since I can start the server with
ejabberdctl start
For debugging purposes, try to start it with "ejabberdctl live", as that will keep the erlang shell opened inside ejabberd: that gives you immediate log messages, you can see it's running, and even run erlang commands inside it.
ERROR: The ejabberd node 'ejabberd@chat.ish.com.au' is already running.
This is a very simple detection: it just checks in "epmd" the list of running nodes. Something like:
$ epmd -names
epmd: up and running on port 4369 with data:
name ejabberd at port 35633
ejabberdctl
Failed RPC connection to the node 'ejabberd@chat.***.com.au': nodedown
Internally, this is a more complex operation than the previous one, as it attemps to connect to the running node. That needs several ports opened, the erlang cookie verification, etc. So it's understandable that the previous command works (it just checks "epmd -names"), and this one fails (you may need to open some ports, and tell ejabberdctl which ones to use).
I'm guessing that ejabberdctl needs some RPC ports/permissions, but I can't find documentation about what it needs. XML-RPC?
Yes, ejabberdctl uses Erlang's epmd to connect itself to an already running erlang node https://docs.ejabberd.im/admin/guide/security/
