ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience. Already connected


Article ID: 77733


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


I've started getting below error while running migrateIn command both in different Gateway clusters.

Below is GMU command that I'm running and response -
GatewayMigrationUtility-1.5.00-479>GatewayMigrationUtility.bat migrateIn --argFile --bundle XXXX.xml --test

Warning: TLS hostname verification has been disabled
Warning: TLS server certificate check has been disabled
Execution failed.
Reason: Unable to establish trust with the Gateway. To resolve, either:
? Establish server trust and try again (more info: search "establish server trust" in the Gateway do cumentation), OR
? Re-run command with the "--trustCertificate" parameter to bypass trust requirement.

And please note the excerpt from GMU log -
Apr 12, 2018 9:11:13 PM setClientConfig WARNING: TLS hostname verification has been disabled
Apr 12, 2018 9:11:13 PM setClientConfig WARNING: TLS server certificate check has been disabled
Apr 12, 2018 9:11:13 PM runCommand INFO: Running Command: migrateIn
Apr 12, 2018 9:11:16 PM runCommand
WARNING: Error executing command Already connected
at org.glassfish.jersey.client.ClientRuntime.invoke(
at org.glassfish.jersey.client.JerseyInvocation$
at org.glassfish.jersey.client.JerseyInvocation$
at org.glassfish.jersey.internal.Errors.process(
at org.glassfish.jersey.internal.Errors.process(
at org.glassfish.jersey.internal.Errors.process(
at org.glassfish.jersey.process.internal.RequestScope.runInScope(
at org.glassfish.jersey.client.JerseyInvocation.invoke(
at$IP10Bundle.putXml(Unknown Source)
at Source)
at Source)
at Source)
at Source)
at Source)
at Source)
Caused by: java.lang.IllegalStateException: Already connected
at Source)
at Source)
at org.glassfish.jersey.client.HttpUrlConnector.setOutboundHeaders(
at org.glassfish.jersey.client.HttpUrlConnector.access$100(
at org.glassfish.jersey.client.HttpUrlConnector$3.getOutputStream(
at org.glassfish.jersey.message.internal.CommittingOutputStream.commitStream(
at org.glassfish.jersey.message.internal.CommittingOutputStream.commitStream(
at org.glassfish.jersey.message.internal.CommittingOutputStream.commit(
at org.glassfish.jersey.message.internal.OutboundMessageContext.commitStream(
at org.glassfish.jersey.client.ClientRequest.writeEntity(
at org.glassfish.jersey.client.HttpUrlConnector._apply(
at org.glassfish.jersey.client.HttpUrlConnector.apply(
at org.glassfish.jersey.client.ClientRuntime.invoke(
... 14 more Thanks


The " Already connected" error is one that we has been reported by customers a number of times before with the GMU, even when using the "trustCertificate" and "trustHostname" parameters. Here are some specific examples of other issues that have been seen to cause that error to appear:

- DNS issue for resolving target gateway(resolved by adding entry to local hosts file of the machine running the GMU)
- Firewall issue between GMU and gateway
- gateway port 8443 restricted to traffic from a specific IP
- Incorrect certificate was associated with the port in question GMU was connecting to. The "trustCertificate" option removes the need for the machine that the GMU is being run on to have the server certificate trusted in it's local store. However, the certificate presented by the gateway must still be accurate for that gateway(for example, if the cert is for '', but the hostname of the gateway is '', that could cause an issue)


Component: APIGTW


Used hostname instead of IP address in GMU properties file to resolve the issue