Client Management: How to Troubleshoot Console Login error "Connection Failed: the host is either unreachable on the given port or there is a wrong SSL Configuration"

Knowledge Article

Client Management: How to Troubleshoot Console Login error "Connection Failed: the host is either unreachable on the given port or there is a wrong SSL Configuration"
This article helps to troubleshoot the Console Login error "Connection Failed: the host is either unreachable on the given port or there is a wrong SSL configuration."
BMC Client Management
BMC Client Management
BMC Client Management (BCM) Java Console if an SSL certificate was imported into Java from a different server than the one attempting to login to.
BMC Client Management
BMC Client Management
BMC Client Management (BCM) Java Console if an SSL certificate was imported into Java from a different server than the one attempting to login to.
When attempting to login to the Java Console using a known valid username and password, "Connection Failed: the host is either unreachable on the given port or there is a wrong SSL Configuration"  is displayed. How do I fix this?
 
Connection Failed
 
Step 1:  Enable Java Console Logging
  • Open the Windows Control Panel
  • Open to the Java Control Panel Applet
  • Go to the "Advanced" tab and enable "Java console -> Show Console"
Enable Java Console

Step 2: Verify if this is an SSL Handshake Error:
  • Close any existing Client Management Java Consoles or Console Logins
  • Open the Console Web Page (https://Master-Server:1611/console)
  • Select the Console Java Web Start Link:
  • Java WebStart
  • Open the console.jnlp or webstart downloaded if the browser is not configured to automatically launch this file type.
  • Attempt to login using a known good username and Password
  • Once the error message is displayed, check the Java Console Output for the following text:
    • javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Certificate signature validation failed
    •  
    • Java Console Output


Once the error is confirmed, perform the following corrective actions:
  • Close any BMC Java Consoles or Console logins running on the effected device.
  • Open a cmd prompt running in the administrator context
  • cd to the bin folder of the installed java version and run the following command:
    • keytool -list -rfc -storepass changeit -keystore ..\lib\security\cacerts|find "bmcasset"
    • For each Alias Name: returned copy the Alias name value and run the following command:
    • keytool -storepass changeit -keystore ..\lib\security\cacerts -delete -alias Alias_Name_String
    • Using the example below the following three commands would need to be executed:
      • keytool -storepass changeit -keystore ..\lib\security\cacerts -delete bmcassetcoretrustedroot-ams3-bcm-ah-5.onbmc.com
      • keytool -storepass changeit -keystore ..\lib\security\cacerts -delete bmcassetcoretrustedroot-jlerch-master
      • keytool -storepass changeit -keystore ..\lib\security\cacerts -delete bmcassetcoretrustedroot-chi4-bcm-ah-1.onbmc.com
Keytool Example
  • As the last step, delete the contents of the folder %appdata%\Roaming\Numara AMP Or BMC Software Folder.
User-added image

Verify that the Java Console login functions properly.

This Issue can happen whenever the Console Java Security Certificate utility is executed from one master server and then tries to login to a different master server using a cert with the same alias but different thumbprint.  (Development vs. Production, commonly).
BMC Client Management
BMC Client Management
BMC Client Management (BCM) Java Console if an SSL certificate was imported into Java from a different server than the one attempting to login to.
Attachment(s):