java awapi timed out after upgrading Java
search cancel

java awapi timed out after upgrading Java

book

Article ID: 137226

calendar_today

Updated On:

Products

CA Automic Applications Manager (AM)

Issue/Introduction

When upgrading to OpenJDK 11.0.2, Applications Manager fails to start due to error "java awapi timed out" message. 

Error found in the local AgentService<timestamp>.log generated at start up:

ErrorMsg: AwE-5103 network socket error 
Details: Network socket error

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
   at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
   at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
   at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)

 

Error found in RmiServer<timestamp>.log generated at start up:

ErrorMsg: AwE-5102 Agent error
Details: Socket[addr=/10.0.0.1,port=1267,localport=60010]

javax.net.ssl.SSLHandshakeException: No available authentication scheme
   at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
   at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
   at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:

Environment

Applications Manager 9.4+

Cause

The above error occurs when the SSL certificate in the user_keystore is generated with the algorithm parameter DSA in conjunction with the use of OpenJDK Runtime Environment 11.0.2 that has TLS 1.3 enabled (enabled by default).

The incompatibility between key algorithm DSA and TLS 1.3 in Java 11.0.2 is a known Java bug.

If upgrading to Java 17 or 21, existing user_keystore and user_keystore_config files may need to be re-generated as current user_keystore and user_keystore_config files generated on a much older version of Java may not be compatible with new Java version

Note:

This issue a Java issue/bug, not an Applications Manager issue.

Resolution

Generate new user_keystore and user_keystore_config files using the upgraded version of Java and with the algorithm EC or RSA instead of DSA. 

More information on generating keystore can be found at the documentation here