• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
  • Home
  • Public Forums
  • Application Monitoring & UEM
  • AppMon & UEM Open Q&A
avatar image
Question by Nitin D. · Oct 25, 2019 at 04:55 PM · administration server 7.1 client

Unable to connect to :2031 probably untrusted certificate: com.dynatrace.diagnostics.communication.tcp.socket.ssl.DynaTraceSSLSocketFactory openAndConnectSocket:386 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException

Hi,

I have installed Dynatrace 7.1 in Unix. The installation completed without any error.

Now I am trying to connect the server through Client (windows 10) but getting the connection refused error.
All the dyantrace servers are up and running well. There is not an error in any log files except 'FrontendServer.0.0.log'.

In this file, I am getting below error.


UTC WARNING [DynaTrace SSLSocketFactory] Unable to connect to :2031 probably untrusted certificate: com.dynatrace.diagnostics.communication.tcp.socket.ssl.DynaTraceSSLSocketFactory openAndConnectSocket:386 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: client did not accepted ssl client certificates. will not establish trust for [localhost:2031_client]

2019-10-25 13:57:27 UTC WARNING [DefaultConnectionEstablisherJob] exception was thrown while connecting: unable to establish connection to :2031 due a java.net.SocketException: Connection reset: com.dynatrace.diagnostics.communication.tcp.connection.establisher.DefaultConnectionEstablisherJob establishConnection:223

com.dynatrace.diagnostics.communication.tcp.exception.CommunicationException: unable to establish connection to :2031


My Server.config.xml are look like.


 
                

<dynatrace version="7.1.0.1803">

<serverconfig memento.version="7.1.0.1803">

<collectorconfig proxyport="8080" proxyusername="" compress="true" communicationssl="true" useproxy="false" useproxyauthentication="false" groupname="" serveraddress="myserver.com" communicationport="8041" usepreemtiveproxyauth="true" selfmoncollector="false" watchdogtimeout="10" serverport="6699" usetunnel="false" name="Embedded Dynatrace Collector" authstring="" embedded="true" tunnel="http://myserver.com:8033/tunnel" proxyhost="">

<agentlistenaddressconfig>

<listenaddress agentaddress="myserver.com" agentport="9998" />

</agentlistenaddressconfig>

<loggingconfig path="../log/collector/Dynatrace Collector" console="ALL" maxfiles="5" level="ALL" correlationmaxfiles="2" maxbytes="10485760" correlationmaxbytes="31457280" html="false" append="true" />

<buffers agentbuffersize="32768" />

<protocoldumps maxnumberdumps="100" />

Comment

People who like this

0 Show 0
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

3 Replies

  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image

Answer by Guillem P. · Jan 10, 2020 at 11:35 PM

A tricky solution: set your server clock to a time when the cert is valid. Startup all services. Now frontend server is listening for clients. Now you can launch the certs wizard. When wizard is waiting for services to restart, stop manually the services, set time to current time and start services.

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Guillem P. · Jan 10, 2020 at 10:28 PM

Hi,

I'm exactly in the same scenario: expired cert and I can't connect with client so I can't use wizard to deploy new certs. dtfrontendserver is not listening at client port. I've tried to disable ssl between frontend server and backed. Now there is no cert error but frontendserver is still not listening.


I've followed the instructions from the link to deploy a new private key and clear keys but it's not working.

Any clue or suggestion?


Guillem

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Sebastian K. · Oct 25, 2019 at 08:08 PM

AppMon 7.1 may have outdated SSL certificates. You may need to clear default certificates on server using flags from documentation:

https://www.dynatrace.com/support/doc/appmon/shortlink/id_advanced_features_-_certificates_private_keys_and_keystore#clear-stored-certificates-to-force-usage-of-new-ones

and then create new ones using wizard in client.

If backend and front end servers are working fine you may try as well allowing connection via non SSL connection from client. I’m not sure if this is still available. It can be changed in server configuration but I’m not sure if this will take effect in 7.1.

Sebastian

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

How to get started

First steps in the forum
Read Community User Guide
Best practices of using forum

NAM 2019 SP5 is available


Check the RHEL support added in the latest NAM service pack.

Learn more

LIVE WEBINAR

"Performance Clinic - Monitoring as a Self Service with Dynatrace"


JANUARY 15, 3:00 PM GMT / 10:00 AM ET

Register here

Follow this Question

Answers Answers and Comments

30 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Several server instances in one system

is scheduled report task a full analysis ?

Specify one collector port different form the default

Dashboards Source Server Name Change

Issue while generating report

Forum Tags

dotnet mobile monitoring load iis 6.5 kubernetes mainframe rest api dashboard framework 7.0 appmon 7 health monitoring adk log monitoring services auto-detection uem webserver test automation license web performance monitoring ios nam probe collector migration mq web services knowledge sharing reports window java hybris javascript appmon sensors good to know extensions search 6.3+ server documentation easytravel web dashboard kibana system profile purelytics docker splunk 6.1 process groups account 7.2 rest dynatrace saas spa guardian appmon administration production user actions postgresql upgrade oneagent measures security Dynatrace Managed transactionflow technologies diagnostics user session monitoring unique users continuous delivery sharing configuration alerting NGINX splitting business transaction client 6.3 installation database scheduler apache mobileapp RUM php dashlet azure purepath agent 7.1 appmonsaas messagebroker nodejs 6.2 android sensor performance warehouse
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A