Bootstrap FreeKB - IBM WebSphere - Resolve "The Application Server cannot be reached It appears to be stopped"
IBM WebSphere - Resolve "The Application Server cannot be reached It appears to be stopped"
Updated:   |  IBM WebSphere articles

Let's say something like this is in the HPEL or SystemOut log or being returned by the serverStatus command.

ADMU0509I: The Application Server "AppSrv01" cannot be reached. It appears to be stopped.

 

serverStatus.log

The ${WAS_INSTALL_ROOT}/profiles/your_profile/logs/serverStatus.log may provide additional details to help identify why this error is being returned. In this scenario, refer to IBM WebSphere - Resolve "SECURITY CLIENT/SERVER CONFIG MISMATCH". This error may suggest that RSAPSS and RSASSA-PSS need to be added as disabled algorithms in the java.security file (see below).

JSAS1477W: SECURITY CLIENT/SERVER CONFIG MISMATCH:  The client security configuration (sas.client.props or outbound settings in GUI) does not support the server security configuration for the following reasons: 
     ERROR 1: JSAS0809E:  The current OID is RSA but this is not an Admin request.
     ERROR 2: JSAS0603E: The server does not support SSL/TLS, but the client is configured to require it.

 

RSAPSS and RSASSA-PSS in java.security

Sometimes, this is fixed simply by added RSAPSS and RSASSA-PSS as disabled algorithm's in the java.security file, like this. If you add RSAPSS and RSASSA-PSS you will then need to restart the application servers and then see if the serverStatus command is returning STARTED or "It appears to be stopped".

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, DESede, \ EC keySize < 224, 3DES_EDE_CBC, anon, NULL, DES_CBC, RSAPSS, RSASSA-PSS

 

SSL protocol

This can occur when the com.ibm.ssl.protocol value in the ${WAS_INSTALL_ROOT}/profiles/your_profile/properties/ssl.client.props file being does not match the Quality of protection (QoP) setting in the WebSphere admin console. For example, let's say the com.ibm.ssl.protocol value in the ${WAS_INSTALL_ROOT}/profiles/your_profile/properties/ssl.client.props file is set to SSL_TLS.

com.ibm.ssl.protocol=SSL_TLS

 

  1. In the WebSphere admin console, expand Security and select SSL certificate and key management.
  2. Select SSL configurations.
  3. Select one of the SSL configurations, such as CellDefaultSSLSettings.
  4. On the right side of the page, select Quality of protection (QoP) settings.

Let's say Protocol is SSL_TLSv2. In this scenario, since the protocols do not match, this can be what causes the serverStatus command to return ADMU0509I.

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 74673a in the box below so that we can be sure you are a human.