DX Application Performance Management

Expand all | Collapse all

[ERROR] [WebServerMonitor] Could not get metrics from server : https://<host>:<Port>Could be due to unsupported protocol or cipherSuite being used

  • 1.  [ERROR] [WebServerMonitor] Could not get metrics from server : https://<host>:<Port>Could be due to unsupported protocol or cipherSuite being used

    Posted 10-05-2015 02:36 PM
      |   view attached

    Hello CA:

    Agent version :  CA Wily Power Pack for Web Servers 8.0

    Wily Introcope version Release: 9.1.6.0

    I am trying to report apache metric into Wily Introscope. I have been successful in setting up most of the aapches to report metices correctly. All Apache are accepting https traffic only. Just these two apache isn't reporting anything and throwing this error. I can't seem to catch what I am doing wrong. In myTruststore in wily agent I do have all certificates that are needed to start the aapche. still no luck..

    Here's the error

     

    10/05/15 01:24:50 PM CDT [ERROR] [WebServerMonitor] Could not get metrics from server : https://nalp96l1.ihs.discoverfinancial.com:23551 Could be due to unsupported protocol or cipherSuite being used

    javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

            at sun.security.ssl.Alerts.getSSLException(Unknown Source)

            at sun.security.ssl.Alerts.getSSLException(Unknown Source)

            at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)

            at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

            at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

            at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)

            at sun.security.ssl.AppOutputStream.write(Unknown Source)

            at java.io.BufferedOutputStream.flushBuffer(Unknown Source)

            at java.io.BufferedOutputStream.flush(Unknown Source)

            at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:831)

            at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1979)

            at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:997)

            at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:400)

            at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:173)

            at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:430)

            at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:326)

            at com.wily.webservermonitor.AWebServerMonitor$Executor.run(AWebServerMonitor.java:125)

    10/05/15 01:24:50 PM CDT [ERROR] [WebServerMonitor] Could not get metrics from server : https://nalp243.ihs.discoverfinancial.com:24000 Could be due to unsupported protocol or cipherSuite being used

    javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

            at sun.security.ssl.Alerts.getSSLException(Unknown Source)

            at sun.security.ssl.Alerts.getSSLException(Unknown Source)

            at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)

            at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

            at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

            at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)

            at sun.security.ssl.AppOutputStream.write(Unknown Source)

            at java.io.BufferedOutputStream.flushBuffer(Unknown Source)

            at java.io.BufferedOutputStream.flush(Unknown Source)

            at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:831)

            at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1979)

            at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:997)

            at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:400)

            at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:173)

            at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:430)

            at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:326)

            at com.wily.webservermonitor.AWebServerMonitor$Executor.run(AWebServerMonitor.java:125)



  • 2.  Re: [ERROR] [WebServerMonitor] Could not get metrics from server : https://<host>:<Port>Could be due to unsupported protocol or cipherSuite being used

    Posted 10-06-2015 08:34 AM

    Hi:

    I found this answer in a case that appears to apply here:

     

    Thanks for the update, definitely the protocol could be one thing, the

    other thing is the cipher suite which is also mentioned in the error

    message:

    We have these list of cipher suites that are supported:

    The following list contains the CipherSuites that are supported by the CA

    APM for Web Servers:

     

    ? SSL_RSA_WITH_RC4_128_MD5

    ? SSL_RSA_WITH_RC4_128_SHA

    ? TLS_RSA_WITH_AES_128_CBC_SHA

    ? TLS_DHE_RSA_WITH_AES_128_CBC_SHA

    ? TLS_DHE_DSS_WITH_AES_128_CBC_SHA

    ? SSL_RSA_WITH_3DES_EDE_CBC_SHA

    ? SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

    ? SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

    ? SSL_RSA_WITH_DES_CBC_SHA

    ? SSL_DHE_RSA_WITH_DES_CBC_SHA

    ? SSL_DHE_DSS_WITH_DES_CBC_SHA

    ? SSL_RSA_EXPORT_WITH_RC4_40_MD5

    ? SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

    ? SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

    ? SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

    ? SSL_RSA_WITH_NULL_MD5

    ? SSL_RSA_WITH_NULL_SHA

    ? SSL_DH_anon_WITH_RC4_128_MD5

    ? TLS_DH_anon_WITH_AES_128_CBC_SHA

    ? SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

    ? SSL_DH_anon_WITH_DES_CBC_SHA

    ? SSL_DH_anon_EXPORT_WITH_RC4_40_MD5

    ? SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA

    ? TLS_KRB5_WITH_RC4_128_SHA

    ? TLS_KRB5_WITH_RC4_128_MD5

    ? TLS_DH_anon_WITH_AES_256_CBC_SHA

    ? TLS_KRB5_WITH_3DES_EDE_CBC_SHA

    ? TLS_KRB5_WITH_3DES_EDE_CBC_MD5

    ? TLS_KRB5_WITH_DES_CBC_SHA

    ? TLS_KRB5_WITH_DES_CBC_MD5

    ? TLS_RSA_WITH_AES_256_CBC_SHA

    ? TLS_DHE_DSS_WITH_AES_256_CBC_SHA

    ? TLS_DHE_RSA_WITH_AES_256_CBC_SHA

    ? TLS_KRB5_EXPORT_WITH_RC4_40_SHA

    ? TLS_KRB5_EXPORT_WITH_RC4_40_MD5

    ? TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA

    ? TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5

     

    The other thing to be sure is that if the certificate for the web server

    has changed that this has been updated for the agent. I'm saying this

    because you have the agent configured in non-permissive mode, and the

    documentation has a note about this:

     

    "If your web server uses HTTPS in nonpermissive mode, set the truststore

    path and truststore password for the valid certificates being used to

    establish communication with the web server. To set the truststore

    settings, use the AgentConfigTool.sh file to edit the

    AgentConfig.properties file. The truststore password is stored in an

    encrypted form in the AgentConfig.properties file."

     

    So, in summary, you can definitely review the protocol setting (SSL/TLS)

    but also please check where you can about the cipher suite used for the

    certificate and check if the truststore used by the agent has been updated.

     

    Thanks

    Hal German



  • 3.  Re: [ERROR] [WebServerMonitor] Could not get metrics from server : https://<host>:<Port>Could be due to unsupported protocol or cipherSuite being used

    Posted 10-06-2015 08:54 AM

    Please don’t double post the same topic over and over again?

     

    Hal German just replied to you on another thread.

     

    Thx,

     

    Florian.