We are experiencing an issue connecting to directory servers following upgrading to Inventory 10.0.4.0. We have performed the upgrade 3 times in two different environments and received the same outcome each time.
In each environment we have a directory server configuration that points to three different domain controllers using SSL. We test the connections prior to the upgrade and everything looks good.
After the upgrade the directory server connections show they need to trust the DC certificates when tested. After checking the trust certifcate checkboxes and saving the configuration (with password for the service account), all connections show “connect error” when tested.
The tema logs start showing these errors whenever the connection is tested (sensitive info redacted):
4/7/21 12:44:20:542 UTC] 00000358 SystemOut O 2021-04-07 12:44:20 INFO: Parameters: {"utf8"=>"âś“", "directory"=>{"name"=>"Directory Server", "schema_template"=>"microsoft", "global_catalog"=>"1", "user_filter"=>"(&(objectCategory=Person)(|(sAMAccountName=*)(userPrincipalName=*)))", "login_attribute"=>"userPrincipalName", "group_filter"=>"(objectCategory=Group)", "membership_attribute"=>"member", "search_base"=>"DC=<redacted>,DC=<redacted>,DC=com", "ssl"=>"1", "anonymous_bind"=>"0", "username"=>"<redacted>", "password"=>"[FILTERED]", "primary_server_attributes"=>{"host"=>"<redacted>", "port"=>"3269", "id"=>"1"}, "backup_servers_attributes"=>{"0"=>{"host"=>"<redacted>", "port"=>"3269", "id"=>"5"}, "1"=>{"host"=>"<redacted>", "port"=>"3269", "id"=>"6"}}}, "id"=>"1"}
[4/7/21 12:44:20:760 UTC] 00000358 SystemOut O 2021-04-07 12:44:20 ERROR: Invalid custom truststore path
[4/7/21 12:44:20:932 UTC] 00000358 SystemOut O 2021-04-07 12:44:20 ERROR: Invalid custom truststore path
[4/7/21 12:44:20:948 UTC] 00000358 SystemOut O 2021-04-07 12:44:20 ERROR: Invalid custom truststore path
[4/7/21 12:44:20:995 UTC] 00000358 SystemOut O 2021-04-07 12:44:20 ERROR: Invalid custom truststore path
[4/7/21 12:44:21:088 UTC] 00000358 SystemOut O 2021-04-07 12:44:21 WARN: An error occurred while attempting to connect to server <redacted>:3269: IOException(LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to establish a connection to server <redacted>:3269: SSLException(Connection reset), ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb'))
[4/7/21 12:44:21:088 UTC] 00000358 SystemOut O 2021-04-07 12:44:21 INFO: Errors from LDAP Server, e.resultCode.name=connect error
The tema log does show that the truststore is loaded successfully:
[4/7/21 12:54:37:795 UTC] 0000001a com.ibm.ws.ssl.config.WSKeyStore I Successfully loaded default keystore: D:/Program Files/ibm/BFI/wlp/usr/servers/server1/resources/security/key_server.jceks of type: JCEKS
No changes have been made to the domain controllers. We do not have a custom truststore. We have tried creating new directory server configs, creating custom truststores, adding a full path to the truststore in the server.xml file where it previously just specified “key_server.jceks” and just plain restarting the server just to see if there was a simple way around this issue, but nothing has worked so far.
Anyone else seeing this issue?