Troubleshooting
Problem
You receive a javax.net.ssl.SSLHandshakeException when
- the users load the user interface in the web browser,
- the agent attempts to connect to the UrbanCode Deploy server,
- the UrbanCode Deploy server connects to LDAP, database etc. or,
- in the log of a step that ran on an agent
Symptom
The exception is shown in one or multiple of those locations
- UCD server log file <server>/var/log/deployserver.out
- UCD relay log file <agent>/var/logs/agentrelay.out
- UCD agent log file <agent>/var/log/agent.out
- Step output log
Diagnosing The Problem
Below you find a description on how to enable SSL traces on UrbanCode Deploy server, relay and agent.
The parameter -Djavax.net.debug=ssl:handshake prints out only the SSL handshake between client-side and server-side (depends on who initiates) which is sufficient for almost all SSL related problems since the content of the traffic is usually not the problem. You can also use -Djavax.net.debug=all for more verbose tracing.
Configure SSL traces on the UrbanCode Deploy server:
Windows:
- Stop the server
- Edit the file: <server>\bin\set_env.cmd and add: -Djavax.net.debug=ssl:handshake at the beginning of the JAVA_OPTS variable definition, before all other variables indicated with ... in the line below:
set JAVA_OPTS=-Djavax.net.debug=ssl:handshake ... - Start the server with the following command from the <server>\bin directory:
run_server.cmd > ..\var\log\stdout.txt 2>&1 - The relevant output will be stored in the file: <server>\var\log\stdout.txt
Unix/Linux:
- Stop the server
- Edit the file: <server>/bin/set_env and add -Djavax.net.debug=ssl:handshake at the beginning of the JAVA_OPTS variable definition, before all other variables indicated with ... in the line below:
JAVA_OPTS="-Djavax.net.debug=ssl:handshake ... - Start the server with the following command from the <server>/bin directory:
./server start - The relevant output will be stored in the file: <server>/var/log/stdout
Configure SSL traces on the UrbanCode Deploy relay:
Windows:
- Stop the relay
- Edit the file: <relay>\bin\agentrelay.cmd and add -Djavax.net.debug=ssl:handshake at the beginning of the JAVA_OPTS variable definition, before all other variables indicated with ... in the line below:
JAVA_OPTS="-Djavax.net.debug=ssl:handshake ... - Start the relay with the following command from the <relay>\bin directory:
agentrelay.cmd start - The relevant output will be stored in the file: <relay>\var\logs\agentrelay.out
Unix/Linux:
- Stop the relay
- Edit the file: <relay>/bin/agentrelay and add -Djavax.net.debug=ssl:handshake at the beginning of the JAVA_OPTS variable definition, before all other variables indicated with ... in the line below:
JAVA_OPTS="-Djavax.net.debug=ssl:handshake ... - Start the relay with the following command from the <relay>/bin directory:
./agentrelay start - The relevant output will be stored in the file: <relay>/var/logs/agentrelay.out
Configure SSL traces on the UrbanCode Deploy agent:
Windows:
- Stop the Agent
- Edit the file: <agent>/bin/agent.cmd and add the line in bold below to the ":doRun" section:
:doRun
shift
set "WORKER_JAVA_OPTS= "
if ""%1"" == ""-debug"" (
set WORKER_JAVA_OPTS=%JAVA_DEBUG_OPTS%
)
set WORKER_JAVA_OPTS=%WORKER_JAVA_OPTS% -Djavax.net.debug=ssl:handshake
pushd "%AGENT_HOME%\bin"
"%JAVACMD%" %MONITOR_JAVA_OPTS% -jar "%AGENT_BIN_HOME%\monitor\air-monitor.jar" "%AGENT_HOME%" "%AGENT_HOME%\bin\worker-args.conf" 7000 %WORKER_JAVA_OPTS% -Dagent.log.to.console=y -Djava.io.tmpdir="%AGENT_HOME%\var\temp"
popd
goto end
- Start the agent with the following command from the <agent>/bin directory:
run_agent.cmd > ..\var\log\stdout.txt 2>&1 - The output will be in the file:
<agent>\var\log\stdout.txt
Unix/Linux:
- Stop the agent
- Edit the file: <agent>/bin/agent
- Add the variable -Djavax.net.debug=ssl:handshake as value of WORKER_JAVA_OPTS in the "Start" section:
# -- Start ---------------------------------------------------------------------
elif [ "$1" = "start" ] ; then
shift
WORKER_JAVA_OPTS=-Djavax.net.debug=ssl:handshake
- Start the agent from the <agent>/bin directory with the following command:
./agent start - The output will be in: <agent>/var/log/stdout
Configure SSL traces on all steps running on an agent
See the following technote:
Mustgather: how to troubleshoot SSL connection problems from the Web Utilities plugin or other steps
Resolving The Problem
Inspect the relevant parts of the trace, which are those that start with lines like the following:
*** ClientHello, TLSv1.2...
*** ServerHello, TLSv1.2
...
Provide all the logs to UrbanCode Deploy support for additional investigation.
Related Information
Product Synonym
UCD
Was this topic helpful?
Document Information
Modified date:
30 October 2018
UID
ibm10735195