Solutions

Agents don't appear online after a server upgrade to Deployment Automation version 6.1.1 or higher
Back to all Solutions Back Rate Content Rate this Page



ID:    S141622
Published:    11 March 2016
Updated:    16 October 2019

Operating System(s)

  • All Unix
  • All Windows

Product(s)

  • Deployment Automation 6.1.1
 

Description

Beginning in version 6.1.1, Serena Deployment Automation (SDA) has enhanced security to connect through TLS1.2,TLS1.1, or TLS1.0 protocols supported by Java 6 and above, and rejects connection through earlier SSL protocols such as SSLv3 and SSLv2Hello. If you have agents that have been connecting using one of the rejected protocols, your agents may try to connect through the unsupported protocol and the connection will be rejected. Therefore, the agent will not come online after the SDA server upgrade from earlier versions to 6.1.1 or higher.

Resolution

To  get the agents to connect to the upgraded server, you must temporarily change the server configuration to allow the earlier SSL protocols, upgrade the agents, and then change the server configuration back to allow only the TLS protocols.

To do this, use the following steps:

1. Stop Serena Common Tomcat.
2. Change the SSL enabled protocol attributes to add SSLv3 and SSLv2Hello as follows:

  • In the Tomcat server.xml file ( ..\Program Files\Serena\common\tomcat\7.0\conf), change the SSL enabled protocol attribute as follows.

                 server.ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1,SSLv3,SSLv2Hello

  • In the installed.properties file in the SDA profile directory (..\Users\<username>\.serena\ra\conf\server), change the SSL enabled protocol attribute as follows for each SSL-enabled Connector port.

                 sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv3,SSLv2Hello"

Note: Some JRE's will also restrict the use of SSLv3.  It may be worth checking the JRE used by Tomcat and the DA server.  Within the JRE, navigate to: jre\lib\security.  Find/edit a file named java.security.  Locate the line that starts with jdk.tls.disabledAlgorithms.  If SSLv3 is in the list of disabled algorithms, remove SSLv3 from the list and save the file.

3. Start Tomcat.
4. Upgrade the problematic agents to SDA 6.1.1. 

Note: It is recommended to do the upgrade on the agent machine itself rather than through the UI.
5. Stop Tomcat.
6. Change the SSL enabled protocol attributes to remove SSLv3 and SSLv2Hello as follows: 

  • In the Tomcat server.xml file ( ..\Program Files\Serena\common\tomcat\7.0\conf), change the SSL enabled protocol attribute as follows.

                 server.ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1

  • In the installed.properties file in the SDA profile directory (..\Users\<username>\.serena\ra\conf\server), change the SSL enabled protocol attribute as follows for each SSL-enabled Connector port.

                 sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"

7. Start Tomcat.

The upgraded agent can now connect to the SDA 6.1.1 server using one of TLS protocols (depending on the Java version used by the agent).

Applies To

Release Automation 6.1.1
Release Automation 6.1.2

Rate this Solution

Find Answers

Type a question or describe what you are looking for below

My Recent Searches

Welcome kb sso

Additional Assistance

  • Submit a Case Online
  • FAQs