AppD Archive

RSA premaster secret error

CommunityUser
Splunk Employee
Splunk Employee

Hi.

I'm try to install pro traial agent and it's running but is not able to connect to the dashboard.

We are in Italy and we are trying to run the agent on Windows server 2008 Service pack 1 with JVM 1.7.

Any help is appreciated.

The logfile reports following track:

Thread-0] 09 Jan 2014 12:18:38,374 INFO ConfigurationChannel - Sending Registration request with: Application Name [MyApp], Tier Name [nexRatesServer], Node Name [nexRatesServer], Host Name [dev-vsrv-nexrates-153] Node Unique Local ID [nexRatesServer], Version [Server Agent v3.7.12.0 GA #2013-11-25_16-18-41 r${env.SVN_REVISION} 587-3.7.12]
[Thread-0] 09 Jan 2014 12:18:38,968 INFO XMLConfigManager - Full certificate chain validation performed using default certificate file
[Thread-0] 09 Jan 2014 12:18:39,265 INFO XMLConfigManager - Full certificate chain validation performed using default certificate file
[Thread-0] 09 Jan 2014 12:18:39,577 INFO XMLConfigManager - Full certificate chain validation performed using default certificate file
[Thread-0] 09 Jan 2014 12:18:39,890 INFO XMLConfigManager - Full certificate chain validation performed using default certificate file
[Thread-0] 09 Jan 2014 12:18:39,890 ERROR ConfigurationChannel - Fatal transport error: RSA premaster secret error
[Thread-0] 09 Jan 2014 12:18:39,890 WARN ConfigurationChannel - Could not connect to the controller/invalid response from controller, cannot get initialization information, controller host [paid29.saas.appdynamics.com], port[443], exception [Fatal transport error: RSA premaster secret error]
[Thread-0] 09 Jan 2014 12:18:39,905 WARN AgentErrorProcessor - Agent error occurred, [name,transformId]=[com.singularity.CONFIG.ConfigurationChannel - javax.net.ssl.SSLKeyException,2147483647]
[Thread-0] 09 Jan 2014 12:18:39,905 WARN AgentErrorProcessor - 4 instance(s) remaining before error log is silenced
[Thread-0] 09 Jan 2014 12:18:39,905 ERROR ConfigurationChannel - Exception: RSA premaster secret error
javax.net.ssl.SSLKeyException: RSA premaster secret error
at sun.security.ssl.RSAClientKeyExchange.<init>(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverHelloDone(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.write(Unknown Source)
at java.io.FilterOutputStream.write(Unknown Source)
at com.singularity.ee.util.httpclient.b.writeRequest(b.java:44)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at com.singularity.ee.util.httpclient.j.a(j.java:189)
at com.singularity.ee.rest.h.G(h.java:426)
at com.singularity.ee.rest.h.F(h.java:371)
at com.singularity.ee.rest.controller.request.sb.F(sb.java:116)
at com.singularity.ee.rest.controller.request.tb.a(tb.java:34)
at com.singularity.ee.agent.appagent.kernel.config.xml.l.a(l.java:1253)
at com.singularity.ee.agent.appagent.kernel.config.xml.l.a(l.java:78)
at com.singularity.ee.agent.appagent.kernel.config.xml.s.a(s.java:538)
at com.singularity.ee.agent.appagent.kernel.config.xml.l.a(l.java:360)
at com.singularity.ee.agent.appagent.kernel.config.xml.db.run(db.java:591)
at com.singularity.ee.agent.appagent.kernel.config.xml.e.initialize(e.java:284)
at com.singularity.ee.agent.appagent.kernel.c.start(c.java:111)
at com.singularity.ee.agent.appagent.kernel.JavaAgent.initialize(JavaAgent.java:235)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.singularity.ee.agent.appagent.AgentEntryPoint$1.run(AgentEntryPoint.java:173)
Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available
at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:158)
at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:207)
at sun.security.ssl.JsseJce.getKeyGenerator(Unknown Source)
... 38 more
[Thread-0] 09 Jan 2014 12:18:39,905 INFO XMLConfigManager - Agent will poll for new configuration from controller every [60] seconds
[Thread-0] 09 Jan 2014 12:18:39,937 INFO TransactionMonitoringService - Config Channel not initialized, will use default transaction config to apply BCI rules

0 Karma

Arun_Dasetty
Super Champion

Hi Roberto,

Apologies for delayed response. We see such errors "Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available" due to missing java.ext.dir in java classpath when trying to use https/ssl connection, Can you try adding the classpath to the ext directory to existing java_opts and restart the server with agent, if you still see the issue send zipped version of agent logs directory:

 -Djava.ext.dirs=lib -classpath "%java_home%\lib\ext\*" 

Meanwhile while we debug the issue, let us know using http port for agent controller connection is an option here.

Regards,

Arun

0 Karma

CommunityUser
Splunk Employee
Splunk Employee

Thanks for the feedback but I'm still incountering the issue

Regarding HTTP: for this test HTTP is an option so please let me know how to change agent cfg to use plain HTTP.

Cheers, RA

0 Karma

Arun_Dasetty
Super Champion

Hi Roberto,

1)  Open controller-info.xml file under "C:\Softsolutions\AppDynamics\conf\" directory and change the following values:
before update:
<controller-port>443</controller-port>
<controller-ssl-enabled>true</controller-ssl-enabled>

after update:
before update:
<controller-port>80</controller-port>
<controller-ssl-enabled>false</controller-ssl-enabled>

2) save the changes and restart the jvm with agent configured and see how it goes

Also let us know if restarting jvm without the -D jvm arg "-Djava.ext.dirs=config;lib;. " makes any difference

Please confirm whether you have tried the suggested change we mentioned earlier:
-Djava.ext.dirs=lib -classpath "%java_home%\lib\ext\*"

Regards,

Arun

0 Karma

CommunityUser
Splunk Employee
Splunk Employee

Hi, now is working on HTTP.

I have tried -Djava.ext.dirs=lib -classpath "%java_home%\lib\ext\*"  and did not work...

 

Maybe the cause was an error in my cfg but for the trial I had no time to waste on "tuning" so i decided to use the 80 port and now all is OK.

 

Thanks, again

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...