After Changing Certificate or Disaster Recovery steps or system update ZENworks Diagnostic Page fails to load in ZCC

  • 7015138
  • 05-Jun-2014
  • 07-Mar-2017

Environment

Novell ZENworks Configuration Management 11.3
Novell ZENworks Configuration Management 11.4

Situation

After re-minting certificates due to DNS name change on primary, or performing or Disaster Recovery steps to restore zenserver information on a new primary, or after system update, the ZCC Server Diagnostic page fails to load primary server information.

ERROR (after a system update issue):

Status 401 - Authentication Failed: Unable to process claimed identity

"You need to configure open ID providers and pass it as the java property probe.config.file"

ERROR after disaster recovery (from zcc.log):

[DEBUG] [05/01/2014 16:26:25.429] [1736] [ZENServer] [102] [__z_0_35__] [ZCC] [Exception while getting ZEN_SERVER information from server : 2008-zen2] [com.novell.zenworks.admin.pages.diagnostics.exceptions.ZENDiagnosticsException: Exception while initiatlizing connection to "2008-zen2" for Service : ZEN_SERVER
at com.novell.zenworks.admin.pages.diagnostics.DiagnosticsDataCollector.getProcessHealthInfoFromServer(DiagnosticsDataCollector.java:352)
at com.novell.zenworks.admin.pages.diagnostics.DiagnosticsDataCollector.getProcessHealthInfo(DiagnosticsDataCollector.java:284)
at com.novell.zenworks.admin.pages.diagnostics.DiagnosticsDataCollector.getServerHealthInfo(DiagnosticsDataCollector.java:115)
at com.novell.zenworks.admin.pages.diagnostics.DiagnosticsInfoCollectorThread.run(DiagnosticsInfoCollectorThread.java:48)
Caused by: java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: Exception creating connection to: 10.0.0.35; nested exception is: 
java.net.SocketException: java.lang.NullPointerException]

ERROR after disaster recovery on ZENworks 11.4 (from zcc.log):

[DEBUG] [02/28/2017 14:08:53.198] [2444] [ZENServer] [113559] [ZEN_SA] [ZCC] [Exception while getting process info for ZEN_SERVER  from server : SERVERNAME] [java.io.IOException: java.util.concurrent.ExecutionException: java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
    java.net.SocketException: Software caused connection abort: recv failed]
    at com.novell.zenworks.admin.pages.diagnostics.MBeanClient.connectWithTimeout(MBeanClient.java:139)
...
Caused by: java.util.concurrent.ExecutionException: java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
    java.net.SocketException: Software caused connection abort: recv failed]
    at java.util.concurrent.FutureTask.report(FutureTask.java:122)
...
Caused by: java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
    java.net.SocketException: Software caused connection abort: recv failed]
    at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369)
...
Caused by: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
    java.net.SocketException: Software caused connection abort: recv failed]
    at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:122)
...
Caused by: java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
    java.net.SocketException: Software caused connection abort: recv failed
    at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:304)
...
Caused by: java.net.SocketException: Software caused connection abort: recv failed
    at java.net.SocketInputStream.socketRead0(Native Method)
...
] [java.util.concurrent.ExecutionException: java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException (Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
    java.net.SocketException: Software caused connection abort: recv failed)] [] [java.io.IOException] [ZENServer]


ERROR after certificate remint (from zcc.log):

[DEBUG][05/30/2014 10:37:014.451][25155][ZEN JMX Agent][1][zenworks][JMX Agent][][There is an exception ][java.io.IOException: Cannot bind to URL [rmi://nts198h.lab.novell.com:61491/jmxrmi]:
exception is:
        javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate]

Resolution

Workaround note ONLY for the versions in this TID and only for the exact errors quoted in the problem statement.

Execute the following commands in the order listed: 

novell-zenworks-configure -c  MergeTruststore -Z  -DLogger.logLevel=FINEST

novell-zenworks-configure -c EnableJMX 

novell-zenworks-configure -c ZenProbe 

novell-zenworks-configure -c Start (Select restart to restart services) 

Additional Information

Note:  The resolution may not fix the problem if the cause is improperly configured or lack of DNS environment.  

Probe specifies the openid authentication provider in a config file 

/opt/novell/zenworks/share/tomcat/webapps/zenworks-probe/probe.properties 
or
/etc/opt/novell/zenworks/probe.properties 

When probe is launched the first time in a session from the diagnostics page, it reads this config file and redirects to that URL.  The openid framework gets the certificate from that URL and gets the CN from it and redirects to that URL.  It tries to match the Certificate information with the known information in the trust store to ensure a match to FQDN of the server.

Once authenticated to the openid page, the user is redirected to the the probe's home page.