Article
· Dec 16, 2016 2m read

Unhelpful error messages when %SuperServer SSL certificate expires.

I have posted to aid others in diagnosing problem with SSL/TLS connections to superserver port from .NET client executable.

The cache instance this appeared on is quite old - 2011 - so I do not know if Intersystems have added a better error message in a later version

The actual fault was due to the certificate in the %SuperServer SSL/TLS configuration having expired.

The unhelpful message that appeared in the .NET client included the following partial stack trace.

 

   *** CacheException..ctor: (12:05:09:546) [ConnID= 34822912] [SvrJob=Unknown] [ThreadID=9]
 [CacheProvider] Communication link failure: System.ArgumentNullException; Value cannot be null.
 NativeError: 461  State: 08S01
 InnerException StackTrace: 
   at System.Threading.Monitor.Enter(Object obj)
   at InterSystems.Data.CacheClient.SysList.dumpData(Stream outStream, Int32 count, LogFileStream logFile)
   at InterSystems.Data.CacheClient.OutStream.send(Int32 count)
   at InterSystems.Data.CacheClient.CacheADOConnection.Login()
   at InterSystems.Data.CacheClient.CachePool.CreateNewPooledConnection(CacheADOConnection conn)

 

The unhelpful  message that appeared in the Audit Log was as follows:

 

%Service_SuperServer login failure
Timestamp2016-12-15 15:40:42.479
UTCTimestamp2016-12-15 15:40:42.479
Event Source%System
Event Type%Login
EventLoginFailure
Username 
Pid3883
JobId196636
IP Address82.43.91.70
Executable 
System IDmike-VirtualBox:ARSERVER
Index130328
Roles 
Namespace%SYS
Routine 
User Info 
O/S Usernamemike
Status 
Event DataError message: Unable to get full header of message within timeout
Service name: %Service_SuperServer
Authentication: Unauthenticated
$I: /dev/null:3883
$P: /dev/null
Message Header:  
If you are using Kerberos, the client's preferred server's "Service Principal Name"
may not specify the correct service principal name defined for the server, or
if using a keytab file, the kvno in the file may not match the server.


 

Hope this is useful to someone.  
Discussion (0)0
Log in or sign up to continue