IBM Support

IJ24666: SLD SENSOR UNABLE TO DISCOVER SAP SLD USING HTTPS

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as new function.

Error description

  • Unable to connect to SAP SLD using https. User is able to open
SLD url through browser but getting below exception when
connection is made through SLD sensor.

CIMException:
EXT_ERR_UNABLE_TO_CONNECT



2019-11-28 11:21:14,223
DiscoverManager [DiscoverWorker-5]
2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG
cdb.SLDServerAgent - SLD Host:
http://hostname:50201/sld/cimom

2019-11-28 11:21:14,223
DiscoverManager [DiscoverWorker-5]
2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG
cdb.SLDServerAgent - SLD NameSpace: sld/active

2019-11-28
11:21:14,223 DiscoverManager [DiscoverWorker-5]
2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG
cdb.SLDServerAgent - Trying with SLD User: XXXXXSAP

2019-11-28
11:21:14,227 DiscoverManager [DiscoverWorker-5]
2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG
cdb.SLDCIMHelper - SLD Server Namespace: sld/active

2019-11-28
11:21:14,227 DiscoverManager [DiscoverWorker-5]
2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG
cdb.SLDCIMHelper - Setting the CIM Request Timeout to 90
seconds for url http://hostname:50201/sld/cimom.

2019-11-28
11:21:14,245 DiscoverManager [DiscoverWorker-5]
2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG
cdb.SLDCIMHelper - Setting Connection pool size to
32

2019-11-28 11:21:14,245 DiscoverManager [DiscoverWorker-5]
2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG
cdb.SLDCIMHelper - Additional SAP connection logging is
disabled

2019-11-28 11:21:14,276 DiscoverManager
[DiscoverWorker-5]
2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG
cdb.SLDCIMHelper - CIM Client connection:
org.sblim.wbem.client.CIMClient@5bce0337

2019-11-28
11:21:14,347 DiscoverManager [DiscoverWorker-5]
2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG
cdb.SLDCIMHelper - Enumerate instances failed
org.sblim.wbem.cim.CIMException: EXT_ERR_UNABLE_TO_CONNECT;
nested exception is:

 java.net.SocketException: Connection
reset



- This fix require code changes to support https
connection from SLD sensor to SAP SLD. Following manual steps
has to be performed at customer end to make connection to SLD
using https.

 1. Export the certificate from the TADDM
Discovery Server on which the Discovery is to be run.

 i. Go
to directory <taddm_installation_directory>/dist/etc (eg
/opt/IBM/taddm/dist/etc).

 Following steps assumes that
/opt/IBM/taddm is the installation directory. If the user has
different directory then they can replace that part.

 ii. run
command - /opt/IBM/taddm/jre/jre/bin/keytool -export -alias
aliasName -keystore keyStoreName -rfc -file
certificateName.cer

 -alias, alias should be collation


-keystore, KeyStoreName is the name of keystore file present in
../dist/etc directory, its name would either be
serverkeys_hostname or serverkeys.

 -file, file name of
certificate to be exported ex: taddmcertificate.cer

 iii.
Next, prompt for keystore password will be shown. Please check
password in collation.properties file present in ../dist/etc
directory and check value of "com.collation.sslpassphrase"
property and enter its value above.

 iv. Certificate will be
exported in /etc directory.

 2. Import the above generated
certificate ex: taddmcertificate.cer.

 3. Open
collation.properties present in /etc directory. Add below
property under "SAP Agent properties Info" section.


com.collation.discover.agent.SLD.enableHttps=true

Local fix

  • NA

Problem summary

  • SLD Sensor was unable to discover SAP SLD using HTTPS. User was
getting CIMException( EXT_ERR_UNABLE_TO_CONNECT ) when
connection was tried through SLD sensor during discovery
although user was able to open the SLD url through browser
successfully. Here the SLD host visible in logs was  SLD
Host:http://hostname:50201/sld/cimom  .
To handle this code is changed to include an additional
mechanism in the https connection from SLD sensor to SAP SLD
and some manual steps are also required to performed at
customer end which are below:
1) Export the certificate from the TADDM Discovery Server on
which the Discovery is to be run.
Following steps assumes that /opt/IBM/taddm is the installation
directory. If the user has different directory then they can
replace that part.
i. Go to directory
<taddm_installation_directory>/dist/etc
(eg/opt/IBM/taddm/dist/etc).
ii. Run command - /opt/IBM/taddm/jre/jre/bin/keytool -export
-alias aliasName -keystore keyStoreName -rfc -file
certificateName.cer
-alias, alias should be collation
-keystore, KeyStoreName is the name of keystore file present in
../dist/etc directory, its name would either be
serverkeys_hostname or serverkeys.
-file, file name of certificate to be exported ex:
taddmcertificate.cer
iii. Next, prompt for keystore password will be
shown. Please check password in collation.properties file
present in ../dist/etc directory and check value of
"com.collation.sslpassphrase" property and enter its value
above.
iv. Certificate will be exported in /etc
directory.
2. Import the above generated certificate ex:
taddmcertificate.cer.
3. Open collation.properties present in /etc directory. Add
below property under "SAP Agent properties Info" section.
com.collation.discover.agent.SLD.enableHttps=true

Problem conclusion

  • The fix for APAR is contained in the following maintenance
packages:
| Fix Pack | 7.3.0-TIV-ITADDM-FP0008

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ24666
    • 

  • Reported component name
    APP DEPENDENCY
    • 

  • Reported component ID
    5724N5500
    • 

  • Reported release
    730
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-04-29
    • 

  • Closed date
    2020-05-21
    • 

  • Last modified date
    2020-05-21
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • 999

    



Fix information


    

  • Fixed component name
    APP DEPENDENCY
    • 

  • Fixed component ID
    5724N5500
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSPLFC","label":"Tivoli Application Dependency Discovery Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            22 May 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback