Management Server Unavailable After SSL Setup

book

Article ID: 40288

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

Problem: 

After stopping and starting the management server it is no longer accessible. Loading the default page (https://<server>:8443) and clicking the "Launch" button does not load the username/password login page as expected.

If clicking the launch button does return an error then it is likely different from the problem that this article describes and you can review TEC1046022 to see if that helps. 

 

Environment:  

CA Release Automation version 5.5.2

1 Management Server

1 Execution Server

 

Cause: 

The problem described above was seen after an attempt to configure an execution server, already added to the management server communicating using 8080/http, to use non-standard ssl certificates. This involved updating the necessary configuration files on the execution server, recycling the execution server and changing the properties for the execution server in the Automation Studio -> Agent Management view to use 8443/https. 

 

Resolution:

  1. Identify the misconfigured item SSL configuration setting on the execution server.
  2. Remedy the configuration.
  3. Recycle both the execution server in question and management server.

In this case, the server.xml was configured to use a keyAlias that could not be found in the keystore file referred to by server.xml keystoreFile configuration setting. The wrong keystore file name was used. So the keystore file name specified in the conf/server.xml and also in the webapps/execution/WEB-INF/jms.properties file. 

 

Additional Information:

Tips for identifying the misconfigured execution server

  1. SSL configuration problems can often show themselves in the catalina.out log file on the server that is configured incorrectly. For example, the offending execution server had the following message in its logs/catalina.out file:
    SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio-8443"]
    java.io.IOException: Alias name releaseautomation does not identify a key entry
  2. You can use the following keytool command to get a brief summary of the aliases available in a given keystore:
    keytool -list -keystore <keystoreFilename>.jks

  3. The logs/nolio_dm_all.log file on the management server did not have the expected "I am active" message generated when it is done with its initialization phase.

  4. The logs/nolio_dm_all.log file on the management server did have these messages that helped identify:
    • A problem was being experienced.

      When clicking the Launch button it generates the message which is typically only seen in an environment where there are 2 management servers available to offer high availability: 
      [http-nio-8443-exec-8] INFO  (com.nolio.platform.server.dataservices.services.ha.MasterNacService:137) - forced this NAC to be master successfully.
    • The offending execution server. The first four messages are normal (with the exception of the errorMessage in the first message) but the fifth message was missing which is expected when it has successfully connected/processed the execution server in question. 

      Message 1:
      [ActiveApplicationContextManager-1] INFO  (com.nolio.platform.server.integration.jms.components.nac.NesConnectionEnsurerServiceImpl:70) - Getting additional info from NES: [ExecutionServerDataObject{id=4404000, hostname='<executionServerHostname>', scheme='HTTPS', port=8443, brokerPort=61616, jxtaName='es_<executionServerHostname>', reachable=false, categoryId=4403000, errorMessage='Failed to locate the host specified [stegr04-ond1188.ca.com]', os='Linux', version='5.5.2.191', nimiPort=6600, keepAliveTimestamp=1459375455815, brokerConnectionName='null', standAlone=true}]...

      Message 2:
      [ActiveApplicationContextManager-1] INFO  (com.nolio.platform.server.dataservices.services.execmng.integration.LegacyExecutionServerServicesFactory:58) - new ExecutionServerServices for server [<executionServerHostname>]

      Message 3:
      [ActiveApplicationContextManager-1] DEBUG (com.nolio.platform.connection.NolioPoolingClientConnectionManager:182) - Connection request: [route: {s}->https://<executionServerHostname>:8443][total kept alive: 0; route allocated: 0 of 10; total allocated: 0 of 10]

      Message 4:
      [ActiveApplicationContextManager-1] DEBUG (com.nolio.platform.connection.NolioPoolingClientConnectionManager:214) - Connection leased: [id: 1][route: {s}->https://<executionServerHostname>:8443][total kept alive: 0; route allocated: 1 of 10; total allocated: 1 of 10]

      Message 5:
      [ActiveApplicationContextManager-1] DEBUG (com.nolio.platform.connection.NolioPoolingClientConnectionManager:269) - Connection released: [id: 1][route: {s}->https://<executionServerHostname>:8443][total kept alive: 1; route allocated: 1 of 10; total allocated: 1 of 10]

 

 

 

 

 

Environment

Release:
Component: RACORE