Connecting to Datacentre

Datacentre connections must be negotiated through the normal Datacentre port (6699).

Some earlier versions of MoneyWorks Datacentre* inadvertently allowed a client to directly connect to the database daemon port (e.g. 6674) without going through the Datacentre login process. i.e manual connection to port 6674 would be allowed in.

The principal problem with direct connections is that it created support problems when customers did it and then didn't understand why nothing was working after a server update (because no client update will be delivered to clients that are connecting incorrectly). Additionally it was a security hole for a partitioned (ASP mode) server as it would bypass folder-level security.

This situation seems to arise on Windows because many Windows admins routinely run a firewall on their server and block all network services by default and then do not allow all of the ports that Datacentre requires for proper operation. In particular UDP port 5353 is blocked which prevents the network browser from operating. Without network browsing, people resort to a manual connection and may choose the wrong port. When the direct connection to 6674 happens to work, the problem is not noticed until much later when everything stops working after an update. Similar issues arise when connecting through a NAT router from the public Internet.

For the record, Datacentre uses TCP ports 6699, 6700, 6710, and potentially all of 6674-6698, plus UDP port 5353. If a firewall is being used, all of these ports should be opened.

Also, if you have customers who suddenly can't connect after the update, check that they weren't connecting incorrectly.

*bug fixed in v6.1.2

Posted in Esoterica, Networking | Comments Off on Connecting to Datacentre