Error when CommCell tries to check email

Last post 02-23-2017, 7:45 PM by cwsunderland. 9 replies.
Sort Posts: Previous Next
  • Error when CommCell tries to check email
    Posted: 02-21-2017, 3:23 PM

    I am recieving an error in the workflowengine log which reports a failure connecting to the mailbox

    8288 549 02/17 08:56:08 ###    Mailbox                 : connecting to mailbox [xxxx@xxxxx.com] on server [xxxxx.xxxxx.com]
    8288 549 02/17 08:56:08 ###    Mailbox                 : SEVERE: failed to connect to mailbox [xxxxx@xxxxxxx.com] on host [xxxxxx.xxxxxx.com]
    javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;

    I have verified connectivity (IMAP) to the mailbox server from the CommCell.

    I have added the domain certs to the server and Java.

     

     

  • Re: Error when CommCell tries to check email
    Posted: 02-21-2017, 4:31 PM

    Can you try creating the following registry DWORD (32-bit) value

    HKEY_LOCAL_MACHINE\SOFTWARE\CommVault Systems\Galaxy\Instance001\WFEngine\sendWorkflowEmailsViaCommserver

    You may also need to create the WFEngine key under Instance001.

    Set this value to 1 and retry the email operation.

    Regards

  • Re: Error when CommCell tries to check email
    Posted: 02-21-2017, 6:03 PM

    Thank you for your reply.  I set the registry entry and can see the relay change but still seeing the error when the CommServ tries to check the email.

     

    4784 521 02/21 14:44:40 441528 WorkflowMail            : relaying email through CommServ
    4784 521 02/21 14:44:46 441528 InteractionActivity     : activity [UserInput (UserInput_2)] is waiting for user interaction id [40] with subject [DBMaintenance Full Is Recommended]
    4784 557 02/21 14:45:12 ###    Mailbox                 : connecting to mailbox [xxxxxxx@xxxxxxx.com] on server [xxxxxxx.xxxxxxx.com]
    4784 557 02/21 14:45:12 ###    Mailbox                 : SEVERE: failed to connect to mailbox [xxxxxxx@xxxxxxx.com] on host [xxxxxxx.xxxxxxx.com]
    javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;
      nested exception is:
     javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:479)
     at javax.mail.Service.connect(Service.java:275)
     at javax.mail.Service.connect(Service.java:156)
     at commvault.cte.workflow.Mailbox.connect(Unknown Source)
     at commvault.cte.workflow.Mailbox.worker(Unknown Source)
     at commvault.cte.workflow.Mailbox.access$000(Unknown Source)
     at commvault.cte.workflow.Mailbox$1.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at sun.security.ssl.Alerts.getSSLException(Unknown Source)
     at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
     at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
     at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
     at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
     at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
     at sun.security.ssl.Handshaker.processLoop(Unknown Source)
     at sun.security.ssl.Handshaker.process_record(Unknown Source)
     at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
     at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
     at sun.security.ssl.AppInputStream.read(Unknown Source)
     at com.sun.mail.util.TraceInputStream.read(TraceInputStream.java:97)
     at java.io.BufferedInputStream.fill(Unknown Source)
     at java.io.BufferedInputStream.read(Unknown Source)
     at com.sun.mail.iap.ResponseInputStream.read0(ResponseInputStream.java:81)
     at com.sun.mail.iap.ResponseInputStream.readResponse(ResponseInputStream.java:67)
     at com.sun.mail.iap.Response.<init>(Response.java:83)
     at com.sun.mail.imap.protocol.IMAPResponse.<init>(IMAPResponse.java:48)
     at com.sun.mail.imap.protocol.IMAPResponse.readResponse(IMAPResponse.java:122)
     at com.sun.mail.imap.protocol.IMAPProtocol.readResponse(IMAPProtocol.java:230)
     at com.sun.mail.iap.Protocol.<init>(Protocol.java:91)
     at com.sun.mail.imap.protocol.IMAPProtocol.<init>(IMAPProtocol.java:87)
     at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:446)
     ... 7 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
     at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
     at sun.security.validator.Validator.validate(Unknown Source)
     at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
     at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
     ... 27 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
     at java.security.cert.CertPathBuilder.build(Unknown Source)
     ... 33 more

     

     

    Any help or suggestions are appreciated. 

  • Re: Error when CommCell tries to check email
    Posted: 02-21-2017, 6:06 PM

    Are you trying to use the "Enable reply via email" feature here?

    With the Relay, did you get the email as this error occurred after the email was relayed?

  • Re: Error when CommCell tries to check email
    Posted: 02-21-2017, 6:11 PM

    I am trying to use the "Enable reply via email". 

     

    I did recieve the email from the CommServ.  The error posted before I was able to reply.

  • Re: Error when CommCell tries to check email
    Posted: 02-21-2017, 6:18 PM

    Can you check the EvMgrS.log to see if there are any errors in sending the message through the CommServ?

  • Re: Error when CommCell tries to check email
    Posted: 02-21-2017, 6:29 PM

    I did not see any error in the EvMgrS.log

     33680 1808  02/21 14:44:41 ###### CNsmtp::SendSMTPMail() - From(xxxxxxx@xxxxxxx.com), To(t), Server[xxxx.xxxxxxx.com], Port[25]

    and did recieve the email.

  • Re: Error when CommCell tries to check email
    Posted: 02-21-2017, 10:38 PM

    Looking into this a little more the error your getting "unable to find valid certification path to requested target" means the SSL certificate needed to connect could not be found in the truststore that the workflow engine is using.

    Do you know what java truststore you imported the certificate into it?

    This is usually the steps I take for importing the certificate:

    # Copy the certificate into the directory Java_home\Jre\Lib\Security
    # Change your directory to Java_home\Jre\Lib\Security>
    # Import the certificate to a trust store.

    keytool -import -alias ca -file somecert.cer -keystore cacerts -storepass changeit [Return]

    Trust this certificate: [Yes]

    If it's a custom truststore, you could update the workflow engine service parameter and add it there:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVJavaWorkflow(Instance001)

    Edit the ImagePath to something like:

    "C:\Program Files\Commvault\ContentStore\Base\CVJavaService.exe" -Djavax.net.ssl.trustStore="c:\path\mycustomtruststore" -jar "C:\Program Files\Commvault\ContentStore\WFEngine\workflowEngine.jar"  -serviceName CVJavaWorkflow(Instance001) jre 1.8 -program Workflow -vm Instance001

  • Re: Error when CommCell tries to check email
    Posted: 02-23-2017, 11:59 AM

    I imported all of the certs (that sould be needed internally here) into the cacerts store and can see them using C:\Program Files\Java\jre7\lib\security>..\..\bin\keytool -list -v -keystore cacerts

     

    Then I edited the ImagePath to

    "D:\Program Files\CommVault\Simpana\Base\CVJavaService.exe" -Djavax.net.ssl.trustStore="C:\Program Files\Java\jre7\lib\security\cacerts" -jar "D:\Program Files\CommVault\Simpana\WFEngine\workflowEngine.jar"  -serviceName CVJavaWorkflow(Instance001) jre 1.6 -program Workflow -vm Instance001

    from

    "D:\Program Files\CommVault\Simpana\Base\CVJavaService.exe" -jar "D:\Program Files\CommVault\Simpana\WFEngine\workflowEngine.jar" -serviceName CVJavaWorkflow(Instance001) jre 1.6 -program Workflow -vm Instance001

    I restarted the workflow engine and teststed but still saw the same error. 

    Do we need to direct Djavax.net.ssl.trustStore to a jks file or is there something that needs to be reset for the changes to take effect?

     

    Thank you.

  • Re: Error when CommCell tries to check email
    Posted: 02-23-2017, 7:45 PM

    It sounds like the workflow engine and the configured truststore aren't for some reason in sync.  You may want to open a TR so we can have support and if need a webex session help you configure the java installation and workflow engine to see the installed certificate.

    Regards

The content of the forums, threads and posts reflects the thoughts and opinions of each author, and does not represent the thoughts, opinions, plans or strategies of Commvault Systems, Inc. ("Commvault") and Commvault undertakes no obligation to update, correct or modify any statements made in this forum. Any and all third party links, statements, comments, or feedback posted to, or otherwise provided by this forum, thread or post are not affiliated with, nor endorsed by, Commvault.
Commvault, Commvault and logo, the “CV” logo, Commvault Systems, Solving Forward, SIM, Singular Information Management, Simpana, Commvault Galaxy, Unified Data Management, QiNetix, Quick Recovery, QR, CommNet, GridStor, Vault Tracker, InnerVault, QuickSnap, QSnap, Recovery Director, CommServe, CommCell, SnapProtect, ROMS, and CommValue, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
Close
Copyright © 2017 Commvault | All Rights Reserved. | Legal | Privacy Policy