search cancel

User for VNA Viptela with no proxy authentication required?

book

Article ID: 229292

calendar_today

Updated On:

Products

CA Virtual Network Assurance DX NetOps

Issue/Introduction

Can the VMANAGE_PROXY_USER_NAME and VMANAGE_PROXY_PASSWORD settings be omitted if no proxy authentication is required when configuring the Viptela plugin?

Following error is the cause. It's from debug written to the gateway.log file. It indicates we're hitting a problem at a proxy that requires authentication, or at VNA where the request is being rejected.

A packet capture revealed a TLS1.2 cipher handshake from VNA to Viptela vManage was being rejected.

2021-12-08 12:28:35,874 DEBUG (default task-3)  [VIPTELA_PLUGIN] ViptelaPluginConfigHandler 68  Exception occurred connecting to https://Viptela_Host:443/dataservice/j_security_check.: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.8.0_91]
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) [jsse.jar:1.8.0_91]
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) [jsse.jar:1.8.0_91]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) [jsse.jar:1.8.0_91]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) [jsse.jar:1.8.0_91]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) [jsse.jar:1.8.0_91]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) [jsse.jar:1.8.0_91]
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436) [httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.upgrade(DefaultHttpClientConnectionOperator.java:191) [httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:392) [httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:428) [httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) [httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) [httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) [httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) [httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) [httpclient-4.5.11.jar:4.5.11]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) [httpclient-4.5.11.jar:4.5.11]
        at com.ca.em.sdn.gateway.common.plugins.viptela.ViptelaHttpBase.getResourceResponse(ViptelaHttpBase.java:230) [broker-oc-common-21.2.5-RELEASE.jar:]
        at com.ca.em.sdn.gateway.common.plugins.viptela.ViptelaHttpBase.fetchAuthToken(ViptelaHttpBase.java:149) [broker-oc-common-21.2.5-RELEASE.jar:]
        at com.ca.em.sdn.gateway.plugins.viptela.ViptelaPluginConfigHandler.testConfiguration(ViptelaPluginConfigHandler.java:61)
        at com.ca.em.sdn.gateway.broker.core.pluginmanager.PluginConfigHandlerService.testConfiguration(PluginConfigHandlerService.java:95) [classes:]
        at com.ca.em.sdn.gateway.broker.core.pluginmanager.PluginConfigHandlerService$Proxy$_$$_WeldClientProxy.testConfiguration(Unknown Source) [classes:]
        at com.ca.em.sdn.gateway.broker.core.resources.PluginResource.testConfiguration(PluginResource.java:402) [classes:]
        at com.ca.em.sdn.gateway.broker.core.resources.PluginResource.configurePlugin(PluginResource.java:230) [classes:]
        at com.ca.em.sdn.gateway.broker.core.resources.PluginResource$Proxy$_$$_WeldClientProxy.configurePlugin(Unknown Source) [classes:]
        at sun.reflect.GeneratedMethodAccessor5533.invoke(Unknown Source) [:1.8.0_91]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_91]
        at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_91]
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:535) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:424) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:385) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
@
        at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:387) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:356) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:329) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.11.2.Final.jar:3.11.2.Final]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:590) [jboss-servlet-api_4.0_spec-2.0.0.Final.jar:2.0.0.Final]
        at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.websockets.jsr.JsrWebSocketFilter.doFilter(JsrWebSocketFilter.java:173) [undertow-websockets-jsr-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:52) [opentracing-jaxrs2-0.4.1.jar:]
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103) [wildfly-elytron-auth-server-1.11.4.Final.jar:1.11.4.Final]
        at org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161) [wildfly-elytron-auth-server-1.11.4.Final.jar:1.11.4.Final]
        at org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73) [wildfly-elytron-auth-server-1.11.4.Final.jar:1.11.4.Final]
        at org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67)
        at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) [undertow-core-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) [undertow-core-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-2.1.0.Final.jar:2.1.0.Final]
        at org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.0.Final.jar:2.1.0.Final]
        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.0.Final.jar:2.1.0.Final]
        at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]
        at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.1.0.Final.jar:2.1.0.Final]

Cause

Unknown.

Environment

All supported DX NetOps Virtual Network Assurance releases using the Viptela plugin with proxy

Resolution

A different set of user credentials were used and the connection to Viptela began working.