在 Windows 上通过 JSR160RMI JMX 监控 IBM Websphere 8.x 失败

我有一台运行 Websphere 8.5 的 AIX 服务器

在 Web UI 中的管理服务下，我已配置所有 JMX 连接器以启用。目前没有 SSL 或身份验证，因为它仅用于测试。

我还有一台运行 Ubuntu 16.04 和 oracle Java 8 的远程 Linux 机器。我已将所有运行时 jar 从“/usr/IBM/WebSphere/AppServer/runtimes”复制到该 Linux 机器上的一个文件夹中。

复制 jar 文件后，我创建了一个脚本来启动 jconsole 并通过 JMX 连接：

#!/bin/bash

CLASSPATH=$JAVA_HOME/lib/jconsole.jar
CLASSPATH=$CLASSPATH:/home/user/runtimes/com.ibm.ws.admin.client_8.5.0.jar
CLASSPATH=$CLASSPATH:/home/user/runtimes/com.ibm.ws.ejb.thinclient_8.5.0.jar
CLASSPATH=$CLASSPATH:/home/user/runtimes/com.ibm.ws.orb_8.5.0.jar

$JAVA_HOME/bin/jconsole \
        -J-Djava.class.path=$CLASSPATH\
        service:jmx:iiop://172.29.154.22:9100/jndi/JMXConnector

启动此脚本后，它会告诉我安全连接失败，并告诉我是否要以不安全的方式重试。如果我确认不安全连接，它会重试并成功。之后，它会公开所有 Websphere 的自定义 Mbean。

jconsole输出窗口内容如下：

Aug 30, 2017 10:23:25 AM com.ibm.ws.security.config.ConfigURLProperties
SEVERE: JSAS1480I: Security is not enabled because the ConfigURL property file is not set.
Aug 30, 2017 10:23:26 AM com.ibm.ws.security.config.SecurityObjectLocator
INFO: CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.

现在我需要在任何 Windows 机器上执行相同操作。我当前的 Windows 机器正在运行 Windows 10 和 Oracle Java Jdk1.8.0_112。

因此我复制了运行时并移植了 jconsole 脚本。以下批处理脚本包含启动 jconsole 的命令：

"C:\Program Files\Java\jdk1.8.0_112\bin\jconsole.exe" -J"-Djava.class.path=C:\Program Files\Java\jdk1.8.0_112\lib\jconsole.jar;C:\Users\user\Desktop\jconsole\runtimes\com.ibm.ws.admin.client_8.5.0.jar;C:\Users\user\Desktop\jconsole\runtimes\com.ibm.ws.ejb.thinclient_8.5.0.jar;C:\Users\user\Desktop\jconsole\runtimes\com.ibm.ws.orb_8.5.0.jar" service:jmx:iiop://172.29.154.22:9100/jndi/JMXConnector

运行此脚本（以管理员或普通用户身份运行，没有区别），它将尝试安全连接并失败。jconsole 输出将显示：

Aug 30, 2017 10:33:00 AM com.ibm.ws.security.config.ConfigURLProperties
SCHWERWIEGEND: JSAS1480I: Die Sicherheit ist nicht aktiviert, weil die ConfigURL-Eigenschaftendatei nicht definiert ist.
Aug 30, 2017 10:33:00 AM com.ibm.ws.security.config.SecurityObjectLocator
INFORMATION: CWSCF0002I: Der Clientcode versucht die Sicherheitskonfiguration des Servers zu laden. Diese Operation ist nicht zulässig.
Aug 30, 2017 10:33:08 AM com.sun.corba.se.impl.transport.SocketOrChannelConnectionImpl <init>
WARNUNG: "IOP00410201: (COMM_FAILURE) Connection failure: socketType: IIOP_CLEAR_TEXT; hostname: cli-l-01.intranet.local; port: 2809"
org.omg.CORBA.COMM_FAILURE:   vmcid: SUN  minor code: 201  completed: No
    at com.sun.corba.se.impl.logging.ORBUtilSystemException.connectFailure(ORBUtilSystemException.java:2200)
    at com.sun.corba.se.impl.logging.ORBUtilSystemException.connectFailure(ORBUtilSystemException.java:2221)
    at com.sun.corba.se.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:223)
    at com.sun.corba.se.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:236)
    at com.sun.corba.se.impl.transport.SocketOrChannelContactInfoImpl.createConnection(SocketOrChannelContactInfoImpl.java:119)
    at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:187)
    at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:137)
    at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.is_a(CorbaClientDelegateImpl.java:229)
    at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:130)
    at com.ibm.WsnBootstrap.WsnNameServiceHelper.narrow(WsnNameServiceHelper.java:65)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.getWsnNameService(WsnInitCtxFactory.java:1507)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootContextFromServer(WsnInitCtxFactory.java:1041)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootJndiContext(WsnInitCtxFactory.java:963)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.getInitialContextInternal(WsnInitCtxFactory.java:615)
    at com.ibm.ws.naming.util.WsnInitCtx.getContext(WsnInitCtx.java:128)
    at com.ibm.ws.naming.util.WsnInitCtx.getContextIfNull(WsnInitCtx.java:765)
    at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:164)
    at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:179)
    at javax.naming.InitialContext.lookup(InitialContext.java:417)
    at javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1955)
    at javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1922)
    at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:287)
    at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
    at sun.tools.jconsole.ProxyClient.tryConnect(ProxyClient.java:357)
    at sun.tools.jconsole.ProxyClient.connect(ProxyClient.java:313)
    at sun.tools.jconsole.VMPanel$2.run(VMPanel.java:294)
Caused by: java.net.SocketException: Permission denied: connect
    at sun.nio.ch.Net.connect0(Native Method)
    at sun.nio.ch.Net.connect(Net.java:454)
    at sun.nio.ch.Net.connect(Net.java:446)
    at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:648)
    at java.nio.channels.SocketChannel.open(SocketChannel.java:189)
    at com.sun.corba.se.impl.transport.DefaultSocketFactoryImpl.createSocket(DefaultSocketFactoryImpl.java:95)
    at com.sun.corba.se.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:207)
    ... 23 more

然后我得到了重新尝试不安全连接的选项，这也会失败，并且在 jconsole 输出窗口中出现以下附加输出：

Aug 30, 2017 10:34:01 AM com.sun.corba.se.impl.transport.SocketOrChannelConnectionImpl <init>
WARNUNG: "IOP00410201: (COMM_FAILURE) Connection failure: socketType: IIOP_CLEAR_TEXT; hostname: cli-l-01.intranet.local; port: 2809"
org.omg.CORBA.COMM_FAILURE:   vmcid: SUN  minor code: 201  completed: No
    at com.sun.corba.se.impl.logging.ORBUtilSystemException.connectFailure(ORBUtilSystemException.java:2200)
    at com.sun.corba.se.impl.logging.ORBUtilSystemException.connectFailure(ORBUtilSystemException.java:2221)
    at com.sun.corba.se.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:223)
    at com.sun.corba.se.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:236)
    at com.sun.corba.se.impl.transport.SocketOrChannelContactInfoImpl.createConnection(SocketOrChannelContactInfoImpl.java:119)
    at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:187)
    at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:137)
    at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.is_a(CorbaClientDelegateImpl.java:229)
    at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:130)
    at com.ibm.WsnBootstrap.WsnNameServiceHelper.narrow(WsnNameServiceHelper.java:65)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.getWsnNameService(WsnInitCtxFactory.java:1507)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootContextFromServer(WsnInitCtxFactory.java:1041)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootJndiContext(WsnInitCtxFactory.java:963)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.getInitialContextInternal(WsnInitCtxFactory.java:615)
    at com.ibm.ws.naming.util.WsnInitCtx.getContext(WsnInitCtx.java:128)
    at com.ibm.ws.naming.util.WsnInitCtx.getContextIfNull(WsnInitCtx.java:765)
    at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:164)
    at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:179)
    at javax.naming.InitialContext.lookup(InitialContext.java:417)
    at javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1955)
    at javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1922)
    at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:287)
    at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
    at sun.tools.jconsole.ProxyClient.tryConnect(ProxyClient.java:357)
    at sun.tools.jconsole.ProxyClient.connect(ProxyClient.java:313)
    at sun.tools.jconsole.VMPanel$2.run(VMPanel.java:294)
Caused by: java.net.SocketException: Permission denied: connect
    at sun.nio.ch.Net.connect0(Native Method)
    at sun.nio.ch.Net.connect(Net.java:454)
    at sun.nio.ch.Net.connect(Net.java:446)
    at sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:648)
    at java.nio.channels.SocketChannel.open(SocketChannel.java:189)
    at com.sun.corba.se.impl.transport.DefaultSocketFactoryImpl.createSocket(DefaultSocketFactoryImpl.java:95)
    at com.sun.corba.se.impl.transport.SocketOrChannelConnectionImpl.<init>(SocketOrChannelConnectionImpl.java:207)
    ... 23 more

“cli-l-01.intranet.local” 是本地 Windows 计算机的主机名，指向 127.0.0.1 - 为什么这样做？它应该连接到服务器而不是本地计算机。服务器的端口 2809 在 Websphere 中以端口名“BOOTSTRAP_ADDRESS”打开

我也尝试过使用其他版本的 Java，例如 IBM Java JRE，以及 32 位和 64 位版本。我还尝试过运行 Windows Server 2012 的不同计算机。

这里出了什么问题？它在 Linux 上运行良好，但我无法在 Windows 上建立连接。