Issue:
- Policy Manager Server is rejecting Policy Manager Console connections from a remote host.
- When trying to connect to Policy Manager Server running on Linux using a Windows machine, the following error is displayed: "Cannot connect to server 172.16.0.6:8080. Check that the host name and port number are correct. Port number 8080 is used by default".
- When checking netstat output on a Windows server running the Policy Manager Server, the administration module (default port 8080) is listening on Local address 127.0.0.1
Resolution:
By default WithSecure Policy Manager Server is set up to only accept connections from localhost. Follow the steps below to allow remote connections and then test the connectivity from the remote Policy Manager Console.
If Policy Manager Server is installed on a Windows OS:
- Stop the Policy Manager Server service, use command prompt command:
- Policy Manager 15: net stop fsms
- Policy Manager 16: net stop wspms
- Open the Windows registry editor (regedit)
- Policy Manager 15: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Data Fellows\F-Secure\Management Server 5
- Policy Manager 16: HKEY_LOCAL_MACHINE\SOFTWARE\WithSecure\Policy Manager\Policy Manager Server
- Edit the value of [REG_DWORD] RestrictLocalhost to 0
- Start the F-Secure Policy Manager Server service:
- Policy Manager 15: net start fsms
- Policy Manager 16: net start wspms
If Policy Manager Server is installed on a Linux OS:
- Stop the Policy Manager Server daemon (/etc/init.d/fspms stop)
- Open the file /etc/opt/f-secure/fspms/fspms.conf
- Check the line adminExtensionLocalhostRestricted value and make sure the value is set to false
- Save the file and restart the Policy Manager Server daemon (/etc/init.d/fspms restart)
Note: Alternatively, you could also run the following command to change the configuration to accept the remote Policy Manager Console connections.
/opt/f-secure/fspms/bin/fspms-config
Once Policy Manager Server service has restarted, try to login from the remote Policy Manager Console.
Article no: 000001368