Policy processing is failing in an HTTPS Environment - Registration of this policy node to master failed, javax.net.ssl.SSLHandshakeException
search cancel

Policy processing is failing in an HTTPS Environment - Registration of this policy node to master failed, javax.net.ssl.SSLHandshakeException

book

Article ID: 218243

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

This is an internal technical article which documents an issue where policy management processing is failing in an environment with HTTPS enabled. 

Note: KB set to internal as this is a test build. The fix should be included in the next GA package release. 

Symptoms of the issue: 

  • Alarm policies are not working as expected (e.g. If a threshold is breached, no alarms are raised as per the policies created).

  • The policy_management.logs (found on the OC system \Nimsoft\probes\service\wasp) displays the following errors:

2021-06-15 15:42:04,506 DEBUG com.ca.uim.policy.management.events.service.HeartBeatService:registerThisNode:260 [Timer-1]   - Registering the policy node to [email protected]://XX.XX.XXX.XXX:8443/adminconsoleapp
2021-06-15 15:42:04,537 ERROR com.ca.uim.policy.management.events.service.HeartBeatService:registerThisNode:327 [Timer-1]   - Registration of this policy node to master failed, javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address XX.XX.XXX.XXX found 

  • The below query may return records either in "NEW" or "DELETE" state. This means the policy management is not picking up the records and not processing further from the changes made in the OC UI Alarm Policy tab. 

SELECT * FROM Policy

Environment

Release : 20.3.3 June Patch

Component : UIM - ALARM POLICY

Resolution

Engineering has provided a new build of the policy_management_ws to resolve this issue: 
- policy_management_ws_0.27T1.zip

Steps to apply the patch:
1. Import the zip into the local archive.
2. Deploy the imported package to the robot's running policy_management_ws (OC Robot). 

Additional Information

a. If policy_processing flag is set in wasp.cfg > webapps/policy_management_ws/custom/uncrypted/policy_processing to true, policy processing will happen, if set to false, processing will not happen. This is the manual way of configuration.

b. In a load balanced environment with multiple policy_management_ws nodes, the policy_processing should happen in a HA mode. For that, webapps/adminconsoleapp/custom/uncrypted/ha_mode should be set to true and all the policy_management_ws nodes should not have policy_processing flag. Then, nodes will be selected dynamically and works in HA mode.

c. In Https environment, please add the configuration "controller_url = https://FQDN/Certname:9443/adminconsoleapp" under wasp.cfg > webapps/policy_management_ws/custom/uncrypted, to avoid certificate issues.

Note: policy_management_ws_0.27T1.zip is attached to this article. 

Attachments

1624613761182__Readme.txt get_app
policy_management_ws_0.27T1_1624613559580.zip get_app
Powered by Wolken Software