If a SAS Environment Manager Agent fails to start or starts and then stops running with "connection refused" errors, the Secure Sockets Layer (SSL) certificate keystore that is used by the agents might be misconfigured.
Information that is used by the SAS Environment Manager Agent to connect to the keystore is stored in the agent.properties file. This file is located in SAS-configuration-directory/LevN/Web/SASEnvironmentManager/agent-version-EE/conf/.
Each agent checks this file for the SSL certificates in the Java keystore. The relevant properties in this file are as follows:
- agent.keystore.alias: an alias value that can locate the proper key inside the keystore
- agent.keystore.path: a system file path to the location of the keystore file
- agent.keystore.password: a password, typically encrypted, that is used to read the keystore
If the defined name for agent.keystore.alias does not match the alias name for the SSL certificate in the keystore file that is referenced in the agent.keystore.path property, the SAS Environment Manager Agent cannot locate the certificate. The agent then encounters connection attempts that are refused by the server.
Also, when this occurs, the following error might be displayed in the agent.log:
ERROR [AgentDaemonMain] [AgentDaemon@1032] Agent configuration failed:
org.hyperic.hq.common.SystemException: java.security.UnrecoverableEntryException: Encryptor password generation failure: No such alias
To work around this issue, follow these steps:
-
Look in the agent.properties file for the agent.keystore.path value. Then navigate to this location on the machine. Submit the keytool command and list the contents:
keytool -list -v -keystore /path-to-keystore/file.jks
- In the output of the keytool command, locate the defined alias name:
. . .more output. . .
Your keystore contains 1 entry
Alias name: myevmcompkey
Creation date: Jul 12, 2019
Entry type: PrivateKeyEntry
Certificate chain length: 1
. . .output continues. . .
- If this alias name does not match the alias that is defined as the agent.keystore.alias property, modify the agent.properties file. The agent.keystore.alias property should match the alias value from the keytool output in Step 2.
- After you modify the agent.properties file, use the following commands to re-initialize and restart the SAS Environment Manager Agent. Replace the italicized placeholder values with the correct information for your system:
- Stop the SAS Environment Manager Agent process:
SAS-configuration-directory/LevN/Web/SASEnvironmentManager/agent-version-EE/bin/hq-agent.sh stop
- Delete the SAS Environment Manager Agent data directory and all its contents:
rm -rf SAS-configuration-directory/LevN/Web/SASEnvironmentManager/agent-version-EE/data
- Start the SAS Environment Manager Agent process:
SAS-configuration- directory/LevN/Web/SASEnvironmentManager/agent-version-EE/bin/hq-agent.sh start