After upgrading from TDM Portal 4.10 to TDM Portal 4.11 all users are unable to accesses the TDM Portal remotely. TDM Portal is online, but only accessible locally from the browser running directly on the TDM server. All user traffic is directed through a load balancer/gateway. There are no errors reported from the TDM Portal logs. However, the network team investigated and found the following error reported by the load balancer:

Error Message
info tmm[<PID>]: 01260013:6: SSL handshake failed for <proto> <src_IP>:<src_port> -> <dst_IP>:<dst_port>

TDM Portal 4.11.x

Since the TDM 4.11 Portal application is up and running, and is accessible locally, the issue is most likely a Tomcat connector configuration problem, a network load balancer/gateway configuration problem, an SSL certificate problem, or a combination of all three.  

Both Tomcat and Java were updated in TDM 4.11.

To rule out the Tomcat connect configuration, please check how the Connector was configured in working TDM 4.10 Portal. By default, the TDM 4.10 Connector is using the TLSv1.2 protocol, shown below:

In TDM 4.11, the Tomcat default Connector configuration uses TLSv1.3:

If any devices, such as the load balancer, network gateways, or browsers, used in the environment does not support TLSv1.3, then there will be a protocol mismatch, resulting in an SSL Handshake failure.

To resolve the protocol mismatch with the Tomcat Connector, TLSv1.2 may need to be added to the TDM Portal 4.11 Tomcat Connector configuration. 

1. Stop the CA Test Data Manager Portal service on the TDM 4.11 Portal Server.
2. Open a Windows File Explorer on the TDM 4.11 Portal server.
3. Navigate to %CATDMWEB_HOME%\tomcat\conf directory. By default, this is C:\Program Files\CA\CA Test Data Manager Portal\tomcat\conf directory.
4. Open the server.xml file for edit.
5. Locate the Connector configuration, and change protocols="TLSv1.3" to read protocols="TLSv1.2+TLSv1.3".
6. Save the changes.
7. Restart the CA Test Data Manager Portal service.

If the Tomcat connector configuration is not the problem, and communication is still failing, please work with your Network team, or your Security team to troubleshoot any network and/or certificate related failures.

Note: The TDM Portal landing page has also changed. In TDM 4.10 the initial landing page was "https://<hostname>:<port>/TestDataManager/index.html". In TDM Portal 4.11 the landing page has changed to "https://<hostname>:<port>/TestDataManager/main.html#/login". If users are using shortcuts, or if the load balancer is hard-coded with a redirected URL, which points to the index.html page, you will see an internal server error because this resource is not available in 4.11. Any shortcuts or redirected URLs should be updated to "https://<hostname>:<port>/TestDataManager" to let the application redirect the connection to the proper landing page.