F-secure Policy Manager 12.31 Server port Problem

Hi I just upgraded F-secure Policy Manager 12.21->12.31.


We're using default settings of Policy Manager at the moment.


After we upgrade, PM pop up error "Cannot connect to the server: localhost:8080. Check that the host name and port number ar correct. Port number 8080 is used by default."


I have googled alot of things about that I should change ports and other things but default settings has worked with earlier versions of PM. I have tried change ports and shut down F-secure services and other thing but still not working.


Any clue?




  • MJ-perComp
    MJ-perComp Posts: 1,101 Superuser

    Just: be patient.
    it might take up to 10 Mins (maybe longer in large environments) until the comversion is complete.
    You might want to use the Status Monitor to see when it completes.


    If it does not help, stop all F-Secure sevices and doublecheck with netstat that 80, 443, 8080, 8081 are not occupied already.


  • I have waited one day now, but still not working. So I started to check port with command


    netstat -aon | findstr :80

    and same with other ports.


    I see port 80 is listening PID4, but I think it has been listening it before too and PM worked fine.

    Other ports doesn't show anything so I think they're working well.


    Is there any easy way to go back 12.21. I have taken backup before I updated policy manager and I have installation .exe for 12.21, but it doesn't install any components.


    Do i need to unistall F-secure completelly and install & build everything back?


    We have around 90 computers in policy manager.

  • aimutch
    aimutch Posts: 28 Enthusiast

    I've had a lot of issues with upgrading the last few issues of Policy Manager. I would suggest one of the following approaches:


    1. Uninstall PM 12.31. Once you uninstall that, you should be able to reinstall 12.21. The uninstall process does not normally remove the data files. 


    2.  Try re-installing 12.31. I know with a couple of the recent upgrades to PM, I've had to try reinstalling it multiple times to get it working. But it does eventually work. I'm currently running 12.31 after encountering the same issue you reported.

  • aimutch
    aimutch Posts: 28 Enthusiast

    One other thing to check - if you are not accessing it from the console and need remote access, make sure that you uncheck the box to limit access to the console when you are reinstalling PM. 

  • dandelion
    dandelion Posts: 31 Former F-Secure Employee

    Did you consider contacting F-Secure Tech Support with your problem? They usually ask you to collect the diagnostic package, aka fsdiag, that they use to analyze the problem. Otherwise, it's hard to say what's going wrong in your system.

  • dandelion
    dandelion Posts: 31 Former F-Secure Employee

    In default configuration, port 80 is used by Policy Manager Server to serve pre-HTTPS clients. If you see this port occupied when PMS is stopped, this is likely to be the problem why PMS can't start normally. 



  • Did you use normal unistall tool from control panel removing -section?
  • etomcat
    etomcat Posts: 1,319 Superuser



    > In default configuration, port 80 is used by Policy Manager Server to serve pre-HTTPS clients. If you see this port occupied when PMS is stopped, this is likely to be the problem why PMS can't start normally.


    I very much wish F-Secure would switch to using ports 85 (endpoints plaintext) / 8085 (console) / 8086 (web reporting) / 8443 (endpoints ciphertext) by default.


    It makes no sense to compete for ports like 80, 443 and 8080, which are already likely occupied by giants like IIS and Apache on the same server host. F-Secure is a smaller sized player and trying to wrestle resources from the hands of giants seldom ends well.


    Yours Sincerely: Tamas Feher, Hungary.

  • MJ-perComp
    MJ-perComp Posts: 1,101 Superuser

    Using a different (recommended) set of ports as an option during setup  sounds like a nice idea, but I would not like to drop 80/443/8080/8081 as defaults. Also making proposals to the admin during setup would be an option.

    1) In most situations you find a virtual dedicated server  for PMS. So there is no need for different ports.

    2) These ports are well defined and will pass http proxies without trouble. very helpful when checking connectivity using a browser


    Apart from that I would like to remind that also AUA and SWUP still use the "old port". ( @dandelion )

  • A-Grinkevitch
    A-Grinkevitch Posts: 171 F-Secure Employee

    I would not recommend approach to uninstall and install Policy Manager several times in order to make it up and running:

    * upgrade itself removes almost all files and installs new ones from the installation package

    * during installation over uninstalled PM, you are asked to specify ports. If you used non-defult ports with older version and by accident apply suggested default ones, clients will never connect to new PM

    * one of the most time-consuming operations is DB migration. If you stop it in the middle (by shutting down or uninstallation of PM), it will start next time almost from the very beginning.


    Instead, I'd recommend to check the fspms-stderrout.log file in %programfiles(x86)%\F-Secure\Management Server 5\logs (win) /var/opt/f-secure/fspms/logs (linux) and wait for "INFOSmiley Surprisedejs.Server:main: Started" in it.

    Same log shows exception like "Exception in thread "main" java.net.BindException: Address already in use: bind" if specified port is indeed used by any other services at your host.

This discussion has been closed.