Unable to access Webmin Dashboard after Installing Palo Alto Expedition Migration Tool

I installed webmin first and was able to access the dashboard, create a new user etc. The 2nd install is a migration utility from Palo Alto called Expedition. Apache web server runs this application. After the installation of Expedition I can no longer access webmin on any port even though the process started and shows as active. The log files don’t have any errors and neither does the apache logs.

To test futher I deleted everything and installed Expedition first and then webmin but still unable to access it.

The ufw is inactive by default but for troubleshooting I enabled it and added the rules to allow port 10000 will no luck.

I’ve researched online both products and have not found anyone else having this issue.

Any ideas how I go about troubleshooting what broke with webmin when I installed Expedition?

Thanks,
Denise

I’ve never heard of Expedition, so I don’t know what it does.

But, you should check that Webmin is listening where you think it is (something like netstat -lnp | grep 10000 assuming it’s configured to use the standard port).

Also what do you mean by “unable to access”? Do you get an error in the browser? What error?

Try connecting locally with a text-mode browser like links to see if it’s actually running. (links https://localhost:10000)

And, check the Webmin error log, usually found in /var/webmin/miniserv.err.

That said, based on your description of the problem, it sounds like a network problem. Either firewall or something messing with routing or interfaces.

Maybe it isn’t a good idea to run this on a production server anyhow.

NOTE: Expedition is supported by the community as best effort

In response to their EOL announcement.

‎06-17-2024 11:00 AM
Did you all have ChatGPT write parts of this this? It’s comical how out of touch Palo Alto is becoming with their clients. I personally didn’t use Expedition because it was never actually “supported” to begin with, with little to no meaningful documentation. But framing this announcement as exciting news is just hilariously tone deaf for the people who maybe did use it or find value in it.

Hi Joe,

Webmin is listening on port 10000 and I even changed it to see if it made a difference and it did not.

I am not running Ubuntu desktop on Ubuntu server so I cannot connect to localhost:10000

I checked all the webmin logs as well as the apache logs and there aren’t any errors in the files.

It’s not a firewall problem because ufw is off by default and when I did turn it on and add rules to allow port 10000 it still didn’t bring up the login screen. When I attempt to access https://serverName:10000 it fails to bring up the login page.

I’m at a loss since I was able to bring up webmin initially until I installed Palo Alto Expedition Migration tool that runs thru Apache. I feel like something has been overwritten but I cannot seem to find what that could be.

All my Ubuntu servers run Webmin so I never ran into this issue before. I’ll follow up with a question to Palo Alto and see if anyone in the forum knows why the installation of Expedition would break Webmin.

Thanks,
Denise

We aren’t using Expedition for migration purposes. We wanted to test its ability to check rules and unused objects.

I did see that the tool has an EOL but not till the end of the year.

I’m going to check with the Palo Alto folks to see if they can provide some insight as to why the installation of Expedition broke Webmin.

Thanks,
Denise

If you can log into Webmin using the server IP instead of the domain name?
You have have a place to start looking into apache and your migration tool.

Sounds like a .htaccess change to me

I would think not webmin uses it’s own webserver that is devoid of both apache and nginx. Looks like this ‘tool’ doesn’t play nicely with firewalld and/or iptables and has closed ports 10000 through 10100

I keep forgetting that bit I have spent too many hours today removing Apache2 from a server that simply didn’t need it and never will!.

oops I am using the IP address and not serverName. Webmin runs as its own process and webserver so I feel like the installation of apache broke the webmin webserver configuration somehow but can’t seem to find where.

It does not use either apache or nginx so therefore nothing can be broke

ufw is not enabled but even when I did enable it I allowed access to port 10000. Before installing Expedition Webmin login page displayed without issue.

This is why I feel like the installation of apache broke the webmin webserver configuration somehow but can’t seem to find where.

right, I don’t think apache is broke I think the installation of apache broke the webserver configuration of webmin. The service starts without issue.

The default installation script of virtualmin installs firewalld as the firewall and disables/remove ufw on ubuntu so it seems something is very wrong

I even put the port to 1000 and it still wouldn’t connect. It’s very frustrating. We really like using webmin to manage our ubuntu servers. I don’t have a desktop GUI installed.

Makes no odds the tool you used seems to mess with the firewall, have you done any terminal work to see what firewall is running and what it accepts and rejects

I assume you have tried/can get into Usermin on port 20000 (though that is not going to help - just might confirm/indicate the firewall/port tampering

I’m still not clear after going through the thread. What is the browser error? Unable to connect or just a blank screen?

iptables -L

This might show if the firewall is on or not regardless of what is running?

That works unless your running RHEL version => 9 as iptables is no longer in the repositories you have then have to rely on firewalld however this is ubuntu so should work

I run Webmin only on servers with Apache and has no effect on Webmin. You should focus on that migration tool and find out what makes it tick.