Unable to access JMX monitoring via jConsole when Confluence Server is hosted in AWS

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Unable to access JMX counters when Confluence Server is hosted in an Amazon EC2 instance which is part of a VPC.

Specifically jConsole says the connection to the remote JMX fails.

Diagnosis

Environment

  • Amazon EC2

  • VPC using a Security Group with restrictive rules

Diagnostic Steps

  1. Verify that the JMX port you specified is open and listening

  2. Verify that the AWS Security Group allows traffic through on the jmxremote port

  3. Run jConsole with debug logging enabled for more data on the issue:

    1 jconsole -debug

  4. You should see something similar to the following in the jconsole debug output:

    1 2 java.rmi.ConnectException: Connection refused to host 127.0.0.1; nested exception is java.net.ConnectException: Connection refused: connect

  5. From your local machine (if Linux or Mac) run: netstat -anlp and check the results for the port you are trying to connect to. You may see an ESTABLISHED result:

    1 tcp 0 0 <AWS IP ADDRESS>:<PORT NUMBER> <IP OF YOUR MACHINE>:51171 ESTABLISHED 11076/java

Cause

JMX uses 2 ports, the one specified in the setenv.sh file and a port that is randomly assigned. In environments where access to ports is restricted, binding to the randomly assigned port may be prevented.

Resolution

  • Specify an RMI port and host by adding the following to the CATALINA_OPTS configuration of the setenv file:

    1 2 -Dcom.sun.management.jmxremote.rmi.port=<SPECIFY DIFFERENT PORT THAN THE JMXREMOTE PORT> -Djava.rmi.server.hostname=<AWS IP ADDRESS FROM NETSTAT OUTPUT ABOVE>

  • Make sure the new port above is allowed in your AWS Security Group

  • Re-start your Confluence, and try to connect via jConsole again

Updated on April 11, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageProblemDiagnosisCauseResolution

Still need help?

The Atlassian Community is here for you.
Ask the Community