In TrueSight Capacity Optimization (TSCO) the AWS ETL unable to extract from Gov Cloud, "FAILED BCO_ETL_ERR011: ... Reason: com.bmc.bco.aws.exception.AWSConnectionException: Connection phase wasn't completed"

Version 27
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    TrueSight Capacity Optimization


    COMPONENT:

    Capacity Optimization


    APPLIES TO:

    TrueSight Capacity Optimization 11.3.01



    PROBLEM:

    The AWS ETL is failing when attempting to collect data from the AWS GOV cloud with the following errors:

    [2018-11-14 15:17:47] WARNING Error getting list of availability zones for region  us-gov-west-1
    [2018-11-14 15:17:47] INFO Region us-gov-west-1 does not have any availability zones.
    [2018-11-14 15:17:48] FAILED BCO_ETL_ERR011: Detected an abnormal ETL termination. Reason: com.bmc.bco.aws.exception.AWSConnectionException: Connection phase wasn't completed
            at com.bmc.bco.aws.extractor.DMAWSExtractorE.connect(DMAWSExtractorE.java:203)
            at com.neptuny.cpit.etl.Engine.start(Engine.java:129)
            at com.neptuny.cpit.etl.ETLrun.main(ETLrun.java:171)
    Caused by: com.amazonaws.SdkClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleRetryableException(AmazonHttpClient.java:1116)
    <-- cut -->
            at com.bmc.bco.aws.extractor.DMAWSExtractorE.connect(DMAWSExtractorE.java:188)
            ... 2 more
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
            at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)


    The AWS account configuration has been validated as consistent with the product documentation:
      https://docs.bmc.com/docs/display/btco113/Amazon+Web+Services+-+AWS+API+Extractor

    Each of the 'actions' is listed in the policy associated with the AWS account.


    SOLUTION:

     

    == Support for AWS GOV cloud ==

    There is a new AWS ETL setting that needs to be set when the ETL is pointing to an AWS Gov Cloud instance: 
      * In the AWS connection details section, set the parameter   Is target AWS Government Cloud? value to   YES

    If this setting isn't available in your AWS ETL check with Technical Support on the required Cumulative Hot Fix (CHF) level for AWS GOV cloud support.  

    == Debugging ==

    Please find the attached JAR diagnostic tool which will capture additional certificate validation logging information from the environment. 

    Installation Instructions:  
       
    1. Copy the jar to any directory on the TSCO ETL machine.
    2.  
    3. Execute the following commands.     
    4.  
    5. Provide the ssloutput.txt and all-ssloutput.txt output to Technical Support
    These files will be having the additional debug logging which is done by JRE when SSL connections are established. 

    Note : The above debugging methodology does not support a proxy configuration.
      

     


    Article Number:

    000364428


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles