Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Lost access to JWeb

  • 1.  Lost access to JWeb

    Posted 29 days ago
    Hello, this is my 1st post.  I'm new to Juniper, but have Cisco experience.  I have several spare ex2300-C that I'm trying to put into service.  One was at a JunOS v20.x, and I saw there was v21.3.x was available, so I downloaded the .tgz and used JWeb to initiate a local copy update.  The switch never returned to JWeb and I have never gained access since that failed update. 

    • I have now twice performed a USB install of v21.3 R1, the latest time this afternoon.  I saw the install add "jweb ex"
    • I then manually added "jweb ex app" - request system software add /var/tmp/jweb-ex-app-common-21.3A1.1.tgz
    • I can SSH to the management interface, and I WinSCP'd the JWeb Application "jweb-ex-app-common-21.3A1.1.tgz" to the management interface, but I cannot get access through JWeb. 
    • I have been through many, many iterations of HTTP & HTTPS configs
    • I have restarted web-management, rebooted multiple times, tried multiple browsers, restarted my browsers, etc.   
    • FF and Edge both report "the connection was reset".   
    • There is no firewall between me and the ex2300 - we are both connected to the same Cisco switch - but it is acting like there is a JunOS or base OS firewall rule blocking connections.   
    • The management interface is the only interface connected to the network.
    • I understand that HTTP is not secure, but at this point I just want to gain access and I will make is secure later. 

    My config and some other commands output are below.  Any help appreciated.

    {master:0}
    root> request system software add /var/tmp/jweb-ex-app-common-21.3A1.1.tgz
    Verified jweb-ex-app-common-21.3A1.1 signed by PackageProductionECP256_2021 method ECDSA256+SHA256
    Installing jweb-ex-app package..
    Mounting jweb-ex-app..
    usage: kill [-s signal_name] pid ...
    kill -l [exit_status]
    kill -signal_name pid ...
    kill -signal_number pid ...
    Successfully installed jweb-ex-app.

    {master:0}
    root> restart web-management
    Web management gatekeeper process started, pid 19131

    {master:0}

    root@gmf-sw-foremen-trailer> show version
    fpc0:
    --------------------------------------------------------------------------
    Hostname: gmf-sw-foremen-trailer
    Model: ex2300-c-12p
    Junos: 21.3R1.9
    JUNOS OS Kernel 32-bit [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS OS libs [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS OS runtime [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS OS time zone information [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS py extensions [20210915.190147_builder_junos_213_r1]
    JUNOS py base [20210915.190147_builder_junos_213_r1]
    JUNOS OS crypto [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS OS boot-ve files [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS network stack and utilities [20210915.190147_builder_junos_213_r1]
    JUNOS libs [20210915.190147_builder_junos_213_r1]
    JUNOS runtime [20210915.190147_builder_junos_213_r1]
    JUNOS na telemetry [21.3R1.9]
    JUNOS Web Management Platform Package [20210915.190147_builder_junos_213_r1]
    JUNOS Web Management Application package [21.3A1.1]
    JUNOS ex runtime [20210915.190147_builder_junos_213_r1]
    JUNOS Routing aggregated [20210915.190147_builder_junos_213_r1]
    JUNOS probe utility [20210915.190147_builder_junos_213_r1]
    JUNOS ex platform support [20210915.190147_builder_junos_213_r1]
    JUNOS Openconfig [21.3R1.9]
    JUNOS dcp network modules [20210915.190147_builder_junos_213_r1]
    JUNOS modules [20210915.190147_builder_junos_213_r1]
    JUNOS ex modules [20210915.190147_builder_junos_213_r1]
    JUNOS ex libs [20210915.190147_builder_junos_213_r1]
    JUNOS ex Data Plane Crypto Support [20210915.190147_builder_junos_213_r1]
    JUNOS daemons [20210915.190147_builder_junos_213_r1]
    JUNOS SDN Software Suite [20210915.190147_builder_junos_213_r1]
    JUNOS Extension Toolkit [20210915.190147_builder_junos_213_r1]
    JUNOS Phone-home [20210915.190147_builder_junos_213_r1]
    JUNOS Packet Forwarding Engine Support (EX34XX) [20210915.190147_builder_junos_213_r1]
    JUNOS jdocs ex [20210915.190147_builder_junos_213_r1]
    JUNOS jail runtime [20210828.6e5b1bf_builder_stable_12_213]
    JUNOS FIPS mode utilities [20210915.190147_builder_junos_213_r1]
    JUNOS dsa dsa [21.3R1.9]

    {master:0}
    root@gmf-sw-foremen-trailer> show system software
    fpc0:
    --------------------------------------------------------------------------
    dsa-arm-32-21.3R1.9 -- dsa
    fips-mode-arm-32-20210915.190147_builder_junos_213_r1 -- fips mode
    jail-runtime-arm-32-20210828.6e5b1bf_builder_stable_12_213 -- jail runtime
    jdocs-ex-arm-32-20210915.190147_builder_junos_213_r1 -- jdocs ex
    jpfe-EX34XX-arm-32-20210915.190147_builder_junos_213_r1 -- jpfe EX34XX
    jphone-home-arm-32-20210915.190147_builder_junos_213_r1 -- jphone home
    jsd-arm-32-21.3R1.9-jet-1 -- jsd jet 1
    jsdn-arm-32-21.3R1.9 -- jsdn
    junos-daemons-arm-32-20210915.190147_builder_junos_213_r1 -- junos daemons
    junos-dp-crypto-support-ex-arm-32-20210915.190147_builder_junos_213_r1 -- junos dp crypto support ex
    junos-libs-arm-32-20210915.190147_builder_junos_213_r1 -- junos libs
    junos-libs-ex-arm-32-20210915.190147_builder_junos_213_r1 -- junos libs ex
    junos-modules-arm-32-20210915.190147_builder_junos_213_r1 -- junos modules
    junos-modules-ex-arm-32-20210915.190147_builder_junos_213_r1 -- junos modules ex
    junos-net-dcp-prd-arm-32-20210915.190147_builder_junos_213_r1 -- junos net dcp prd
    junos-openconfig-arm-32-21.3R1.9 -- junos openconfig
    junos-platform-ex-arm-32-20210915.190147_builder_junos_213_r1 -- junos platform ex
    junos-probe-arm-32-20210915.190147_builder_junos_213_r1 -- junos probe
    junos-routing-aggregated-arm-32-20210915.190147_builder_junos_213_r1 -- junos routing aggregated
    junos-runtime-arm-32-20210915.190147_builder_junos_213_r1 -- junos runtime
    junos-runtime-ex-arm-32-20210915.190147_builder_junos_213_r1 -- junos runtime ex
    jweb-ex-arm-32-20210915.190147_builder_junos_213_r1 -- jweb ex
    jweb-ex-app-common-21.3A1.1 -- jweb ex app
    na-telemetry-arm-32-21.3R1.9 -- na telemetry
    junos-net-prd-arm-32-20210915.190147_builder_junos_213_r1 -- junos net prd
    Verified os-boot-junos-ve-arm-32-20210828 signed by PackageProductionECP256_2021 method ECDSA256+SHA256
    os-boot-junos-ve-arm-32-20210828.6e5b1bf_builder_stable_12_213 -- os boot junos ve
    os-crypto-arm-32-20210828.6e5b1bf_builder_stable_12_213 -- os crypto
    os-kernel-prd-arm-32-20210828.6e5b1bf_builder_stable_12_213 -- os kernel prd
    os-libs-12-arm-32-20210828.6e5b1bf_builder_stable_12_213 -- os libs
    os-runtime-arm-32-20210828.6e5b1bf_builder_stable_12_213 -- os runtime
    py-base-arm-32-20210915.190147_builder_junos_213_r1 -- py base
    py-extensions-arm-32-20210915.190147_builder_junos_213_r1 -- py extensions
    os-zoneinfo-20210828.6e5b1bf_builder_stable_12_213 -- os zoneinfo

    {master:0}

    root@gmf-sw-foremen-trailer> show configuration
    ## Last commit: 2021-09-27 21:29:54 UTC by root
    version 21.3R1.9;
    system {
    host-name gmf-sw-foremen-trailer;
    root-authentication {
    encrypted-password "<redacted>"; ## SECRET-DATA
    }
    services {
    ssh {
    root-login allow;
    }
    netconf {
    ssh;
    rfc-compliant;
    yang-compliant;
    }
    web-management {
    http {
    interface all;
    }
    }
    }
    auto-snapshot;
    syslog {
    file interactive-commands {
    interactive-commands any;
    }
    file messages {
    any notice;
    authorization info;
    }
    }
    processes {
    dhcp-service {
    traceoptions {
    file dhcp_logfile size 10m;
    level all;
    flag packet;
    }
    }
    }
    phone-home {
    server https://redirect.juniper.net;
    rfc-compliant;
    }
    }
    chassis {
    redundancy {
    graceful-switchover;
    }
    }
    interfaces {
    ge-0/0/0 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/1 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/2 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/3 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/4 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/5 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/6 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/7 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/8 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/9 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/10 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/0/11 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/1/0 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    xe-0/1/0 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    ge-0/1/1 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    xe-0/1/1 {
    unit 0 {
    family ethernet-switching {
    storm-control default;
    }
    }
    }
    irb {
    unit 0 {
    family inet {
    dhcp {
    vendor-id Juniper-ex2300-c-12p-HV0218360213;
    }
    }
    family inet6 {
    dhcpv6-client {
    client-type stateful;
    client-ia-type ia-na;
    client-identifier duid-type duid-ll;
    vendor-id Juniper:ex2300-c-12p:HV0218360213;
    }
    }
    }
    }
    vme {
    unit 0 {
    family inet {
    dhcp {
    vendor-id Juniper-ex2300-c-12p-HV0218360213;
    }
    }
    family inet6 {
    dhcpv6-client {
    client-type stateful;
    client-ia-type ia-na;
    client-identifier duid-type duid-ll;
    vendor-id Juniper:ex2300-c-12p:HV<redacted>13;
    }
    }
    }
    }
    }
    forwarding-options {
    storm-control-profiles default {
    all;
    }
    }
    protocols {
    router-advertisement {
    interface vme.0;
    interface irb.0;
    }
    lldp {
    interface all;
    }
    lldp-med {
    interface all;
    }
    igmp-snooping {
    vlan default;
    }
    rstp {
    interface ge-0/0/0;
    interface ge-0/0/1;
    interface ge-0/0/2;
    interface ge-0/0/3;
    interface ge-0/0/4;
    interface ge-0/0/5;
    interface ge-0/0/6;
    interface ge-0/0/7;
    interface ge-0/0/8;
    interface ge-0/0/9;
    interface ge-0/0/10;
    interface ge-0/0/11;
    interface ge-0/1/0;
    interface xe-0/1/0;
    interface ge-0/1/1;
    interface xe-0/1/1;
    }
    }
    poe {
    interface all;
    }
    vlans {
    default {
    vlan-id 1;
    l3-interface irb.0;
    }
    }

    {master:0}
    root@gmf-sw-foremen-trailer>



    ------------------------------
    TIM MADDEN
    ------------------------------


  • 2.  RE: Lost access to JWeb

    Posted 23 days ago
    Hi Tim,

    Can you check the system storage status (show system storage or df -h on shell) ?
    You can check if the process start in log messages (show log messages | match (web|http).

    I'm facing an issue which looks close. 
    I identified two points :
    In Factory default configuration, the phone-home feature block the web management access. 
    -> delete system phone-home 

    When i add the web package, the storage is more than full on "/".
    Two situation 
    First : the system say not enough space, you can try a zerois but it doesn't work at each time - or you can try a reinstall from USB/TFTP. 
    Second : you can add the package but storage on "/" display something like 102%. 
    Web management seems to work, you get the login screen but as soon you'r logged.. "your session is expired, click ok..."

    I'm on an EX4300, a Lille bit different from yours. 
    I finaly rollback to 20.2.. 

    Regards 
    Théo


    ------------------------------
    THEO QUENNEHEN
    ------------------------------



  • 3.  RE: Lost access to JWeb

    Posted 23 days ago
    Hi Tim,

    Do you try to delete the phone-home section in your configuration ?
    - delete system phone-home 

    You can check if the http process is started ou find some logs which shown that it try but exit on error(1)
    - show log messages | match web

    From my side, I see around five try to start the web process before stop trying - all exited. 
    After deleted the phone-home section, if the jweb don't start at commit, restart the web management.

    Also, you should check the storage status, I get some trouble on too. The "/" section was at 102%.

    Let me know if it works ;)

    Regards,
    Théo





    ------------------------------
    THEO QUENNEHEN
    ------------------------------



  • 4.  RE: Lost access to JWeb

    Posted 19 days ago
    Theo

    Executive Summary:  Your suggestions got me back into JWeb - Thank you very much!

    Details:    As soon as I deleted phone-home, committed and restarted web-management, JWeb started working.  This worked for both switches on hand, one at JunOS 21.3R1.9 and the other at JunOS 20.2R1.10.  (Commands below for future reference).

    Follow-up question:  Do you know why this works?

    ---------------------------------------------------------------------------------------------------------------
    {master:0}
    root@gmf-sw-foremen-trailer> show log messages | match web
    <no output>

    root@gmf-sw-foremen-trailer> configure
    Entering configuration mode

    {master:0}[edit]

    root@gmf-sw-foremen-trailer# delete system phone-home

    {master:0}[edit]
    root@gmf-sw-foremen-trailer# commit
    configuration check succeeds
    commit complete

    {master:0}[edit]
    root@gmf-sw-foremen-trailer# exit
    Exiting configuration mode

    {master:0}
    root@gmf-sw-foremen-trailer> restart web-management
    Web management gatekeeper process started, pid 7903

    {master:0}
    root@gmf-sw-foremen-trailer> show log messages | match web
    Oct 6 15:59:00 gmf-sw-foremen-trailer phone-home[7314]: PHCD_TRACE: [CONFIG] phcd_platform_tvp_data_init: support ph_led:0 jweb:0 att:0 ph_supports_vc:0
    Oct 6 16:01:16 gmf-sw-foremen-trailer mgd[7188]: UI_RESTART_EVENT: User 'root' restarting daemon 'Web management gatekeeper process'
    Oct 6 16:01:16 gmf-sw-foremen-trailer jlaunchd[15801]: web-management (PID 21699) exited with status=0 Normal Exit
    Oct 6 16:01:16 gmf-sw-foremen-trailer jlaunchd[15801]: Registered PID 7903(web-management): exec_command
    Oct 6 16:01:16 gmf-sw-foremen-trailer jlaunchd[15801]: web-management (PID 7903) started
    Oct 6 16:01:16 gmf-sw-foremen-trailer jlaunchd[15801]: Registered PID 7903(web-management): new process
    Oct 6 16:01:45 gmf-sw-foremen-trailer checklogin[7927]: WEB_AUTH_SUCCESS: Authenticated httpd client with username root from 172.20.12.129

    {master:0}
    root@gmf-sw-foremen-trailer>
    ---------------------------------------------------------------------------------------------------------------

    ------------------------------
    TIM MADDEN
    ------------------------------



  • 5.  RE: Lost access to JWeb

    Posted 19 days ago
    Hello TIM, 

    Glad to hear that it worked. 

    I don't get any explanation from Juniper but i'm thinking that phone-home and Jweb are in conflict as they both use http/https. 
    Jweb service shall test http/https tcp port availability at start and as https is already used by phone-home, it stop. 

    Regards, 
    Théo

    ------------------------------
    THEO QUENNEHEN
    ------------------------------