Avaya Diagnostic Server: SAL Proxy connection faliure on GUI

Doc ID    SOLN327004
Version:    1.0
Status:    Published
Published date:    02 Jul 2018
Author:   
Csaba Gombos
 

Details

Server resinstalled due to failure. Proxy test still fails, alarming issue

SAL 3.0 SP2-sp3

Problem Clarification

"Alarms not reaching core for below mentioned assets, look like there is an issue with SALGW as there are different assets and for all assets alarms are not raching core, customer confirmed that UDP port is made open."

Cause

On Concentrator the Alarming shows red status and when test made on the GUI, it shows failure. Error obseverd in the logs:

O_DT-EX0002 Error establishing connection caused by Unable to tunnel through proxy. Proxy returns "HTTP/1.0 407 Proxy Authentication Required"

O_AG-GW183415E Unspecified error. Server Type: Unable to tunnel through proxy. Proxy returns "HTTP/1.0 407 Proxy Authentication Required" Error Msg : PRIM_SACCS

Feb 21 16:24:08 sal.customer.com GW[930]: +01:00 2018 168 1 com.avaya.spirit.util.logging.SPIRITCommonLogger | 0 O_AG-GW183415E
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.0 407 Proxy Authentication Required"
at sun.net.www.protocol.http.HttpURLConnection.doTunneling(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.avaya.spirit.gw.external.service.connection.HttpConnectionStrategy.connectAndValidate(HttpConnectionStrategy.java:72)

Curl to the secure core server works fine from cli as well as remote connection through the proxy can be established with not issue.

Solution

Issue surfaces only at certain proxies. Java made some adjusments in the authentication.

"Change in Java 8 Update 111:

Now, proxies requiring Basic authentication when setting up a tunnel for HTTPS will no longer succeed by default. If required, this authentication scheme can be reactivated by removing Basic from the jdk.http.auth.tunneling.disabledSchemes networking property, or by setting a system property of the same name to "" ( empty ) on the command line."

Either on poxy side:

upgrade the authentication scheme of your proxy, e.g. to Digest access authentication.

or on SAL GW modify  /usr/java/jre1.8.0_161/lib/net.properties

from

#jdk.http.auth.proxying.disabledSchemes=
jdk.http.auth.tunneling.disabledSchemes=Basic

to

#jdk.http.auth.proxying.disabledSchemes=
jdk.http.auth.tunneling.disabledSchemes=

restart spiritAgent and gatewayUI services

Probably SP4 will have the fix.


Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy