Month: October 2019

OUI issue NGINST-64002: Error occurred in validation of: “Host Name”

When installing an Oracle application using OUI (Oracle Universal Installer) sometimes it verifies if a given host is reachable. 

Unfortunately, in my case, it was always failing:

All this despite the host was perfectly reachable using Ping:

So what was happening? The OUI is using under the hood Java’s InetAddress.isReachable(). The algorithm is:

  1.  Try to send ICMP “ping”, if that fails
  2.  Try to use ICMP Echo service
 
Unfortunately, check (1) can only be attempted if you run the app with an elevated permissions (root or sudo), which typically does not happen.
 
So it goes to (2) and makes the following attempt:
 
[rms@tr005buwls11 ~]$ sudo tcpdump -nn -v -i eth0 host tr005buece12 and port not 22
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:40:57.566469 IP (tos 0x0, ttl 64, id 64840, offset 0, flags [DF], proto TCP (6), length 60)
    131.116.167.11.55766 > 131.116.167.13.7: Flags [S], cksum 0xaf64 (correct), seq 562514241, win 14600, options [mss 1460,sackOK,TS val 300069897 ecr 0,nop,wscale 7], length 0
14:40:57.566522 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    131.116.167.13.7 > 131.116.167.11.55766: Flags [R.], cksum 0x1628 (correct), seq 0, ack 562514242, win 0, length 0

So it probes Echo service over TCP port 7. 

Solution

Here you are! It was a missing firewall rule. Just open TCP/7 port on the target (checked) system and the test is passing like a charm.

Details for nerds

A small tool to run the test. Just run it as shown below:

[rms@tr005buece12 tmp]$ ./test.sh tr005buwls11.ddc.teliasonera.net
Testing tr005buwls11.ddc.teliasonera.net
OK

[rms@tr005buwls11 ~]$ sudo tcpdump -nn -v -i eth0 host tr005buece12 and port not 22
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:40:57.566469 IP (tos 0x0, ttl 64, id 64840, offset 0, flags [DF], proto TCP (6), length 60)
    131.116.167.11.55766 > 131.116.167.13.7: Flags [S], cksum 0xaf64 (correct), seq 562514241, win 14600, options [mss 1460,sackOK,TS val 300069897 ecr 0,nop,wscale 7], length 0
14:40:57.566522 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    131.116.167.13.7 > 131.116.167.11.55766: Flags [R.], cksum 0x1628 (correct), seq 0, ack 562514242, win 0, length 0

Compare with same test ran using sudo. This time the test is done using ICMP, so no TCP/7 port needed. But as mentioned earlier, this is highly impractical and even not recommended:

[rms@tr005buece12 tmp]$ sudo ./test.sh tr005buwls11.ddc.teliasonera.net
Testing tr005buwls11.ddc.teliasonera.net
OK

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:40:26.430473 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 72)
    131.116.167.11 > 131.116.167.13: ICMP echo request, id 12072, seq 1, length 52
14:40:26.430508 IP (tos 0x0, ttl 64, id 56716, offset 0, flags [none], proto ICMP (1), length 72)
    131.116.167.13 > 131.116.167.11: ICMP echo reply, id 12072, seq 1, length 52