUS is running or not: ps -A | grep bwserver

    Next, please check if 32-bit libstdc++6 is installed: dpkg-query -l | grep libstdc

    Also please check logs in /var/opt/f-secure/fsaus/log, probably starter.log or log files contain something useful...




  • MartinOza
    MartinOza Posts: 8 Contributor

    ps -A |grep bwserver  shows nothing


    dpkg-query -l |grep libstdc |grep i386

    ii  libstdc++6:i386                  6.3.0-18                     i386         GNU Standard C++ Library v3

    There is no log directory in /var/opt/f-secure/fsaus/



  • Ok...

    Just in case, let's check if port is free: netstat -anp | grep 2380

    Most probably, port is not in use Smiley Sad

    So please try to change startup scripts a bit so that usually useless output to /dev/null was forwarded to the log file:


        if [ -f "/sbin/start-stop-daemon" ] ; then
            start-stop-daemon --start --quiet --pidfile ${fsaus_pid_file} --exec ${fsaus_bin} -- -c ${fsaus_conf}/server.cfg >/dev/null 2>&1
            daemon ${fsaus_bin} -c ${fsaus_conf}/server.cfg >/dev/null 2>&1

    change to:

        if [ -f "/sbin/start-stop-daemon" ] ; then
            start-stop-daemon --start --quiet --pidfile ${fsaus_pid_file} --exec ${fsaus_bin} -- -c /etc/opt/f-secure/fsaus/conf/server.cfg >/tmp/log-aus-daemon 2>&1
            daemon ${fsaus_bin} -c /etc/opt/f-secure/fsaus/conf/server.cfg >/tmp/log-aus-daemon 2>&1




            system ("$fsaus_dir/$fsaus_srv $fsaus_srv_cmdline >/dev/null 2>&1 ");

    change to

            system ("$fsaus_dir/$fsaus_srv $fsaus_srv_cmdline >/tmp/log-aus 2>&1 ");


    Let’s stop and start fspms and check logs… 




  • MartinOza
    MartinOza Posts: 8 Contributor


    In /tmp/log-aus there was information that system couldn't locate Time/


    I installed libdatetime-perl and it started working.


    Thanks for your help Alexander

  • Great!

    You are always welcome!



This discussion has been closed.
