After setting up SSL communication on EM, agent cannot connect with EM via SSL

Document ID : KB000046048
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

Getting "Connection refused" error, although an open port is specified, and keystore and truststore are specified, for the SSL EM connection.

 

Configurations on IntroscopeEnterpriseManager.properties: 

introscope.enterprisemanager.port.channel2=1234

introscope.enterprisemanager.keystore.channel2=<path to keystore file>

introscope.enterprisemanager.keypassword.channel2.plaintextpassword=true
introscope.enterprisemanager.keypassword.channel2=<key password>
introscope.enterprisemanager.truststore.channel2=<path to truststore>
introscope.enterprisemanager.trustpassword.channel2.plaintextpassword=true
introscope.enterprisemanager.trustpassword.channel2=<truststore password>


Configurations on IntroscopeAgent.profile:
introscope.agent.enterprisemanager.transport.tcp.port.DEFAULT=1234
introscope.agent.enterprisemanager.transport.tcp.truststore.DEFAULT=<path to truststore>
introscope.agent.enterprisemanager.transport.tcp.trustpassword.DEFAULT=<truststore password>
introscope.agent.enterprisemanager.transport.tcp.keystore.DEFAULT= <path to keystore>
introscope.agent.enterprisemanager.transport.tcp.keypassword.DEFAULT=<keystore password>

Error on IntroscopeEnterpriseManager.log:

[WARN] [IntroscopeAgent.ConnectionThread] Failed to connect to the Introscope Enterprise Manager at <EM name>

 

[DEBUG] [IntroscopeAgent.Agent] java.net.ConnectException: Connection refused 

 

Environment:
EM and Java agent, version 10.1

Cause:

By default, only channel 1 is enabled:
introscope.enterprisemanager.enabled.channels=channel1
#introscope.enterprisemanager.enabled.channels=channel1,channel2


Resolution:

Notice that the log error is "Connection refused". It points to a connectivity issue such as port conflicts and not an issue with the keystore and/or truststore (since it hasn't reached the point of authentication yet). Since channel 2 has been enabled for the SSL connection, we need to have the following settings: (if we want to keep channel1, which by default has been set for HTTP EM connection):
introscope.enterprisemanager.enabled.channels=channel1,channel2