Hi all,
please be informed that might be that CDA-server selects not the correct TLS version when calling AE-REST-endpoint,
AE REST endpoint is supposed to be used with TLS 1.2 protocol, and .NET framework on the server does not use TLS 1.2 protocol by default.
This can be solved by 2 ways:
1. Add this line
<add key="AppContext.SetSwitch:Switch.System.Net.DontEnableSchUseStrongCrypto" value="false" />
into web.config of Release Automation, within appSettings.
2. Make the TLS 1.2 become the default of .NET framework by setting following key in the registry (via regedit command, see attached reg-file but I have to rename it before attaching it)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto" = dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto" = dword:00000001
Then restart the computer.
Reference: https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client
------------------------------
Engineering Program Manager
Broadcom
------------------------------
Original Message:
Sent: 10-01-2020 02:14 AM
From: Robin Gupta
Subject: Agents not available
Hi Michael,
I am facing a similar problem with one of our customer and it is because of HTTPS nature of REST-endpoint. I wanted to understand below point:
- if HTTPS for the REST-endpoint is in place, are the required certificates available at the IIS-server?
When we say certificate is available at IIS-server - what exactly we need to do here? I have a self-signed certificate and have tried below options to import certificate but none worked in my case:
- Tried directly importing the certificate by "double-click" certificate file and importing into "Trusted Root Certificate Authorities" folder
- Tried importing using windows MMC, by importing certificate into Local Machine account under "Trusted Root Certificate Authorities" folder
- Tried importing certificate into IIS "server certificates" option
I searched the knowledge base and found this article - https://knowledge.broadcom.com/external/article?articleId=195030. I am exactly getting the same error in logs but I could not understand the Resolution mentioned in the article. It says "From CDA 12.3.3 (RM 10.0.3), a trusted certificate folder can be defined in customer.config (section <trustedCertFolder>)", my questions are:
Where in customer.config should I insert this "trustedCertFolder" section?
What would be the syntax of this section?
Any samples available?
Also in that mentioned folder what type of certificate should I keep? Keystore with private key or just public certificate will work?
I would appreciate if you can provide some information around it.
My System Info:
We are using CDA v12.3.3 - all components are newly installed and it's a fresh installation with brand new DB instances.
I have already tested the REST-endpoint with the configured user(customer.config) and it is working fine
Both CDA and AE are on the same machine -single box installation - manually installed - no issue of connectivity.
I have checked REST-endpoint is correct and in fact I could see in CDA logs that it queried REST endpoint from AE and received the same URL which I configured.
------------------------------
Robin Gupta
Consultant
HCL Enterprise Studio
Original Message:
Sent: 06-10-2020 07:45 AM
From: Michael Dolinek
Subject: Agents not available
Hi @Claus Jambrich
I have several questions:
- did you check the log-file of the CDA-server?
- did you see in AE's CP-log-files that CDA-server is querying Agents using REST?
e.g.
YYYYMMDD/hhmmss.hhh - 45 U00045098 Method 'GET', URL: 'http://AEserver.local:8088/ae/api/v1/100/system/agents', received from IP: 'X:X:X:X:X:X:X:X'YYYYMMDD/hhmmss.hhh - 45 U00045105 Log on of 'SERVICE_USER/SERVICE' successful.YYYYMMDD/hhmmss.hhh - 45 U00045099 The server replied with following status: '200'
- is the REST-endpoint for the AE configured at CDA-server's customer.config?
e.g.
<connection name="AUTOMIC" system="AUTOMIC"> <system client="100" password="xxx" user="100/SERVICE_USER/SERVICE"> <queuetrigger agent="AGENT-WIN01" login="AGENT-WIN01.LOGIN" /> <connectionStrings> <add connectionString="Data Source=tcp:DBserver.local,1433;Initial Catalog=cda;User ID=cda_user;Password=xxx" name="MainDatabase" /> <add name="ReportDatabase" connectionString="Data Source=##DB SERVER##;Initial Catalog=##DB NAME##;User ID=##DB USER##;Password=##DB PASSWORD##" /> </connectionStrings> </system> <cp ip="AEserver.local" port="2217" /> <restApi uri="http://AEserver.local:8088" /></connection>
- does the configured user hold proper permissions to get the Agents from AE?
- can the CDA-server connect to the AE-server via REST?
- if HTTPS for the REST-endpoint is in place, are the required certificates available at the IIS-server?
------------------------------
Engineering Program Manager
Broadcom
Original Message:
Sent: 06-10-2020 05:43 AM
From: Claus Jambrich
Subject: Agents not available
Dear Experts,
We have a problem on our ARA installation. Our client has some agents assigned:
But when I want to add an agent to a deployment target (Button "Assign Agent/Group"), the list is empty:
What can be wrong here?
------------------------------
Thanks and regards,
Claus
___________________________________________
Claus Jambrich
Software Engineer
Erste Group IT
Vienna Austria.
------------------------------