agents and workstation are unable to connect to APM SAAS environment
Article ID: 191397
Updated On:
Products
CA Application Performance Management SaaS
Issue/Introduction
We are using APM SAAS environment. Agents and workstation are unable to connect to APM SAAS environment.
Cloud Proxy log is showing following error.
javax.net.ssl.SSLException: SSLEngine closed already
at io.netty.handler.ssl.SslHandler.wrap(...)(Unknown Source) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
2020-05-21 10:00:39.740 ERROR 1504 --- [nioEventLoopGroup-3-8] c.c.a.c.w.WebSocketClientHandler : [id: 0x3fc90a5d, L:/10.181.3.226:59980 ! R:<APM-Cloud_GateWay>/<IP>:443] Exception: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:579) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:496) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:897) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_221]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[na:1.8.0_221]
at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[na:1.8.0_221]
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:294) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1297) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1199) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1243) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
... 16 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[na:1.8.0_221]
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_221]
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) ~[na:1.8.0_221]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1457) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1365) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
... 20 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[na:1.8.0_221]
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[na:1.8.0_221]
at sun.security.validator.Validator.validate(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[na:1.8.0_221]
... 29 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) ~[na:1.8.0_221]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[na:1.8.0_221]
at java.security.cert.CertPathBuilder.build(Unknown Source) ~[na:1.8.0_221]
... 35 common frames omitted
Cloud Proxy log is showing following error.
javax.net.ssl.SSLException: SSLEngine closed already
at io.netty.handler.ssl.SslHandler.wrap(...)(Unknown Source) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
2020-05-21 10:00:39.740 ERROR 1504 --- [nioEventLoopGroup-3-8] c.c.a.c.w.WebSocketClientHandler : [id: 0x3fc90a5d, L:/10.181.3.226:59980 ! R:<APM-Cloud_GateWay>/<IP>:443] Exception: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:579) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:496) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:897) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [netty-all-4.1.30.Final.jar:4.1.30.Final]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_221]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[na:1.8.0_221]
at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[na:1.8.0_221]
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:294) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1297) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1199) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1243) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
... 16 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.Handshaker$1.run(Unknown Source) ~[na:1.8.0_221]
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_221]
at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) ~[na:1.8.0_221]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1457) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1365) ~[netty-all-4.1.30.Final.jar:4.1.30.Final]
... 20 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[na:1.8.0_221]
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[na:1.8.0_221]
at sun.security.validator.Validator.validate(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[na:1.8.0_221]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[na:1.8.0_221]
... 29 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) ~[na:1.8.0_221]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[na:1.8.0_221]
at java.security.cert.CertPathBuilder.build(Unknown Source) ~[na:1.8.0_221]
... 35 common frames omitted
Environment
Release : SAAS
Component : APM SAAS ENTERPRISE
Resolution
We identified that the issue was with customer's proxy server (not APM Cloud Proxy).
The proxy server did not have the necessary permissions to go to the internet.
Once necessary permissions and configuration was in place, APM Cloud Proxy started working good.
Agents and workstation are able to connect to APM SAAS environment successfully.
The proxy server did not have the necessary permissions to go to the internet.
Once necessary permissions and configuration was in place, APM Cloud Proxy started working good.
Agents and workstation are able to connect to APM SAAS environment successfully.
Feedback
Yes
No
Powered by
