No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Self-Service Integration Guide 11

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
What Do I Do If a Connection Is Denied

What Do I Do If a Connection Is Denied

Symptom

The following error occurs when I call an open API:

Exception in thread "main" org.apache.http.conn.HttpHostConnectException: Connection to https://10.66.66.58:32102 refused
 at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:190)
 at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
 at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640)
 at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
 at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
 at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
 at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
 at com.huawei.oms.ros.test.NewHttpsAccess.access(NewHttpsAccess.java:155)
 at com.huawei.oms.ros.test.Login.login(Login.java:34)
 at com.huawei.oms.ros.test.QueryLogs.main(QueryLogs.java:17)
Caused by: java.net.ConnectException: Connection refused: connect
 at java.net.DualStackPlainSocketImpl.connect0(Native Method)
 at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:69)
 at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
 at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
 at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
 at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:157)
 at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
 at java.net.Socket.connect(Socket.java:579)
 at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:612)
 at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:549)
 at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
 ... 9 more

Possible Causes

  • The server open API port (default port number: 32102) is not in the listening state.

    In enterprise solutions, the open API access port must be 32102. Do not use ports such as 8086, 31943, and 32101.

  • The configuration item ip or ssl.keystore.password in the ros.xml file is incorrect.

Procedure

  1. Check whether the open API port 32102 is in the listening state. Run the following commands on Windows, Linux:

    • Windows: netstat -an|findstr 32102
    • Linux: netstat -an|grep 32102

    The following uses Windows as an example to describe how to check whether a port is in the listening state.

    • If no value is returned after the command is executed, the port is not in the listening state. Go to 2.
    • If the command output contains LISTENING, the port is in the listening state. Go to 3.
    C:\>netstat -an|findstr 32102
    TCP    0.0.0.0:32102          0.0.0.0:0              LISTENING
    TCP    [::]:32102             [::]:0                 LISTENING

  2. Check whether the certificate password is the same as that in the ros.xml file. The commands in the Windows, Linux OSs are the same. The following uses the Windows OS as an example.

    If the port is not in the listening state, the common cause is that the password of the certificate (etc/certificate/application/node/nodeKeyStore.jks) is different from the password in the etc/oms.ros/ros.xml file.

    1. Check whether the certificate password is correct.

      In the JRE bin directory, rim the following command:

      keytool -v -list -keystore eSight installation directory/AppBase/etc/certificate/application/node/nodeKeyStore.jks -storepass password

      The following information indicates that the certificate password is not Changeme123@:

      keytool -v -list -keystore eSight installation directory/AppBase/etc/certificate/application/node/nodeKeyStore.jks -storepass Changeme123@
      keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
      java.io.IOException: Keystore was tampered with, or password was incorrect
              at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
              at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
              at java.security.KeyStore.load(KeyStore.java:1185)
              at sun.security.tools.KeyTool.doCommands(KeyTool.java:620)
              at sun.security.tools.KeyTool.run(KeyTool.java:172)
              at sun.security.tools.KeyTool.main(KeyTool.java:166)
      Caused by: java.security.UnrecoverableKeyException: Password verification failed
              at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
              ... 5 more

      The following information indicates that the certificate password is Changeme_123:

      keytool -v -list -keystore eSight installation directory/AppBase/etc/certificate/application/node/nodeKeyStore.jks -storepass Changeme_123
      
      Keystore type: JKS
      Keystore provider: SUN
      
      Your keystore include one input
      
      Name: server
      Create date: 2012-12-29
      Item type: PrivateKeyEntry
      Length of certification chain: 1
      Certification [1]:
      Owner:CN=omsMaster, OU=Developer, O=Techstar, L=ShenZhen, ST=ShenZhen, C=CH
      Issuers:CN=omsMaster, OU=Developer, O=Techstar, L=ShenZhen, ST=ShenZhen, C=CH
      Serial number:50de6922
      Active period: Sat Dec 29 11:53:06 GMT+08:00 2012 to Tue Dec 27 11:53:06 GMT+08:00 2022
      Certificate fingerprint:
               MD5:90:DB:D2:38:86:42:D9:56:9A:7F:0F:B5:EE:7B:C3:09
               SHA1:60:5E:E6:33:DD:6F:17:8D:A6:44:4A:E8:80:24:64:3F:DC:13:F3:53
               Signature algorithm name: SHA1withRSA
               Version: 3
      
      
      *******************************************
      *******************************************
    2. Obtain the ciphertext of the certificate password.

      Run the command encrypt.bat 0 in eSight installation directory/AppBase/tools/bmetool/encrypt, and then enter the new password as prompted.

      After the command is successfully executed, the ciphertext for the new password is displayed.

      For example, enter the new password Changeme_123 and the ciphertext 9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d displayed.

    3. Copy the ciphertext of the certificate password to the etc/oms.ros/ros.xml file.
      <connector name="openapiROAConnector" type="https"> 
      <property name="ip" value="{Actual IP address of the eSight server}"/>
      <property name="port" value="32102"/>
      <property name="ssl.keystore.path" value=" etc/certificate/application/node/nodeKeyStore.jks"/>
      <property name="ssl.keystore.password" value="9d7961bc8af54d05ce509e03b13ffce3abc7587373e7719b62555fd5aff9908d"/> 
      </connector>

  3. Change the value of ip in the etc/oms.ros/ros.xml file to the actual IP address of the eSight server.

    Do not set the IP address to 127.0.0.1.

  4. Restart the eSight.
Download
Updated: 2019-12-13

Document ID: EDOC1100044386

Views: 21095

Downloads: 92

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next