Re: [EXTERNAL EMAIL] FW: Errors in Tomcat logs / application processing

[Niranjan Rao]

Please remember to remove any passwords or sensitive data when you post 
on public email lists

On 11/8/22 00:58, Ganesan, Prabu wrote:
‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ 
‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ 
‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ 
‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ 
‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ 
‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ 
‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍ ‍
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
ZjQcmQRYFpfptBannerEnd
Hi Team .

Could you please help with below errors

We have enabled TLS successfully – but after TLS enabled we are facing 
below issues .

Please help us on Priorities

Thanks & Regards,

_________________________________________________________Email_CBE.gif

*PrabuGanesan***

*Consultant|MS-Nordics*

capgemini India Pvt. Ltd. | Bangalore **

Contact: +91 8526554535

Email: prabhu.c.gane...@capgemini.com

www.capgemini.com 
<https://urldefense.com/v3/__http://www.capgemini.com/__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPlHai44o$>

*People matter, results count.*

__________________________________________________________

*Connect with Capgemini:*
<https://urldefense.com/v3/__http://www.capgemini.com/insights-and-resources/blogs__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtP_H9JbgM$><https://urldefense.com/v3/__http://www.twitter.com/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPo9pUNlk$><https://urldefense.com/v3/__http://www.facebook.com/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtP7xok6AU$><https://urldefense.com/v3/__http://www.linkedin.com/company/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPTsCkkag$><https://urldefense.com/v3/__http://www.slideshare.net/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPq37kY_Q$><https://urldefense.com/v3/__http://www.youtube.com/capgeminimedia__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPvOVZ6Mw$>

Please consider the environment and do not print this email unless 
absolutely necessary.

Capgemini encourages environmental awareness.

*From:*Morell, Alice <alice.mor...@capgemini.com>
*Sent:* 07 November 2022 21:33
*To:* DL IN IKANO Middleware <ikanomiddleware...@capgemini.com>
*Cc:* Thombre, Dipali Rajesh <dipali-rajesh.thom...@capgemini.com>; 
Nayak, Shruthi <shruthi.na...@capgemini.com>; Khandekar, Preeti 
<preeti.khande...@capgemini.com>; Deshmukh, Hemant 
<hemant.a.deshm...@capgemini.com>; Phase, Samir 
<samir.ph...@capgemini.com>
*Subject:* Errors in Tomcat logs / application processing

Hello!

The error we are facing is:

“SOAP Problems executing transaction LoginApplication via Web Service, 
underlying problem is Error unmarshalling message”

*I want to know if we can solve this by changing the values in the 
context.xml tags. *The hardcoded URL’s.**

As agreed, here are

  * Info on error logs,
  * Screen shots of the errors that the end user is seeing,
  * Sequential steps for TLS on the instances

And

  * Example on the changes made in the files

You can find the error logs generated for these 2 URLs at this location:

/export/home/aloradm/tls/tls2/Test1FrontEnd/

Where the directory called “1” is for what is described under issue 1 
and “2” under issue 2.. 😊

 1. To replicate current error:

Use a browser with a cleared cache!

Browse to:

tvmdc2linweb001.baf.ikano:7400/PCUKTST1ENV/ikanoRetail/<https://urldefense.com/v3/__http://tvmdc2linweb001.baf.ikano:7400/PCUKTST1ENV/ikanoRetail/__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPKYZexbk$>

Press ”Contact Centre” too get this first error:

Press “Click here to log in again” and then the red button that says 
“Contact centre”.

The page is just getting reloaded to same screen again. For each time 
you press the red button, a url pattern of “/contactcentre” is added 
to the path:

In the backend, the logs for my tries is attached in the folder 
ikanoRetailLogin

------------------------------------------------------------------------------------------ 


------------------------------------------------------------------------------------------ 


------------------------------------------------------------------------------------------ 


To replicate current error you need login credentials, so you can only 
view my screen shot for this one:

Use a browser with a cleared cache!

Browse to:

http://tvmdc2linweb001.baf.ikano:7400/ControlPanel/index<https://urldefense.com/v3/__http://tvmdc2linweb001.baf.ikano:7400/ControlPanel/index__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPnxpy4FM$>

When I have entered my credentials I am getting this:

----------------------------------------------------------------------------------

---------------------------------------------------------------------------------- 


---------------------------------------------------------------------------------- 


The sequential steps followed for our TLS activity per instance 
(example is for Test1Frontend):

 1. Put the new server.xml file with new TLS connectors in
    /panenv/PCUKTST1ENV/webapp/Test1FrontEnd/conf/
 2. Put the new web.xml with security constraint (force https) in
    /panenv/PCUKTST1ENV/webapp/Test1FrontEnd/conf/
 3. Navigate to Test1FrontEnd 's conf folder cd
    /panenv/PCUKTST1ENV/webapp/Test1FrontEnd/conf/
 4. Change to correct permissions on web.xml               chown
    panmgr:pan web.xml
 5. Change to correct permissions on server.xml           chown
    panmgr:pan server.xml
 6. Check status on instance                     1. cd
    /panenv/PCUKTST1ENV/webapp/ Test1FrontEnd /scripts 2.
    ./WebAppAdmin status
 7. bounce (restart) instance                    ./WebAppAdmin bounce
 8. check status on instance                     ./WebAppAdmin status

----------------------------------------------------------------------------------

---------------------------------------------------------------------------------- 


---------------------------------------------------------------------------------- 


This is changed in server.xml:

<!--This Connector was added to achieve TLS. Old Connector can be found in 
comments. -->

<Connectorport="7400"protocol="org.apache.coyote.http11.Http11NioProtocol"

connectionTimeout="600000"

redirectPort="443"/>

<!--This Connector was added to achieve TLS. Old Connector can be found in 
comments. -->

<Connectorport="443"protocol="org.apache.coyote.http11.Http11NioProtocol"

connectionTimeout="600000"

scheme="https"secure="true"SSLEnabled="true">

<SSLHostConfig

certificateVerification="false">

<Certificate

certificateKeystoreFile="/apps/tomcat/8.5.55/conf/certs/tvmdc2linweb001-2022.pfx"

certificateKeystorePassword="Mk0OunQx67xD2022"

certificateKeyAlias="te-3ca20d95-2590-48ea-b2da-0b800736709a"

/>

</SSLHostConfig>

</Connector>

<!--This Connector was added to achieve TLS. Old Connector can be found in 
comments. -->

<Connectorport="7401"protocol="org.apache.coyote.http11.Http11NioProtocol"

connectionTimeout="600000"

redirectPort="8443"/>

<!--This second TLS connector was added to come around the address binding errors. 
Old Connector can be found in comments. -->

<Connectorport="8443"protocol="org.apache.coyote.http11.Http11NioProtocol"

connectionTimeout="600000"

scheme="https"secure="true"SSLEnabled="true">

<SSLHostConfig

certificateVerification="false">

<Certificate

certificateKeystoreFile="/apps/tomcat/8.5.55/conf/certs/tvmdc2linweb001-2022.pfx"

certificateKeystorePassword="Mk0OunQx67xD2022"

certificateKeyAlias="te-3ca20d95-2590-48ea-b2da-0b800736709a"

/>

</SSLHostConfig>

</Connector>

This is changed in web.xml:

<security-constraint>

<web-resource-collection>

<web-resource-name>Web server</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

For context.xml no changes.

I hope this helps.

____________________________________________________________________

*Alice Morell*

Security Consultant | Cloud Infrastructure Services

Capgemini Sweden | Gothenburg

Tel.: +46 730 22 8008

www.capgemini.com<https://urldefense.com/v3/__http://www.capgemini.com/__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPlHai44o$>

Email: alice.mor...@capgemini.com<mailto:alice.mor...@capgemini.com>

____________________________________________________________________

*Connect with Capgemini:***

twitter 
<https://urldefense.com/v3/__https://twitter.com/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtP7gGqQl8$>linkedin 
<https://urldefense.com/v3/__https://www.linkedin.com/company/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPgX81qB0$>facebook 
<https://urldefense.com/v3/__https://www.facebook.com/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPcZ-_Knk$>youtube 
<https://urldefense.com/v3/__https://www.youtube.com/profile?user=capgeminimedia__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPjCDvFKE$>soundcloud 
<https://urldefense.com/v3/__https://soundcloud.com/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPEpGaVjg$>Résultat 
de recherche d'images pour "instagram logo rond" 
<https://urldefense.com/v3/__https://www.instagram.com/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtP8VP4soM$><https://urldefense.com/v3/__https://www.slideshare.net/capgemini__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPiC13GgI$><https://urldefense.com/v3/__https://www.glassdoor.com/Overview/Working-at-Capgemini-EI_IE3803.11,20.htm__;!!CbU71lC5478d!NfgzPkl-D29z-BtJp2R2tuncdhujVshARyapRSvdIYlWWskOrdYNjBF5Dzz5b6ilh0pLgIpi9TCY6S0pOEX0o9X7PdtPF8bHWBs$>

This message contains information that may be privileged or 
confidential and is the property of the Capgemini Group. It is 
intended only for the person to whom it is addressed. If you are not 
the intended recipient, you are not authorized to read, print, retain, 
copy, disseminate, distribute, or use this message or any part 
thereof. If you receive this message in error, please notify the 
sender immediately and delete all copies of this message.