Unhelpful error messages when %SuperServer SSL certificate expires.
I have posted to aid others in diagnosing problem with SSL/TLS connections to superserver port from .NET client executable.
The cache instance this appeared on is quite old - 2011 - so I do not know if Intersystems have added a better error message in a later version
The actual fault was due to the certificate in the %SuperServer SSL/TLS configuration having expired.
The unhelpful message that appeared in the .NET client included the following partial stack trace.
*** CacheException..ctor: (12:05:09:546) [ConnID= 34822912] [SvrJob=Unknown] [ThreadID=9] [CacheProvider] Communication link failure: System.ArgumentNullException; Value cannot be null. NativeError: 461 State: 08S01 InnerException StackTrace: at System.Threading.Monitor.Enter(Object obj) at InterSystems.Data.CacheClient.SysList.dumpData(Stream outStream, Int32 count, LogFileStream logFile) at InterSystems.Data.CacheClient.OutStream.send(Int32 count) at InterSystems.Data.CacheClient.CacheADOConnection.Login() at InterSystems.Data.CacheClient.CachePool.CreateNewPooledConnection(CacheADOConnection conn)
The unhelpful message that appeared in the Audit Log was as follows:
%Service_SuperServer login failure | ||
Timestamp | 2016-12-15 15:40:42.479 | |
UTCTimestamp | 2016-12-15 15:40:42.479 | |
Event Source | %System | |
Event Type | %Login | |
Event | LoginFailure | |
Username | | |
Pid | 3883 | |
JobId | 196636 | |
IP Address | 82.43.91.70 | |
Executable | ||
System ID | mike-VirtualBox:ARSERVER | |
Index | 130328 | |
Roles | ||
Namespace | %SYS | |
Routine | ||
User Info | ||
O/S Username | mike | |
Status | ||
Event Data | Error message: Unable to get full header of message within timeout Service name: %Service_SuperServer Authentication: Unauthenticated $I: /dev/null:3883 $P: /dev/null Message Header: If you are using Kerberos, the client's preferred server's "Service Principal Name" may not specify the correct service principal name defined for the server, or if using a keytab file, the kvno in the file may not match the server. |
Hope this is useful to someone.