Unsolved
This post is more than 5 years old
5 Practitioner
•
274.2K Posts
0
10406
ESRS 3.06 esrshttpdlistener keeps stopping
The esrshttpdlistener service on ESRS 3.06 is in RED status. Manually starting at the command line does not work - the service status is "unused". If the esrswatchdog is shutdown, then the esrshttpdlistener service will stay up. As soon as the esrswatchdog service is started, the esrshttpdlistener service will stop.
KB 199811 did not work.
The esrshttpdlistener logs exhibits an error which reads:
"httpdlistener:443 server certificate does NOT include an ID which matches the server name."
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 10th, 2015 20:00
Have the same issue with 3.04
soora
2 Posts
0
August 13th, 2015 07:00
Same issue with 3.04, anyone got any ideas?
gaharley
119 Posts
0
August 13th, 2015 11:00
Is the ESRSVE connected to EMC? On the System Status tab in the ESRSVE GUI, what is the state of Connectivity Service?
gaharley
119 Posts
0
August 13th, 2015 13:00
Does Network Check show all tests passing? It sounds like the customer is blocking traffic to EMC. Ask if they are using any web monitoring tools like Websense or performing any SSL checking, SSL inspections, etc. If all that doesn't turn up anything, ask them to sniff the network while you test the connection to EMC; they should see where the failure is.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 13th, 2015 13:00
ESRSVE is not connected to EMC.
There is no proxy, and can telnet to esrs-core.emc.com 443
The xgate logs show:
08-08-2015 06:11:04.196 ERROR-- xgEnterpriseProxy: Web Client (https://esrs-core.emc.com/eMessage): Connection reset by peer
08-08-2015 06:11:04.196 INFO xgEnterpriseProxy: Previous Connection Settings unreachable. Attempting alternate connection. Please verify below settings
08-08-2015 06:11:04.196 INFO xgEnterpriseProxy: No HTTP proxy server used
08-08-2015 06:11:04.196 INFO xgEnterpriseProxy: No SOCKS proxy server used
08-08-2015 06:12:00.451 ERROR-- xgEnterpriseProxy: Web Client
I’m thinking of re-deploying the GW as a last resort.
soora
2 Posts
0
August 14th, 2015 01:00
Ok Our Network team found a problem on the firewall, There were some packets being dropped from the ESRS gateway to esrs-core.emc.com, so they have added the IP address 128.221.192.14 to the allow rule on the firewall and ESRS gateway now connects and all core services stay up.
HTH
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 14th, 2015 12:00
Network checks pass. There is no proxy in use, and the customer stated they do not sue SSL checking.
A network trace from the ESRSVE server shows SSL Handshake failures. But, the certificate exchange from the ESRSVE looks valid.
No. Time Source Destination Protocol Length Info
206 22.882199 10.170.0.104 128.221.192.14 TLSv1 1157 Certificate
Certificates (1878 bytes)
Certificate Length: 1032
Certificate (id-at-commonName=WINSTON AND STRAWN_2KTF5DR9CNMD05,id-at-organizationalUnitName=esrs,id-at-organizationName=emc.com,id-at-localityName=webo,id-at-stateOrProvinceName=ma,id-at-countryName=us,id-at-serialNumber=2KTF5DR9CNMD05,id
signedCertificate
algorithmIdentifier (shaWithRSAEncryption)
Padding: 0
encrypted: 39ce4ecfa1df2329f256e9aa4192398ba478d6b7301cde69...
Certificate Length: 840
Certificate (id-at-commonName=ESRS2CA,id-at-organizationalUnitName=Global Security Organization,id-at-organizationName=EMC Corporation,id-at-countryName=US)
signedCertificate
algorithmIdentifier (shaWithRSAEncryption)
Padding: 0
encrypted: 5b429fff867f7431f45764843157bee2d7a34bf6934d86c2...
FrankMS
26 Posts
1
February 2nd, 2016 06:00
Just came across this: You can see there are two certificates in the exchange. One called ESRS2CA, that is from the EMC root CA dedicated to ESRS and expected by the client. Also there is a certificate with the name WINSTON_AND_STRAWN_2KTF5DR9CNMD05. This is probably injected by a firewall or proxy appliance that is performing SSL checking. My guess is that the last part is the serial number of the appliance. The ESRS client detects the additional (or a replaced) certificate as a man-in-the-middle attack and rejects the communication. As documented in the Operations Guide, any variant of SSL checking, DPI, SSL proxying etc will prevent ESRS from working
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
April 14th, 2016 07:00
hi WLee,
what's the solution for this issue? i have this problem with ESRS VE 3.10, the httpdlistener could not start.
FrankMS
26 Posts
2
April 14th, 2016 08:00
The solution depends on the cause. There are two common causes that I know of:
- ESRS VE not connected to the EMC enterprise servers. The underlying connection issue needs to be resolved. Check on the Dashboard in the GUI if ESRS VE is connected, there should be an indicator in the top right corner of the GUI
- duplicate lines in the /etc/hosts file. If you have two lines containing the same IP and the hostname, the listener will not start. Remove one of the lines and try to start the service if this is the case
If it is none of these you will need to open a SR and get ESRS support or a SME from the FSS community involved.
Regards
Frank
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
April 21st, 2016 06:00
hi FrankMS,
thanks a lot, the issue was solved by deleted the duplicated lines in the /etc/hosts, wonderful!
cergio
13 Posts
0
May 5th, 2016 13:00
Check DNS setting using the command YaST2, valid dns server need to resolve esrs server names. This worked for me.
TheLevish
1 Message
0
April 10th, 2020 10:00
this thread helped me today, I updated to 3.42.10.06 yesterday and on reboot the service esrshttpdlistener would run intermittently - I commented out two lines referring to the host name but with a local address rather than the actual address and rebooted and esrshttpdlistener was no longer throwing any issues.