Disabling the JMX RMI Interface

Due to a minor security issue, unauthenticated access to the JMX RMI interface used in Performance Manager is possible. No sensitive information is accessible or exposed due to this issue. To ensure that this type of access is not possible you can disable JMX for Performance Manager. If JMX is disabled it will not be possible to use Performance Manager's System Health monitor or monitor the application server via JMX; no other functionality will be affected by making this change.

To disable JMX:

  1. Open the Registry Editor.
  2. Remove the following from the "Options" registry key for each service:
    • -Dcom.sun.management.jmxremote.ssl=false
    • -Dcom.sun.management.jmxremote.authenticate=false
    • -Dcom.sun.management.jmxremote.port=1914x
    Perform this step on each computer that hosts Performance Manager services in the following registry key paths:
    • Application server: HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\SPMAppServer<version>\Parameters\Java
    • Chart server: HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\SPMChartServer<version>\Parameters\Java
    • Execution servers: HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\SPMExecServer<version>\Parameters\Java
    • Front-end server: HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\SPMFrontendServer<version>\Parameters\Java
    Note: On 64-bit operating systems, the registry paths must include Wow6432Node after SOFTWARE, for example
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\SPMAppServer<version>\Parameters\Java.