ActiveMQ fails to start on the Data Aggregator
search cancel

ActiveMQ fails to start on the Data Aggregator

book

Article ID: 392419

calendar_today

Updated On:

Products

Network Observability

Issue/Introduction

ActiveMQ fails to start on the Data Aggregator with errors failing to bind to port 61617

in the log file activemq.out we see these errors (truncated)

...............

ERROR: java.lang.RuntimeException: Failed to execute start task. Reason: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in class path resource [activemq.xml]: Invocation of init method failed; nested exception is java.io.IOException: Transport Connector could not be registered in JMX: java.io.IOException: Failed to bind to server socket: ssl://0.0.0.0:61617?needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2 due to: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
java.lang.RuntimeException: Failed to execute start task. Reason: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in class path resource [activemq.xml]: Invocation of init method failed; nested exception is java.io.IOException: Transport Connector could not be registered in JMX: java.io.IOException: Failed to bind to server socket: ssl://0.0.0.0:61617?needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2 due to: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
  Caused by: java.security.KeyManagementException: Keystore was tampered with, or password was incorrect
    at 

Environment

DX NetOps Performance Management : All Supported Versions

Cause

Both the non-ssl and ssl connectors were enabled in the activemq.xml file, transport connectors section

but the rest of the information needed to actually configure ssl for activemq was missing.

..............

 <!-- 
            The transport connectors expose ActiveMQ over a given protocol to
            clients and other brokers. For more information, see: 
            
            http://activemq.apache.org/configuring-transports.html 
        -->
            
    <transportConnectors>
                  
      <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
                  
      <transportConnector name="encrypted-openwire" uri="ssl://0.0.0.0:61617?needClientAuth=true&amp;transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2"/>
                  
      <transportConnector name="PRQ" uri="tcp://0.0.0.0:61618"/>
                  
      <transportConnector name="encrypted-PRQ" uri="ssl://0.0.0.0:61619?needClientAuth=true&amp;transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2"/>
                  
      <transportConnector name="IREP" uri="tcp://0.0.0.0:61620"/>
                  
      <transportConnector name="encrypted-IREP" uri="ssl://0.0.0.0:61621?needClientAuth=true&amp;transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2"/>
                  
      <transportConnector name="blob" uri="tcp://0.0.0.0:61622"/>
                  
      <transportConnector name="encrypted-blob" uri="ssl://0.0.0.0:61623?needClientAuth=true&amp;transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2"/>
              
    </transportConnectors>

Resolution

We commented out the ssl connectors in the activemq.xml file and restarted the activemq and data aggregator service.

this left only the non-ssl transport connectors active.

then re-cycle activemq

............

 <!-- 
            The transport connectors expose ActiveMQ over a given protocol to
            clients and other brokers. For more information, see: 
            
            http://activemq.apache.org/configuring-transports.html 
        -->
            
    <transportConnectors>
                  
      <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>

<!--
                  
      <transportConnector name="encrypted-openwire" uri="ssl://0.0.0.0:61617?needClientAuth=true&amp;transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2"/>

-->
                  
      <transportConnector name="PRQ" uri="tcp://0.0.0.0:61618"/>

<!--
                  
      <transportConnector name="encrypted-PRQ" uri="ssl://0.0.0.0:61619?needClientAuth=true&amp;transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2"/>

-->
                  
      <transportConnector name="IREP" uri="tcp://0.0.0.0:61620"/>

<!--
                  
      <transportConnector name="encrypted-IREP" uri="ssl://0.0.0.0:61621?needClientAuth=true&amp;transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2"/>

-->
                  
      <transportConnector name="blob" uri="tcp://0.0.0.0:61622"/>

<!--
                  
      <transportConnector name="encrypted-blob" uri="ssl://0.0.0.0:61623?needClientAuth=true&amp;transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2"/>

-->
              
    </transportConnectors>

.........................

Additional Information

the root cause of the issue was that ports 619617, 61619, 61621 and 61623 were blocked at site due to security policies.

Powered by Wolken Software