IBM Support

IJ26949: WHEN WINCOLLECT 7.3.0 IS INSTALLED AND CONFIGURED FOR USE ON AN ENCRYPTED MANAGED HOST, AGENT/LOG SOURCE COMMUNICATION FAILS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When WinCollect is configured for use on an encrypted Managed
    Host in a QRadar environment, the installation of WinCollect
    version 7.3.0 introduces communication problems between QRadar
    and the WinCollect Agents.
    Adding new WinCollect Agent/Log Sources into QRadar fails due
    to the failure in communication preventing Agent registration.
    Messages similar to the following might be visible in
    /var/log/qradar.error when this issue occurs:
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    com.q1labs.frameworks.crypto.trustmanager.extended.Q1X509FullTru
    stManager: [ERROR] [NOT:0000003000][127.0.0.1/- -] [-/-
    -]Server Not Trusted No subject alternative names matching IP
    address 127.0.0.1 found
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    com.q1labs.sem.semsources.wincollectconfigserver.requestprocesso
    rs.ConnectionEstablishmentVersion2Processor: [ERROR]
    [NOT:0000003000][127.0.0.1/- -] [-/- -]Agent
    Agent-name(127.0.0.1) caught exception --
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    javax.net.ssl.SSLHandshakeException:
    java.security.cert.CertificateException:
    java.security.cert.CertificateException: No subject alternative
    names matching IP address 127.0.0.1 found
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.k.a(k.java:37)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.av.a(av.java:422)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.D.a(D.java:70)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.D.a(D.java:164)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.E.a(E.java:249)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.E.a(E.java:731)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.D.r(D.java:486)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.D.a(D.java:244)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.av.a(av.java:608)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.av.i(av.java:282)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.av.a(av.java:1009)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.av.startHandshake(av.java:778)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:239)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:60)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Http
    URLConnection.java:1582)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpU
    RLConnection.java:1510)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    java.net.HttpURLConnection.getResponseCode(HttpURLConnection.jav
    a:491)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:40)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    com.q1labs.sem.semsources.wincollectconfigserver.requestprocesso
    rs.ConnectionEstablishmentVersion2Processor.onReceiveConnectionE
    stablishmentRequest(ConnectionEstablishmentVersion2Processor.jav
    a:234)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    com.q1labs.sem.semsources.wincollectconfigserver.WinCollectConfi
    gHandler.run(WinCollectConfigHandler.java:153)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExec
    utor.java:1160)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExe
    cutor.java:635)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at java.lang.Thread.run(Thread.java:818)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    Caused by: java.security.cert.CertificateException:
    java.security.cert.CertificateException: No subject alternative
    names matching IP address 127.0.0.1 found
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    com.q1labs.frameworks.crypto.trustmanager.extended.Q1X509FullTru
    stManager.checkServerTrusted(Q1X509FullTrustManager.java:382)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.E.a(E.java:438)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    ... 18 more
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    Caused by: java.security.cert.CertificateException: No subject
    alternative names matching IP address 127.0.0.1 found
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.util.b.b(b.java:42)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.util.b.a(b.java:96)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.aD.a(aD.java:183)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.aD.a(aD.java:49)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.aD.a(aD.java:191)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.aD.checkServerTrusted(aD.java:34)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    com.q1labs.frameworks.crypto.trustmanager.extended.Q1X509FullTru
    stManager.checkServerTrusted(Q1X509FullTrustManager.java:377)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    ... 19 more
    

Local fix

  • Contact Support for a possible workaround that might address
    this issue in some instances.
    

Problem summary

  • When WinCollect is configured for use on an encrypted Managed
    Host in a QRadar environment, the installation of WinCollect
    version 7.3.0 introduces communication problems between QRadar
    and the WinCollect Agents.
    Adding new WinCollect Agent/Log Sources into QRadar fails due
    to the failure in communication preventing Agent registration.
    Messages similar to the following might be visible in
    /var/log/qradar.error when this issue occurs:
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    com.q1labs.frameworks.crypto.trustmanager.extended.Q1X509FullTru
    stManager: [ERROR] [NOT:0000003000][127.0.0.1/- -] [-/-
    -]Server Not Trusted No subject alternative names matching IP
    address 127.0.0.1 found
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    com.q1labs.sem.semsources.wincollectconfigserver.requestprocesso
    rs.ConnectionEstablishmentVersion2Processor: [ERROR]
    [NOT:0000003000][127.0.0.1/- -] [-/- -]Agent
    Agent-name(127.0.0.1) caught exception --
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    javax.net.ssl.SSLHandshakeException:
    java.security.cert.CertificateException:
    java.security.cert.CertificateException: No subject alternative
    names matching IP address 127.0.0.1 found
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.k.a(k.java:37)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.av.a(av.java:422)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.D.a(D.java:70)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.D.a(D.java:164)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.E.a(E.java:249)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.E.a(E.java:731)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.D.r(D.java:486)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.D.a(D.java:244)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.av.a(av.java:608)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.av.i(av.java:282)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.av.a(av.java:1009)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.av.startHandshake(av.java:778)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:239)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:60)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Http
    URLConnection.java:1582)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpU
    RLConnection.java:1510)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    java.net.HttpURLConnection.getResponseCode(HttpURLConnection.jav
    a:491)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:40)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    com.q1labs.sem.semsources.wincollectconfigserver.requestprocesso
    rs.ConnectionEstablishmentVersion2Processor.onReceiveConnectionE
    stablishmentRequest(ConnectionEstablishmentVersion2Processor.jav
    a:234)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    com.q1labs.sem.semsources.wincollectconfigserver.WinCollectConfi
    gHandler.run(WinCollectConfigHandler.java:153)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExec
    utor.java:1160)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExe
    cutor.java:635)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at java.lang.Thread.run(Thread.java:818)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    Caused by: java.security.cert.CertificateException:
    java.security.cert.CertificateException: No subject alternative
    names matching IP address 127.0.0.1 found
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    com.q1labs.frameworks.crypto.trustmanager.extended.Q1X509FullTru
    stManager.checkServerTrusted(Q1X509FullTrustManager.java:382)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.E.a(E.java:438)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    ... 18 more
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    Caused by: java.security.cert.CertificateException: No subject
    alternative names matching IP address 127.0.0.1 found
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.util.b.b(b.java:42)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.util.b.a(b.java:96)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.aD.a(aD.java:183)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.aD.a(aD.java:49)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.aD.a(aD.java:191)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at com.ibm.jsse2.aD.checkServerTrusted(aD.java:34)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    at
    com.q1labs.frameworks.crypto.trustmanager.extended.Q1X509FullTru
    stManager.checkServerTrusted(Q1X509FullTrustManager.java:377)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_1]
    ... 19 more
    

Problem conclusion

  • This issue was fixed in WinCollect version 7.3.0 P1.
    

Temporary fix

Comments

  • An issue report and FAQ is available for IJ26949 from QRadar
    Support. For more information, see:
    
    https://ibm.biz/BdffyY
    

APAR Information

  • APAR number

    IJ26949

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    730

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2020-08-11

  • Closed date

    2020-10-27

  • Last modified date

    2021-04-23

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"730"}]

Document Information

Modified date:
24 April 2021