• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
  • Home /
  • Public Forums /
  • Application Monitoring & UEM /
  • AppMon & UEM Open Q&A /
avatar image
Question by Oleksandr M. · Sep 07, 2017 at 12:45 PM · appmon alerting 6.5 agent plugins database administration server collector

Could not convert socket to TLS [EmailSender] WARNING

Hi,

Could anyone tell what does it mean those errors in Server.log?

"Could not convert socket to TLS WARNING [EmailSender]"

How to avoid it?

2017-09-03 06:41:47 WARNING [StringTable] A string could not be found in server side StringTable. Suppressing this warning for another 60000 ms.
2017-09-03 06:41:57 WARNING [EmailSender] Delaying 1000ms before starting retry 1 of 1, error: org.apache.commons.mail.EmailException: Sending the email to the following server failed : email.domain.net:25
2017-09-03 06:41:58 WARNING [EmailSender] Sending email caused an exception: Sending the email to the following server failed : email.domain.net:25
Could not convert socket to TLS
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
unable to find valid certification path to requested target: com.dynatrace.diagnostics.server.shared.email.EmailSender a:207
org.apache.commons.mail.EmailException: Sending the email to the following server failed : email.domain.net:25
at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1421)
at org.apache.commons.mail.Email.send(Email.java:1448)
at com.dynatrace.diagnostics.server.shared.email.ImageHtmlEmail.resend(SourceFile:106)
at com.dynatrace.diagnostics.server.shared.email.EmailSender.a(SourceFile:322)
at com.dynatrace.diagnostics.server.shared.email.EmailSender.sendEmailSub(SourceFile:163)
at com.dynatrace.diagnostics.server.shared.email.EmailSender.sendEmailSub(SourceFile:110)
at com.dynatrace.diagnostics.server.ServerAccessController.sendEmail(SourceFile:5178)
at com.dynatrace.diagnostics.core.incidents.IncidentMailSender.a(SourceFile:489)
at com.dynatrace.diagnostics.core.incidents.IncidentMailSender.a(SourceFile:516)
at com.dynatrace.diagnostics.core.incidents.IncidentMailSender.a(SourceFile:410)
at com.dynatrace.diagnostics.core.incidents.IncidentMailSender.a(SourceFile:65)
at com.dynatrace.diagnostics.core.incidents.IncidentMailSender$BulkIncidentMailTask.run(SourceFile:525)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1907)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:666)
at javax.mail.Service.connect(Service.java:295)
at javax.mail.Service.connect(Service.java:176)
at javax.mail.Service.connect(Service.java:125)
at javax.mail.Transport.send0(Transport.java:194)
at javax.mail.Transport.send(Transport.java:124)
at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1411)
... 13 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:549)
at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:486)
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1902)
... 20 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 30 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 36 more
Comment

People who like this

0 Show 0
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

2 Replies

  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image
Best Answer

Answer by James K. · Sep 07, 2017 at 01:08 PM

Which minor version of 6.5 are you on? I see that there have been some updates over time that resolved errors that are the same as what you are seeing (>6.5.4) should have the relevant updates but you would install the latest release if it applies here.

Otherwise I see some reports that it was originally caused by your email server supporting StartTLS so when AppMon tries to connect using this it failed because of a certificate issue. Some possible fixes are listed below:

  • disable STARTTLS on your email server
  • wait until the 6.5.3 update where you can select plaintext SMTP session in the DT GUI (this can be set now in the 'connection type' field of the email services settings)
  • fix the certificate issue by importing the root certificate that signed your email server certificate into "DT_HOME/jre/lib/security/cacerts" (Oracle-provided default passphrase is "changeit")
  • edit the "<mailserver>" element in server.config.xml and set the attributes as follows: starttls="false" requirestarttls="false"

James

Comment
Oleksandr M.
Maciej N.

People who like this

2 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Oleksandr M. · Sep 07, 2017 at 01:38 PM

HI James,

It means that the emails were sent all time no tls anyway ?

Version 6.5.16.1011

Now was set: StartTLS


tls.jpg (56.9 KiB)
Comment

People who like this

0 Show 4 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image James K. · Sep 07, 2017 at 01:50 PM 1
Share

I don't know how you had it set before, but normally this type of error would pop up after a major upgrade. If you started seeing this recently some other change most likely occurred wither in the AppMon settings or on the email server side. I'm not familiar enough to provide any details beyond what I have.

avatar image Oleksandr M. James K. · Sep 07, 2017 at 02:18 PM 0
Share

james,

I see that the emails come using tls:

in email headers : (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384)

Could it be problem with some clients

avatar image James K. Oleksandr M. · Sep 07, 2017 at 02:44 PM 1
Share

I'm not sure I understand, are you seeing all of the emails now or are only some working? I would expect it would be completely working or completely failing - the communication that setting is for is between the AppMon server and your email server, the clients don't come into play apart from conifguration.

avatar image Oleksandr M. James K. · Sep 12, 2017 at 11:28 AM 0
Share

James,

Thanks, that was problem in Cetrificate. If turn off the TLS, and turn on Encripted - the events gone.

Oleksandr

How to get started

First steps in the forum
Read Community User Guide
Best practices of using forum

NAM 2019 SP5 is available


Check the RHEL support added in the latest NAM service pack.

Learn more

LIVE WEBINAR

"Performance Clinic - Monitoring as a Self Service with Dynatrace"


JANUARY 15, 3:00 PM GMT / 10:00 AM ET

Register here

Follow this Question

Answers Answers and Comments

25 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Configuration for JUnit Test Perfomance View (Business Transaction, Measure, Sensor pack methods)

Dynatrace Log4net log from MongoDB

need to configure one alert,if server is down.please tell me how to configure the alert.

Roadmap to Azure App Service monitoring for AppMon 6.5 and classic .net Windows Data Center Edition agent owners

Eclipse Plugin - no test results available

Forum Tags

dotnet mobile monitoring load iis 6.5 kubernetes mainframe rest api dashboard framework 7.0 appmon 7 health monitoring adk log monitoring services auto-detection uem webserver test automation license web performance monitoring ios nam probe collector migration mq web services knowledge sharing reports window java hybris javascript appmon sensors good to know extensions search 6.3+ server documentation easytravel web dashboard kibana system profile purelytics docker splunk 6.1 process groups account 7.2 rest dynatrace saas spa guardian appmon administration production user actions postgresql upgrade oneagent measures security Dynatrace Managed transactionflow technologies diagnostics user session monitoring unique users continuous delivery sharing configuration alerting NGINX splitting business transaction client 6.3 installation database scheduler apache mobileapp RUM php dashlet azure purepath agent 7.1 appmonsaas messagebroker nodejs 6.2 android sensor performance warehouse
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A