Hello,
I'm trying to figure out what is causing the Zabbix agent running as a windows server on Microsoft Windows Server 2019 Standard, to fail WildFly monitoring.
Zabbix had been successfully monitoring a WildFly 18 server instance. A new security requirement was introduced by a vendor that included a new security provider. The application has a new jar file that was added to EAR (also tried a module implimentation with the same result). They also required several new JRE DLLs. The applicaton works fine, but monitoring is now failing with the errors below (Zabbix log, and WildFly log)
14808:20250205:115511.997 Starting Zabbix Agent [APP-BACKEND-DEV]. Zabbix 7.0.3 (revision d93ce022627).
14808:20250205:115511.999 **** Enabled features ****
14808:20250205:115512.001 IPv6 support: YES
14808:20250205:115512.002 TLS support: YES
14808:20250205:115512.004 **************************
14808:20250205:115512.005 using configuration file: C:\Program Files\Zabbix Agent\zabbix_agentd.conf
14808:20250205:115512.961 agent #0 started [main process]
8728:20250205:115512.965 agent #1 started [collector]
14992:20250205:115512.967 agent #2 started[listener #1]
13596:20250205:115512.968 agent #9 started[listener #8]
6688:20250205:115512.969 agent #4 started[listener #3]
12600:20250205:115512.970 agent #5 started[listener #4]
14324:20250205:115512.972 agent #6 started[listener #5]
3968:20250205:115512.973 agent #7 started[listener #6]
8568:20250205:115512.974 agent #8 started[listener #7]
11636:20250205:115512.975 agent #3 started[listener #2]
7420:20250205:115512.977 agent #10 started[listener #9]
9524:20250205:115512.978 agent #11 started[listener #10]
14028:20250205:115512.979 agent #12 started [active checks #1]
14028:20250205:115513.982 Unable to connect to [127.0.0.1]:10051 [cannot connect to [[127.0.0.1]:10051]: connection error (POLLERR)]
14028:20250205:115513.983 Unable to send heartbeat message to [127.0.0.1]:10051 [cannot connect to [[127.0.0.1]:10051]: connection error (POLLERR)]
14028:20250205:115515.012 Unable to connect to [127.0.0.1]:10051 [cannot connect to [[127.0.0.1]:10051]: connection error (POLLERR)]
14028:20250205:115515.014 Active check configuration update started to fail
Here's what is happening inthe WildFly Server log, this error occurs every few minutes.
"com.sap.commoncryptolib.provider.TlsKeyMateri alKe yGenerator" is in the call stack, and it's a class from the new jar file.
I'm not sure why the agent would be hitting the vendor's JCE implementation. If someone could recommend a way to fix this, or to better diagnose the issue further.
2025-02-05 11:54:21,064 ERROR [org.jboss.threads.errors] (management task-2) Thread Thread[management task-2,5,main] threw an uncaught exception: java.lang.NoClassDefFoundError: sun/security/internal/spec/TlsKeyMaterialParameterSpec
at com.sap.commoncryptolib.provider.TlsKeyMaterialKey Generator.engineInit(Unknown Source)
at javax.crypto.KeyGenerator.init(KeyGenerator.java:4 54)
at javax.crypto.KeyGenerator.init(KeyGenerator.java:4 30)
at sun.security.ssl.SSLTrafficKeyDerivation$LegacyTra fficKeyDerivation.<init>(SSLTrafficKeyDerivation.j ava:265)
at sun.security.ssl.SSLTrafficKeyDerivation$T12Traffi cKeyDerivationGenerator.createKeyDerivation(SSLTra fficKeyDerivation.java:115)
at sun.security.ssl.SSLTrafficKeyDerivation.createKey Derivation(SSLTrafficKeyDerivation.java:77)
at sun.security.ssl.ECDHClientKeyExchange$ECDHEClient KeyExchangeConsumer.consume(ECDHClientKeyExchange. java:532)
at sun.security.ssl.ClientKeyExchange$ClientKeyExchan geConsumer.consume(ClientKeyExchange.java:110)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake .java:377)
at sun.security.ssl.HandshakeContext.dispatch(Handsha keContext.java:444)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$Deleg atedAction.run(SSLEngineImpl.java:981)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$Deleg atedAction.run(SSLEngineImpl.java:968)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(S SLEngineImpl.java:915)
at io.undertow.protocols.ssl.SslConduit$5.run(SslCond uit.java:1047)
at org.jboss.threads.ContextClassLoaderSavingRunnable .run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(En hancedQueueExecutor.java:1985)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody .doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody .run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:750)
Thanks, Randy
I'm trying to figure out what is causing the Zabbix agent running as a windows server on Microsoft Windows Server 2019 Standard, to fail WildFly monitoring.
Zabbix had been successfully monitoring a WildFly 18 server instance. A new security requirement was introduced by a vendor that included a new security provider. The application has a new jar file that was added to EAR (also tried a module implimentation with the same result). They also required several new JRE DLLs. The applicaton works fine, but monitoring is now failing with the errors below (Zabbix log, and WildFly log)
14808:20250205:115511.997 Starting Zabbix Agent [APP-BACKEND-DEV]. Zabbix 7.0.3 (revision d93ce022627).
14808:20250205:115511.999 **** Enabled features ****
14808:20250205:115512.001 IPv6 support: YES
14808:20250205:115512.002 TLS support: YES
14808:20250205:115512.004 **************************
14808:20250205:115512.005 using configuration file: C:\Program Files\Zabbix Agent\zabbix_agentd.conf
14808:20250205:115512.961 agent #0 started [main process]
8728:20250205:115512.965 agent #1 started [collector]
14992:20250205:115512.967 agent #2 started[listener #1]
13596:20250205:115512.968 agent #9 started[listener #8]
6688:20250205:115512.969 agent #4 started[listener #3]
12600:20250205:115512.970 agent #5 started[listener #4]
14324:20250205:115512.972 agent #6 started[listener #5]
3968:20250205:115512.973 agent #7 started[listener #6]
8568:20250205:115512.974 agent #8 started[listener #7]
11636:20250205:115512.975 agent #3 started[listener #2]
7420:20250205:115512.977 agent #10 started[listener #9]
9524:20250205:115512.978 agent #11 started[listener #10]
14028:20250205:115512.979 agent #12 started [active checks #1]
14028:20250205:115513.982 Unable to connect to [127.0.0.1]:10051 [cannot connect to [[127.0.0.1]:10051]: connection error (POLLERR)]
14028:20250205:115513.983 Unable to send heartbeat message to [127.0.0.1]:10051 [cannot connect to [[127.0.0.1]:10051]: connection error (POLLERR)]
14028:20250205:115515.012 Unable to connect to [127.0.0.1]:10051 [cannot connect to [[127.0.0.1]:10051]: connection error (POLLERR)]
14028:20250205:115515.014 Active check configuration update started to fail
Here's what is happening inthe WildFly Server log, this error occurs every few minutes.
"com.sap.commoncryptolib.provider.TlsKeyMateri alKe yGenerator" is in the call stack, and it's a class from the new jar file.
I'm not sure why the agent would be hitting the vendor's JCE implementation. If someone could recommend a way to fix this, or to better diagnose the issue further.
2025-02-05 11:54:21,064 ERROR [org.jboss.threads.errors] (management task-2) Thread Thread[management task-2,5,main] threw an uncaught exception: java.lang.NoClassDefFoundError: sun/security/internal/spec/TlsKeyMaterialParameterSpec
at com.sap.commoncryptolib.provider.TlsKeyMaterialKey Generator.engineInit(Unknown Source)
at javax.crypto.KeyGenerator.init(KeyGenerator.java:4 54)
at javax.crypto.KeyGenerator.init(KeyGenerator.java:4 30)
at sun.security.ssl.SSLTrafficKeyDerivation$LegacyTra fficKeyDerivation.<init>(SSLTrafficKeyDerivation.j ava:265)
at sun.security.ssl.SSLTrafficKeyDerivation$T12Traffi cKeyDerivationGenerator.createKeyDerivation(SSLTra fficKeyDerivation.java:115)
at sun.security.ssl.SSLTrafficKeyDerivation.createKey Derivation(SSLTrafficKeyDerivation.java:77)
at sun.security.ssl.ECDHClientKeyExchange$ECDHEClient KeyExchangeConsumer.consume(ECDHClientKeyExchange. java:532)
at sun.security.ssl.ClientKeyExchange$ClientKeyExchan geConsumer.consume(ClientKeyExchange.java:110)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake .java:377)
at sun.security.ssl.HandshakeContext.dispatch(Handsha keContext.java:444)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$Deleg atedAction.run(SSLEngineImpl.java:981)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$Deleg atedAction.run(SSLEngineImpl.java:968)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(S SLEngineImpl.java:915)
at io.undertow.protocols.ssl.SslConduit$5.run(SslCond uit.java:1047)
at org.jboss.threads.ContextClassLoaderSavingRunnable .run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(En hancedQueueExecutor.java:1985)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody .doRunTask(EnhancedQueueExecutor.java:1487)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody .run(EnhancedQueueExecutor.java:1378)
at java.lang.Thread.run(Thread.java:750)
Thanks, Randy
Comment