Troubleshooting
Problem
With LDAP SSL certificates, IBM Cognos® Content Manager server is unable connect to the LDAP server and fails with the following exception:
['My_Namespace']
[ERROR] CAM-AAA-0146 The namespace 'my_namespace' is not available.
[ERROR] CAM-AAA-0064 The function 'Configure' failed.
[ERROR] The user cannot access the application now.
[ERROR] CAM-AAA-0056 Unable to authenticate.
[ERROR] CAM-AAA-0064 The function 'LDAPHandlePool::CreateHandle()' failed.
[ERROR] CAM-AAA-0026 The function call to 'ldap_simple_bind_s' failed with error code: '81'
[ERROR] Can't contact LDAP server
['My_Namespace']
[ERROR] CAM-AAA-0146 The namespace 'my_namespace' is not available.
[ERROR] CAM-AAA-0064 The function 'Configure' failed.
[ERROR] The user cannot access the application now.
[ERROR] CAM-AAA-0056 Unable to authenticate.
[ERROR] CAM-AAA-0064 The function 'LDAPHandlePool::CreateHandle()' failed.
[ERROR] CAM-AAA-0026 The function call to 'ldap_simple_bind_s' failed with error code: '81'
[ERROR] Can't contact LDAP server
Symptom
The IBM Cognos® server fails to start.
Cause
Nss library and Linux environment.
Diagnosing The Problem
In the network traces we can see:
The LDAP server responds with SSL Handshake "Server Hello".
The LDAP server responds with SSL Handshake "Server Hello".
The client/server reponds with "Client Hello".
So no problem here
Cognos (nss library of the Linux)) interrupts the handshake with the following message:
Description: Illegal Parameter (47)
Resolving The Problem
- Connection to https upstream not working anymore:
- Review connections between the reverse proxy server and upstream server (Java Platform, Enterprise Edition application on Java 8) result in a 503 error.
- Test with "curl <url> -v"
- Test with SSL Handshake "cat <file path>"
- If all return a communication failure review the following
- Review the SSL/TLS protocols are up to date (For example, SSLv3 or TLSv1.2)
- Ensure the ciphers in the Cognos configuration and SSL side are up to date
- Further notes here
- Review connections between the reverse proxy server and upstream server (Java Platform, Enterprise Edition application on Java 8) result in a 503 error.
- Crypto-policies of RHEL prevents the selection of the cipher suite. Setting it to "LEGACY" allows Cognos to connect to LDAPS.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl6sAAC","label":"Install-\u003EConfigure"}],"ARM Case Number":"TS008480536","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
28 January 2023
UID
ibm16590875