DX NetOps MM UI does not display any Controllers after successful installation
search cancel

DX NetOps MM UI does not display any Controllers after successful installation

book

Article ID: 382623

calendar_today

Updated On:

Products

Network Observability CA Mediation Manager

Issue/Introduction

DX NetOps Mediation Manager (DX NetOps MM) installation completed successfully.

However the DX NetOps MM web UI does not display any Controllers:
 
 
When try to start the services with "startall" it fails with "SEVERE: Failed to start component”:
 
 
Since no CAMM component got started, the following log directories do not have any log files created:
  • /opt/CA/CAMM/MC/logs/*
  • /opt/CA/CAMM/LC/logs/*
  • /opt/CA/CAMM/DS/logs/*

Collected GenericController/GE logs from /opt/CA/CAMM/GE_*/logs/*log directory.  They show these messages:

Nov 15, 2024 12:03:51 PM com.torokina.tim.communication.protocol.security.TimSecureSslContextFactory getKeyStoreDetails
WARNING: KeyStore config file does not exists at::/opt/CA/CAMM/GE_root/Keystore_Details.xml
Nov 15, 2024 12:03:51 PM com.torokina.tim.communication.protocol.security.TimSecureSslContextFactory
INFO: Initializing SSLContext with default context
Nov 15, 2024 12:03:51 PM com.torokina.tim.runner.daemon.TimAppDaemon startApp
SEVERE: No content data
Nov 15, 2024 12:03:52 PM com.torokina.tim.runner.daemon.TimAppDaemon$TimAppDaemonHandler exceptionCaught
SEVERE: Execption occurs on daemon handler
javax.net.ssl.SSLHandshakeException: Received fatal alert: unsupported_certificate

Environment

All supported DX NetOps Mediation Manager releases on Red Hat release 9.x

Cause

This is due to an SSL issue with the keystore from the java code. By default DX NetOps MM components communicate over SSL, and this cannot be disabled.

The current certs provided in the keystore use a weak signature algorithm. 

The most current OS's, like the Red Hat 9.x release in use here, no longer support weak signature algorithms.

Resolution

Engineering provided the following workaround. It has us configure a stronger signature algorithm for the self-signed certificates generated in the keystore file for DX NetOps MM components  and their communication over SSL.

Points #1 and #2 will help to generate a keystore with a self-signed certificate.

Point #3 will help to configure the same to communicate DX NetOps MM components over SSL. 

  1. Locate the keytool utility available in the (default path) $JAVA_HOME/bin/keytool directory
    • The JAVA_HOME path can be found in config file at /opt/CA/CAMM/tools/camm.env
  2. Generate a keystore file (keystore.jks) with a self-signed certificate with the following command. This command can be run from any DX NetOps MM host.
    • $JAVA_HOME/bin/ keytool -genkey -alias CAMM host fqdn -keyalg RSA -keypass your_password -storepass your_password -keystore keystore.jks -storetype JKS -validity 3650 -dname "CN= CAMM host fqdn, OU=nnn, O=xxxx, L=yyy, S=zzzzzzzzz, C=nn"
    • In the above command, replace these parameters with the appropriate ones for your environment:
      • CAMM host fqdn with your CAMM host FQDN.
      • your_password with the desired password.
      • OU=nnn, O=xxxx, L=yyy, S=zzzzzzzzz, C=nn
  3. Once the above command generates the keystore.jks file, place it at secured directory in DX NetOps MM host.

Follow the steps in page Enable HTTPS for Non-SNMP Monitoring

Note: If you are running multiple LC's and MC's then the above steps has to be followed for all CAMM hosts.

Powered by Wolken Software