Page Comparison

When:

• Accounting Service authorised user tries to access the browser end-points like https://accounting.example.com/accounting/report (example URL)

What:

• Authentication succeeds and a CSV file is returned but it is empty or contains an error message, when each CSV file should have at least a header row

• Error example:

  Code Block
  language xml
  <html> <head> <title>404 Not Found</title> </head> <body> <div> <h2>404 Not Found</h2> </div> </body> </html>

  
  

Why:

• Accounting Service uses its own API to provide the actual result but accessing the API through the public address fails

How to fix:

• In case of the example above configure your load balancer / reverse proxy to allow access to the /api/* paths as advised here Installation requirements / Network requirements.
• See also section 9084605088 Troubleshooting Accounting Service - SSO#Empty events CSV due OAuth2 cookie / configuration error below for an other kind of error situation.

When:

• Accounting Service authorised user tries to access the browser end-points like https://accounting.example.com/accounting/report (example URL)

What:

• Authentication succeeds and a CSV file is returned but it is empty, when each CSV file should have at least a header row

• There is a following kind of error message in the Accounting Service application log:

  Code Block
  language text
  2019-11-08 14:26:27.719 ERROR 24737 --- [http-nio-8442-exec-4] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528) at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:802) at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:282) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1329) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1224) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1271) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:505) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:444) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:283) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1421) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930) at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:794) at io.netty.channel.epoll.AbstractEpollChannel$AbstractEpollUnsafe$1.run(AbstractEpollChannel.java:382) at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163) at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:416) at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:331) at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:918) at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459) at io.netty.handler.ssl.SslHandler.runAllDelegatedTasks(SslHandler.java:1499) at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1513) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1397) ... 21 common frames omitted Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching accounting.ids-centos7.localdomain found. at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:214) at sun.security.util.HostnameChecker.match(HostnameChecker.java:96) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:428) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:261) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626) ... 30 common frames omitted

  
  

Why:

• Accounting Service uses its own API to provide the actual result but accessing the API through the public address fails because of certificate with Accounting DNS name is not present: "No subject alternative DNS name matching accounting.ids-centos7.localdomain found"

How to fix:

• Add certificate to the trust store e.g. by including the configured DNS (hostname from accounting.url in win32.config/unix.config) as a Subject Alt Name, see Add Server Certificate to Java Trust Store
• See also section 9084605088 Troubleshooting Accounting Service - SSO#Empty events CSV due OAuth2 cookie / configuration error below for an other kind of error situation.