mjendrisek Absent Member.
Absent Member.
622 views

AR 1.5 issue with collecting identities


I am having a following issue:

AR configured with https rather than http. When I try to run a
collection on my identity source I get the following error in the AR
UI:

-----------------------------------------------------------------------------------------------------------------------------------------
com.netiq.iac.common.IacException:
com.sun.jersey.api.client.ClientHandlerException:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?

-----------------------------------------------------------------------------------------------------------------------------------------

When I look into the tomcat log I see the following error:

-----------------------------------------------------------------------------------------------------------------------------------------------
2016-03-16 17:32:29,179 [pool-DataCollection-1-thread-1] ERROR
com.netiq.iac.server.common.rest.RestCallExecutor- [AR] Failed to to
connect. URI: https://localhost:8180/daas/rest, rest service id:
dc_server:Daas. Please verify that rest server is reachable.
2016-03-16 17:32:29,180 [pool-DataCollection-1-thread-1] ERROR
com.netiq.iac.persistence.dcs.dce.thread.DataCollectionServiceThread-
[AR] Failed to to connect. URI: https://localhost:8180/daas/rest, rest
service id: dc_server:Daas. Please verify that rest server is
reachable.
com.netiq.common.i18n.LocalizedException: Failed to to connect. URI:
https://localhost:8180/daas/rest, rest service id: dc_server:Daas.
Please verify that rest server is reachable.
------------------------------------------------------------------------------------------------------------------------------------------------

So I see what the problem is. AR is trying to connect to daas on
https://localhost:8180 which is causing the error of course.

I looked through all the settings including running configutil.sh but I
can't find anything that would refer to the incorrect URL above.

Any ideas appreciated.

Regards,

MJ


--
mjendrisek
------------------------------------------------------------------------
mjendrisek's Profile: https://forums.netiq.com/member.php?userid=8294
View this thread: https://forums.netiq.com/showthread.php?t=55564

0 Likes
3 Replies
mjendrisek Absent Member.
Absent Member.

Re: AR 1.5 issue with collecting identities


I did more digging and it looks like the faulty URL is constructed from
various variables/sources.

The key to resolving the issue was in ism-configuration.properties, the
following property

com.netiq.iac.url.local.port

It was set to 8180, which was most likely set during the install since I
didnt change my AR to secure port until later. It seems that this value
was not changed after and it caused the problem during aggregation.


--
mjendrisek
------------------------------------------------------------------------
mjendrisek's Profile: https://forums.netiq.com/member.php?userid=8294
View this thread: https://forums.netiq.com/showthread.php?t=55564

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: AR 1.5 issue with collecting identities

On 3/16/16 7:32 PM, mjendrisek wrote:
>
> I did more digging and it looks like the faulty URL is constructed from
> various variables/sources.
>
> The key to resolving the issue was in ism-configuration.properties, the
> following property
>
> com.netiq.iac.url.local.port
>
> It was set to 8180, which was most likely set during the install since I
> didnt change my AR to secure port until later. It seems that this value
> was not changed after and it caused the problem during aggregation.
>
>

Greetings,
Yes, you can set this using the console version of configutil as well

1) Stop Tomcat

2) Log into the console mode of configutil


3) Update the com.netiq.iac.url.local.port as it is still set to 8080
(or 8180 depending upon what you set during the install)

3.a) Enter dc com.netiq.iac.url.local.port
To see the value

3.b) Set it to the secure port that you using. For Example: 8443

sp com.netiq.iac.url.local.port 8443

3.c) type exit

**At this point, I hope that you have installed the certificate that
Tomcat will run with into the cacerts file in the JRE that Tomcat is
using. Otherwise, you will have other errors

4) Delete all of the files and folders in tomcat/work/Catalina

5) Delete all of the files and folders in tomcat/temp

6) Delete all of the files in tomcat/logs

7) Start Tomcat

😎 Test



--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
mjendrisek Absent Member.
Absent Member.

Re: AR 1.5 issue with collecting identities


Thanks Steve. Yours was the more elegant way to fix the issue. Got it
working after modifying the property mentioned above.

Thanks,

MJ


--
mjendrisek
------------------------------------------------------------------------
mjendrisek's Profile: https://forums.netiq.com/member.php?userid=8294
View this thread: https://forums.netiq.com/showthread.php?t=55564

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.