Troubleshooting Common REST API issues

Use the information in this topic to solve common issues in Common REST API (CRA).

To make sure that CRA receives and displays data, confirm the Java directory configuration.

Related topics

Installing-and-configuring-the-Common-REST-API

FAQs-and-additional-resources

Issue

Your CRA server STDOUT log displays the following error message:

CEE3501S The module libjvm.so was not found. From entry point JzosVM::initializeVMArgs() at compile unit offset +000 00094 at entry offset +00000094 at address 4310620C.

Probable cause 

The error message indicates that the CRA server environment is not correctly pointing to the Java 17 for one of the following reasons:

  1. You applied the latest PTF and the IBM SDK Java 17 is not in the default /usr/lpp/java/J17.0_64 directory.
  2. Your CRA server is pointing to the correct Java directory, but updates to the Java package changed the Java SDK library location in your mainframe.

Resolution

To resolve this error, if you have not yet applied the latest PTF, apply the PTF and complete the configuration. When the job is finished, restart the CRA server. 

If you still see the error, your CRA server is probably not in the default directory. Perform the following steps:

  1. Open the CRATCSRV started task and update the installation path for CRA.
  2. Use the absolute path (for example, JAVAHOME='/usr/lpp/java/J17.0_64') to the Java 17 directory in your environment. 
  3. Restart the CRATCSRV started task and make sure it runs with return code 0.


Issue

The started task seems to be running, but the URL https://CRA server_host:CRA server_port/cra is not accessible.

Probable cause 

The issue can have one of the following causes:

  • The protocol (HTTP or HTTPS) is not set properly in the CRACMNEV member of the UBBSAMP data set.
  • The configuration.JSON is not present in the USS directory of your CRA server.

Resolution

Follow the appropriate instructions in Installing-and-configuring-the-Common-REST-API.

Important

HTTPS is the default protocol for CRA. Using HTTPS requires a certificate.

If the problem persists, contact BMC support.

Issue

The system or user abend (S878 R=00000014) occurred during the initialization of the CRA server.

Probable cause 

The parameter for Java Virtual Machine (JVM) heap size is set to a min of 256m and a max of 512m as the default memory. 

Resolution

Increase the JVM heap size.

  1. To increase the JVM heap size, edit the following default parameter values in the CRATCENV member from the &INSTALLHLQ.BMCSAMP data set:
    IJO="-Xms256m -Xmx512m"
    1. Replace -Xms256m with Xms512m
    2. Replace -Xmx512m with -Xmx1048m
  2. Restart the CRA server.

If the problem persists, contact your system administrator. 

Issue

The CRA server broadcasts a security violation message, when you try to access a resource profile (EZB.SOCKOPT.sysname.tcpname.SO_BROADCAST). 

An example of a typical message is as follows:

RSER-EZB.SOCKOPT.SYSB.TCPIP.SO_BROADCAST       *VIO RSER-EZB1                     
RRZXMV00000 AXXBBSTC    STCINRDR SYSB ACF9CFAT NO-RULE    -    DIRECTRY READ     
22.312 11/08 18.41   CRA server started task AXXBBSTC MV-STC-USER           0  0 20  0 16    
SAF RESOURCE CLASS SERVAUTH                                                         
                                                                                       
RESOURCE NAME: EZB.SOCKOPT.SYSB.TCPIP.SO_BROADCAST

Probable cause 

The CRA server issues this message when you try to access a resource profile that is not defined or you do not have READ permission to access it.

The CRA server issues this message as a part of its cluster (groups) functionality to dynamically discover all members in the cluster. Because members in the cluster are grouped together by using the same multicast address or port combination, each member sends a heartbeat within a given interval. This heartbeat is used for dynamic discovery. For more information, see the Apache Tomcat 8 Configuration documentation. 

Resolution

Define the resource profile and provide READ permission to access the resource profile. For more details, see the IBM z/OS Communications Server: IP Configuration Guide.

Issue

The CRA server issues the following error message:

Unable to verify password for user <userId> Success: false, errno: 157, errno2: 151782063, errnoMsg: EDC5157I An internal error has occurred.

Probable cause 

The APF-authorization is not properly set for the uimjni library. 

Resolution

If you are using the 64-bit version of JAVA, delete the uimjni file.

If you are using the 32-bit version of JAVA, follow these steps:

  1. Navigate to the root path of a CRA directory, where you have installed CRA. Default path: /u/MAINVIEW/cra210
  2. Update the uimjni library's Extended attributes by issuing the following command:
    extattr +a +p uimjni
  3. Set the following parameter values from 0 (zero) to 1:
    1. APF authorized
    2. Program controlled  
  4. Restart the CRA server. 

Issue

The CRA server fails to start

Probable cause 

Following are some of the probable causes:

  • Incorrect CRA_HOME, Java Home, DSN on the mainframe, or Java version
  • The user that started the task has no permissions for CRA_HOME
  • The port is already in use
  • Incorrect security configurations
  • The system or user abend (S878 R=00000014) occurred during the initialization of the CRA server

  • The following message appears in the STDOUT log:

    CEE3501S

    The module libjvm.so was not found. From entry point JzosVM::initializeVMArgs() at compile unit offset +000 00094 at entry offset +00000094 at address 4310620C.


Resolution

Following are some of the actions that you can perform:

  • Verify that the security configurations are correct. For more information, see Setting-up-CRA-to-work-as-a-stand-alone-server.
  • If the working folder has changed, verify that the following files exist in CRA_HOME:
    • cra.jar
    • configurations.json
    • cra.war
    •  mapping.json
    • m3mapping.json
    • gpmlog4j2.xml
    • gpm.jar
    • gpm_configurations.json
    • gpm_custom.properties
    • gpm.war
    • cralog4j2.xml
    • cra_custom.properties

Issue

The service does not appear in the services list

Probable cause 

Following are some of the probable causes:

  • Incorrect configurations.json in CRA_HOME/config
  • You receive the following errors:
    • 400—Service registered via RTCS and cannot be deleted
    • 404—The path is not valid
    • 500—Failed to edit the configuration.json file

Resolution

Following are some of the actions that you can perform:

  • Verify that the configurations.json file is in the correct form. For more information, see Registering-services-with-the-Common-REST-API.
  • Verify that manual changes to the configurations.json file are made using an ASCII editor, such as VI. The configuration.json file is ASCII-encoded.

Issue

The Data Collector Client (DCC) does not work as expected

Resolution

Following are some of the actions that you can perform:

Issue

Unable to log into the services

Probable cause 

Following are some of the probable causes:

  • Security violation when trying to access a resource profile: "EZB.SOCKOPT.xxxx.TCPIP.SO_BROADCAST ... ".

  • Specified incorrect user ID or password or you get the following message:

    Unable to verify password for user <userId> Success: false, errno: 157, errno2: 151782063, errnoMsg: EDC5157I An internal error has occurred.

  • Specified incorrect passphrase
  • The Host server version is not supported
  • A certificate was created with incorrect keystore and truststore

Resolution

Following are some of the actions that you can perform:

  • Verify that you follow the listed steps in the Setting-up-CRA-to-work-as-a-stand-alone-server section
  • Verify that you have specified the correct credentials and that the required certificates are in place
  • Verify that the Host server version is 7 and above

Issue

Fails to send BMC AMI Ops Automation events

Probable cause 

Authentication issues


Resolution

Following are some of the actions that you can perform:

  • Verify that the CRA server is installed and running. For more information, see Installing-and-configuring-the-Common-REST-API.
  • Verify that the BMC AMI OpsA is installed and running. For more information, see product documentation.
  • Check the opsa.auth value in the application.properties file. If it is true, authentication is required. 
  • Verify that the parameters in the body are correct according to Triggering-BMC-AMI-Ops-Automation-using-the-Common-REST-API.
  • View the following error codes:
    • 401—Authentication error
    • 404—Invalid path
    • 500—BMC AMI OpsA server is not accessible

Issue

SSL Connection not working

Probable cause 

Incorrect parameter settings


Resolution

Verify and set the following parameters in the data set that relates to the CRA:

  • AMICRA_SSL = true 
  • AMICRA_PROTOCOL = https
  • AMICRA_KEYSTORE_TYPE = <your keystore type JKS / PKCS12>
  • AMICRA_KEYSTORE_ALIAS = <your keystore alias>
  • AMICRA_KEYSTORE_PASSWORD = <your password>
  • AMICRA_KEYSTORE_NAME = <your location of the keystore>

After setting the listed parameters, restart the server. If the issue persists, perform the following actions:

  1. Stop the CRA server.
  2. Delete all the logs in the logs directory.
  3. Login to CRA.
  4. Send the latest logs to BMC for further investigation.  

Issue

The SAF Keyring is not working

Probable cause 

Invalid parameter settings

Resolution

Verify and set the following parameters in the data set that relates to the CRA:

  • AMICRA_SSL = true
  • AMICRA_PROTOCOL = https
  • AMICRA_KEYSTORE_TYPE = <your keystore type>
  • AMICRA_KEYSTORE_ALIAS = <your keystore alias>
  • AMICRA_KEYSTORE_PASSWORD = PASSWORD
  • AMICRA_KEYSTORE_NAME = <safkeyring://craUserID/keyringName>  

For more details, see Setting-up-CRA-to-work-as-a-stand-alone-server

After setting the listed parameters, restart the server. If the issue persists, perform the following actions:

  1. Stop the CRA server.
  2. Delete all the logs in the logs directory.
  3. Login to CRA.
  4. Send the latest logs to BMC for further investigation.  

Issue

CMF Integration Server is not working 

Probable cause 

Invalid parameter settings

Resolution

Verify the following settings:

  • Verify that the GPM_HOME is set correctly in the JCL.
  • Set log level to TRACE to see detailed logs.
  • Check that the update GET URL request is working and returns a good response (200 = OK).
  • Verify that you have generated and configured your client certificate in gpm_custom.properties:
    • mve.keystore.file=<location of your client certificate>

    • mve.keystore.password=<password of your client certificate>

      Important

      The certificate must be in PKCS12 format only. We recommend using tools such as keystore explorer to open your certificate and check whether your password matches. Also, check your certificate.

  • Edit the gpm_configurations.json in the installationDirectory file. If it does not already exist, create it.

  • You must specify the Host server name and port for the gpmOnlyUse service in  gpm_configurations.json file. For more details, see Configuring the CMF Integration Server to extract CMF data.

  • Verify that the generated logs are in the logs directory under your GPM_HOME.

Issue

Failed to send events to Kafka

Probable cause 

Invalid parameter settings

Resolution

Verify the following settings:

  • In the BBPARM member BBISSPxx for the PAS, verify that the following product codes were entered:
    • PRODUCT=AAO
    • PRODUCT-IIZ
  • Verify that it is possible to send events from the producer in the terminal session in Kafka to the consumer in another terminal session in Kafka. For more details, see: https://kafka.apache.org/quickstart.
  • Verify in Kafka that it is possible to consume and produce the topic from the request.
  • The Kafka can work in one of these three configurations: plain, SSL, or SASL_SSL. Perform the next two steps according to the configuration you choose. We recommend checking the plain configuration first.
  • Verify the correction of the security configuration in the Kafka server (plain, SSL, or SASL_SSL). These files must be checked: server.properties, zookeeper.properties, producer.properties, consumer.properties, and yourZookeeper-client.properties. 
  • Verify the correction of the Kafka properties in the CRA environment file, cra_custom.properties.
  • Verify that it is possible to produce events from CRA and consume them in Kafka. If there is still a problem - bring the cra_custom.properties.

Issue

Failed to use CRA with IBM WebSphere Liberty server

Probable cause 

Invalid parameter settings

Resolution

  • Verify that Java 17 is installed and that the JAVA_HOME environment variable is set correctly.
  • Verify that the cra.war file exists in the installed WebSphere Liberty Server location, the dropins/spring folder.
  • Verify that the following files exist in the configuration folder:
    • cralog4j2.xml
    • cra_custom.properties
    • configurations.json
  • Open the server.env file that is located in the USS directory. Verify that the following parameters are defined correctly:
  • If using https, you must add <feature>transportSecurity-1.0</feature> in the feature manager. 
    For more details, see Setting-up-CRA-to-work-with-the-IBM-WebSphere-Liberty-server.

Issue

Issues with Server logs

Probable cause 

Invalid log levels or incorrect rollover policy

Resolution

  • Verify that the cralog4j2.xml file, which is located in CRA_HOME was defined correctly.
  • The log level is defined in the Loggers tag. It must be INFO by default. 
  • Verify the correction of the rollover policy in the cralog4j2.xml. For more details, see Managing-file-spaces-in-USS-logs.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*