Troubleshooting TLS configuration issues

Enabling the TLS debug log messages

Issue: If there are any TLS configuration issues, the relevant cell service logs do not have related messages to identify the issues.

Resolution: The following section helps you to enable TLS logs so that the TLS related information is logged in the files:

To enable TLS debug log messages for TrueSight Infrastructure Management

Do the following:

  1. Using a text editor, open and edit the following configuration files:

    Component

    Process

    Configuration file

    TLS debug log file

    TrueSight Infrastructure Management


    JServer

    (Windows and Linux) <Infrastructure Management Server Installation Directory>\TrueSight\pw\pronto\conf\pnjserver.conf

    Truesight.log

    Rate

    (Windows and Linux) <Infrastructure Management Server Installation Directory>\TrueSight\pw\pronto\conf\pnrate.conf

    Truesight.log

    Integration Service

    (Windows and Linux) <Infrastructure Management Server Installation Directory>\TrueSight\pw\pronto\conf\pnagent.conf

    Truesight.log

    pronet_cntl

    (Windows and Linux) <Infrastructure Management Server Installation Directory>\TrueSight\pw\pronto\conf\pnagentcntl.conf

    Truesight.log

  2. Add the -Djavax.net.debug parameter and set it to ssl as shown in the following code block, and save the files: 

    #Debug -Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005
    Option=Debug -XDebug -XNoagent -Djavax.net.debug=ssl -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005
  3. (Applicable only to the Rate process) Run the following command to print the log messages in the <Infrastructure Management Server Installation Directory>\TrueSight\pw\pronto\logs\debug\rate.log file:
    pw debug on -p rate -s rate

  4. (Applicable only to the Agent Controller process) Run the following command to print the log messages in the <Infrastructure Management Server Installation Directory>\TrueSight\pw\pronto\logs\debug\pronet_cntl.log file: 

    pw debug on -p pronet_cntl -s pronet_cntl

  5. Restart the JServer, Rate, Integration Service, and pronet_cntl processes. 

    TLS related information and errors will be printed in the <Infrastructure Management Server Installation Directory>\TrueSight\pw\pronto\logs\Truesight.log file.

To enable TLS debug log messages for Publishing Server

  1. Go to the <Infrastructure Management Server Installation Directory>\TrueSight\pw\server\bin directory. 
  2. Using a text editor, open and edit the following file:
    • (Windows) pserver.bat
    • (Linux) pserver.sh

  3. Add the -Djavax.net.debug parameter and set it to ssl in the PS_JVM_ARGS variable as shown in the following code block, and save the file:

    set PS_JVM_ARGS=-Dps=DUMMY -Djava.library.path="%ATRIUM_CMDB_HOME%" -Dorg.apache.activemq.SERIALIZABLE_PACKAGES="*" -Djavax.net.debug=ssl

  4. Restart the pserver process.

    TLS related information and errors will be printed in the <Infrastructure Management Server Installation Directory>\TrueSight\pw\server\tmp\<ps_name>\pserver.out file.

To enable TLS debug log messages for Impact Integration Web Services (IIWS) server

Microsoft Windows

  1. Go to the <IIWS Installation Directory>\Tomcat\bin directory. 
  2. Create a file named setenv.bat.
  3. Add the following line in the setenv.bat file:
    set JAVA_OPTS= -Djavax.net.debug=ssl
  4. Stop the Windows service in the IIWS server.
  5. Go to the <IIWS Installation directory>\Tomcat\bin directory. 
  6. From the command prompt, run the following command to start Tomcat:
    catalina start >  stdout.txt 2>&1
    This command will open a new window and start displaying the SSL log messages.

Linux

  1. Go to the <IIWS Installation Directory>/Tomcat/bin directory.
  2. Create a file named setenv.sh.
  3. Add the following line in the setenv.bat file:
    JAVA_OPTS=' -Djavax.net.debug=ssl '
  4. Stop the IIWS server by running the following command:
    ./BMCImpactWebService stop
  5. Start the IIWS server by running the following command:
    ./BMCImpactWebService start

           The SSL logs will be printed in the <IIWS Installation Directory>/Tomcat/logs/catalina.out file.

To enable TLS debug log messages for TrueSight Presentation Server

  1. Go to the <Presentation Server Installation Directory>\truesightpserver\conf\services directory. 
  2. Open and edit the csr.conf file.

  3. Add the -Djavax.net.debug parameter and set it to ssl as shown in the following code block, and save the file:

    vm.args.system.<number>=-Djavax.net.debug=ssl

  4. Restart the Presentation Server.

    TLS related information and errors will be printed in the <Presentation Server Installation Directory>\truesightpserver\logs\session.stdout file.


Where to go from here

Troubleshooting-a-Presentation-Server-deployment

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*