Troubleshooting
Problem
Users are encountering the following error when attempting to deactivate the application using the app_maintenance.bat script:
"An exception occurred during operation execute: java.net.SocketException: Connection or outbound has closed exitCode=200"
Command used:
C: \Program Files\ibm\cognos\tm1_64\webapps\pmpsvc\WEB-INF\tools>app_maintenance.bat -serviceurl https://tm1application url:9510/pmpsvc -username <user name> -pwd <password> -op deactivate -app <Application ID>
Error found in logs:
[main] ERROR () com.ibm.cognos.pmpsvc.ApplicationMaintenance - An exception occured during operation execute:java.net.SocketException: Connection or outbound has closedcom.ibm.cognos.pmpsvc.service.api.PlanningServiceException: java.net.SocketException: Connection or outbound has closed
Atcom.ibm.cognos.pmpsvc.service.impl.PlanningService.getSecurityMode(PlanningService.java:219)atcom.ibm.cognos.pmpsvc.ApplicationMaintenance.doLogon(ApplicationMaintenance.java:1020) at com.ibm.cognos.pmpsvc.ApplicationMaintenance.execute(ApplicationMaintenance.java:920)
at com.ibm.cognos.pmpsvc.ApplicationMaintenance.main(ApplicationMaintenance.java:192)
Caused by: java.net.SocketException: Connection or outbound has closed
Cause
The issue is occurred after enabling SSL. If the login to PMPSVC via a web browser works correctly after enabling SSL, then it's likely that the necessary certificates have already been added to the Java keystore using the keytool utility.
If the latest certificates have already been added to the keystore, the JVM can be configured to use that keystore, and the batch file can then be executed again. This can be done by checking if the jvm.options file under “C:/Program Files/ibm/cognos/tm1_64/wlp/usr/servers/<server name>” or tm1/jvm.options has below entries:
If they already added their certs to our keystore:
-Djavax.net.ssl.trustStore=${bin_path}/ssl/tm1store
-Djavax.net.ssl.trustStorePassword={ourtrust store password}
If they have added their certs to a different store then jvm.options should look like below:
-Djavax.net.ssl.trustStore=<their local path to the keystore>
-Djavax.net.ssl.trustStorePassword=<their keystore password>
Diagnosing The Problem
The issue is due to the certificates are not properly imported to the cacerts keystore. As this is a batch file when SSL is enabled customer should explicitly add the CA that they are using/having to login to the pmpsvc app.
Check if the certificates are imported to the correct location where the cacert keystore is located.
Cacert keystore path can be found at: C:\ibm\cognos\tm1_64\jre\lib\security
Resolving The Problem
You can verify whether the certificate was imported correctly into the keystore by running the following command:
keytool -list -keystore </path/to/keystore> -alias <alias-name>
If the certificate appears in the keystore listing, you should be able to run the deactivate batch file without issues.
However, if the certificate is not present in the keystore, export the current valid certificate from the browser to a local directory (make sure not to rename the certificate file during export). Then, import the exported certificate into the cacerts keystore using the following command:
Cacert keystore path can be found at: C:\ibm\cognos\tm1_64\jre\lib\security
..\..\bin\keytool -keystore cacerts -alias <any-alias-name> -import -file "<the imported cert path name>" (We need to run this command inside the location where the cacert and exported certificate presents).
Once we successfully import the certificate to the keystore, run appmaintanance.bat command to deactivate application:
C: \Program Files\ibm\cognos\tm1_64\webapps\pmpsvc\WEB-INF\tools>app_maintenance.bat -serviceurl https://tm1application url:9510/pmpsvc -username <user name> -pwd <password> -op deactivate -app <Application ID>
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
06 August 2025
UID
ibm17241408