Description:

= = = = = = =

These error messages can be displayed by an EMS server when configured in fault tolerant mode with SSL ports only, for both listen and ft_active parameters and SSL not being configured correctly.

++++++++++++++

2013-08-23 18:31:08.756 Missing heartbeats from primary server 'ssl://localhost:7443'.

2013-08-23 18:31:08.756 Server rereading configuration.

2013-08-23 18:31:08.763 Recovering state, please wait.

2013-08-23 18:31:08.764 ERROR: Unable to open store file 'C:\EMS_Installations\FT_Paired\SSL_FT_630\datastore\async-msgs.db', file may be locked.

2013-08-23 18:31:08.766 ERROR: Unable to open store file 'C:\EMS_Installations\FT_Paired\SSL_FT_630\datastore\sync-msgs.db', file may be locked.

2013-08-23 18:31:08.767 ERROR: Unable to open store file 'C:\EMS_Installations\FT_Paired\SSL_FT_630\datastore\meta.db', file may be locked.

2013-08-23 18:31:08.767 ERROR: Server failed to recover state.

++++++++++++++

You can reproduce these errors with the following:

1.)       Configure the EMS servers A  and B in FT mode with SSL ports. Do not configure any TCP port either for listening or for ft_active.

2. )      Any of the two FT main configuration files has  the following entries for FT parameters:

ft_ssl_identity    =D:\TIBCO\ems\6.0\samples\certs\server.cert.pem

ft_ssl_issuer      =D:\TIBCO\ems\6.0\samples\certs\server_root.cert.pem

ft_ssl_private_key =D:\TIBCO\ems\6.0\samples\certs\server.key.pem

ft_ssl_password    =password

ft_ssl_trusted     =D:\TIBCO\ems\6.0\samples\certs\client_root.cert.pem

3).  Start server A followed by server B.  You will see the ERROR messages in the server B log file or console at startup,  repeated every "ft_activation" interval.

Cause:

= = = = =

When starting server A, the presence of an "ft_active" URL causes it to attempt to connect to the FT peer at this address.  Since server B is not yet started, server A will act as the active sever. In doing so, it recovers the state and locks the store files. When server B is started, it too will try to connect to the provided "ft_active" URL (server A address). Because of the FT SSL misconfiguration, the FT connection can not be established. Because of this failure, it then tries to assume the role of active server. 

Since the active server is locking the store files, the recovery process fails and the error "file may be locked" is printed. Since it can not become active, this server goes back to standby mode and will try to activate again when the "ft_activation" interval elapses (default is 10 seconds if not specified). 

Resolution:

= = = = = = =

Amend the FT SSL configuration.

When an EMS Server uses SSL to connect to an FT peer or a Routed server, it acts as a client to the EMS Server peer. For that reason, the "ft_ssl_" parameters need to reference the client side certificates and keys, not the server side (these are defined in the "ssl_" parameters). With the samples certificates provided with TIBCO Enterprise Message Service, this is how you should set the "ft_ssl_" parameters:

ft_ssl_identity    =D:\TIBCO\ems\6.0\samples\certs\client.cert.pem

ft_ssl_issuer      =D:\TIBCO\ems\6.0\samples\certs\client_root.cert.pem

ft_ssl_private_key =D:\TIBCO\ems\6.0\samples\certs\client.key.pem

ft_ssl_password    =password

ft_ssl_trusted     =D:\TIBCO\ems\6.0\samples\certs\server_root.cert.pem