WAS 6.x and 7.x Monitoring using Sitescope 11.23 (747 Views)
Reply
Frequent Advisor
Utkarshpatel
Posts: 60
Registered: ‎02-15-2012
Message 1 of 7 (747 Views)

WAS 6.x and 7.x Monitoring using Sitescope 11.23

[ Edited ]

Hello Experts,

We are using SIS 11.23. We have configured WAS solution template for 6.x(Using Internal Java).  We tried that for one of the UAT server and imported the jks file containing the certificate for that particular server. It worked well. Now when we tried the same jks file on the PROD server that too worked. We confirmed with the App team who confimed that the certificates of the UAT will not work on the PROD.(On this set of servers, admin security is not enabled.)

So one important question is, at what stage these certificates are required and at what stage they are not required.

Second scenario is that we got certificates for WAS related to different Application. This WAS was 7.x (Using Internal Java). We followed the procedure in the guide and imported the certificated in the jks file. This time it gave us the below error:

"Step 6: Result of test connection: ADMC0016E: The system cannot create a
SOAP connector to connect to host <IP> at port <PORT>.; nested
exception is: com.ibm.websphere.management.exception.ConnectorException:
ADMC0016E: The system cannot create a SOAP connector to connect to host
<IP> at port <PORT>. Wrong certificates in DummyClientKeyFile.jks and
DummyClientTrustFile.jks"

We have reconfirmed the certificates in the jks three times with the team and they say that the certificates are alright. We have even import the certificate in SIS using Certificate management.

I need help as to understand what is the role of certificates and in the second step what could be the possible error.

Thanks and Regards
Utkarsh Patel

HP Expert
kenneth.gonzalez
Posts: 1,752
Registered: ‎04-28-2011
Message 2 of 7 (734 Views)

Re: WAS 6.x and 7.x Monitoring using Sitescope 11.23

Hi,

Do you have any other WAS7 monitor already created for other server?

About your certificate question, if all of the WAS servers are on same node and share same certificate in their SOAP ports then the same jks with that cert will work.
Kenneth Gonzalez
HP Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

If you haven’t tried it yet, come and join us in our entitled forums at Support Customer Forums
HP Expert
PatWest
Posts: 836
Registered: ‎03-06-2008
Message 3 of 7 (722 Views)

Re: WAS 6.x and 7.x Monitoring using Sitescope 11.23

Check that %WAS_ENV% folder contains two jks files:
DummyClientTrustFile.jks and DummyClientKeyFile.jks.

Be sure that these files were copied from <WAS_SERVER>\WebSphere\AppServer\
profiles\<ServerName>\etc\ folder. Where <ServerName> is the name of monitored WAS server and not folder with name "default". Copy these two files from this folder.

Otherwise generating a new keystore with client SSL certificate on WAS side may help.
Frequent Advisor
Utkarshpatel
Posts: 60
Registered: ‎02-15-2012
Message 4 of 7 (713 Views)

Re: WAS 6.x and 7.x Monitoring using Sitescope 11.23


Hello Kenneth,

No we do not have any other WAS 7..This is the first attept of monitoring WAS 7..
I had one more doubt, say suppose we have created a dir called"WAS6" that has certi's related to WAS6 and other dir called "WAS7" related to certi's of WAS 7...both the contain respective jks files. These two seperate dir's and seperate jks files will not interfere with each other right?
The SOAP Ports of all the WAS are different...

 

 

Hello PatWest,
The files in our env are named as ClientTrust and ClientKey..They work well for WAS6. But when we give them for WAS7 then they throw an error...

 

Please find the below error:

 

Step 1: Check jars from WAS client directory to use as additional classpath: Next jars will be added to classpath: E:\WAS_7\com.ibm.ws.admin.client_7.0.0.jar E:\WAS_7\com.ibm.ws.runtime.jar  

 

Step 2: Check secure jar from WAS (skip this step if SSL is not used): Check com.ibm.ws.security.crypto*: ..\java\lib\ext\com.ibm.ws.security.crypto.jar - exists.

 

Step 3: Check JVM security option in the java.security file (skip this step if SSL is not used): Next lines were found: ssl.SocketFactory.provider=sun.security.ssl.SSLSocketFactoryImpl ssl.ServerSocketFactory.provider=sun.security.ssl.SSLServerSocketFactoryImpl  

 

Step 4: Check that the certificate was imported into the java key store (skip this step if SSL is not used): All certificates were imported into SiteScope key store  

 

Step 5: Check Trust and Key Store files: E:\WAS_7\clienttrust.jks - exists. E:\WAS_7\clientkey.jks - exists.  

 

Step 6: Result of test connection: ADMC0016E: The system cannot create a SOAP connector to connect to host <IP> at port <PORT>.; nested exception is: com.ibm.websphere.management.exception.ConnectorException: ADMC0016E: The system cannot create a SOAP connector to connect to host <IP> at port <PORT>. Wrong certificates in DummyClientKeyFile.jks and DummyClientTrustFile.jks. 

 

 

HP Expert
PatWest
Posts: 836
Registered: ‎03-06-2008
Message 5 of 7 (683 Views)

Re: WAS 6.x and 7.x Monitoring using Sitescope 11.23

It is very likely to be a SSL permissions looking at the last error message.

In case you have used the WebSphere certificate to use another one other than the DummyClient.. certificates, perhaps you should import that one instead. did you already start working with IBSM support here? It's about time to engage them.
Occasional Visitor
patelash01
Posts: 1
Registered: ‎07-11-2014
Message 6 of 7 (488 Views)

Re: WAS 6.x and 7.x Monitoring using Sitescope 11.23

Hi,

 

We have the similar issue. We have WAS 7.0 FP 31, and have ND installation. From sitescope, we can connect to deployment manager and successfully monitor the servers under the cluster, but as soon as we add monitoring for 2nd deployment manager (which is a seperate installation on the same box- diff directories, diff port range), the 2nd one doesn't work and throws the 

 


ADMC0016E: The system cannot create a SOAP connector to connect to host XX.XX.XXX.XX at port XXXXX.; nested exception is: com.ibm.websphere.management.exception.ConnectorException: ADMC0016E: The system cannot create a SOAP connector to connect to host XX.XX.XXX.XX at port XXXXX. Wrong certificates in DummyClientKeyFile.jks and DummyClientTrustFile.jks.

 

We have created seperate WAS directory on sitescope machin (C:\WAS\WAS_A, and C:\WAS\WAS_B) to hold all jar files and respective jks files.

 

It seems at a time, monitoring works for only one setup.

HP Expert
kenneth.gonzalez
Posts: 1,752
Registered: ‎04-28-2011
Message 7 of 7 (485 Views)

Re: WAS 6.x and 7.x Monitoring using Sitescope 11.23

Is best to create an unique keystore and truststore that contains all your WAS certificates, to avoid file cache at Java level. Also, make sure you get correct certificate for each instance by getting cert from SOAP port using IE for example.

Kenneth Gonzalez
HP Support

If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.

If you haven’t tried it yet, come and join us in our entitled forums at Support Customer Forums
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.