Cannot connect to EMS JNDI service over SSL: JNDI service unavailable

Cannot connect to EMS JNDI service over SSL: JNDI service unavailable

book

Article ID: KB0073518

calendar_today

Updated On:

Products Versions
TIBCO Streaming 7.x, 10.x

Description

When attempting to connect to the EMS host using the StreamBase EMS adapter, the following error occurs:
  
2017-11-13 08:35:55.967-0500 [Connection Thread for SendEMSMsg] INFO  SendEMSMsg - Status message from server EMS-SERVER: Connecting
2017-11-13 08:36:00.756-0500 [Connection Thread for SendEMSMsg] ERROR c.s.sb.adapter.jms2.JMSServer - JNDI service unavailable. Retrying in 5 seconds...

This can occur even if another client application on the same machine is able to make a secure connection to the JNDI service.
 

Issue/Introduction

How to resolve a "JNDI service unavailable" error

Resolution

Add the following extra property to your EMS server configuration:
  
<extra-property name="com.tibco.tibjms.naming.security_protocol" value="ssl"/>

For example:
  
<jms-server connection-factory-name="SSLConnectionFactory"
                description="Sample EMS server definition (SSL)"
                jndi-initial-context-builder="com.streambase.sb.adapter.jms2.TIBCOEMSJNDIInitialContextBuilder"
                jndi-security-credentials="OJJ9U5Jdnei8LPLFCOMCn29EaGEyCnoAg/qfwBW5aEIrmql7fhGVfWioKHWXDNb1PDuH0gOQYV8iyh7w5JGpGg=="
                jndi-security-principal="MyUserName"
                jndi-security-protocol="ssl"
                name="EMS-SERVER-SSL"
                provider-context-factory="com.tibco.tibjms.naming.TibjmsInitialContextFactory"
                provider-name="TIBCO EMS"
                provider-url="tibjmsnaming://localhost:7222"
                server-num-retries="1000"
                server-reconnect-interval="5">
      <jndi-extra-properties>
        <extra-property name="com.tibco.tibjms.naming.ssl_vendor" value="j2se"/>
        <extra-property name="com.tibco.tibjms.naming.ssl_trusted_certs" value="certFileName1;certFileName2"/>
        <extra-property name="com.tibco.tibjms.naming.ssl_identity" value="fileName"/>
        <extra-property name="com.tibco.tibjms.naming.ssl_password" value="pwdOrFileName"/>
        <extra-property name="com.tibco.tibjms.naming.ssl_key" value="fileName"/>
        <extra-property name="com.tibco.tibjms.naming.ssl_auth_only" value="false"/>
        <extra-property name="com.tibco.tibjms.naming.ssl_enable_verify_host" value="false"/>
        <extra-property name="com.tibco.tibjms.naming.ssl_enable_verify_hostname" value="false"/>
        <extra-property name="com.tibco.tibjms.naming.ssl_expected_hostname" value="hostName"/>
        <extra-property name="com.tibco.tibjms.naming.ssl_trace" value="false"/>
        <extra-property name="com.tibco.tibjms.naming.ssl_debug_trace" value="false"/>
        <extra-property name="com.tibco.tibjms.naming.security_protocol" value="ssl"/>
      </jndi-extra-properties>
      <destinations>
        <destination acknowledge-mode="EXPLICIT_CLIENT_ACKNOWLEDGE" name="queue.AckSampleQueue"/>
        <destination name="queue.SimpleSampleQueue"/>
        <destination is-topic="false" message-to-tuple-converter="com.streambase.sb.adapter.jms2.converters.DefaultFromJMSTextMessageConverter" name="queue.TextMessageQueue1" tuple-to-message-converter="com.streambase.sb.adapter.jms2.converters.DefaultToJMSTextMessageConverter"/>
        <destination is-topic="false" name="queue.TextMessageQueue2"/>
        <destination is-topic="false" name="queue.RequestMessageQueue"/>
        <destination is-temporary-destination="true" is-topic="false" name="queue.ReplyMessageQueue"/>
      </destinations>
    </jms-server>​

Additional Information

Refer to article 000030999 for further guidance on SSL configuration for EMS.
Also refer to article 000033293 for guidance on how to limit the set of available cipher suites for EMS (to enforce TLSv1.2 protocol).
Powered by Wolken Software