LDAPS test fails with "The server(s) did not respond" in AAI

book

Article ID: 220954

calendar_today

Updated On:

Products

Automic Automation Intelligence

Issue/Introduction

LDAPS test fails with "The server(s) did not respond"

 

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=FgmN3vosRLAuH/Gvw/ipbA==

 

jaws.log shows:

WARN  [LdapLoginImpl] Error contacting ldap server at ldap://LDAP_Server:636; trying next. : javax.naming.CommunicationException: ldap.LDAP_Server:636 [Root exception is java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)]
 at com.sun.jndi.ldap.Connection.<init>(Connection.java:228)
 at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
 at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1609)
 at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
 at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
 at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
 at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
 at org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
 at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
 at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89)
 at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
 at javax.naming.InitialContext.init(InitialContext.java:244)
 at javax.naming.InitialContext.<init>(InitialContext.java:216)
 at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
 at com.termalabs.server.security.LdapLoginImpl.getDirContext(LdapLoginImpl.java:489)
 at com.termalabs.server.security.LdapLoginImpl.searchForUsers(LdapLoginImpl.java:439)
 at com.termalabs.server.security.LdapLoginImpl.checkConfiguration(LdapLoginImpl.java:112)
 at com.termalabs.server.cache.UserVendorImpl.testDomain(UserVendorImpl.java:1117)
 at com.termalabs.server.ejb3.UserDataManagerEJB.testUserDomain(UserDataManagerEJB.java:780)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
 at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82)
 at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93)
 at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
 at com.termalabs.server.ejb3.RequestScopeEJB3Interceptor.invoke(RequestScopeEJB3Interceptor.java:94)
 at sun.reflect.GeneratedMethodAccessor1030.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptor.java:89)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
 at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275)
 at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:327)
 at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:239)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
 at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73)
 at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:80)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:43)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:138)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:53)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:66)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
 at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:632)
 at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
 at org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
 at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
 at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
 at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:327)
 at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$100(MethodInvocationMessageHandler.java:67)
 at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:200)
 at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.processMessage(MethodInvocationMessageHandler.java:262)
 at org.jboss.as.ejb3.remote.protocol.versionone.VersionOneProtocolChannelReceiver.processMessage(VersionOneProtocolChannelReceiver.java:213)
 at org.jboss.as.ejb3.remote.protocol.versiontwo.VersionTwoProtocolChannelReceiver.processMessage(VersionTwoProtocolChannelReceiver.java:76)
 at org.jboss.as.ejb3.remote.protocol.versionone.VersionOneProtocolChannelReceiver.handleMessage(VersionOneProtocolChannelReceiver.java:159)
 at org.jboss.remoting3.remote.RemoteConnectionChannel$5.run(RemoteConnectionChannel.java:456)
 at org.jboss.remoting3.EndpointImpl$TrackingExecutor$1.run(EndpointImpl.java:731)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
 at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:248)
 at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:262)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at com.sun.jndi.ldap.Connection.createSocket(Connection.java:340)
 at com.sun.jndi.ldap.Connection.<init>(Connection.java:215)
 ... 107 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
 at java.security.Provider$Service.newInstance(Provider.java:1617)
 at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
 at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
 at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
 at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
 at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:122)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at com.sun.jndi.ldap.Connection.createSocket(Connection.java:296)
 ... 108 more
Caused by: java.security.KeyStoreException: problem accessing trust store
 at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:75)
 at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:250)
 at sun.security.ssl.SSLContextImpl$DefaultManagersHolder.getTrustManagers(SSLContextImpl.java:882)
 at sun.security.ssl.SSLContextImpl$DefaultManagersHolder.<clinit>(SSLContextImpl.java:854)
 at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:1027)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
 at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
 at java.security.Provider$Service.newInstance(Provider.java:1595)
 at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
 at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
 at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
 at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
 at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:122)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at com.sun.jndi.ldap.Connection.createSocket(Connection.java:296)
 at com.sun.jndi.ldap.Connection.<init>(Connection.java:215)
 at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
 at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1609)
 at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)
 at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
 at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
 at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
 at org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
 at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
 at org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89)
 at org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
 at javax.naming.InitialContext.init(InitialContext.java:244)
 at javax.naming.InitialContext.<init>(InitialContext.java:216)
 at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
 at com.termalabs.server.security.LdapLoginImpl.getDirContext(LdapLoginImpl.java:489)
 at com.termalabs.server.security.LdapLoginImpl.getDistinguishedName(LdapLoginImpl.java:324)
 at com.termalabs.server.security.LdapLoginImpl.checkCredentials(LdapLoginImpl.java:139)
 at com.termalabs.server.ejb3.security.JawsLoginModule2.login(JawsLoginModule2.java:139)
 at sun.reflect.GeneratedMethodAccessor17.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
 at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:406)
 at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345)
 at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:323)
 at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146)
 at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:408)
 at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:369)
 at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:55)
 at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49)
 at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:97)
 ... 36 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
 at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:785)
 at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
 at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
 at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
 at java.security.KeyStore.load(KeyStore.java:1445)
 at sun.security.ssl.TrustStoreManager$TrustAnchorManager.loadKeyStore(TrustStoreManager.java:368)
 at sun.security.ssl.TrustStoreManager$TrustAnchorManager.getTrustedCerts(TrustStoreManager.java:316)
 at sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:59)
 at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:51)
 ... 97 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
 at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:783)
 ... 105 more

2021-08-03 09:26:51,630 INFO  [JawsPropertiesFileHandler] Mutual Auth Required - 
2021-08-03 09:26:52,615 WARN  [LoginSessionVendorImpl] Login attempted with expired token: 93649585
2021-08-03 09:26:52,615 WARN  [JawsLoginModule2] Error logging in by token: com.termalabs.server.cache.InvalidLoginTokenException: token expired
 at com.termalabs.server.cache.LoginSessionVendorImpl.getUserDataFromToken(LoginSessionVendorImpl.java:351)
 at com.termalabs.server.ejb3.security.JawsLoginModule2.loginByToken(JawsLoginModule2.java:315)
 at com.termalabs.server.ejb3.security.JawsUsernamePasswordLoginModule.login(JawsUsernamePasswordLoginModule.java:126)
 at com.termalabs.server.ejb3.security.JawsLoginModule2.login(JawsLoginModule2.java:84)
 ... 52 skipped
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)

Cause

The truststore password  must match the Java cacerts truststore.

Environment

Release : 6.3.0

Component : LDAPS

Resolution

Ran the keytool import script again, but used the default "changeit" for the storepass instead of the password that was being used. 

 

keytool -import -v -file filename.cer -keystore C:\Automic_Automation_Intelligence\jawsKeys -storepass changeit -noprompt

 

Also set the password to 'changeit' in the /<Install Dir>/*.vmoptions files.

-Djavax.net.ssl.trustStorePassword=changeit

Additional Information

LDAPS Configuration Guide