Loading...

Knowledge Center


Failed to send HTTP request. Error=12029 (Data Channel tasks such as wakeup calls, run client task fail)
Technical Articles ID:   KB91513
Last Modified:  5/8/2019

Environment

McAfee ePolicy Orchestrator (ePO) 5.x

Problem

Errors are logged when starting the ePolicy Orchestrator Server service or when Apache tries to process Data Channel requests, such as:
  • Wakeup Calls
  • Run Client Task Now tasks
  • Drive Encryption requests
Server_<ePO_server_name>.log records errors similar to the following:
 
E #08132 NAIMSERV server.cpp(1022): Error sending data channel message to application server
E #03920 MCUPLOAD SecureHttp.cpp(984): Failed to send HTTP request.  Error=12029 (12029)

Problem

Stderr.log records the following error almost immediately after starting the ePolicy Orchestrator Application Server service:
 
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio-8444"]
java.io.IOException: Keystore was tampered with, or password was incorrect

SEVERE: Failed to initialize connector [Connector[org.apache.coyote.http11.Http11NioProtocol-8444]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[org.apache.coyote.http11.Http11NioProtocol-8444]]

Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed

Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect

Cause

This issue can occur if the keystorePass= line in the server.xml file contains a password that does not match the clientAuth.keystore certificate for ePO.

The server.xml is located in the ..\\Server\conf folder. This file contains definitions for the connectors or ports that the Application Server service listens on. By default, the Application Server listens on ports 8443 and 8444, although the customer can configure the service to listen on any custom port. 

Example of the connector definition for port 8443:
 
<Connector port="8443" truststoreType="jks" truststorePass="iB7racer2x" truststoreFile="keystore/certAuthCa.truststore" sslProtocol="TLS" sslEnabledProtocols="TLSv1.1, TLSv1.2" sessionCacheSize="400" server="Undefined" secure="true" scheme="https" protocol="org.apache.coyote.http11.Http11NioProtocol" processorCache="500" noCompressionUserAgents="gozilla, traviata" minSpareThreads="25" maxThreads="250" maxKeepAliveRequests="500" maxHttpHeaderSize="8192" maxConnections="500" keystorePass="iB7racer2x" keystoreFile="keystore/server.keystore" id="orion.server.https" enableLookups="false" disableUploadTimeout="true" compressionMinSize="2048" compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript,text/json,application/x-javascript,application/javascript,application/json" clientAuth="want" ciphers=" <list of ciphers>" acceptCount="100" URIEncoding="UTF-8" SSLEnabled="true"/>


Example of the connector definition for port 8444:
 
<Connector port="8444" truststoreType="jks" truststorePass="iB7racer2x" truststoreFile="keystore/ca.keystore" sslProtocol="TLS" sslEnabledProtocols="TLSv1.1, TLSv1.2" sessionCacheSize="400" server="Undefined" secure="true" scheme="https" protocol="org.apache.coyote.http11.Http11NioProtocol" noCompressionUserAgents="gozilla, traviata" minSpareThreads="25" maxThreads="150" keystorePass="snowcap" keystoreFile="keystore/clientAuth.keystore" id="orion.server.clientCert" enableLookups="false" disableUploadTimeout="true" compressionMinSize="2048" compression="on" compressableMimeType="text/html,text/xml,text/css,text/javascript,text/json,application/x-javascript,application/javascript,application/json" clientAuth="want" ciphers=" <list of ciphers>" acceptCount="100" URIEncoding="UTF-8" SSLEnabled="true"/>

Notice in the above example, you see 'truststorePass=' and 'keystorePass=' for each connector. In a working environment, the string listed for each must be the same set of characters. In a problem case, you might have a different string listed for one of the strings. In the above example, the 'keystorePass=' line contains the value 'snowcap', possibly carried over from an older version. This value does not match the values for the other password strings and is not correct. This configuration prevents ePO from successfully loading the keystore file used by the connector and ePO is unable to initialize on port 8444, causing all Data Channel communication to fail.

Solution

If the value for the truststorePass or keystorePass is different for one of the connectors, create a backup copy of the server.xml and change the value to match the others.

For example, in the above example connectors, all values for 'truststorePass' or 'keystorePass' are set to iB7racer2x for each, except the 'keystorePass' value for the 8444 connector. 

The solution in this case would be to change 'keystorePass="snowcap" to 'keystorePass="iB7racer2x".

When corrected, save the server.xml file, and restart all ePO services

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.