Posts in Category "Edge Server"

Adobe Connect Service Cyclers

Periodically, licensed (on-premise) deployments of Adobe Connect Pro will have to have the services stopped or cycled during periods of modification, customization, troubleshooting, or potentially on a scheduled basis.
For convenience, you can copy the appropriate code below into a new file and save at a batch (.bat) file. Running this batch file will stop all the services in the correct order and then restart them in the appropriate order either all at once (automatically) or after a keystroke (prompted) by the user.

For a scheduled periodic cycling of the services, you can setup a scheduled task in Windows (on the Connect server) to run this batch file or have it controlled by a centralized enterprise scheduler like Tidal. Of course if setting up a scheduled task, you’d need to select the one without the forced keystroke.

First, take everything in between the lines (from @ECHO OFF through @ECHO OFF) and save as a .bat file to the Connect server.

Then you can run it manually or point a scheduled task to it.

I have posted a few different options below…see the descriptions then the code below them.  These are applicable to Adobe Connect Pro 8.x and 9.x.  There are additional services with 9.x (i.e. Adobe Connect CQ-Author service, Adobe Connect CQ-Publish service) as well as the Flash Media Gateway (FMG) and Adobe Connect Presence Server services that are in both C8 and C9 that may or may be needed.  You can add these services to the batch files if applicable.

1.) Below is a cycler that just stops and starts all the applicable services (FMS,FMSAdmin,ConnectPro, and the CPTelephonyService). It is up to you and your deployment, whether you need the CPTelephonyService or not.  This version will do it all automatically and won’t force you to perform a keystroke to start once the services are stopped. This version is good for a scheduled task to point to. Again, you may remove the FMSAdmin and/or CPTelephonyService services if you wish, as they are not always needed.  I also added a ping in the middle so it adds more time before restarting the services (in case there is a delay in stopping the FMS service, which sometimes happens).

———————————snip below here and save to a .bat file—————————-

@ECHO OFF
REM ----------------CONNECT SERVICE AUTOMATIC CYCLING ----------------
REM
REM This batch file stops and starts the Adobe Connect and Flash Media Server Services
REM

REM
REM -----------------------------------------------------------------------
@ECHO ON

net stop ConnectPro
net stop CPTelephonyService
net stop FMSAdmin
net stop FMS
ping 1.1.1.1 -n 1 -w 20000>nul
net start FMS
net start FMSAdmin
net start ConnectPro
net start CPTelephonyService

@ECHO OFF

———————————snip above this and save to a .bat file——————————

2.) Below is a cycler that stops the services (same as above) but requires a keystroke to start up the services again. This is handy if you are doing work on the server or troubleshooting and you want to quickly stop the services but not restart them until you are ready.

 

———————————snip below here and save to a .bat file—————————-

@ECHO OFF
REM ----------------CONNECT SERVICE AUTOMATIC CYCLING WITH KEYSTROKE---------------- 
REM
REM This batch file stops and starts the Adobe Connect and Flash Media Server Services
REM
REM
REM -----------------------------------------------------------------------
@ECHO ON
net stop ConnectPro
net stop CPTelephonyService
net stop FMSAdmin
net stop FMS /y
@ECHO OFF
@ECHO Press a key to START services
PAUSE
@ECHO ON
net start FMS
net start FMSAdmin
net start ConnectPro
net start CPTelephonyService
@ECHO OFF

———————————snip above this and save to a .bat file——————————

3.) Below is a cycler that stops the services on an Edge server and clears the cache before restarting.

MAKE SURE YOU CHECK THE EDGE SERVER DIRECTORY STRUCTURE ON YOUR MACHINE BEFORE USING THIS. YOU’LL HAVE TO CHANGE THE LOCATION TO MATCH YOUR OWN.

Additional Notes:

The Edge server will need a maintenance script to clear old cache and keep them fresh; run the following .bat file as a scheduled task on each Connect Edge server; feel free to edit this file to reduce or prolong the ping-induced delays. The key is to allow enough time between each command for services to stop and start. Different servers respond differently, some requiring more time and some less time. By stopping the services, it unlocks the cache for thorough deletion:

 

———————————snip below here and save to a .bat file—————————-

@ECHO OFF
REM ------CONNECT SERVICE AUTOMATIC CYCLING---------------
REM 
REM This batch file stops and starts Connect Edge Services and Clears the Cache
REM
REM ------------------------------------------------------------
@ECHO ON
net stop fmsadmin
ping 1.1.1.1 -n 1 -w 10000>nul
net stop fms
ping 1.1.1.1 -n 1 -w 200000>nul
del /Q /S c:\breeze\edgeserver\win32\cache\http\*.*
ping 1.1.1.1 -n 1 -w 10000>nul
net start fms
ping 1.1.1.1 -n 1 -w 10000>nul
net start fmsadmin
@ECHO OFF

———————————snip above this and save to a .bat file——————————

Telephony conference fails to start when we have an edge server in front of Connect Origin server.

Issue:

Telephony conference fails to start when we have an edge server in front of Connect Origin server.

Reason:

Licensed customers who use telephony that makes call-back to Connect (Intercall, for example) must open port 9080 on their firewall so that the call-back can be made. If the Intercall bridge cannot make the call-back to this URL on port 9080 the conference will not launch. It uses the call-back URL for anything you do in the conference call – mute a user, hang-up etc. The call-back URL must provide Intercall with a direct route to the origin running the meeting room.

When we have an edge server between the telephony provider and Origin server, we need to ensure that edge listens on port 9080 (in addition to 80,443,1935) and forwards 9080 traffic to Origin server. Additionally, if the origin server is clustered, we need to ensure that the response of call-back requests is sent back to the origin server who initiated the request. We cannot let edge server send these request to load balancer and have latter load balance this traffic between the origin nodes. If we do so, half of the call-back (round robin) requests will fail.


Solution:

To ensure call back is successful:

1) Make the Edge listen on ports 9080 and 9081 (in addition to current 80, 443, 1935).

2) Add redirects for each of these ports in adaptor.xml file such that

Port 9080 is redirected to origin1:9080

Port 9081 is redirected to origin2:9080

3) Change call-back URLs on both origin servers such that

Call-back URL on origin1 is connect.example.com:9080

Call-back URL on origin2 is connect.example.com:9081

4) Open TCP ports 9080 and 9081 to the Edge servers on the firewall.

 

The Connect configuration:

1) In \edgeserver\win32\conf\_defaultRoot_\adaptor.xml, add entries to map edge:ports to origins:ports as follows

origin1 IP Address:9080

origin2 IP Address:9080

2) In \edgeserver\conf\config.ini add entries to for ports on which the  Edge listens as follows:

FCS.HOST_PORT=:1935,80,443,9080,9081

3) On origin 1:

connect.example.com:9080/services/CCAPICallbackSOAP

4) On origin 2:

connect.example.com:9081/services/CCAPICallbackSOAP

Now if a meeting is launched on Origin server 2 and an Intercall conference is started, that Origin server will make a connection to the Intercall conference bridge. The call-back URL that Intercall receives will contain the port number 9081. Intercall will hit the Edge server on port:9081 and the Edge server will redirect the request to Origin server 2 because of the redirect we placed in its Adaptor.xml.

Encrypting traffic between Edge and Origin Server on 8506.

Issue:

Encrypting traffic between Edge and Origin Server on 8506.

Solution:

By default, the traffic between external edge and origin server is in clear. To encrypt that, follow the steps below:

Step 1:

On the remote Edge servers, edit: /breeze/edgeserver/win32/conf/_defaultRoot_/_defaultVhost_/vHost.xml:

replace:
<RouteTable protocol=""> with
<RouteTable protocol="rtmps">
replace:
<RouteEntry></RouteEntry> with
<RouteEntry protocol="rtmps">*:*;*:*</RouteEntry>

Step 2:

Secure the 8506 traffic at the Origin server on 8506 exactly as though it were client traffic inbound to port 1935 except using port 8506 instead.

On the origin servers (or on the origin’s SSL accelerator), encrypt the inbound Edge to origin traffic on port 8506. The example below shows an stunnel.conf file on origin server, add for the IP receiving rtmp traffic on the meeting server VIP:

#[rtmps-vip for Origin]

accept = 10.40.2.54:8506

connect =InternalIP02:8506

 

Note:

One caveat with this technique of doing SSL, is that when you view the RTMP sequence from within a test meeting (Help>Shift>About Adobe Connect) the second leg of the RTMP sequence will read RTMP even though it is actually RTMPS. We are testing for a means to adjust that output, but it is very trivial as the first leg does read RTMPS and adjudicates both legs.