robbiecookie101 Absent Member.
Absent Member.
2272 views

ap2webup terminates - failed to get a socket for port 443

Hi there

I'm having a problem connecting to the web interface of 1 of my servers.

The server had it's IP address changed along with all the other servers in the tree and i'm unable to connect to the server by typing its name/IP into internet explorer and I can no longer use IManager - All other processes seem normal.

Initally I noticed that the SSL Certficates were missing from C1 so I tried to recreate these using PKIDIAG. I soon realised that the CA was missing (presume due to ip changes) but I wasn't sure what the CA was so I created a new one and made ZIGG2 the host server. After doing this I was able to recreate the certifcates using PKIDIAG.

I've run PKIDIAG on all servers in the tree and no errors are reported.

I then ran TCKEYGEN on ZIGG2 and rerun TOMCAT before trying to load AP2WEBUP

Every time I run AP2WEBUP I received the message - "<NLM has terminated; press any key to close screen.>"

After reviewing \\zigg2\sys\apache2\logs.. I get the error - "[Thu Mar 29 13:52:21 2012] [crit] (10043)Unknown error: make_secure_socket: failed to get a socket for port 443
Configuration Failed"

I also get the error - "[Thu Mar 29 12:15:20 2012] [crit] (10043)Unknown error: make_secure_socket: failed to get a socket for address 20.1.2.2 port 2200
Configuration Failed" within \\zigg2\sys\apache2\logs\error.log

I've checked TCPCON and ports 80 443 2200 2201 are all free.

I have also checked and by remming SecureListen 443 "SSL CertificateDNS" within \\zigg2\sys\apache2\conf\httpd.conf I am able to view the servers homepage but unable to connect to Imanager.

If I add listen 443 to the above config then I can view the site using port 443 but not SSL so that proves the port is free.

I've gone through \\zigg2\sys\apache2\conf\httpd.conf and i've noticed that the old IP address is mentioned several times so I've updated this but this has made no difference.
I've also gone through \\zigg2\sys\adminsrv\conf\adminserv.conf and done the same thing but to no avail.

SDIDIAG also comes back OK

I'm 100% sure the problem is certificate related but I'm not sure what the fix is.

i've followed Cool Solutions: Troubleshooting Certificate Server Problems and can confirm that I cannot connect to http://zigg2:8008

Any advice on what I can do to resolve this would be much appreciated

P.S all other servers in the TREE are OK and they have all had IP address changed as well.

Thanks

Robbie
Labels (2)
0 Likes
7 Replies
Knowledge Partner
Knowledge Partner

Re: ap2webup terminates - failed to get a socket for port 443

Robbiecookie101,
> After reviewing \\zigg2\sys\apache2\logs.. I get the error - "[Thu Mar
> 29 13:52:21 2012] [crit] (10043)Unknown error: make_secure_socket:
> failed to get a socket for port 443
> Configuration Failed"


Something has grabbed port 443, one likely culprit is httpstk. Try
unloading it and retry.

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

0 Likes
robbiecookie101 Absent Member.
Absent Member.

Re: ap2webup terminates - failed to get a socket for port 44

Hi Anders

I've tried that (I had to unload ipmcfg, nfap4nrm & nirman first) and then unloaded httpstk (both portal and httpstk unloaded) and reran ap2webup. Again the NLM terminated with the same error ([Fri Mar 30 09:17:59 2012] [crit] (10043)Unknown error: make_secure_socket: failed to get a socket for port 443
Configuration Failed)

On the server console I noticed after running ap2webup with HTTPSTK unloaded I have the following messages
'SERVER-5.70-151: Unable to find load file HTTPCLOSEPORT'
??? Unknown command ???
Loading Module APACHE2.NLM
Auto-Loading Module APRLIB.NLM

Do you know why I'm getting the HTTPCLOSEPORT and unknown command errors?

I also notice

'HTTPSTK: Error 10038 enabling SSL services - SSL Disabled in the logger screen' - any ideas what's causing this?
0 Likes
Knowledge Partner
Knowledge Partner

Re: ap2webup terminates - failed to get a socket for port 443

Robbiecookie101,
> 'SERVER-5.70-151: Unable to find load file HTTPCLOSEPORT'
> ??? Unknown command ???
> Loading Module APACHE2.NLM
> Auto-Loading Module APRLIB.NLM


There is something wrong in your autoexec. Please post the relevant
parts.

Also try renaming SSL CertificateDNS and SSL CertificateIP and rerunn
PKIDIAG in fixing mode to recreate them.

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

0 Likes
Knowledge Partner
Knowledge Partner

Re: ap2webup terminates - failed to get a socket for port 443

OK. Am I blind, since I cannot find any references to httpcloseport? 😉
Nor httpstk?

I have a vague memory that I have run into something similar before,
but it was a long time since. IIRC had it something to do with
mismatched NICI modules. But

Try:
SecureListen 192.168.0.1:443 "SSL CertificateIP"

Where you substitute your servers address. Does it change things?

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

0 Likes
robbiecookie101 Absent Member.
Absent Member.

Re: ap2webup terminates - failed to get a socket for port 44

Hi Anders

It's working!

I found another thread that mentions adding

'load nile.nlm'
'load httpstk.nlm /SSL /KEYFILE:"SSL CertficateIP"
'load portal'

into the autoexec underneath where it loads IPMINIT.NCF

There must be a problem with loading some of these nlm's in the wrong order.

Thanks very much for your help and for anybody else who has a similar problem here is my complete autoexec after everything works

thanks

Robbie





SET Daylight Savings Time Offset = 1:00:00
SET Start Of Daylight Savings Time = (MARCH SUNDAY LAST 2:00:00 AM)
SET End Of Daylight Savings Time = (OCTOBER SUNDAY LAST 2:00:00 AM)
SET Time Zone = GMT0BST
SET BINDERY CONTEXT=O=NDF_SA;OU=SYSTEMS.OU=INTERNAL.O=NDF_SA;OU=TESTING.OU=INTERNAL.O=NDF_SA

# Note: The Time zone information mentioned above
# should always precede the SERVER name.
SEARCH ADD SYS:\JAVA\BIN
SEARCH ADD SYS:\JAVA\NWGFX\BIN
SEARCH ADD SYS:\JAVA\NJCLV2\BIN
SEARCH ADD SYS:\NI\UPDATE\BIN
# WARNING!!
FILE SERVER NAME ZIGG2
# WARNING!!
# If you change the name of this server, you must update
# the server name in all the licenses that are assigned
# to it using iManager.
######## Start Drivers/Protocols ########
SERVERID 70387B2
load conlog MAXIMUM=100
; Network driver LOADs and BINDs are initiated via
; INITSYS.NCF. The actual LOAD and BIND commands
; are contained in INITSYS.NCF and NETINFO.CFG.
; These files are in SYS:ETC.
sys:etc\initsys.ncf
#LOAD IPXRTR
#LOAD E1000E.LAN SLOT=2 FRAME=ETHERNET_802.2 NAME=E1000E_1_E82
#BIND IPX E1000E_1_E82 NET=71466C67
#LOAD IPXRTRNM
#LOAD TCPIP
#LOAD E1000E.LAN SLOT=2 FRAME=ETHERNET_II NAME=E1000E_1_EII
#BIND IP E1000E_1_EII addr=20.1.2.15 mask=255.255.0.0
######## End Drivers/Protocols ########
MOUNT ALL
IPMINIT.NCF
load nile.nlm
load httpstk.nlm /ssl /keyfile:"SSL CertificateIP"
load portal

SYS:\SYSTEM\NMA\NMA5.NCF
BSTART.NCF
#LOAD PORTAL.NLM
LOAD NDSIMON.NLM
LOAD NICISDI.XLM
LOAD SASDFM.XLM
# -- Added by AFP Install --
AFPSTRT.NCF
# -- End of AFP Install --
# -- Added by CIFS Install --
CIFSSTRT.NCF
# -- End of CIFS Install --
SYS:/BIN/UNIXENV.NCF
LOAD PKI.NLM
LOAD NLDAP.NLM
# Loading Posix Semantic Agent
PSA
# -- Added by Scripting Install --
SCRIPT.NCF
SEARCH ADD SYS:\APACHE2
AP2WEBUP
#Apache2 is now the admin server
ADMSRVUP
# tc4admin begin
SEARCH ADD SYS:/tomcat/4/bin
tcadmup.ncf
# tc4admin end
# tomcat4 begin
sys:/tomcat/4/bin/tomcat4.ncf
# tomcat4 end
# tomcat5 begin
SEARCH ADD SYS:/tomcat/5.0/bin
sys:/tomcat/5.0/bin/tomcat5.ncf
# tomcat5 end
# Storage Management Services components required for Backup
SMSSTART.NCF
#---Added By Native File Access For Unix---
nfsstart
#---Added By Native File Access For Unix END---
LOAD EMBOX.NLM
openwbem.ncf
#RCONAG6.NLM is required by RConsoleJ
#LOAD SPXS
#LOAD RCONAG6 <Your Password Here> 2034 16800 2036
?STARTX
0 Likes
Knowledge Partner
Knowledge Partner

Re: ap2webup terminates - failed to get a socket for port 443

Robbiecookie101,
> There must be a problem with loading some of these nlm's in the wrong
> order.


Working from memory, I guess the likely culprit is NILE.NLM. It must be
loaded for SSL to work.

The problem here is that Apache will spit out the same error for a
number of conditions, ie:

- Address already taken
- Certs expired
- Missing SSL NLMs
- NILE not loaded

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

0 Likes
Knowledge Partner
Knowledge Partner

Re: ap2webup terminates - failed to get a socket for port 443

On 30/03/2012 09:46, robbiecookie101 wrote:

> On the server console I noticed after running ap2webup with HTTPSTK
> unloaded I have the following messages
> 'SERVER-5.70-151: Unable to find load file HTTPCLOSEPORT'
> ??? Unknown command ???
> Loading Module APACHE2.NLM
> Auto-Loading Module APRLIB.NLM
>
> Do you know why I'm getting the HTTPCLOSEPORT and unknown command
> errors?


The HTTPCLOSEPORT command is provided by HTTPSTK.NLM and since you don't
have that loaded the command isn't valid.

HTH.
--
Simon
Novell/SUSE/NetIQ Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.