JCP not accepting connection; log ends with Started oejs.Server@5be7985f{STARTING}[12.0.15,sto=0] @56603ms
Article ID: 396581
Updated On: 05-07-2025
Products
Issue/Introduction
The JCP is not able to accept connection even though the process is running/started, its porta is listening and a telnet to the server/port is working.
Attempting to reach the JCP endpoint from a browser, like https://servername.example.com:8443 shows "This site cannot be reached".
When attempting to connect via the AWI, the login screen shows:
Connection to the AE system not possible.
No connection to the following CPs could be established:
servername.example.com:8443
Please make sure that the system meets the minimum requirement for processes and that it uses WS.PORT to establish the connection.
There is an error message in the AWI log that looks like:
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:370)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:209)
An agent log attempting to start will show:
20250506/204308.112 - U02000313 Communication error with partner 'servername.example.com/<unresolved>:8443', error: 'Received fatal alert: handshake_failure'.
20250506/204308.113 - U02000074 Connecting to system 'AUTOMIC' is not possible.
20250506/204308.114 - Initial connection with endpoint not possible. Please check your configuration.
20250506/204308.115 - U02000041 Shutdown Agent 'WIN01'.
20250506/204308.127 - U02000002 Agent 'WIN01' version '24.4.0+build.1741631310308' ended abnormally.
The JCP log stops writing after a message like the following:
20250506/204236.253 - 34 x509=X509@17153053(jetty,h=[servername, servername.example.com, servername2, servername2.example.com, servername3],a=[/IPaddress, /IPaddress2],w=[]) for Server@607ed80b[provider=null,keyStore=file:///[full path to keystore].p12,trustStore=null]
20250506/204236.289 - 34 Started ServerConnector@5f57a0d6{SSL, (ssl, http/1.1)}{0.0.0.0:8443}
20250506/204236.291 - 34 Started oejs.Server@5be7985f{STARTING}[12.0.15,sto=0] @56603ms
In a normally running system, there will be a line at the end of the above with:
...
20250506/204236.289 - 34 Started ServerConnector@5f57a0d6{SSL, (ssl, http/1.1)}{0.0.0.0:8443}
20250506/204236.291 - 34 Started oejs.Server@5be7985f{STARTING}[12.0.15,sto=0] @56603ms
20250506/204251.265 - 39 U00045159 Thread 'MQWorker-1' has ID '52'.
Environment
Product: CA Automic Workload Automation - Automation Engine v21.x, 24.x
Cause
The root cause is that keyAlias= setting in the [TLS] section of the ucsrv.ini file used by the JCP does not match with the value in the keystore. These have to match exactly, including case . In the example below, the keyAlias contains one upper case letter whereas the keystore alias does not contain any.
In ucsrv.ini file:
keyAlias=jettY
Keystore contains:
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: jetty
Creation date: Apr 9, 2025
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
The keystore entries can be checked with a tool like the java keytool using a command like:
keytool -v -list -keystore [full path to the keystore file]\[keystore file name and extension]
Resolution
Please make sure that the value of the keyAlias matches the "Alias name" contained in the keystore.
Feedback
