question

Bill S. avatar image
Bill S. asked ·

Collector to Server Connection Issue

I am unable to get one of my collectors to connect to the DT server. This is on a new install of v7.

This is the error I'm receiving...

Caused by: java.security.cert.CertificateException: client declined ssl client certificates with alias [xxxxxxxx.xxxxx.xxxx.xxxx:6699_client]

I've looked through documentation regarding this and have tried clearing the keys and certs. This worked on a similar connection issue I had with another collector, but this one is being stubborn.

appmon7.0
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Bill S. avatar image
Bill S. answered ·

From DT_HOME...
dtcollector -Dclearcerts

dtcollector -Dclearkeys

I tried your solution but getting "Access Denied" when attempting to save updates.

2 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Access denied by the OS or by AppMon? I would be making this change manually (with a backup) with an account with write permissions.

0 Likes 0 · ·

By the OS. I am in the administrator's group on the box.

0 Likes 0 · ·
James K. avatar image
James K. answered ·

I'm not sure what process you followed to clear the certs but this is the method I found in a support case with that error (that was for an issue connecting the mem analysis server but I imagine it's similar):

"I was looking for an optimal solution to correct Memory Analysis server certificate kept in dtServer keystore. The least troublesome is to delete all certificates accepted so far by the server and let the server acquire them automatically once again.

Please add -Dclearcerts in dtserver.ini to remove all accepted certs in the ServerKeyStore and restart dtServer (backend) service. The act of wiping off certificates will be reported in server.0.0.log as below:

2017-03-31 10:16:16 WARNING [DynatraceKeyStore] deleting all certificate entries in keystore

Remove that property from ...\Dynatrace 6.5\dtserver.ini and restart the service once more. When it starts over new set of certificates including the one from MemoryAnalysis server will be acquired and stored in keystore.

P.S.
It is strongly advisable to make a backup copy of all files form
c:\Program Files\Dynatrace\Dynatrace 6.5\server\conf\ matching the pattern of
*.key, *.bkp, *.bks, *.jks, *.salt
They might be needed if something goes wrong while removing certificates"

James

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.