Question & Answer
Question
For a JazzSM server that is part of a cluster, there are several errors found as follows:
1. while trying to stop the server, this error is being generated
ADMU0509I: The Application Server "server1" cannot be reached. It appears to be
stopped.
stopped.
2. while trying to check the status of each cluster member this server appears as Unreachable:
,/consolecli.sh ListHANodes --username smadmin --password smadminpassword
NodeName NodeStatus NodeSync NodeVersion
server1:16311 ACTIVE InSync 3.1.3.0
server2:16311 ACTIVE Unreachable Unreachable
NodeName NodeStatus NodeSync NodeVersion
server1:16311 ACTIVE InSync 3.1.3.0
server2:16311 ACTIVE Unreachable Unreachable
Answer
One common root cause of this behavior could be related to the certificates present within DASH.
Check for error message within SystemOut.log file under $JazzSM_HOME/profile/logs/server1 directory.
If you have the following error message:
javax.net.ssl.SSLException: Received fatal alert: bad_certificate
then it is most likely to have a certificate that got expired and needs to be renewed or re-imported.
Check for error message within ncw.0.trace log file under $JazzSM_HOME/profile/logs/ncw directory.
Most likely you will find here errors specific to the certificate responsible for this behavior, it could be the root certificate of DASH or one of another application integrated with DASH, like Netcool/Impact.
Search for errors similar to the below one:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path validation failed: java.security.cert.CertPathValidatorException: The certificate expired at <specific date>; internal cause is:
java.security.cert.CertificateExpiredException: NotAfter: <specific date>
java.security.cert.CertificateExpiredException: NotAfter: <specific date>
To fix this situation:
- From DASH -> WebSphere Administrative Console -> go to Security -> SSL certificate and key management > Key stores and certificates > NodeDefaultTrustStore -> Signer Certificates
- Select the certificate that got expired and delete it.
- Save the configuration when you get the message to save the changes.
- Select the "Retrieve from port" option from the same page -> enter the hostname, port and enter an alias - you can enter the same details as there was before. Then, click on the "Retrieve signer certificate" -> click on "ok" -> save the changes
- Restart DASH
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEKCU","label":"Jazz for Service Management"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"1.1.3,1.1.2.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
03 September 2019
UID
ibm11072610