Server

Why does my File RTP Service take several seconds to pick up a file?

BridgeGate uses a configurable polling setting in the BridgeGate.xml to control how often the File RTP service will poll.  The default value is 20 seconds.  To modify the default value, go to the BridgeGate.xml and change the following element:

<FILE WATCHER_SVC_RATE=”20000″/>

After upgrading Java I can’t connect to https that use SHA1

Oracle’s latest java updates won’t let you connect to https sites whose certificates use SHA1.  The fix is to modify the file called:
java_home/jre/lib/security/java.security
Edit the line:
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
to
jdk.certpath.disabledAlgorithms=MD2, MD5, \
i.e: Remove the part: “SHA1 jdkCA & usage TLSServer, “:

How do you Import a P12 (i.e.: PKCS12) Certificate Chain into a BridgeGate Java KeyStore (JKS)

*******************************************

Importing a P12 (i.e.: PKCS12) Certificate Chain into a BridgeGate Java KeyStore (JKS)

*******************************************

Keytool path:   C:\bridgegate\java\bin\keytool.exe

Openssl path:   C:\bridgegate\utils\openssl\openssl.exe

P12 Certificate Chain:  C:\data\cert\Bridgegate_HUBCertificates.p12

BG Staging JSK KeyStore:        C:\data\cert\bridgegate.jks

 

*** Note:  The Alias used in the JKS does not need to match the Common Name (CN) of the Client System Key.  The more important thing is that the BridgeGate Java KeyStore (JKS) does not contain duplicate aliases.  ***

 

1) List and verify P12 Certificate Chain contents:

c:\bridgegate\java\bin>keytool -v -list -storetype pkcs12 -keystore C:\data\cert\Bridgegate_HUBCertificates.p12

Enter keystore password:

 

*****************  WARNING WARNING WARNING  *****************

* The integrity of the information stored in your keystore  *

* has NOT been verified!  In order to verify its integrity, *

* you must provide your keystore password.                  *

*****************  WARNING WARNING WARNING  *****************

Keystore type: PKCS12

Keystore provider: SunJSSE

Your keystore contains 1 entry

Alias name: Bridgegate_HUB

Creation date: Jul 11, 2014

Entry type: SecretKeyEntry

 

2) IF the P12 Certificate Chain file is not password locked, you will need to recreate is with a password:

*** Export you current certificate to a password less pem type.  Note:  Leave the ‘Import Password’ field empty in this step.

c:\bridgegate\utils\openssl>openssl pkcs12 -in C:\data\cert\Bridgegate_HUBCertificates.p12 -out C:\data\cert\export.tmp.pem -nodes

Enter Import Password:

MAC verified OK

*** Convert the password less pem to a new pfx file with password:

C:\bridgegate\utils\openssl>openssl pkcs12 -export -in C:\data\cert\export.tmp.pem -out C:\data\cert\Bridgegate_HUBCertificates.locked.p12 -name “Bridgegate_HUB”

Loading ‘screen’ into random state – done

Enter Export Password:

Verifying – Enter Export Password:

 

3) Confirm Alias name is new password locked P12 Certificate Chain.  Step 2 creates alias based on -name argument, if this is left out, the alias name can be “1”.

*** Confirm Chain length of 3 and the Owner/Issuer of each Certificate are in the proper order.  ****

c:\bridgegate\java\bin>keytool -v -list -storetype pkcs12 -keystore C:\data\cert\Bridgegate_HUBCertificates.locked.p12

Enter keystore password: ******

Keystore type: PKCS12

Keystore provider: SunJSSE

Your keystore contains 1 entry

Alias name: bridgegate_hub

Creation date: Jul 14, 2014

Entry type: PrivateKeyEntry

Certificate chain length: 3

Certificate[1]:

Owner: CN=Bridgegate_HUB ClientSystem, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

Issuer: CN=uat CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

.

Certificate[2]:

Owner: CN=uat CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

Issuer: CN=ICA Root CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

.

Certificate[3]:

Owner: CN=ICA Root CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

Issuer: CN=ICA Root CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

 

4) Import the P12 Certificate Chain into your BridgeGate Java KeyStore (JKS).

**** Note: You can alter the Alias name with the -alias and -destalias arguments. ****

c:\bridgegate\java\bin>keytool -importkeystore -destkeystore C:\data\cert\bridgegate.jks -srckeystore C:\data\cert\Bridgegate_HUBCertificates.locked.p12-srcstoretype PKCS12

Enter destination keystore password:

Enter source keystore password:

Entry for alias Bridgegate_HUB successfully imported.

Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

 

5) Verify the JKS contains the new Certificate under the correct Alias.

*** WARNING: This password field is displayed on screen as clear text!  ***

c:\bridgegate\java\bin>keytool -v -list -storetype jks -keystore C:\data\cert\bridgegate.jks > c:\data\cert\out.txt

Enter keystore password:  *********

 

Where is the location for SQL statements that failed to commit?

While BridgeGate is logging transaction/workflow details to the database, if it experiences issues saving a SQL statement to the database the statements are saved in the following location and will be automatically retried every 20 minutes.

/bridgegate/server/sqlqueue.history

 

How do I configure a BridgeGate Cluster to use the Hazelcast TCP option?

Using Hazelcast.xml for TCP-IP configuration: Set the CONFIG_FILE attribute value to the hazelcast.xml file.

                <hazelcast xsi:schemaLocation="http://www.hazelcast.com/schema/config hazelcast-config-3.6.xsd"
                        xmlns="http://www.hazelcast.com/schema/config"
                        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                    <network>
                        <port auto-increment="true">5701</port>
                        <join>
                            <multicast enabled="false"></multicast>
                            <tcp-ip enabled="true">
                                <interface>10.91.36.16</interface>
                                <interface>10.91.36.11</interface>
                            </tcp-ip>
                        </join>
                    </network>
                </hazelcast>

            

Multicast configuration for clustering auto-discovery is defined as:

                <multicast enabled="true">
                    <multicast-group>224.2.2.3</multicast-group>
                    <multicast-port>54327</multicast-port>
                </multicast>
            

To Turn on logging for BridgeGate clustering, this can be done from the Server Management Page and Server Log Tab inside it, from the BridgeGate portal. Alternately, edit the file conf/log4j.xml file in the BridgeGate Home. Locate the element category with attribute name com.hazelcast. The priority value can be changed from OFF to INFO or DEBUG.

                                <category name="com.hazelcast">
                                   <priority value="OFF"/>
                                   <appender-ref ref="HAZELCAST" />
                                </category>

 

SSL Configuration – Add or Update new Certificate

BridgeGate uses the Tomcat web server for SSL.   A good resource can be found below

https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

Unexpected change in IP for PASV FTP host

Note you can get a change in IP for PASV FTP Host if your port range has been limited.

When using PASV FTP you need to provide a large enough port range to accommodate the max concurrent usage.   Some Operating systems like Windows are slow to release unused ports that will cause the range to be exhausted causing the system to change internal IP address to create a new port range.

How do I enable logging for Hazelcast

To Turn on logging of Bridgegate clustering you need to enable Hazelcast logging.  First verify the bridgegate\bin\bg_service.conf contains the following -D options

wrapper.java.additional.26=-Dhazelcast.logging.type=slf4j

You then can enable it from the Server Management Page and Server Log Tab inside it, from the bridgegate portal. Alternately, edit the file conf/log4j.xml file in the Bridgegate Home. Locate the element category with attribute name com.hazelcast. The priority value can be changed from OFF to INFO or DEBUG.

<category name="com.hazelcast"> 
<priority value="OFF"/> 
<appender-ref ref="HAZELCAST" /> 
</category>

How do I configure the data archive and system schedules

Effective BridgeGate Version 8.0.6, System Schedules will no longer be administered via the BridgeGate.xml. The System Schedules are now maintained via the Portal on the Administration>Server Management->BridgeGate System Schedules tab.

How do I resolve the error Partnership not found on my BridgeGate AS2 Server

When I created a my Predefined Connection for my AS2 Server I get the following exception when I send a AS2 Message to the server.

02/06/17 13:53:11 DBPartnershipFactory: Partnership COMPARE searchValue[MYEDI] against partnerValue[MYEDIAS2] (case-insensitive))
com.oidev.as2.partner.PartnershipNotFoundException: Partnership not found: Partnership null Sender IDs = {as2_id=MYEDI} Receiver IDs = {as2_id=MYEDIAS2} Attributes = {}
                at com.oidev.as2.partner.BasePartnershipFactory.getPartnership(BasePartnershipFactory.java:28)
                at com.oidev.as2.partner.BasePartnershipFactory.updatePartnership(BasePartnershipFactory.java:48)

 

When configuring the AS2 Server make sure that if you are changing the name of the AS2 Identifier from the default it is also updated in the bridgegate.xml.   Note the AS2 Server has a single AS2 Identifier per server.  So naming it correctly the first time is important. You need to updated the bridgegate.xml  AS2_SERVER section to match (See below)       The default is “BridgeGateAS2”   Whatever you put in the bridgegate.xml must match the PDC created for the AS2 server.  More information can be found in the AS2 Installation

 

How do you configure apache to act like a proxy for BridgeGate

For example:  If your bridgegate server is running on port 8081 and you want the external URL to be     http://dev.bridgegatehealth.com     You can create a Virtual Host in apache to act as a proxy

<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass        “/” “http:// YOUR_INTERNAL_IP:8081/”
ProxyPassReverse “/” “http://YOUR_INTERNAL_IP:8081/”
ServerName dev.bridgegatehealth.com
</VirtualHost>

Many more options and details can be found on the httpd.apache.org website.

BridgeGate Server will not start after upgrade

I applied the latest Service Pack and now my BridgeGate server will not start.  The server log is showing the following exceptions:

org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from ServletContext resource [/WEB-INF/applicationContext.xml]; nested exception is java.io.FileNotFoundException: Could not open ServletContext resource [/WEB-INF/applicationContext.xml]

[org.springframework.web.context.support.XmlWebApplicationContext] Exception thrown from ApplicationListener handling ContextClosedEvent
java.lang.IllegalStateException: ApplicationEventMulticaster not initialized – call ‘refresh’ before multicasting events via the context: Root WebApplicationContext: startup date [Tue Dec 20 11:34:21 MST 2016]; root of context hierarchy

 

Solution:   Something caused the Service Pack to not fully unzip.   Delete the contents of the

\bridgegate\server\webapps\ROOT folder and the ROOT.war  and manually unzip the service pack.

Start the BridgeGate server.   This should resolve your issues.

How do I change the default protocol to TLSV 1.2

The default protocol can be changed by adding the following like to the bg_service.conf  service file located under  /bridgegate/bin directory

wrapper.java.additional.40=-Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1

How do I limit the number of archive files

This is the root to the data archive backup directory.  When this archive schedule runs, it will take all data from the data_archive, older than the DATA_RETENTION_TIME as configured in your bridgegate.xml file, and zip it up and place it in the \bridgegate\data_history folder location.

 It is not configurable but you can delete these if you want. That just means that you will be unable to get back to older data_archive files if you ever had to.

 Server documentation

How do I install Cryptography Extensions

I was able to make the connection by installing the Java Cryptography Extensions (JCE) Unlimited Strength Jurisdiction Policy files.  

These files are not included in the standard Java deployments to comply with US export rules.  However, they can be downloaded from the Oracle site at the following URL: 

http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#jce_policy-6-oth-JPR

The zip file downloaded will contain two .jar files (local_policy.jar and US_export_policy.jar).  These files must be copied to the BridgeGate installations.   

Workbench: 

  C:\bgworkbench\java\jre\lib\security

Server: 

  C:\bridgegate\java\jre\lib\security

(Replace C: with the install drive for the software)

There should be files with the same names already in those directories — just overwrite the files that are there.  The server/workbench will have to be stopped to replace the files. 

If you have any questions, feel free to call me at (904)739-0300 x221. I will be happy to guide you through the steps. 

How do I increase the number of concurrent HTTP Transactions

The answer is that there are several options, each with their own trade-offs. Let me explain the best options to you, and you can choose the best one for your environment. 

I.  Increase maxThreads

The server.xml is configured such that the HTTP connector on port 8080 has a setting maxThreads=”300″.  However, the AJP 1.3 connector, which is the connector from httpd (mod_jk), is configured with the default thread count.  Increasing this thread count will increase the number of transactions actually running in parallel at any given time, but it may cause additional memory to be used. 

Note that the memory size reported in either Task Manager or BridgeGate is not necessarily indicative of the actual amount of memory being used at any given time. This is due to the generational memory management of the Java Virtual Machine. Basically, the JVM may be holding onto 3.6GB of memory, but may be using only a small fraction of that at any given time. The only way to really be sure how much memory is being used is by attaching a profiling application, such as jvisualvm, jstat, or any of a number of other profilers. 

The bottom line is that this setting will increase concurrent processing, but may use additional memory to do so. 

II. Increase backlog

The other option is increasing the size of the “backlog” setting on the AJP connector. This setting is analogous to the “acceptCount” setting on the HTTP connector (see http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html). When all threads are in use, the system will stil accept up to this count of connections, which will wait for free threads to process. 

Increasing this setting would keep the connections from being refused, but each additional connection sitting in the queue will wait for processing. Depending on how long they wait, the time to process may be longer than your SLA will allow.  

Can BridgeGate access DB2 tables on an AS400

Yes as long as you can access the DB via JDBC or ODBC

I’m getting a Socket error (No buffer space available)

We saw lots of ephemeral sockets being created and destroyed, which overwhelmed Windows.  We were able to get rid of these errors by increasing the number of sockets available and decreasing the time they are in a TIME_WAIT state.  We did that by adding some keys to the registry: 

Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters, add the following keys: 

TcpTimedWaitDelay: 30 (Decimal)

MaxUserPort: 8FFF (Hexadecimal)

This increases the number of available connections from 16K to 32K, and ensures that connections are only in a TIME_WAIT state for 30 seconds, rather than the default of 120 seconds.  

However, looking at the netstat command, I see 11,000 connections in the ESTABLISHED state connecting to DllHost.  Since you run all the connections sequentially, you probably also want to lower the size of your MSMQ connection pool.  In your bridgegate.xml, you should have the following entry: 

<MSMQ_POOL MIN_SIZE=”2″ MAX_SIZE=”4″ />

You may need to experiment with the min and max values for maximum throughput.  The defaults are 5 and 20, but there are many sockets opened per connection. 

How do I change the timeout for FTP

FTP over SSH timeout is set using the following.

Go to the BridgeGate.xml and add the following TIMEOUT element to the existing FTP_CONFIG elements.

FTP_SSH_CONFIG TIMEOUT=”60000”
FTP_CONFIG TIMEOUT=”60000”

How do I set the Session Timeout in BridgeGate

In BridgeGate Version 7 and 8, you can alter the file server/conf/web.xml: 

<!-- ==================== Default Session Configuration ================= -->
<!-- You can set the default session timeout (in minutes) for all newly   -->
<!-- created sessions by modifying the value below.                       -->
  <session-config>
      <session-timeout>30</session-timeout>
  </session-config>

The same setting exists in 6.0, but the file is jboss/server/bridgegate/system/jbossweb-tomcat55.sar/conf/web.xml

View full Server Config docs

How do I disable SSL3 in BridgeGate

Disabling SSL3 in BridgeGate  should be pretty straightforward.  The server/conf/server.xml file contains a block that describes the SSL port configuration. Specifically, there is a setting that indicates the protocol, which by default reads sslProtocol=”TLS”.  Apparently, this is not entirely true,because it will roll back to SSL3.  

To get around this, you must specify the enabled protocols.  You can set this using the sslEnabledProtocols setting in that block, as shown in this configuration:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false"
           sslProtocols = "TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
           keystoreFile="C:/certificates/keystore.jks"
           keystorePass="P@55w0rD"  />

This is slightly different in BridgeGate 6.  The sslEnabledProtocols configuration was added in Tomcat 7, but there is an undocumented similar setting for BG6.  In the jboss/server/bridgegate/system/jbossweb-tomcat55.sar/server.xml file, add the protocols option as in the following:

<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector port="8443" address="${jboss.bind.address}"
     maxThreads="300" strategy="ms" maxHttpHeaderSize="8192"
     emptySessionPath="true"
     scheme="https" secure="true" clientAuth="false" 
     keystoreFile="keystore.jks"
     keystorePass="password" sslProtocol = "TLS" protocols="TLSv1,TLSv1.1"/>

If you have openssl installed on your system, you can verify SSL3 is disabled by running the following: 

openssl s_client -ssl3 -connect  <host>:8443

While the following should work:

openssl s_client -tls1 -connect <host>:8443

Does BridgeGate support external transactions with MSMQ

We support transactional MSMQ, just not *external* transactions.  

There are two types of transactions with MSMQ.  There is a specific MSMQ transaction service, which we support.  Commit/Rollback is executed through a workflow Action item.  Microsoft also has a method of integrating with external transactions, which can tie the MSMQ transaction in with another transaction (such as SQL Server).  This uses something called DTC (Distributed Transaction Controller, I believe), and this is what we do not currently support.  

Given that the MSMQ access through our product is done through our project, I’m not sure how it would be triggering a DTC transaction, so this requires some additional investigation into the error. 

My urlrewrite is not working with the executeworkflow

Modify the urlrewrite.xml located at \bridgegate\conf to have the rule.  Note make sure ampersands (“&”) properly encoded, as follows:

     <rule>
          <from>/report-856$</from>
          <to type="forward">/portal/executeworkflow?accountName=hsn&amp;wfGroupName=adhoc&amp;wfName=856trans_from_today</to>
    </rule>

 

How do I turn on debugging for SSL

Add the following to the bg_service.conf located in the \bridgegate\conf directory and restart the server.  Prepare yourself for lots of logging.

-Djavax.net.debug=all

How do I manually install a Service Pack on Linux servers

Stage the Service Pack file to: /bridgegate/servicepack

(Note:   Change ownership of file if BG not running as root)        

> chown bgate:bgate /bridgegate/servicepack/bridgegateSP_8.0.XXXXXX.zip

Execute the following commands as root:

> ls /bridgegate/servicepack

> service bridgegate stop

> ls -l /bridgegate/server/webapps

> rm /bridgegate/server/webapps/ROOT.war

> rm -r /bridgegate/server/webapps/ROOT/

> rm /bridgegate/server/webapps/update.war

> rm -r /bridgegate/server/webapps/update/

> unzip -o /bridgegate/servicepack/bridgegateSP_7.0.XXXXXX.zip -d /

> service bridgegate start

How do I turn on logging for the BridgeGate NT Service

Add the following in the bg_service.conf file:

# Log Level for log file output.  (See docs for log levels)

wrapper.logfile.loglevel=DEBUG

wrapper.debug=true

This should output tons of info to the BridgeGateWrapper.log file.  Don’t leave it like this for long.

How do I use email to send a SMS message

In BridgeGate just create a SendData with the email adapter and use the following table for the cell carrier. 

http://www.emailtextmessages.com/

 

US & Canadian Carriers

 

 

 

3 River Wireless

10digitphonenumber@sms.3rivers.net

 

ACS Wireless

10digitphonenumber@paging.acswireless.com

 

Alltel

10digitphonenumber@message.alltel.com

 

AT&T

10digitphonenumber@txt.att.net

 

Bell Canada

10digitphonenumber@txt.bellmobility.ca

 

Bell Canada

10digitphonenumber@bellmobility.ca

 

Bell Mobility (Canada)

10digitphonenumber@txt.bell.ca

 

Bell Mobility

10digitphonenumber@txt.bellmobility.ca

 

Blue Sky Frog

10digitphonenumber@blueskyfrog.com

 

Bluegrass Cellular

10digitphonenumber@sms.bluecell.com

 

Boost Mobile

10digitphonenumber@myboostmobile.com

 

BPL Mobile

10digitphonenumber@bplmobile.com

 

Carolina West Wireless

10digit10digitnumber@cwwsms.com

 

Cellular One

10digitphonenumber@mobile.celloneusa.com

 

Cellular South

10digitphonenumber@csouth1.com

 

Centennial Wireless

10digitphonenumber@cwemail.com

 

CenturyTel

10digitphonenumber@messaging.centurytel.net

 

Cingular (Now AT&T)

10digitphonenumber@txt.att.net

 

Clearnet

10digitphonenumber@msg.clearnet.com

 

Comcast

10digitphonenumber@comcastpcs.textmsg.com

 

Corr Wireless Communications

10digitphonenumber@corrwireless.net

 

Dobson

10digitphonenumber@mobile.dobson.net

 

Edge Wireless

10digitphonenumber@sms.edgewireless.com

 

Fido

10digitphonenumber@fido.ca

 

Golden Telecom

10digitphonenumber@sms.goldentele.com

 

Helio

10digitphonenumber@messaging.sprintpcs.com

 

Houston Cellular

10digitphonenumber@text.houstoncellular.net

 

Idea Cellular

10digitphonenumber@ideacellular.net

 

Illinois Valley Cellular

10digitphonenumber@ivctext.com

 

Inland Cellular Telephone

10digitphonenumber@inlandlink.com

 

MCI

10digitphonenumber@pagemci.com

 

Metrocall

10digitpagernumber@page.metrocall.com

 

Metrocall 2-way

10digitpagernumber@my2way.com

 

Metro PCS

10digitphonenumber@mymetropcs.com

 

Microcell

10digitphonenumber@fido.ca

 

Midwest Wireless

10digitphonenumber@clearlydigital.com

 

Mobilcomm

10digitphonenumber@mobilecomm.net

 

MTS

10digitphonenumber@text.mtsmobility.com

 

Nextel

10digitphonenumber@messaging.nextel.com

 

OnlineBeep

10digitphonenumber@onlinebeep.net

 

PCS One

10digitphonenumber@pcsone.net

 

President’s Choice

10digitphonenumber@txt.bell.ca

 

Public Service Cellular

10digitphonenumber@sms.pscel.com

 

Qwest

10digitphonenumber@qwestmp.com

 

Rogers AT&T Wireless

10digitphonenumber@pcs.rogers.com

 

Rogers Canada

10digitphonenumber@pcs.rogers.com

 

Satellink

10digitpagernumber.pageme@satellink.net

 

Southwestern Bell

10digitphonenumber@email.swbw.com

 

Sprint

10digitphonenumber@messaging.sprintpcs.com

 

Sumcom

10digitphonenumber@tms.suncom.com

 

Surewest Communicaitons

10digitphonenumber@mobile.surewest.com

 

T-Mobile

10digitphonenumber@tmomail.net

 

Telus

10digitphonenumber@msg.telus.com

 

Tracfone

10digitphonenumber@txt.att.net

 

Triton

10digitphonenumber@tms.suncom.com

 

Unicel

10digitphonenumber@utext.com

 

US Cellular

10digitphonenumber@email.uscc.net

 

Solo Mobile

10digitphonenumber@txt.bell.ca

 

Sprint

10digitphonenumber@messaging.sprintpcs.com

 

Sumcom

10digitphonenumber@tms.suncom.com

 

Surewest Communicaitons

10digitphonenumber@mobile.surewest.com

 

T-Mobile

10digitphonenumber@tmomail.net

 

Telus

10digitphonenumber@msg.telus.com

 

Triton

10digitphonenumber@tms.suncom.com

 

Unicel

10digitphonenumber@utext.com

 

US Cellular

10digitphonenumber@email.uscc.net

 

US West

10digitphonenumber@uswestdatamail.com

 

Verizon

10digitphonenumber@vtext.com

 

Virgin Mobile

10digitphonenumber@vmobl.com

 

Virgin Mobile Canada

10digitphonenumber@vmobile.ca

 

West Central Wireless

10digitphonenumber@sms.wcc.net

 

Western Wireless

10digitphonenumber@cellularonewest.com

 

How do I Resync broken MySQL Master-Master Replication

Below is a way to fix an out of sync instance of MySQL Master-Master Replication.

This way does not require restarting the MySQL services on either instance and requires no file deleting.

The steps will also work with a MySQL Master-Slave replication setup.

The key change is the –master-data attribute in the mysqldump command from the master database.

 https://dev.mysql.com/doc/refman/5.6/en/mysqldump.html#option_mysqldump_master-data

 “Use this option to dump a master replication server to produce a dump file that can be used to set up another server as a slave of the master. It causes the dump output to include a CHANGE MASTER TO statement that indicates the binary log coordinates (file name and position) of the dumped server. These are the master server coordinates from which the slave should start replicating after you load the dump file into the slave.”

 ________________________________________

——————-

MySQL Master-Master Replication is broken.

Note: Replace the following values.

 

Good Server IP:                192.168.10.11

Bad  Server IP:   192.168.10.22

Good Server NAME:       GOODHOST

Bad  Server NAME:          BADHOST

MySQL UserName: MySQLUSERNAME

MySQL Password: MySQLPASWORD

 

Note: All of these commands can be run from the ‘Good Server’, if you open two separate Command Prompts.

Note: If you run the ‘show slave status\G’ command too soon, you may not get the expected result.  Re-run the command again to verify.

Note: Most of the time will be spent during importing the mysqldump in step 3.

——————-

 

1. On Both Servers

STOP BridgeGate service on both systems.

Disable BridgeGate service to prevent auto-restarting.

 

2. On the Good Server

Open a Command Prompt.

Note: If extra databases are being replicated, add them to the list: “–databases bridgegate bd1 bd2 bd3”

Note: Do not include the following databases: mysql information_schema, and performance_schema

————

e:

cd bridgegate\mysql\bin

mysql -h 192.168.10.11 -u MySQLUSERNAME -p

MySQLPASWORD

show databases;

exit;

mysqldump -h 192.168.10.11 -u MySQLUSERNAME -p –add-drop-table –quick –master-data –databases bridgegate  > e:\bridgegate\bg.all.sql

MySQLPASWORD

————

 

 

3. On the Rebuilding Server

Note: Open a Command Prompt.

Note: Expected output of ‘slave status’ is “Slave_IO_State: Waiting for master to send event”

————

e:

cd bridgegate\mysql\bin

mysql -h 192.168.10.22 -u MySQLUSERNAME -p

MySQLPASWORD

stop slave;

exit;

mysql -h 192.168.10.22 -u MySQLUSERNAME -p bridgegate < e:\bridgegate\bg.all.sql

MySQLPASWORD

mysql -h 192.168.10.22 -u MySQLUSERNAME -p

MySQLPASWORD

start slave;

show slave status\G

flush tables with read lock;

show master status;

————

 

 

 

4. On the Good Server

Note: Set the slave here to be in synch with Rebuilding Server. Use the file name and log position from the previous step.

Note: Expected output of ‘slave status’ is “Slave_IO_State: Waiting for master to send event”

————

mysql -h 192.168.10.11 -u MySQLUSERNAME -p

MySQLPASWORD

stop slave;

change master to master_log_file=’BADHOST-bin.??????????’, master_log_pos=???????????;

start slave;

show slave status\G

————

 

 

5. On Both Servers

Enable BridgeGate service.

Start BridgeGate service on both systems.

Execute transactions on either server to test replication of database.

Also, test for Active=True/False and Loadbalancing settings at this time.

Note: Expected output of ‘slave status’ is “Slave_IO_State: Waiting for master to send event”

After both servers are up and running, check the ‘slave status’ of both MySQL servers.

————

show slave status\G

————

How do I use BridgeGate HTTP on demand

I was thinking it would be cool to use BridgeGate as a reporting tool.  To do that I would need to have the workflow executed on Demand with a URL which I know can be done?

The other think I didn’t know is if a variable could be entered as part of the url or could be promoted. 

 I.E.  A report that would be configured to run by different catalog code and the user would provide the code.

— Answer —

The easiest way would be setting up a WF with the BridgeGateHTTP Adapter with ‘Enable Workflow to be Executed as a Service’.

Create New In-Values with the ‘Add to Workflow Session’ selected to receive the values you want to receive into the Workflow.

The URL Preview will add the new URL parameter for use.

http://[SERVER_URL]/portal/executeworkflow?accountName=samples&wfGroupName=sample1&wfName=test_wf&catalog_code=[SESSION_VALUE]

http://localhost:8080/portal/executeworkflow?accountName=samples&wfGroupName=sample1&wfName=test_wf&catalog_code=123456

image002

How do I import a P12 (i.e.: PKCS12) Certificate Chain into a BridgeGate Java KeyStore (JKS)

*******************************************

Importing a P12 (i.e.: PKCS12) Certificate Chain into a BridgeGate Java KeyStore (JKS)

*******************************************

Keytool path: C:\bridgegate\java\bin\keytool.exe

Openssl path: C:\bridgegate\utils\openssl\openssl.exe

P12 Certificate Chain: C:\data\cert\Bridgegate_HUBCertificates.p12  (Replace BridgeGate_HUBCertificates with your file)

BG Staging JSK KeyStore: C:\data\cert\bridgegate.jks

*** Note:  The Alias used in the JKS does not need to match the Common Name (CN) of the Client System Key.  The more important thing is that the BridgeGate Java KeyStore (JKS) does not contain duplicate aliases.  ***

1) List and verify P12 Certificate Chain contents:

c:\bridgegate\java\bin>keytool -v -list -storetype pkcs12 -keystore C:\data\cert\Bridgegate_HUBCertificates.p12

Enter keystore password:

*****************  WARNING WARNING WARNING  *****************

* The integrity of the information stored in your keystore  *

* has NOT been verified!  In order to verify its integrity, *

* you must provide your keystore password.                  *

*****************  WARNING WARNING WARNING  *****************

Keystore type: PKCS12

Keystore provider: SunJSSE

Your keystore contains 1 entry

Alias name: Bridgegate_HUB

Creation date: Jul 11, 2014

Entry type: SecretKeyEntry

2) IF the P12 Certificate Chain file is not password locked, you will need to recreate is with a password:

*** Export you current certificate to a password less pem type.  Note:  Leave the ‘Import Password’ field empty in this step.

c:\bridgegate\utils\openssl>openssl pkcs12 -in C:\data\cert\Bridgegate_HUBCertificates.p12 -out C:\data\cert\export.tmp.pem -nodes

Enter Import Password:

MAC verified OK

*** Convert the password less pem to a new pfx file with password:

c:\bridgegate\utils\openssl>openssl pkcs12 -export -in C:\data\cert\export.tmp.pem -out C:\data\cert\Bridgegate_HUBCertificates.locked.p12 -name “Bridgegate_HUB”

Loading ‘screen’ into random state – done

Enter Export Password:

Verifying – Enter Export Password:

3) Confirm Alias name is new password locked P12 Certificate Chain.  Step 2 creates alias based on -name argument, if this is left out, the alias name can be “1”.

*** Confirm Chain length of 3 and the Owner/Issuer of each Certificate are in the proper order.  ****

c:\bridgegate\java\bin>keytool -v -list -storetype pkcs12 -keystore C:\data\cert\Bridgegate_HUBCertificates.locked.p12

Enter keystore password: ******

Keystore type: PKCS12

Keystore provider: SunJSSE

Your keystore contains 1 entry

Alias name: bridgegate_hub

Creation date: Jul 14, 2014

Entry type: PrivateKeyEntry

Certificate chain length: 3

Certificate[1]:

Owner: CN=Bridgegate_HUB ClientSystem, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

Issuer: CN=uat CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

.

.

.

Certificate[2]:

Owner: CN=uat CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

Issuer: CN=ICA Root CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

.

.

.

Certificate[3]:

Owner: CN=ICA Root CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

Issuer: CN=ICA Root CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

4) Import the P12 Certificate Chain into your BridgeGate Java KeyStore (JKS).

**** Note: You can alter the Alias name with the -alias and -destalias arguments. ****

c:\bridgegate\java\bin>keytool -importkeystore -destkeystore C:\data\cert\bridgegate.jks -srckeystore C:\data\cert\Bridgegate_HUBCertificates.locked.p12-srcstoretype PKCS12

Enter destination keystore password:

Enter source keystore password:

Entry for alias Bridgegate_HUB successfully imported.

Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

5) Verify the JKS contains the new Certificate under the correct Alias.

*** WARNING: This password field is displayed on screen as clear text!  ***

c:\bridgegate\java\bin>keytool -v -list -storetype jks -keystore C:\data\cert\bridgegate.jks > c:\data\cert\out.txt

Enter keystore password:  *********

How do I import a PEM formatted Certificate Chain into a BridgeGate KeyStore

*******************************************

Importing a PEM formatted Certificate Chain into a BridgeGate Java KeyStore (JKS)

*******************************************

Keytool path: C:\bridgegate\java\bin\keytool.exe

Openssl path: C:\bridgegate\utils\openssl\openssl.exe

Cert working location: C:\cert\

PEM Files:

Root CA Certificate: RootCACertificate.pem

Modality (intermediate) CA Certificate: prodCertificate

Client System Certificate: Bridgegate_HUB.pem   (Replace Bridgegate_HUB with your pem file)

Client System Key: Bridgegate_HUB.key  (Replace Bridgegate_HUB with your key file)

*** Note:  The Alias used in the JKS does not need to match the Common Name (CN) of the Client System Key.  The more important thing is that the BridgeGate Java KeyStore (JKS) does not contain duplicate aliases.  ***

1) Obtain the following PEM files.

– Root CA Certificate

– Modality (intermediate) CA Certificate

– Client System Certificate

– Client System Key (PK)

2) Get the Common Name (CN) for the Client System Key.

c:\bridgegate\utils\openssl>openssl x509 -in c:\cert\Bridgegate_HUB.pem -signkey C:\cert\Bridgegate_HUB.key -noout -issuer

Loading ‘screen’ into random state – done

Getting Private key

issuer= /C=US/ST=TN/L=Nashville/O=ICA/OU=IT/CN=Bridgegate_HUB ClientSystem

3)  Create a P12 Certificate Chain file.

Each of the Certificate files is a text file. Create a blank file named chain.tmp and copy-and-paste the following order: ‘Root CA Cert’, ‘Modality (intermediate) CA Certificate’ and ‘Client System Cert’ into one file.  Replace the CN from step 2 in the -name argument below.  Be sure to create a password at the ‘Export Password’ prompt.  A password is required for the keytool in a following step.

c:\bridgegate\utils\openssl>openssl pkcs12 -export -in C:\cert\chain.tmp -inkey C:\cert\Bridgegate_HUB.key -out C:\cert\Bridgegate_HUBCertificates.chain.p12 -name “Bridgegate_HUB”

Loading ‘screen’ into random state – done

Enter Export Password: ***********

Verifying – Enter Export Password: ***********

4)  Verify the contents of the new P12 Certificate Chain file.  Step 3 creates alias based on -name argument, if this is left out, the alias name will be something like”1″.

*** Confirm Chain length of 3 and the Owner/Issuer of each Certificate are in the propper order.  ****

c:\bridgegate\java\bin>keytool -v -list -storetype pkcs12 -keystore C:\cert\Bridgegate_HUBCertificates.chain.p12

Enter keystore password: ***********

.

.

.

.

Alias name: Bridgegate_HUB

Creation date: Jul 11, 2014

Entry type: PrivateKeyEntry

Certificate chain length: 3

Certificate[1]:

Owner: CN=Bridgegate_HUB ClientSystem, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

Issuer: CN=uat CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

.

.

.

.

Certificate[2]:

Owner: CN=uat CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

Issuer: CN=ICA Root CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

.

.

.

.

Certificate[3]:

Owner: CN=ICA Root CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

Issuer: CN=ICA Root CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

Issuer: CN=ICA Root CA, OU=IT, O=ICA, L=Nashville, ST=TN, C=US

.

.

.

.

5) Import the P12 Certificate Chain into your BridgeGate Java KeyStore (JKS).

**** Note: You can alter the Alias name with the -alias and -destalias arguments. ****

c:\bridgegate\java\bin>keytool -importkeystore -destkeystore C:\cert\bridgegate.jks-srckeystore C:\cert\Bridgegate_HUBCertificates.chain.p12 -srcstoretype PKCS12

Enter destination keystore password:

Enter source keystore password:

Entry for alias Bridgegate_HUB successfully imported.

Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

6) Verify the JKS contains the new Certificate under the correct Alias.

*** WARNING: This password field is displayed on screen as clear text!  ***

c:\bridgegate\java\bin>keytool -v -list -storetype jks -keystore C:\cert\bridgegate.jks> c:\cert\out.txt

Enter keystore password:  *********

How do I set https protocols

To enable TLSv1.2 to be used as the default, add the following to the bg_service.conf:

wrapper.java.additional.40=-Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1

What are the authentication types for BridgeGate Web Service

  • Authentication : This specifies whether Authentication should be performed and if so what type.
    • NONE : No authentication will be performed by this BridgeGate Web Service.
    • BASIC : Choosing BASIC will reveal inputs for user name and password. These values will be stored in the workflow for comparison against values provided in the request as follows:
      • The BridgeGate Web service will use the inbound SOAP header to identify the username and password to use for authentication.
      • BridgeGate will look for ‘Username’ and ‘Password’ in the SOAP header.
      • The Username field is assumed to be plain text.
      • The Password field is assumed to be base64 encoded.
    • BRIDGEGATE : The BridgeGate Web Service will authenticate the values provided in the request against the BridgeGate Users as follows:
      • The BridgeGate Web service will use the inbound SOAP header to identify the username and password to use for authentication.
      • BridgeGate will look for ‘Username’ and ‘Password’ in the SOAP header.
      • The Username field is assumed to be plain text.
      • The Password field is assumed to be base64 encoded.
      • The username and password will be authenticated against the BridgeGate Users and the Users must have BridgeGate Web Service portal permissions.

How does the FTP connection type perform the FTP commands? Are the execution of the FTP commands wrapped inside another program?

We use a third-party library (Apache Commons Net) to control the FTP connection.  This library creates the socket connections and directly implements the FTP protocol (RFC 959).  

How do I verify my SSL passphrase is correct

To check the passphrase for a key is correct:

openssl rsa -check -in keyfilename

To change the passphrase for a key:

openssl rsa -des3 -in keyfilename -out newkeyfilename

SFTP server is not accepting connections

SFTP server is not accepting connections.

Status:                   Connecting to myserver…
Response:             fzSftp started, protocol_version=6
Command:           open “user@myserver” 22
Command:           Trust new Hostkey: Once
Command:           Pass: *********
Error:                     Authentication failed.
Error:                     Critical error: Could not connect to server

Should there be any keys in the bridgegate.xml?

    <FTP_SSH_CONFIG SERVER_PORT=”22″ SSH2_DSA_HOST_KEY=”” SSH2_DSA_HOST_KEY_PASSWORD=”” SSH2_RSA_HOST_KEY=”” SSH2_RSA_HOST_KEY_PASSWORD=”” VFS_ROOT=”C:\\bridgegate\FTPServer\accounts\root”/>

Or is this where I have to setup the keys in the workbench? When we setup the 8.0  versions we used self signed certs, this time I’m using the .JKS previously created.

— Answer —

The SSH key elements are unrelated to the .JKS keystore.  If values are not included in those elements, keys are generated at startup.  Those keys are also not used for authentication.  The system should be connecting to BridgeGate (through Hazelcast) for authenticating SSH. 

Address already in use: JVM_Bind

Our BridgeGate server will not start. The first exception in the stack trace is this:

Caused by: java.net.BindException: Address already in use: JVM_Bind

 Which indicates that something is already using one of the ports you are trying to open.  Specifically (the next element up the chain):

Caused by: java.net.BindException: Address already in use: JVM_Bind <null>:80

 So, port 80 is in use by something that is not BridgeGate. Now, trying to find what is running on port 80:

netstat -ano | find “:80”

yields:

TCP    0.0.0.0:80     0.0.0.0:0     LISTENING     4

You may have IIS or another webserver running on this server.   We recommend installing Bridgegate Webserver on port 8080 

Review server configuration

How do I run a workflow from a Browser?

You can run any Workflow from a browser, or an external program can call a workflow via an URL by executing the following URL to the BridgeGate server. For a detailed example of using an URL, refer to Sample 6 in the online documentation under Tutorials.

http://[BGSERVER]/portal/translate?accountName=[ACCOUNT]&wfGroupName=[WFGROUP]&wfName=[WFNAME]&userName=[USER]&password=[PASSWORD]& [KEY=VALUE]

URL Parameter

Value

BGSERVER

The IP Address or fully qualified domain name (NetBIOS) for the BridgeGate Server, including port if not 80.

ACCOUNT

BridgeGate Account the workflow is located within

WFGROUP

BridgeGate Workflow Group the workflow is located within

WFNAME

BridgeGate Workflow you want to execute

USER

User name and Password are required to authenticate and execute the workflow

PASSWORD

User name and Password are required to authenticate and execute the workflow

Additional KEYs

Add as many additional key=value pairs to the URL as you need. These are passed into the Workflow Session during execution for templates to use.

An example of accessing a server:

http://www.mycompany.com:8080/portal/translate?accountName=samples&wfGroupName=sample1&wfName=PurchaseOrders&userName=sample&password=mypassword

BridgeGate™ allows applications within enterprises to communicate with each other as well as providing seamless data connectivity to external systems and applications.

How do I run a workflow via command line?

You can execute a workflow from the BridgeGate Workbench or by using an URL. You can run any Workflow from the command line by executing the following command in a DOS Window or by using a programming language.

To Execute the Workflow on the computer (local host) where the BridgeGate Workbench is installed, Execute the Workflow by using the following command:

/bridgegate/utils/curl http://localhost:8080/portal/translate?accountName=samples&wfGroupName=sample1&wfName=PurchaseOrders&userName=sample&password=mypassword&KEY=VALUE

The optional [KEY=VALUE] will be added to the Workflow Session as SESSION_DATA. The KEY can be any alpha numeric text that is not one of the above reserved keys.

We use both Windows and Linux in our enterprise. Does BridgeGate run on Linux?

BridgeGate™ is written in Java and is able to run on any platform that supports the Java Virtual Machine. BridgeGate Server clusters very well with heterogeneous networks consisting of Windows and Unix/Linux/Solaris machines.

Check out our installation guide for more details.

What kind of environment do I need to run BridgeGate?

BridgeGate™ is written in Java so it is capable of running on any environment that supports Java (such as Windows, UNIX/Linux, AIX, or Mac). For windows installations the supported version of Java is included in the installation. For Linux installations BridgeGate will the version of Java installed on the server. BridgeGate 8.0 requires Java 8