The remote server is dropping the connection though the specific reason on why it's getting dropped it something we need to discover. The full error is as follows: org.identityconnectors.framework.common.exceptions.ConnectorException: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake.
Check the connection
It's fairly safe to state that the connection between the servers is correct though it's probably worth determining the ping/telnet request between the servers as well as ensuring that your services are running on the remote server by performing a netstat
Check the certificate is still valid
Probably not the first thing to check though you need to ensure that your certificate remains valid. Assuming that you've already setup the connector server with SSL = true. If you're not using SSL and you have your connector server and AD IT resource setting to SSL, then you need to change that, purge the OIM cache, then retry.
If you haven't done this already, you can follow, . This is pretty accurate with enough detail on how to import the certificate.
To confirm the certificate is valid, you need to perform the keytool command with the list parameter. A useful reference link, Common java keytool commands will be of assistance as you'll be using the OOTB java SDK keytool commands. An example to see the certificates is as follows:
./keytool -list -keystore /u01/app/oracle/Middleware/wlserver_10.3/server/lib/DemoTrust.jks -storepass DemoTrust -alias mykey -v
Check the remote server
Certificate is valid, OK good. Next, check the remote server itself. The connector server services has already been checked when you performed the action within the 'checking the connection' section though you need to ensure the connector server is up and running
The issue from my experience was that the HDD reached full capacity. This was a result of the connector server growing to the point that the HDD was full. The resultant action was to cleanup the HDD then bounce the services as mentioned above, including the OIM connector server service.
This however didn't resolve the issue. Once I did that, I needed to restart the Active Directory Web Services services, the remote registry service, and of course the connector server connection.
Once completed, check within the connector server logs that the connection from OIM is initiated and presented within the log file
Further Issues - Authentication failed because the remote party has closed the transport stream.
One of the reasons why the logs were getting populated was because of the following error. The error in question was getting getting populated within the ICF connector server log file at every 5 second intervals. (It's probably worth noting that the with the connector server service residing on the Active Directory Domain Controller). Obviously the SSL configuration is the immediate item in question here. The work around to this was to configure the OIM and AD IT Resource to non-ssl, which removed the error within the logs. Futhermore, this also stopped the sporadic failure for the provisioning of AD accounts. The error, 'ConnectorServer.exe Error: 0 : Error processing request' seems to be a generic response by default so I would ignore that. Of course from OIM to the connector works as expected. From the OIM perspective, the JKS had a valid certificate for the initial request. Because OIM uses the common java keystore for it's certificates, you can use the common command to validate the certificates. You'll find that this website,The Most Common Java Keytool Keystore Commands contains pretty much all the commands needed. To access the keystore though, you would use something as follows: ./keytool -list -keystore /u01/app/oracle/Middleware/wlserver_10.3/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -alias mykey -v This only leaves the issue of certifications and the initial handshake over the network to be the cause to the issue, If I find out I'll re-post though for now, we're proceeding with non-SSL in our non-PROD environment
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake on getting OAuth2.0 token
I am using Microsoft Reporting API to get Azure AD Logon Activity. When i request access token,I am getting SSL handshake exception sometime. Sometime working fine without an issue
Url to get access token : //login.microsoftonline.com/test.onmicrooft.com/oauth2/token?api-version=1.0
Stacktrace
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)|[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1282)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1257)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at java.lang.Thread.run(Thread.java:745)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: Caused by: java.io.EOFException: SSL peer shut down incorrectly|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at sun.security.ssl.InputRecord.read(InputRecord.java:505)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)|
[10:03:48:293]|[12-23-2020]|[SYSERR]|[INFO]|[931]: ... 14 more|
azure-ad-audit-logsazure-ad-app-development
Comment · Show 3
Comment
5 |1600 characters needed characters left characters exceeded
▼
Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.
JamesTran-MSFT · Jan 04, 2021 at 11:43 PM
@BalaSmart-5063
Thank you for your post and detailed error message!
Did this issue recently start occurring?
You mentioned that your API call works on and off, can you share some more details on that?
Have you changed or updated anything within your environment recently?
Based off your issue, I'd recommend following our Troubleshooting SSL related issues (Server Certificate) documentation, this will help us find where the issue is happening.