Troubleshooting Connectivity Issues

Edit online

An SSL connection only succeeds when the client trusts the server. When we establish a connection over HTTPS, the web server responds by providing its site and intermediate certificates. It is then up to the client to complete the chain by having the root certificate. This chain validation is necessary for the client to trust the site. When the CertPathBuilderException, CertificateException, and SSLHandshakeException exceptions occur, you can try the following:

  • Set up a certificate and configure a proxy that IBM webMethods Update Manager uses to connect to your network.
  • Configure a trust store or certificate chain for Update Manager to use when it establishes TLS/SSL communication.

Update Manager uses a dedicated JAVA_OPTIONS_SUM_V11 environment variable instead of using the JAVA_OPTIONS environment variable. This allows you to set the JAVA_OPTIONS_SUM_V11 environment variable globally and not interfere with other products/services/processes that use JAVA_OPTIONS.

Setting the JAVA_OPTIONS_SUM_V11 environment variable globally has no side effects and allows you to shadow or mask truststores, for example:

  • For *nix systems: 
    export JAVA_OPTIONS_SUM_V11="-Djavax.net.ssl.trustStore=<path_to_the_custom_proxy_truststore>"
  • For Windows systems:
    set JAVA_OPTIONS_SUM_V11="-Djavax.net.ssl.trustStore=<path_to_the_custom_proxy_truststore>"
Important: The keystore is only read when the JVM is initialized. Restart the source application service after importing new certificates.

Checking the Launcher Version

Edit online

To check the Update Manager launcher version, open the <YOUR_SUM_HOME>\bin\config.properties file. The file lists important information about Update Manager and looks similar to the following example:

#Thu Feb 27 11:14:48 EET 2020
osgi=equinox-W64_10.0.0.0000-0036
version=11.0.0.0000-0152
SUM_HOME=C\:\\SAGUpdateManager_V11
java=java-W64_10.1.0.0000-0014
sum=core_11.0.0.0000-0117
launcher=launcher_11.0.0.0000-0199

Using Command Central to Call Update Manager

Edit online

When Update Manager is used with Command Central, you can set the com.softwareag.plm.sum.cc.java.truststore=<location_to_trustore> system property in Platform Manager and restart it. Using this property allows you to change the default java trust store used by Update Manager. It is recommended to point this location to the installation java directory where the certificates are already imported. For example:

com.softwareag.plm.sum.cc.java.truststore=<CCE_installDir>/jvm/jvm/jre/lib/security/cacerts, where <CCE_installDir> is the full path to the installation directory.

When you call Update Manager from Command Central, this truststore location will be used by Update Manager to establish SSL connections.

Connection Issues when Using NTLM Proxy Server on a *nix Machine

Edit online

When using Update Manager on a *nix machine, you may encounter connectivity issues with reaching SDC or any other internal server if you have an NTLM proxy setup in your environment. This is related to some specific behavior of the NTLM proxy on *nix machines. To resolve this problem, you have to set the following two variables in the same session that you are running Update Manager:

export http_proxy=http://<USERNAME>:<PASSWORD>@<SERVER>:<PORT>/
export https_proxy=https://<USERNAME>:<PASSWORD>@<SERVER>:<PORT>/

This results in the OS being explicitly notified for using an NTLM proxy and should resolve the connectivity problem.

Issues when Starting Update Manager on AIX Systems

Edit online

When starting Update Manager in the command line on AIX systems, updating the launcher components might fail as follows:

$ ./UpdateManagerCMD.sh
Updating Launcher Components...
failed to open </softwareag/<user>/SUM_v11/tmp/jvm/jre/lib/default/libjvm.so> 
- reason: < 0509-022 Cannot load module /softwareag/dobri/SUM_v11_old_03/tmp/jvm/jre/lib/default/libjvm.so.
0509-150 Dependent module libc++.a(shr_64.o) could not be loaded.
0509-022 Cannot load module libc++.a(shr_64.o).
0509-026 System error: A file or directory in the path name does not exist.
0509-022 Cannot load module /softwareag/<user>/SUM_v11/tmp/jvm/jre/lib/default/libjvm.so.
0509-150 Dependent module /softwareag/<user>/SUM_v11/tmp/jvm/jre/lib/default/libjvm.so could not be loaded.>
Failed to find VM - aborting

After this error is displayed, attempting to start Update Manager again explains the problem and the steps to follow.

This issue occurrs because 'Rational, XL C++ Runtime' is not installed on the system. For information on installing 'Rational, XL C++ Runtime', see Requirements.

Allowing Connection to Specific URLs

Edit online

To avoid connectivity issues with Update Manager, make sure you add *.webmethods.io or the following URLs to your allow list:

  • cdn.sdc.webmethods.io

  • sdc.webmethods.io