search cancel

We are seeing the error "javax.net.ssl.SSLException: Unsupported or unrecognized SSL message" in OneClick tomcat log

book

Article ID: 229598

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

I have the following message occurring every 5 minutes in catalina.out on a OneClick Server that is integrated with CAPM

```

AxisFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
 faultSubcode:
 faultString: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
 faultActor:
 faultNode:
 faultDetail:
        {http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
        at sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(SSLSocketInputRecord.java:448)
        at sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:184)
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1143)
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1054)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:394)
        at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
        at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
        at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
        at org.apache.axis.client.Call.invoke(Call.java:2767)
        at org.apache.axis.client.Call.invoke(Call.java:2443)
        at org.apache.axis.client.Call.invoke(Call.java:2366)
        at org.apache.axis.client.Call.invoke(Call.java:1812)
        at com.netqos.InventoryWS.InventoryWSSoapStub.beginInventory(InventoryWSSoapStub.java:504)
        at com.ca.im.netqos.integration.datasource.inventory.AxisNetqosInventoryService.getEventManagerURL(AxisNetqosInventoryService.java:77)
        at com.ca.im.netqos.integration.event.NetqosEventManager$NPCEventManagerWebserviceURLPoller.performTask(NetqosEventManager.java:626)
        at com.aprisma.util.thread.ThreadPoolMonitor$TimedThreadTask.performTask(ThreadPoolMonitor.java:135)
        at com.aprisma.util.thread.CachedThread.run(CachedThread.java:116)

      

javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
        at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
        at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
        at org.apache.axis.client.Call.invoke(Call.java:2767)
        at org.apache.axis.client.Call.invoke(Call.java:2443)
        at org.apache.axis.client.Call.invoke(Call.java:2366)
        at org.apache.axis.client.Call.invoke(Call.java:1812)
        at com.netqos.InventoryWS.InventoryWSSoapStub.beginInventory(InventoryWSSoapStub.java:504)
        at com.ca.im.netqos.integration.datasource.inventory.AxisNetqosInventoryService.getEventManagerURL(AxisNetqosInventoryService.java:77)
        at com.ca.im.netqos.integration.event.NetqosEventManager$NPCEventManagerWebserviceURLPoller.performTask(NetqosEventManager.java:626)
        at com.aprisma.util.thread.ThreadPoolMonitor$TimedThreadTask.performTask(ThreadPoolMonitor.java:135)
        at com.aprisma.util.thread.CachedThread.run(CachedThread.java:116)
Caused by: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
        at sun.security.ssl.SSLSocketInputRecord.handleUnknownRecord(SSLSocketInputRecord.java:448)
        at sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:184)
        at sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
        at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1143)
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1054)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:394)
        at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186)
        at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
        at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
        at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
        ... 14 more
Oct 06, 2021 14:59:14.234 (PoolThread-8710: GlobalPool => NPCEventManagerWebserviceURLPoller) (NetqosEventLog) - (ERROR) - Unable to contact Event Manager - stopping all polling.

 

Environment

Release : 20.2

Component : Spectrum Integrations  Oneclick with CAPM

Cause

Actual issue (on PM side)  was because EM (Event Manager) should not be using HTTPS, which instead is what it was set based on SsoConfig settings:

Resolution

The error message is coming from PM during the every 5 minute Incremental Synch. 

Both Device Manager (DM) and Event Manager (EM) services should not be set to HTTPS.  We need to make sure the EM data source on CAPC is not set to HTTPS.  And also Web Service Scheme is set to HTTP in SsoConfig.

 

We changed Web Service Scheme to HTTP.  With  SsoConfig tool you can use the option "r" for reset on Local Value and Remote Value for Web Service Scheme, so it gets set back to default of HTTP.

The other options for DM can be 8481 for the Port and Host can be replaced with FQHN. 

After changing the Remote Value from https to http indeed there is no more error message on the Oneclick catalina.out file.

Additional Information

In SsoConfig, Web Service settings are for DM and  Web Site settings are for CAPC.