SOAP Error 9505 - webaccess trying to use SSL when disabled

OK, this is wierd, very similar to this thread: https://forums.novell.com/showthread.php/505500-unable-to-login-soap-error-9505?highlight=negotiateLoginRequest

But we're not using SSL at all anywhere in Groupwise other than fronting the web frontend to Webaccess and Mobility, it's disabled on every page.

Everything installed on a single fully patched SLES11SP4, OES2015SP1 server

All groupwise components @ 14.2.3-129832

Everything was working fine until 10:54 this morning, no changes have been made, configuration files have not changed. Then we start getting the below errors on various logins, after a restart the first login sometime works and doesn't try to use https, but subsequent logins do.

12:56:44, <SOAP>, -, INFO, USER, Login
12:56:44, <SOAP>, -, INFO, USER, poaList: poa 0=https://IP:7191/soap
12:56:44, <SOAP>, -, INFO, USER, Exception invoking negotiateLoginRequest: HTTP transport error: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
12:56:44, <SOAP>, -, INFO, USER, Unable to connect to the POA @ https://IP:7191/soap
12:56:44, <SOAP>, -, INFO, USER, Unrecognized SSL message, plaintext connection?


Where on earth is it picking up that it needs to use https from? I can't find anything in any configuration file saying to use it. The only mention of SSL in webacc.cfg is about KeyShieldSSO.

If I try and wget the soap address over https it responds with exactly what I expect:

--2019-03-01 13:34:50--  https://IP:7191/soap
Connecting to IP:7191... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.


So why has it suddenly decided to start trying to use https?

I've checked the server certs as per the other post, and they're all fine and valid (self signed and we don't use them anyway).

Completely stumped as to why it would suddenly start trying to use ssl, have no idea how it detects to use it or not.

Mark.
  • Hi Mark,

    Edit your webacc.cfg file and add the following for each of your SOAP providers (POAs)

    Provider.SOAP.1.SSL=false

    Save and restart WebAccess.

    Cheers,
  • Hi Laura,

    You're a genius. Added that option and restarting webaccess seems to have done the trick. I have absolutely no idea why it started trying to do it randomly, but at least it observes to instruction to knock it off!

    Thanks,
    Mark
  • Hi Mark,

    It's a pleasure to assist you :)

    Cheers,
  • Spoke too soon :-(

    Same thing happened again yesterday, even with the new setting in place. I'm suspecting some kind of hideous webaccess/java memory leak. As we have had quite a few people switch across to using webaccess recently as their primary client and leave it sitting there polling all day. May have to move it to a separate server that I can easily restart when required.

    Mark.
  • Definitely looks like Java is consuming all the RAM, server has 20GB and runs single POA and all services for just over 30 users:

    ps -e -o pid,vsz,comm= | sort -n -k 2

    3240 282468 gwavaman
    5818 408460 gwia
    5773 423580 gwmta
    3276 435032 gwava
    3357 491824 gwvstats
    5698 740772 gwpoa
    4192 855848 ndsd
    32130 1279256 java
    5626 7138828 java


    First column is the PID, 2nd is the virtual memory size.

    PID 32130 is IBM jre 1.7.1 running all of this:
    /usr/lib64/jvm/jre-1.7.1-ibm/bin/java -Djava.library.path=/opt/novell/eDirectory/lib64:/var/opt/novell/tomcat6/lib:/usr/lib64 -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -classpath /usr/share/java/log4j.jar:/var/opt/novell/iManager/nps/packages/wbem.jar:/opt/novell/eDirectory/lib/jclient.jar:/usr/share/java/ldap.jar:/usr/share/java/ant.jar:/usr/share/java/activation.jar:/var/opt/novell/tomcat6/bin/bootstrap.jar:/var/opt/novell/tomcat6/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/opt/novell/tomcat6 -Dcatalina.home=/var/opt/novell/tomcat6 -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/opt/novell/tomcat6/temp -Djava.util.logging.config.file=/var/opt/novell/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start

    and PID 5626 is GroupWise's admin console! Why, oh why, write the god**** thing in java! 7GB RAM for a god**** admin console!
    /opt/novell/groupwise/admin/jre/bin/java -Dpidfile=/var/run/novell/groupwise/java.pid -Dlog4j.configuration=file:////opt/novell/groupwise/admin/gwadmin-logging.xml -DLOGPATH=/var/log/novell/groupwise/gwadmin -jar /opt/novell/groupwise/admin/gwadmin.jar -auto

    The server was restarted on the 1st, and webaccess was restarted an hour or so ago, and is slowly growing again.

    Mark.
  • Have you tried change the line SOAP.Polling.Enabled=true to SOAP.Polling.Enabled=false in the webacc.cfg? Give that a go and restart tomcat.

     

  • I had SR opened for exact same problem and ended with changing SOAP to SSL on every customer sites, after that no problems with WebAccess .

  • I have a server where this happens now. I tried adding Provider.SOAP.1.SSL=false to webacc.cfg and restarting Apache and tomcat but it does not seem to help. The server certs were not expired, but I ran a repair, just for good measure. This is GW 2018 running on OES2018

     

    pamir:~ # rcapache2 stop
    pamir:~ # systemctl restart novell-tomcat.service
    pamir:~ # rcapache2 start

  • Arrrrrrggghhhhh.. You need to restart the correct tomcat, so:
    rcapache2 stop
    systemctl restart grpwise-tomcat
    rcapache2 start
  • Fine that you solved it by yourself        !