ITPAM SOAP calls to Catalog report handshake error

Document ID : KB000112478
Last Modified Date : 29/08/2018
Show Technical Document Details
Issue:
When ITPAM tries to make a SOAP call to Catalog it is reporting a handshake error in the C2O.log.
It also shows: SOAPExceptionImpl: Message send failed 
This happens when it tries to do something simple like login to catalog.
The SOAPUI might work with the same call.
Cause:
The first thing to check is that the same call works from the SOAPUI from the ITPAM server.
There could be a problem with the server name (for example, using long name vs. short name).
There could also be a problem with the user rights.
However, if the SOAPUI works then the next thing to check it the protocol that is being used to connect.
By default, ITPAM will use TLSv1 unless it has been configured to use something different.

 
Resolution:
On the Catalog server check:
%USM_HOME%\view\conf\server.xml
In the section where you configured the secure website (usually on either 8443 or 443) see if you have an SSLEnabledProtocols property.
If this says "TLSv1.1,TLSv1.2" for example, then this is only listening for TLS versions 1.1 and 1.2. This means ITPAM SOAP calls using TLSv1 would fail.
You can add TLSv1 but this is no longer a secure protocol.
Alternatively,
Check the ITPAM server for the file:
c2osvcw.conf   (Under the bin folder).
You can add a line (if one does not exist) line:
wrapper.java.additional.15=-Dhttps.protocols=TLSv1.1,TLSv1.2 
Please note that there can not be any gaps in the numbers. So if your last line is 13 then this line should be 14, etc.