IBM Support

IJ35040: MANAGED WINCOLLECT AGENT CONFIGURED TO SEND TO EVENT PROCESSOR CAN STOP WORKING AS EXPECTED

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • In some instances where a managed WinCollect agent is pointing
    to an Event Processor configuration server, if the port 443
    connection between the Managed Host and the Console drops, the
    WinCollect Agent can fail to recover as expected and stop
    sending events.
    Messages similar to the following might be visible in the
    WinCollect agent logs when this issue occurs (7.3.1):
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14] co
    m.q1labs.sem.semsources.wincollectconfigserver.util.WinCollectC
    onsole:[ERROR] [NOT:0000003000][127.0.0.1/- -] [-/- -]Agent(127.
    AUTOWIN7X32-3 exception calling console --
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    java.net.ConnectException: Connection timed out (Connection
    timed out)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSock
    etImpl.java:380)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPl
    ainSocketImpl.java:236)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocket
    Impl.java:218)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:374)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.net.Socket.connect(Socket.java:682)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.ibm.jsse2.bi.connect(bi.java:114)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.ibm.jsse2.bh.connect(bh.java:20)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.NetworkClient.doConnect(NetworkClient.java:192)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:494)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:589)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.ibm.net.ssl.www2.protocol.https.c.<init>(c.java:216)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.ibm.net.ssl.www2.protocol.https.c.a(c.java:164)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.ibm.net.ssl.www2.protocol.https.d.getNewHttpClient(d.jav
    a:17)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Ht
    tpURLConnection.java:1206)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Htt
    pURLConnection.java:1068)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:6)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(
    HttpURLConnection.java:1582)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(H
    ttpURLConnection.java:1510)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection
    .java:491)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at
    com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:56)
    
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.q1labs.sem.semsources.wincollectconfigserver.util.WinCol
    lectConsole.Call(WinCollectConsole.java:281)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.q1labs.sem.semsources.wincollectconfigserver.requestproc
    essors.ConnectionEstablishmentVersion2Processor.onReceiveConnec
    tionEstablishmentRequest(ConnectionEstablishmentVersion2Process
    or.java:204)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.q1labs.sem.semsources.wincollectconfigserver.WinCollectC
    onfigHandler.run(WinCollectConfigHandler.java:122)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
    Executor.java:1160)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
    lExecutor.java:635)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.lang.Thread.run(Thread.java:822)
    Sep  9 11:01:48 ::ffff:127.0.0.1 [ecs-ec-ingress.ecs-ec-ingress]
    [WinCollectConfigHandler_13] com.q1labs.sem.semsources.wincolle
    ctconfigserver.WinCollectConfigHandler:[ERROR] [NOT:0000003000][
    -]WinCollectConfigHandler could not complete a transaction with
    an agent because the connection timed out
    or in 7.3.0:
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21] co
    m.q1labs.sem.semsources.wincollectconfigserver.requestprocessor
    s.ConnectionEstablishmentVersion2Processor:[ERROR] [NOT:00000030
    CPHDSPRD1(10.138.151.230) caught exception --
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    javax.net.ssl.SSLException: Connection reset
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.g.a(g.java:22)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.ba.a(ba.java:38)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.ba.a(ba.java:101)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.ba.a(ba.java:62)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.aZ.a(aZ.java:57)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.bi.b(bi.java:219)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.bi.f(bi.java:317)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.bi.a(bi.java:218)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.bi.startHandshake(bi.java:212)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at
    com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:248)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:46)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(
    HttpURLConnection.java:1582)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(H
    ttpURLConnection.java:1510)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection
    .java:491)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at
    com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:56)
    
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.q1labs.sem.semsources.wincollectconfigserver.requestproc
    essors.ConnectionEstablishmentVersion2Processor.onReceiveConnec
    tionEstablishmentRequest(ConnectionEstablis
    hmentVersion2Processor.java:235)
    

Local fix

  • With 7.3.1:
    Restarting the WinCollect agent allows it to continue collecting
    events but the issue can occur again when the connection drops.
    Example: Click Start > Run, type services.msc and click OK.
    Locate the WinCollect service and restart it.
    With 7.3.0:
    Restarting the ecs-ec-ingress service allows config server to
    function normally but the issue can occur again when the
    connection drops
    On the navigation menu ( Navigation menu icon ), click Admin.
    On the Advanced menu, click Restart Event Collection Services.
    Event collection is briefly interrupted while the service
    restarts.
    

Problem summary

  • In some instances where a managed WinCollect agent is pointing
    to an Event Processor configuration server, if the port 443
    connection between the Managed Host and the Console drops, the
    WinCollect Agent can fail to recover as expected and stop
    sending events.
    Messages similar to the following might be visible in the
    WinCollect agent logs when this issue occurs (7.3.1):
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14] co
    m.q1labs.sem.semsources.wincollectconfigserver.util.WinCollectC
    onsole:[ERROR] [NOT:0000003000][127.0.0.1/- -] [-/- -]Agent(127.
    AUTOWIN7X32-3 exception calling console --
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    java.net.ConnectException: Connection timed out (Connection
    timed out)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSock
    etImpl.java:380)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPl
    ainSocketImpl.java:236)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocket
    Impl.java:218)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:374)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.net.Socket.connect(Socket.java:682)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.ibm.jsse2.bi.connect(bi.java:114)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.ibm.jsse2.bh.connect(bh.java:20)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.NetworkClient.doConnect(NetworkClient.java:192)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:494)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.www.http.HttpClient.openServer(HttpClient.java:589)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.ibm.net.ssl.www2.protocol.https.c.<init>(c.java:216)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.ibm.net.ssl.www2.protocol.https.c.a(c.java:164)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.ibm.net.ssl.www2.protocol.https.d.getNewHttpClient(d.jav
    a:17)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Ht
    tpURLConnection.java:1206)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Htt
    pURLConnection.java:1068)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:6)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(
    HttpURLConnection.java:1582)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(H
    ttpURLConnection.java:1510)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection
    .java:491)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at
    com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:56)
    
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.q1labs.sem.semsources.wincollectconfigserver.util.WinCol
    lectConsole.Call(WinCollectConsole.java:281)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.q1labs.sem.semsources.wincollectconfigserver.requestproc
    essors.ConnectionEstablishmentVersion2Processor.onReceiveConnec
    tionEstablishmentRequest(ConnectionEstablishmentVersion2Process
    or.java:204)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at com.q1labs.sem.semsources.wincollectconfigserver.WinCollectC
    onfigHandler.run(WinCollectConfigHandler.java:122)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
    Executor.java:1160)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
    lExecutor.java:635)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_14]
    at java.lang.Thread.run(Thread.java:822)
    Sep  9 11:01:48 ::ffff:127.0.0.1 [ecs-ec-ingress.ecs-ec-ingress]
    [WinCollectConfigHandler_13] com.q1labs.sem.semsources.wincolle
    ctconfigserver.WinCollectConfigHandler:[ERROR] [NOT:0000003000][
    -]WinCollectConfigHandler could not complete a transaction with
    an agent because the connection timed out
    or in 7.3.0:
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21] co
    m.q1labs.sem.semsources.wincollectconfigserver.requestprocessor
    s.ConnectionEstablishmentVersion2Processor:[ERROR] [NOT:00000030
    CPHDSPRD1(10.138.151.230) caught exception --
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    javax.net.ssl.SSLException: Connection reset
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.g.a(g.java:22)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.ba.a(ba.java:38)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.ba.a(ba.java:101)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.ba.a(ba.java:62)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.aZ.a(aZ.java:57)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.bi.b(bi.java:219)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.bi.f(bi.java:317)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.bi.a(bi.java:218)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.jsse2.bi.startHandshake(bi.java:212)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at
    com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:248)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:46)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(
    HttpURLConnection.java:1582)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(H
    ttpURLConnection.java:1510)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection
    .java:491)
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at
    com.ibm.net.ssl.www2.protocol.https.b.getResponseCode(b.java:56)
    
    [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_21]
    at com.q1labs.sem.semsources.wincollectconfigserver.requestproc
    essors.ConnectionEstablishmentVersion2Processor.onReceiveConnec
    tionEstablishmentRequest(ConnectionEstablis
    hmentVersion2Processor.java:235)
    

Problem conclusion

  • This issue was fixed in WinCollect version 7.3.1 patch 1
    

Temporary fix

Comments

APAR Information

  • APAR number

    IJ35040

  • Reported component name

    QRADAR SOFTWARE

  • Reported component ID

    5725QRDSW

  • Reported release

    730

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2021-09-17

  • Closed date

    2021-10-01

  • Last modified date

    2021-10-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QRADAR SOFTWARE

  • Fixed component ID

    5725QRDSW

Applicable component levels

[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"730"}]

Document Information

Modified date:
02 October 2021