Connection issues

This topic describes how to recover your environment if a connection issue occurs.

You may encounter connection issues while using HCL Universal Orchestrator. In this topic you can find the main problems and the related solutions.

Certificate validity issues

This section lists the possible issues that you may encounter while using HCL Universal Orchestrator that are related to the validity of certificates.

Failed connection during calls between microservices in HTTPS

During a microservices call in HTTPS, the connection fails. In this case, check the message logs of the gateway microcroservice.

If the javax.net.ssl.SSLPeerUnverifiedException error is displayed in the message logs, check if you are using a self-signed TLS/SSL certificate and, if so, set the UNO_DISABLE_HOSTNAMEVERIFY parameter to true as follows:

UNO_DISABLE_HOSTNAMEVERIFY=true

Failed connection using MongoDB

While connecting to MongoDB, the connection fails. In this case, check for the validity of your certificate.

If you are using a self-signed TLS/SSL certificate, you must set the QUARKUS_MONGODB_TLS_INSECURE parameter to true as follows:

QUARKUS_MONGODB_TLS_INSECURE=true

Failed connection using Apache Kafka

While connecting to Apache Kafka, the connection fails. In this case, open message logs and check the error. There are two possible errors:

The certificate that you are using is not valid.
Your environment is configured to connect using a user name and a password, and the credentials that you are entering may be either wrong or expired.

Note: By default, HCL Universal Orchestrator accepts self-signed TLS/SSL certificates on Apache Kafka. To secure your connection and accept only trusted certificates, you can set the following parameter:

IDENTIFICATION_ALGO=https

Failed connection using Orchestration CLI

While connecting to Orchestration CLI, the connection fails. There are two possible errors:

The following message appears:
```
x509: cannot validate certificate
```
In this case, check if you are using a self-signed TLS/SSL certificate. If so, you must set the connection.insecure parameter to true as follows:
```
connection.insecure=true
```
A generic error appears. In this case, check if the address is correct and then check if connection parameters as context root and protocol match server configuration.

Agent communication issues

The main connection issue that you may encounter while registering the agent, is the case in which the communication between the agent and agent manager fails and the agent registration cannot complete. In this case, you must check the log messages on the agent and on the agent manager, and check if the connection parameters are correctly set. If parameters are correct, the issue may be related to JWT token validity or security settings. Below you can find possible reasons and solutions:

The JWT token is not valid: If the JWT token that you are using is not valid, it may be incorrect or expired. If your JWT token is expired, you can generate a new token following the procedure described in Authenticating the Orchestration CLI using API Keys topic.
The user is not authorized to register the agent: If the JWT token is correct, but the connection between the agent manager and the agent keeps failing, the reason may be that the REGISTER_AGENT administrative security role is not set for the user who is performing the agent registration. For more information, see Managing Workload Security.