AAI Connection Failure to Oracle OCI via TCPS
search cancel

AAI Connection Failure to Oracle OCI via TCPS

book

Article ID: 428099

calendar_today

Updated On:

Products

Automation Analytics & Intelligence

Issue/Introduction

AAI (formerly Terma) is unable to establish a connection to an Oracle OCI database using the TCPS (Secure TCP) protocol. Despite a correctly formatted connection string, the connection fails during validation.

Error message in the jaws.log:

INFO [SchedulerService] Testing Primary Connection with host: null and Port: null

INFO [AutosysDbSessionHandler] Testing autosys connection with 'ujo_' table prefix

INFO [AutosysDbSessionHandler] Testing connection with default syntax for scheduler "schedulername (null)" (primary)

INFO [AutosysDbSessionHandler]  Connection failed with default syntax for escheduler "schedulername (null)" (primary)

Environment

Product: Automation Analytics & Intelligence version 24.x

Cause

The issue typically stems from two areas:

  1. Missing Trust Chain: The AAI JVM does not trust the OCI database's certificates because the organization-issued Root and Intermediate CA certificates are missing from the Java truststore.

  2. Schema Access Permissions: Even after SSL/TLS is established, AAI may fail to validate the connection if the Database ID lacks access to specific AutoSys database table SYNONYMs (e.g., ujo_alamode).

Resolution

Step 1: Configure the Custom Truststore

To allow AAI to trust the OCI database, you must point the application to a keystore containing your organization's CA certificates.

  1. Import Certificates: Add your Root and Intermediate CA certificates to a custom keystore file.

    • Example Path: [InstallPath]/jboss/standalone/configuration/[TruststoreName]

  2. Update JVM Options: Edit the jaws.sh.vmoptions file to include the following parameters so the application uses the correct truststore:

Bash
 
-Djavax.net.ssl.trustStore=[InstallPath]/jboss/standalone/configuration/[TruststoreName] -Djavax.net.ssl.trustStorePassword=<Password>

Step 2: Validate the Connection String

Ensure the JDBC connection string explicitly defines the protocol as TCPS and includes the SSL_SERVER_CERT_DN for identity verification.

Example String:

jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=hostname)(PORT=PORTNUMBER))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=SERVICENAME))(SECURITY=(SSL_SERVER_CERT_DN="CN=CNNAME,O=ORAGANIZATIONNAME,L=NAME,ST=STATE,C=COUNTRY")))

Powered by Wolken Software