Troubleshooting
Problem
The Java™ Gateway for ServiceNow is unable to contact to the ServiceNow server that uses an SSL connection.
Symptom
The Gateway was working but now it fails to connect.
The Gateway log file contains a message like this:
Error: [Main Gateway] Unable to reach the ServiceNow server - please double-check the value of 'Gate.ServiceNow.Host'.
But the ServiceNow server is available from the Gateway server
Cause
With the recent ServiceNow server upgrade, ServiceNow is deprecating the use of TLS 1.0 and 1.1. Customers are required to use TLS 1.2 or newer for all communications with their instances. See the related url section for a link to the ServiceNow notice.
The Netcool ServiceNow Gateway needs to be configured to use TLS 1.2.
Diagnosing The Problem
Follow this step to determine which version of TLS is being used in the handshake;
1. Add these options into the ServiceNow Gateway file called nco_g_servicenow.env;
JRE_OPTS="-Djavax.net.debug=ssl:handshake:verbose"
or
JRE_OPTS="-Djavax.net.debug=all"
2. Run the Gateway in debug mode. It creates a message for the ClientHello. The version of TLS is displayed in this message.
For more information on Java™ properties, see:
Resolving The Problem
The objective is to upgrade IBM Java™ to version 1.8, which supports TLS 1.2 and is enabled by default.
1. If you are using OMNIbus 8.1 FP17 or newer, then IBM Java 1.8 is already installed with Netcool/OMNIbus™ .
2. If you are using Netcool/OMNIbus 8.1 Fix Pack 17 (FP 17) and IBM Java 1.7 then make the following change to the ServiceNow Gateway file called nco_g_servicenow.env. These properties enforce the use of TLS 1.2;
JRE_OPTS="-Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2"
Restart/Start the ServiceNow Gateway to see whether the Gateway works properly.
3. If the workaround in step 2 does not resolve the problem, install openjdk-1.8.0 on the ServiceNow Gateway server. OpenJDK is an open source implementation of the Java Platform.
The following steps assume that openjdk-1.8.0 patch 131 is installed in /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-11.b12.el7.x86_64
It is not mandatory to use patch 131.
3i) Define the location of the java binary in your installation of openjdk-1.8.0 by setting the JRE_DIR property in the Gateway file called nco_g_servicenow.env.
JRE_DIR points to the directory containing the 'jre' directory. For example, if the java binary is in
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-11.b12.el7.x86_64/jre/bin
then set JRE_DIR to /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-11.b12.el7.x86_64
JRE_DIR=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-11.b12.el7.x86_64
3ii) Set LD_LIBRARY_PATH to point to the directory containing libjvm.so file.
For example, if libjvm.so is in
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-11.b12.el7.x86_64/jre/lib/amd64/server
then set LD_LIBRARY_PATH that directory;LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-11.b12.el7.x86_64/jre/lib/amd64/server
export LD_LIBRARY_PATH
Start the ServiceNow Gateway from the command line in the same terminal where you set LD_LIBRARY_PATH to see whether the Gateway works properly.
If none of these solutions work contact IBM support for further troubleshooting.
Related Information
Document Location
Worldwide
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSHTQ","label":"Tivoli Netcool\/OMNIbus"},"Component":"Java Gateway for ServiceNow","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Product Synonym
nco_g_servicenow
Was this topic helpful?
Document Information
Modified date:
15 October 2019
UID
ibm11086927