cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about PTC Community Badges. Engage with PTC and see how many you can earn! X

Translate the entire conversation x

Thingworx Remote Access Client: Connection to TWX on AWS failed

Go to solution
drichter
15-Moonstone
15-Moonstone
‎Dec 10, 2019 08:52 AM
‎Dec 10, 2019 08:52 AM

Thingworx Remote Access Client: Connection to TWX on AWS failed

Hi guys,

 

I'm working with the Thingworx Remote Access Client and I want to connect this with TWX which is running on AWS.

 

When I start a connection via the RemoteAccessClientLinker-Widget the RA-Client starts and try to connect and timed out after few secondes with the error message:

Unable to connect to Thingworx; ensure platform is available at <xxx.xxx.xxx.xxx:443> and that proxy settings are correct

 

Last week I try the same with a PTC-Hosted Thingworx and everything works fine. On my AWS hosted Thingworx it will not connect. Strangely it works fine with the old Remote Access Widgets.

 

server.xml (without all comments)

<?xml version="1.0" encoding="UTF-8"?>

<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">

<Connector      port="8080"
                protocol="org.apache.coyote.http11.Http11NioProtocol"
                connectionTimeout="20000" />

<Connector      port="443"
                protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150"
                SSLEnabled="true"
                scheme="https"
                secure="true"
                keystoreFile="${user.home}/8.5.41/conf/.keystore"
                keystorePass="KEYSTOREPASSWORD"
                clientAuth="false"
                sslProtocol="TLS" />

 <Engine name="Catalina" defaultHost="localhost">

      <Realm className="org.apache.catalina.realm.LockOutRealm">

        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>

 

config.json (on EMS-side)

{
    "ws_servers": [{
        "host": "xxx.xxx.xxx.xxx",
        "port": 443
    }],
    "appKey": "xxxxxxxxxxxxxxxxxxxxx",
    "logger": {
        "level":             "INFO",
        "publish_directory": "/microserver/logs",
        "publish_level":     "INFO",
        "max_file_storage":  2000000,
        "auto_flush":        true
    },
    "http_server":  {
        "ssl": false,
        "authenticate": false
    },
    "ws_connection": {
        "encryption": "ssh"
    },
    "certificates": {
        "validate": false,
        "allow_self_signed": true
    },
    "tunnel": {
        "buffer_size":    8192,
        "read_timeout":   100,
        "idle_timeout":   300000,
        "max_concurrent": 4,
                "verbose":        false,
                "duty_cycle":     100
    },
    "file": {
        "buffer_size": 8192,
        "max_file_size": 8000000000,
        "virtual_dirs": [
            {"other":   "/microserver/other"},
            {"tw":      "/microserver/tw"},
            {"updates": "/microserver/updates"}
        ],
        "staging_dir":  "/microserver/staging"
    },
        "auto_bind": [{
                "name": "EMSBox"
        }]
}

 

Labels:
0 Kudos
Notify Moderator
ACCEPTED SOLUTION

Accepted Solutions
drichter
15-Moonstone
15-Moonstone
(To:drichter)
‎Dec 17, 2019 03:31 AM
‎Dec 17, 2019 03:31 AM

So, I think I fixed the problem. I add a domain to my ec2 where thingworx is running. Than I generate a certificate from lets encrypt for this domain. Now its look like the client can connect to thingworx. I'm not hundred percentage sure because I get a new error message in remote client:

Platform websocket error encountered. (error: Error: Hostname/IP doesn't match certificate's altnames: "IP: xxx.xxx.xxx.xxx is not in the cert's list: ")

 

xxx.xxx.xxx.xxx = IP of EC2.

View solution in original post

0 Kudos
Notify Moderator
5 REPLIES 5
slangley
23-Emerald II
23-Emerald II
(To:drichter)
‎Dec 12, 2019 03:02 PM
‎Dec 12, 2019 03:02 PM

Hi @drichter.

 

Is the hosted ThingWorx instance the same version as that running in AWS?  Is the old Remote Access client running on the same machine?  This could be a firewall issue.

 

Regards.

 

--Sharon

0 Kudos
Notify Moderator
drichter
15-Moonstone
15-Moonstone
(To:slangley)
‎Dec 13, 2019 03:02 AM
‎Dec 13, 2019 03:02 AM

On AWS runs TWX 8.4.5-b102.

I try it with a other 8.4 Version (I'm not sure which exact version it was).

Actualy I use Version 8.5.0-b12.

I would rule out a firewall-problem, because with the old widget (with java starter stuff) works and this use port 443 too. And on AWS side port 443 is open.

0 Kudos
Notify Moderator
drichter
15-Moonstone
15-Moonstone
(To:drichter)
‎Dec 17, 2019 03:31 AM
‎Dec 17, 2019 03:31 AM

So, I think I fixed the problem. I add a domain to my ec2 where thingworx is running. Than I generate a certificate from lets encrypt for this domain. Now its look like the client can connect to thingworx. I'm not hundred percentage sure because I get a new error message in remote client:

Platform websocket error encountered. (error: Error: Hostname/IP doesn't match certificate's altnames: "IP: xxx.xxx.xxx.xxx is not in the cert's list: ")

 

xxx.xxx.xxx.xxx = IP of EC2.

0 Kudos
Notify Moderator
slangley
23-Emerald II
23-Emerald II
(To:drichter)
‎Dec 19, 2019 02:56 PM
‎Dec 19, 2019 02:56 PM

Hi @drichter.

 

It sounds like the certificate that was generated was not issued with the name of the domain you are using to access your site.

 

Regards.

 

--Sharon

0 Kudos
Notify Moderator
drichter
15-Moonstone
15-Moonstone
(To:drichter)
‎Jan 06, 2020 02:56 AM
‎Jan 06, 2020 02:56 AM

I can fixed that issue today. The problem was todo with settings in TunnelSubsystem. I had there entered the IP address of my EC2 instance where TWX is running. But on EMS-side I used the domain-name.

So I change "Public host name used for tunnels" in TunnelSubsystem to the domain name too.

0 Kudos
Notify Moderator
Announcements


Contact Community Management
Top Tags