Troubleshooting the BMC Helix Intelligent Integrations issues
This topic describes the issues that you might encounter when using BMC Helix Intelligent Integrations.
Issue symptoms
The following error message is displayed when you access the BMC Helix Intelligent Integrations on-premises gateway UI.
400 error: This page isn't working.
In addition, the swp-authproxy container logs contains one of the following error messages:
No valid user identifier was found, redirecting to the RSSO Server.
Or,
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at java.net.http/jdk.internal.net.http.HttpClientImpl.send(Unknown Source) ~[java.net.http:na]
at java.net.http/jdk.internal.net.http.HttpClientFacade.send(Unknown Source) ~[java.net.http:na]
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Issue scope
This issue occurs when authentication is enabled for the on-premises gateway.
Resolution
Make sure that the OAuth client is registered correctly. For more information, see Setting up authentication for the on-premises gateway.
Issue symptoms
The following error message is displayed when you access the BMC Helix Intelligent Integrations on-premises gateway UI for which authentication is enabled:
400 error: This page isn't working.
In addition, the swp-authproxy container logs contains an error message similar to the following:
Caused by: java.nio.channels.UnresolvedAddressException: null
at java.base/sun.nio.ch.Net.checkAddress(Unknown Source) ~[na:na]
at java.base/sun.nio.ch.Net.checkAddress(Unknown Source) ~[na:na]
at java.base/sun.nio.ch.SocketChannelImpl.checkRemote(Unknown Source) ~[na:na]
at java.base/sun.nio.ch.SocketChannelImpl.connect(Unknown Source) ~[na:na]
Issue scope
This issue occurs when authentication is enabled for the on-premises gateway.
Resolution
To resolve the issue, perform the following steps:
- Check if any proxy or firewall is present between the on-premises gateway host and BMC Helix platform.
Interception by the proxy or firewall could lead to invalid SSL certificates. - Disable the proxy or firewall.
- Obtain the SSL certificates from the BMC Helix platform deployment again.
- Import the certificates again.
For instructions, see Task 2: To import SSL certificates into the on-premises gateway. - Enable the proxy or firewall.
Issue symptoms
You experience the following issues in the BMC Helix Intelligent Integrations:
- Unable to view the existing connectors.
- Unable to add new source and destination.
In addition, container logs contain one of the following error messages:
- The swp-mediator container logs
Access denied: bad token, serviceName: mediator, token: Some(*****), uri: /api/mediator/v3/origins/retrieve/all, errors: Bad JWT: failed to get permission using ims-sdk, url http://helix-abc.com/, error: com.bmc.ade.ims.exceptions.IMSTokenException: java.util.concurrent.ExecutionException: com.bmc.ade.ims.exceptions.IMSTokenException: org.apache.http.conn.HttpHostConnectException: Connect to helix-abc.com:80 [helix-abc.com/172.16.189.150] failed: Operation timed out
com.lightbend.lagom.scaladsl.api.transport.PolicyViolation: User not authenticated - The swp-authproxy container logs
18-06-25 07:53:14.501 UTC [O-1 I/O-13] DEBUG io.undertow.request.error-response.debugf() : Setting error code 500 for exchange HttpServerExchange{ GET /swpui/api/mediator/v3/destinations/retrieve/all}
java.lang.RuntimeException: null
at io.undertow.server.HttpServerExchange.setStatusCode(HttpServerExchange.java:1491) ~[authproxy.jar:na]
at io.undertow.server.handlers.proxy.ProxyHandler$ResponseCallback.completed(ProxyHandler.java:724) ~[authproxy.jar:na]
at io.undertow.server.handlers.proxy.ProxyHandler$ResponseCallback.completed(ProxyHandler.java:702) ~[authproxy.jar:na]
at io.undertow.client.http.HttpClientExchange.setResponse(HttpClientExchange.java:125) ~[authproxy.jar:na]
at io.undertow.client.http.HttpClientConnection$ClientReadListener.handleEvent(HttpClientConnection.java:670) ~[authproxy.jar:na]
at io.undertow.client.http.HttpClientConnection$ClientReadListener.handleEvent(HttpClientConnection.java:535) ~[authproxy.jar:na]
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) ~[authproxy.jar:na]
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66) ~[authproxy.jar:na]
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89) ~[authproxy.jar:na]
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591) ~[authproxy.jar:na]
18-06-25 07:53:14.501 UTC [O-1 I/O-13] DEBUG client.http.HttpClientExchange.terminateResponse(): response terminated for request to swp-ui/172.18.0.10:7457 /swpui/api/mediator/v3/destinations/retrieve/all
Issue scope
This issue occurs when authentication is enabled for the on-premises gateway.
Resolution
To resolve this issue, configure the communication protocol between the on-premises gateway and the Identity Management System (IMS) by using the following steps:
- Stop the container services by using the following commands:
- docker-compose
docker-compose down
- podman-compose
podman-compose down
- docker-compose
- Navigate to the /IIGateway_INSTALL_DIR/hii directory.
- Open the docker-compose.yaml or podaman-compose.yaml file with an editor.
- Locate the mediator > environment section and search for the USE_HTTPS_IMS_URL parameter.
- To use the HTTPS protocol for communication, set the value of USE_HTTPS_IMS_URL parameter to true.
When the parameter is set to false (default), the HTTP protocol is used for communication. - Save and close the file.
- Start the container services by using the following commands:
docker-compose service:
docker-compose up -dpodman-compose service:
podman-compose -f podman-compose.yaml up -d