000011908 - Cleartrust server is unable to make a connection to the aserver for cache updates.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011908
Applies ToClearTrust Entitlements Server 5.5.3
IssueCleartrust eserver is unable to make a connection to the aserver for cache updates.

Dispatcher in debug mode shows the following error:

--> AuthListRequestHandler: accepted connection from 10.10.10.145 on port 5608

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?


Dispatcher standard output shows the following error message:

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
        at com.sun.net.ssl.internal.ssl.InputRecord.b(DashoA6275)


Eserver debug output shows the following error message:

13:10:25:062 [*] [main] - refreshServerPool: no data. wait max 3s... (2s left)
13:10:28:069 [*] [main] - waiting for connect
13:10:28:075 [*] [main] - refreshServerPool: done, have 0 connections
13:10:28:077 [*] [main] - refreshServerPool: AuthServerPool[]
Failed to connect to runtime subsystem: unable to contact any servers
Retry in 10 seconds

CauseThe eserver is unable to contact the aserver because the SSL mode for communication between the servers is set incorrectly.  The aserver, eserver, dispatcher, and keyserver, as well as all agents, must communicate using the same ssl settings.
Resolution

Change the setting in the eserver.conf file for

cleartrust.net.ssl.use:

to the same value as the setting in the aserver.conf and dispatcher.conf file.  Note the default setting is "anon".

Legacy Article IDa39192

Attachments

    Outcomes