Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.
Regular Contributor.. Mart_9 Regular Contributor..
Regular Contributor..
270 views

Standalone uCMDB Browser unable to connect to HA uCMDB server behind loadbalancer

Jump to solution

Hello.

I having issue connecting standalone ucmdb browser 4.14 on Tomcat over HTTPS to uCMDB server. Two node HA uCMDB 10.3x servers located behind loadbalancer. I imported CA certificate chain from LB to JAVA JRE truststore, but  connection fails. LB is BigIP F5 v13

2017-10-25 10:57:31,256  ERROR  [pool-3-thread-1] UcmdbConnectionImpl - Could not connect to UCMDB server for connection: server: ucmd******, customer: N/A
com.hp.ucmdb.api.CommunicationException: Connection to uCMDB server was not successful.

Caused by: com.hp.ucmdb.api.CommunicationException: java.net.SocketException: Connection reset

Caused by: java.net.SocketException: Connection reset

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)


If I bypass loadbalancer and specify connection directly to ucmdb server then all working.

I imported same certificates to UD Probe truststore and connection trough LB working without issues

Also found java code for testing HTTPS connection (http://hc.apache.org/httpclient-3.x/sslguide.html at Troubleshooting in bottom)

If certificates imported to "cafile", then HTTPS connection to ucmdb behind LB succeeds:
/app/jdk1.8.0_151/jre/bin/java Test
HTTP/1.1 200 OK
Date: Thu, 26 Oct 2017 11:09:53 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
Content-Length: 0
Set-Cookie: BIGipServer~DR~ucmd******_8443_pool=rd100o00000000000000000000********************; path=/; Httponly; Secure

And without certs it looks like this:

/app/jdk1.8.0_151/jre/bin/java Test
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

What else I should check?

0 Likes
1 Solution

Accepted Solutions
Highlighted
dong-xu1 Super Contributor.
Super Contributor.

Re: Standalone uCMDB Browser unable to connect to HA uCMDB s

Jump to solution

HI

According to your description:

With the same certificate, probe work without issue, but browser failed to work. In this case, suggest you need to take a look the JRE which you import the certificate is your system JRE, or the JRE used by your tomcat.

 

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.Please hit the Kudo botton, if you find this post useful.

 

0 Likes
2 Replies
Outstanding Contributor.. Melissa_C_UCMDB Outstanding Contributor..
Outstanding Contributor..

Re: Standalone uCMDB Browser unable to connect to HA uCMDB server behind loadbalancer

Jump to solution

Hi ,

We suggest to create a support ticket to receive a deep investigation.

 

Best regards,

Melissa Carranza Mejias
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the STAR at the bottom left of the post and show your appreciation. “
0 Likes
Highlighted
dong-xu1 Super Contributor.
Super Contributor.

Re: Standalone uCMDB Browser unable to connect to HA uCMDB s

Jump to solution

HI

According to your description:

With the same certificate, probe work without issue, but browser failed to work. In this case, suggest you need to take a look the JRE which you import the certificate is your system JRE, or the JRE used by your tomcat.

 

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.Please hit the Kudo botton, if you find this post useful.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.