Highlighted
Valued Contributor.
Valued Contributor.
531 views

SSL Webtier Configuration Issue

Hi Everyone,

I am trying to enable SSL which is successful between SM Server and Windows Client but when try to enable it for Web Tier, I have an strange error in log when try to login...

2900(  4260) 12/15/2015 09:43:09  RTE E GetPreference DOS attack detected! Session will be terminated.

I have followed below source from HP to generate the certificates:

https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM1112808?lang=en&cc=us&hpappid=202392_OSP_PRO_HPE

I have refered to attached docuement for configuration of the same.

 

Help is appreciated please.

0 Likes
15 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: SSL Webtier Configuration Issue

Hi,

Please provide the full trace and the version information (SM server/Windows Client/Webtier).

Thanks

Desmond

0 Likes
Highlighted
Valued Contributor.
Valued Contributor.

Re: SSL Webtier Configuration Issue

Thank you for your response.  The version information is as below:

Service Manager 9.41.1005 p1 Server

Service Manager 9.41.1005 p1 WebTier

Service Manager 9.41.1005 p1 Client

The traces are attached please.

 

0 Likes
Highlighted
Valued Contributor.
Valued Contributor.

Re: SSL Webtier Configuration Issue

Dear, any success after seeing documents, as I have to update the customer within next 30 minutes or so...

http Log is also attached please.

Thank you....

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: SSL Webtier Configuration Issue

QCCR1E126787--SM941 session terminated due to "GetPreference DOS attack detected". It is a security defect, maybe forum is not a good place to discuss, suggest to open a support case to HP support to get further information.

 

Thanks

Desmond

0 Likes
Highlighted
Valued Contributor.
Valued Contributor.

Re: SSL Webtier Configuration Issue

Just to highlight that I have setupped this all in a vm... Do you think it might be the issue as well...

So that before opening a support case I should give it a try on physical machine?

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: SSL Webtier Configuration Issue

The VM environment might have something related on the issue. It is worthy to try on physical machine.

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: SSL Webtier Configuration Issue

In the Service Manager sm.ini add the following parameter:  debughttp:1
Clear the sm.log
Stop and restart Service Manager Server application

Stop the application server deploying the webtier
If this is Tomcat search for and find the sm.log' - because the webtier has its own
Remove it
Clear all of the Tomcat logs in the <tomcat>\logs directory
Start Tomcat
Attempt to login to the webtier and reproduce the problem

When the problem occurs tell me what you see on the screen
Upload the Tomcat logs
Upload the Webtier sm.log
Upload the Service Manager Server sm.log
Upload the Webtier web.xml
Upload the Service Manager sm.ini

0 Likes
Highlighted
Valued Contributor.
Valued Contributor.

Re: SSL Webtier Configuration Issue

Hi Brett,

Thank you for your response, apologies for the delay, but I missed to check the forum last night.

Here I am attaching logs and configuration files with screenshot of error.

Hope for the resolution please.

Thanks & regards,

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: SSL Webtier Configuration Issue

While I cannot explain the original error you're experiencing I can tell you that - specific to SSL - your web.xml is configured incorrectly. On line 718 you will notice <param-name>keystorePassword</param-name>. Beginning with Service Manager 9.34P2 (which includes all of the 9.4x versions) the Webtier keystore password resides within the webtier.properties file. Please make this correction, stop and restart the application server and test logging in with SSL. Please keep the same tracing steps.

Information on how to configure the webtier.properties file with the client keystore password can be found in the Service Manager Online Help Server. Search for webtier.properties and you will find the needed instructions.

If, after making this change and testing, the problem continues send in the same logs I mentioned earlier but also include the Service Manager Server sm..cfg and AND the updated web.xml from the webtier.

 

 

Highlighted
Trusted Contributor.
Trusted Contributor.

Re: SSL Webtier Configuration Issue

Hi,

I have the same error when SSL is enabled between SM Server and SM Webtier (SM 9.41 version) The same SSL configuration works correctly on 9.34.

I submitted a request to HP Support, but they are useless as always. I did some research and there is a document in HP Knowledge Library which states that:

TECHNICAL PROBLEM DESCRIPTION: 

In the case of network latency(Server is in India Lab and Client is in Shanghai Office), when login SM, SM941 session terminated due to "GetPreference DOS attack detected".


TECHNICAL SOLUTION DESCRIPTION: 

Change the time that between sending out "getPreferenceResponse" and recieving "startRequest" from 5s to 10s.

 

But in my opinion, it cannot be the case, because I did all the tests on the same server - so there is no network latency.

I have also debugged, that the error message comes from SCUserProcessInfo::isExceedGetPreferenceTime function placed in sm.dll.

For me, the same configuration works correctly on SM 9.34, but fails on 9.41. I guess, that after enabling SSL due to a lot more requests generated (ssl handshaking) SM thinks that is attacked.

Is anybody have any solution or more info about this? I disabled SSL between SM Server and SM Webtier and I am using SSL only on our front end apache http server, but still it's only the workaround.

Kind regards,

Marcin

 

 

 

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: SSL Webtier Configuration Issue

Please can you provide us with the case reference and did you complete the steps mentioned by Brett Christlieb above? If yes please can you attach the same logs he mentioned earlier and the Service Manager Server sm..cfg AND the updated web.xml from the webtier.

Thanks.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.