IBM Support

MustGather: how to collect SSL Handshake traces from the UrbanCode Deploy server, relay and agent

Troubleshooting


Problem

You receive a javax.net.ssl.SSLHandshakeException when

  • the users load the user interface in the web browser,
  • the agent attempts to connect to the UrbanCode Deploy server,
  • the UrbanCode Deploy server connects to LDAP, database etc. or,
  • in the log of a step that ran on an agent

Symptom

The exception is shown in one or multiple of those locations

  • UCD server log file <server>/var/log/deployserver.out
  • UCD relay log file <agent>/var/logs/agentrelay.out
  • UCD agent log file <agent>/var/log/agent.out
  • Step output log

Diagnosing The Problem

Below you find a description on how to enable SSL traces on UrbanCode Deploy server, relay and agent.
The parameter -Djavax.net.debug=ssl:handshake prints out only the SSL handshake between client-side and server-side (depends on who initiates) which is sufficient for almost all SSL related problems since the content of the traffic is usually not the problem. You can also use -Djavax.net.debug=all for more verbose tracing.

Configure SSL traces on the UrbanCode Deploy server:

Windows:

  1. Stop the server
  2. Edit the file: <server>\bin\set_env.cmd and add: -Djavax.net.debug=ssl:handshake at the beginning of the JAVA_OPTS variable definition, before all other variables indicated with ... in the line below:
    set JAVA_OPTS=-Djavax.net.debug=ssl:handshake ...
  3. Start the server with the following command from the <server>\bin directory:
    run_server.cmd > ..\var\log\stdout.txt 2>&1
  4. The relevant output will be stored in the file: <server>\var\log\stdout.txt

Unix/Linux:

  1. Stop the server
  2. Edit the file: <server>/bin/set_env and add -Djavax.net.debug=ssl:handshake at the beginning of the JAVA_OPTS variable definition, before all other variables indicated with ... in the line below:
    JAVA_OPTS="-Djavax.net.debug=ssl:handshake ...
  3. Start the server with the following command from the <server>/bin directory:
    ./server start
  4. The relevant output will be stored in the file: <server>/var/log/stdout
     

Configure SSL traces on the UrbanCode Deploy relay:

Windows:

  1. Stop the relay
  2. Edit the file: <relay>\bin\agentrelay.cmd and add -Djavax.net.debug=ssl:handshake at the beginning of the JAVA_OPTS variable definition, before all other variables indicated with ... in the line below:
    JAVA_OPTS="-Djavax.net.debug=ssl:handshake ...
  3. Start the relay with the following command from the <relay>\bin directory:
    agentrelay.cmd start
  4. The relevant output will be stored in the file: <relay>\var\logs\agentrelay.out

 

Unix/Linux:

  1. Stop the relay
  2. Edit the file: <relay>/bin/agentrelay and add -Djavax.net.debug=ssl:handshake at the beginning of the JAVA_OPTS variable definition, before all other variables indicated with ... in the line below:
    JAVA_OPTS="-Djavax.net.debug=ssl:handshake ...
  3. Start the relay with the following command from the <relay>/bin directory:
    ./agentrelay start
  4. The relevant output will be stored in the file: <relay>/var/logs/agentrelay.out

 

 

Configure SSL traces on the UrbanCode Deploy agent:

Windows:

  1. Stop the Agent
  2. Edit the file: <agent>/bin/agent.cmd and add the line in bold below to the ":doRun" section:

:doRun
shift
set "WORKER_JAVA_OPTS= "
if ""%1"" == ""-debug"" (
    set WORKER_JAVA_OPTS=%JAVA_DEBUG_OPTS%
)

set WORKER_JAVA_OPTS=%WORKER_JAVA_OPTS% -Djavax.net.debug=ssl:handshake

pushd "%AGENT_HOME%\bin"
"%JAVACMD%" %MONITOR_JAVA_OPTS% -jar "%AGENT_BIN_HOME%\monitor\air-monitor.jar" "%AGENT_HOME%" "%AGENT_HOME%\bin\worker-args.conf" 7000 %WORKER_JAVA_OPTS% -Dagent.log.to.console=y -Djava.io.tmpdir="%AGENT_HOME%\var\temp"
popd
goto end

  1. Start the agent with the following command from the <agent>/bin directory:
    run_agent.cmd > ..\var\log\stdout.txt 2>&1
  2. The output will be in the file:
    <agent>\var\log\stdout.txt

Unix/Linux:

  1. Stop the agent
  2. Edit the file: <agent>/bin/agent
  3. Add the variable -Djavax.net.debug=ssl:handshake as value of WORKER_JAVA_OPTS in the "Start" section:

# -- Start ---------------------------------------------------------------------

elif [ "$1" = "start" ] ; then
  shift
  WORKER_JAVA_OPTS=-Djavax.net.debug=ssl:handshake

  1. Start the agent from the <agent>/bin directory with the following command:
    ./agent start
  2. The output will be in: <agent>/var/log/stdout

 

Configure SSL traces on all steps running on an agent

See the following technote:

Mustgather: how to troubleshoot SSL connection problems from the Web Utilities plugin or other steps

 

Resolving The Problem

Inspect the relevant parts of the trace, which are those that start with lines like the following:


*** ClientHello, TLSv1.2

...

*** ServerHello, TLSv1.2

...

Provide all the logs to UrbanCode Deploy support for additional investigation.

 

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS4GSP","label":"IBM UrbanCode Deploy"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Product Synonym

UCD

Document Information

Modified date:
30 October 2018

UID

ibm10735195

Page Feedback