Communication error from the App Visibility agent for .NET to the server

On Windows Server 2012, the App Visibility agent for .NET log file, installationDirectory\BMC Software\App Visibility\Agent for .NET\logs\current.log, occasionally shows an error in communication with the App Visibility portal or collector.

Sample error

06:15:21.636 1656: 5872 NOTICE AgentCore::ExternCommLayer::CollectorTask<struct AgentCore::RequestInstance const >::execute(): Task executed with exception, call callback with exception info for processing; ex: AgentCore::ExternCommLayer::HttpException{message: `SendRequest failed. Destination info: HttpDestRequest

{host: L`<hostName>’, port: 8200, proxy: L`', proxyPort: 0}

, security info: HttpSecurityInfo
{securityLevel: 3(secure - encrypted and authenticated), certificationHint: 0(self signed)}
: The buffers supplied to a function was too small. (error code: 2148074273/0x80090321)'}; agentcore\externcommlayer\collectorproxy\collectorproxy.cpp(56); /AgentCore/ExternCommLayer/CollectorProxy

Issue

Sometimes, communication fails between the App Visibility agent for .NET and the App Visibility portal or collector.

Probable cause

An open issue with Microsoft exists, where the TLS handshake intermittently fails for the DHE-RSA key exchange.

Resolution

Perform one of the following procedures:

To update the ciphers for the tomcat.ciphers property for the portal and collector

If you upgraded to version 11.0, you can remove the DHE ciphers and use stronger, more secure ciphers.

  1. Stop the App Visibility portal collector services.
  2. Open the properties file for each component in a text editor:
    • Portal: portal_installationDirectory\portal\properties\portal.properties
    • Each collector:collector_installationDirectory\collector\properties\collector.properties
  3. In each component property file, copy the tomcat.ciphers property.
  4. Comment out one copy (add a hash tag # character to the beginning of the line), creating a commented reference.

  5. Copy the following cipher list to the non-commented tomcat.ciphers property:

    tomcat.ciphers=HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!RC4:!MD5:!DHE 
  6. Start the services.
To remove the TLS 1.2 protocol from the portal and collector properties files
  1. For the App Visibility portal and collector, open the properties files:
    • Portal: portal_installationDirectory\properties\portal.properties
    • Each collector: collector_installationDirectory\properties\collector.properties
  2. In each component property file, copy the tomcat.ssl.enabled.protocols property.
  3. Comment out one copy (add a hash tag # character to the beginning of the line), creating a commented reference.
  4. Remove the TLSv1.2 value from the non-commented property:
    tomcat.ssl.enabled.protocols = SSLv2Hello,TLSv1,TLSv1.1
  5. Save the property file.
  6. Restart the server component service.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*