UIM - policy_management queue is yellow and not processing after updating java_jre package
search cancel

UIM - policy_management queue is yellow and not processing after updating java_jre package

book

Article ID: 237358

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

After updating java_jre package on the OC servers, we identified the policy_management queue was no longer processing alarm policies and was in a yellow state. 

Policy logs display the following errors:

2022-03-11 12:24:50,175 DEBUG com.ca.uim.policy.management.events.service.HeartBeatService:registerThisNode:282 [Catalina-utility-1] - Registering the policy node to master@https://<hubname>:8443/adminconsoleapp
2022-03-11 12:24:50,300 ERROR com.ca.uim.policy.management.events.service.HeartBeatService:registerThisNode:348 [Catalina-utility-1] - Registration of this policy node to master failed, javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2022-03-11 12:24:50,845 INFO com.ca.uim.policy.management.config.PolicyManagementConfig:readNimConfig:167 [Timer-0] - Config file successfully loaded.

  or

2026-03-27 10:24:24.905 ERROR service.HeartBeatService - Registration of this policy node to master failed, javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Environment

  • DX Unified Infrastructure Management (UIM) 23.4.x
  • Operator Console (OC) with wasp probe
  • policy_management_ws

Cause

If you do use certificates that come from an internal CA, you need to upload your root and any intermediate certificates to the cacerts keystore that is used by java. 

Resolution

Import the root SSL certificate to "\Nimsoft\jre\<most_recent_java_jre_version>\lib\security\cacerts" file on all OC nodes and restart the robot (oc robot): 

1. Run cmd as administrator

2. Copy root-certificate to C:\Program Files (x86)\Nimsoft\jre\<most_recent_java_jre_version>\lib\security

3. Change the directory to : 

    C:\Program Files (x86)\Nimsoft\jre\<most_recent_java_jre_version>\lib\security

4. CACERTS Import command:

    "c:\Program Files (x86)\Nimsoft\jre\<most_recent_java_jre_version>\bin\keytool.exe" -importcert -keystore cacerts -alias cacerts -storepass changeit -file <root_cert_path> -trustcacerts

5. Restart OC robot

Additional Information

With 23.4 CU5 and above the path would be: c:\Program Files (x86)\Nimsoft\jre21.

Powered by Wolken Software