Remote access to Neo4j 3.4.9 server from local network

configuration
operations

(Oleg ) #1

Hello,
I'm trying to remotely access Neo4j 3.4.9 running on my Windows 10 laptop from another machine on my local network. I can reach the database in the browser from the laptop using localhost:7474, and also 192.168.1.136:7474.

I've added these lines to the neo4j.conf file:

dbms.connectors.default_listen_address=0.0.0.0
dbms.connector.bolt.listen_address=0.0.0.0:7687
dbms.connector.http.listen_address=0.0.0.0:7474

I've added and removed the 0.0.0.0 and tried a few other things, but none of them seem to work. I can reach port 5000 (Flask) and 9000 (CoreNLP) on the laptop from other machines on my local network, so it shouldn't be a firewall problem. What's curious though, is when I go to the browser on my laptop, in my Windows command prompt window I see a new line like:
2018-11-09 05:49:45.507+0000 WARN The client is unauthorized due to authentication failure.
on every refresh, and the browser still works correctly returning queries.
I get the same warning a few times as well after I start the database using:
neo4j console
like so:

2018-11-09 05:48:51.101+0000 INFO  Sending metrics to CSV file at C:\Program Files\neo4j-enterprise-3.4.9\metrics
2018-11-09 05:48:52.042+0000 INFO  Bolt enabled on 0.0.0.0:7687.
2018-11-09 05:48:54.154+0000 WARN  Server thread metrics not available (missing neo4j.server.threads.jetty.all)
2018-11-09 05:48:54.157+0000 WARN  Server thread metrics not available (missing neo4j.server.threads.jetty.idle)
2018-11-09 05:48:54.986+0000 WARN  The client is unauthorized due to authentication failure.
2018-11-09 05:49:00.079+0000 WARN  The client is unauthorized due to authentication failure.
2018-11-09 05:49:05.100+0000 WARN  The client is unauthorized due to authentication failure.
2018-11-09 05:49:10.116+0000 WARN  The client is unauthorized due to authentication failure.
2018-11-09 05:49:15.136+0000 WARN  The client is unauthorized due to authentication failure.
2018-11-09 05:49:20.154+0000 WARN  The client is unauthorized due to authentication failure.
2018-11-09 05:49:25.172+0000 WARN  The client is unauthorized due to authentication failure.
2018-11-09 05:49:25.233+0000 INFO  Starting GraphAware...
2018-11-09 05:49:25.235+0000 INFO  Loading module metadata...

Is there a way to test connectivity from a command prompt on a remote machine? What are the correct settings in the .conf file? Thank you very much!

Oleg


(Paul Drangeid) #2

from the command prompt of another machine run telnet 192.168.1.136 7474.
(You may need to add the telnet client via Programs & features / Turn Windows features on or off)

If it opens up a black screen with a blinking cursor, you are connecting... if it is not routing, not listening (or blocked) it will respond "Connecting to 192.168.1.136... Could not open connection to the host, on port 7474: Connect failed.

You SHOULD leave the listen adress=0.0.0.0 (defaults to listen on ALL ip addresses on your machine).

In addition to your firewall, do you have any active anti-virus software that may also be performing firewall-like blocking security services? Many of the corporate anti-virus suites also act as firewalls (even if your Windows firewall is disabled)


(Oleg ) #3

I tried telneting to the port... 5000 and 9000 worked for the other services, but 7474 failed here too.

telnet 192.168.1.136 7474
Connecting To 192.168.1.136...Could not open connection to the host, on port 7474: Connect failed

I have the Windows Firewall disabled for private networks, and my anti-Virus turned off as well. What are the configuration lines that need to be changed from a stock .conf file to allow remote access? I've seen different answers, some of which are deprecated now.


(Mike Morley) #4

That actually looks like an auth error instead of a network error - try resetting the password you are using http://boopathi.me/blog/reset-neo4j-graph-database-password/


(Paul Drangeid) #5

Remove the following entries:
dbms.connector.bolt.listen_address=0.0.0.0:7687
dbms.connector.http.listen_address=0.0.0.0:7474

I believe the ONLY entry you should have needed to add/change is:
dbms.connectors.default_listen_address=0.0.0.0

I just tried it on my desktop install, and adding those bolt and http listen entries you had caused my remote access to stop working.

My entries look like this:

dbms.connectors.default_listen_address=0.0.0.0
dbms.connector.bolt.enabled=true
#dbms.connector.bolt.tls_level=OPTIONAL
#dbms.connector.bolt.listen_address=:7687

# HTTP Connector. There must be exactly one HTTP connector.
dbms.connector.http.enabled=true
#dbms.connector.http.listen_address=:7474

# HTTPS Connector. There can be zero or one HTTPS connectors.
dbms.connector.https.enabled=true
#dbms.connector.https.listen_address=:7473

(Oleg ) #6

Ok, I installed the Desktop version and was able to access a local database remotely, so that's something :slight_smile:

I'm more comfortable using the server version instead of the Desktop interface. Is there somewhere I could look for what else might be causing my issues? I feel as if a setting is cached somewhere and not reflecting what's in the .conf file. I tried a clean install of 3.4.9 and had the same issue. Even there I would get the authentication warning in the console on every browser refresh. I tried resetting the password as well, but that didn't change anything.