APAR status
Closed as new function.
Error description
Unable to connect to SAP SLD using https. User is able to open SLD url through browser but getting below exception when connection is made through SLD sensor. CIMException: EXT_ERR_UNABLE_TO_CONNECT 2019-11-28 11:21:14,223 DiscoverManager [DiscoverWorker-5] 2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG cdb.SLDServerAgent - SLD Host: http://hostname:50201/sld/cimom 2019-11-28 11:21:14,223 DiscoverManager [DiscoverWorker-5] 2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG cdb.SLDServerAgent - SLD NameSpace: sld/active 2019-11-28 11:21:14,223 DiscoverManager [DiscoverWorker-5] 2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG cdb.SLDServerAgent - Trying with SLD User: XXXXXSAP 2019-11-28 11:21:14,227 DiscoverManager [DiscoverWorker-5] 2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG cdb.SLDCIMHelper - SLD Server Namespace: sld/active 2019-11-28 11:21:14,227 DiscoverManager [DiscoverWorker-5] 2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG cdb.SLDCIMHelper - Setting the CIM Request Timeout to 90 seconds for url http://hostname:50201/sld/cimom. 2019-11-28 11:21:14,245 DiscoverManager [DiscoverWorker-5] 2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG cdb.SLDCIMHelper - Setting Connection pool size to 32 2019-11-28 11:21:14,245 DiscoverManager [DiscoverWorker-5] 2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG cdb.SLDCIMHelper - Additional SAP connection logging is disabled 2019-11-28 11:21:14,276 DiscoverManager [DiscoverWorker-5] 2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG cdb.SLDCIMHelper - CIM Client connection: org.sblim.wbem.client.CIMClient@5bce0337 2019-11-28 11:21:14,347 DiscoverManager [DiscoverWorker-5] 2019112811194155#SLDServerSensor_port5000-hostname-50201 DEBUG cdb.SLDCIMHelper - Enumerate instances failed org.sblim.wbem.cim.CIMException: EXT_ERR_UNABLE_TO_CONNECT; nested exception is: java.net.SocketException: Connection reset - This fix require code changes to support https connection from SLD sensor to SAP SLD. Following manual steps has to be performed at customer end to make connection to SLD using https. 1. Export the certificate from the TADDM Discovery Server on which the Discovery is to be run. i. Go to directory <taddm_installation_directory>/dist/etc (eg /opt/IBM/taddm/dist/etc). Following steps assumes that /opt/IBM/taddm is the installation directory. If the user has different directory then they can replace that part. ii. run command - /opt/IBM/taddm/jre/jre/bin/keytool -export -alias aliasName -keystore keyStoreName -rfc -file certificateName.cer -alias, alias should be collation -keystore, KeyStoreName is the name of keystore file present in ../dist/etc directory, its name would either be serverkeys_hostname or serverkeys. -file, file name of certificate to be exported ex: taddmcertificate.cer iii. Next, prompt for keystore password will be shown. Please check password in collation.properties file present in ../dist/etc directory and check value of "com.collation.sslpassphrase" property and enter its value above. iv. Certificate will be exported in /etc directory. 2. Import the above generated certificate ex: taddmcertificate.cer. 3. Open collation.properties present in /etc directory. Add below property under "SAP Agent properties Info" section. com.collation.discover.agent.SLD.enableHttps=true
Local fix
NA
Problem summary
SLD Sensor was unable to discover SAP SLD using HTTPS. User was getting CIMException( EXT_ERR_UNABLE_TO_CONNECT ) when connection was tried through SLD sensor during discovery although user was able to open the SLD url through browser successfully. Here the SLD host visible in logs was SLD Host:http://hostname:50201/sld/cimom . To handle this code is changed to include an additional mechanism in the https connection from SLD sensor to SAP SLD and some manual steps are also required to performed at customer end which are below: 1) Export the certificate from the TADDM Discovery Server on which the Discovery is to be run. Following steps assumes that /opt/IBM/taddm is the installation directory. If the user has different directory then they can replace that part. i. Go to directory <taddm_installation_directory>/dist/etc (eg/opt/IBM/taddm/dist/etc). ii. Run command - /opt/IBM/taddm/jre/jre/bin/keytool -export -alias aliasName -keystore keyStoreName -rfc -file certificateName.cer -alias, alias should be collation -keystore, KeyStoreName is the name of keystore file present in ../dist/etc directory, its name would either be serverkeys_hostname or serverkeys. -file, file name of certificate to be exported ex: taddmcertificate.cer iii. Next, prompt for keystore password will be shown. Please check password in collation.properties file present in ../dist/etc directory and check value of "com.collation.sslpassphrase" property and enter its value above. iv. Certificate will be exported in /etc directory. 2. Import the above generated certificate ex: taddmcertificate.cer. 3. Open collation.properties present in /etc directory. Add below property under "SAP Agent properties Info" section. com.collation.discover.agent.SLD.enableHttps=true
Problem conclusion
The fix for APAR is contained in the following maintenance packages: | Fix Pack | 7.3.0-TIV-ITADDM-FP0008
Temporary fix
Comments
APAR Information
APAR number
IJ24666
Reported component name
APP DEPENDENCY
Reported component ID
5724N5500
Reported release
730
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-04-29
Closed date
2020-05-21
Last modified date
2020-05-21
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
999
Fix information
Fixed component name
APP DEPENDENCY
Fixed component ID
5724N5500
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSPLFC","label":"Tivoli Application Dependency Discovery Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
22 May 2020