Advanced SAS Enterprise Session Monitor Configuration

Web Server reverse proxy configuration

In certain deployments, you may wish to configure the SAS Enterprise Session Monitor so that it interacts with an existing web server deployment. This section contains a sample configuration for running SAS Enterprise Session Monitor behind a ngnix web server:

Note

You will need to update the value of the server_name for your environment.

server {
    server_name esm-server.sasdemo.com;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://127.0.0.1:18080/;
        access_log  /var/log/nginx/esm.access.log  main;
        error_log /var/log/nginx/esm.error.log debug;
    }
}

Per-session tracking of SAS UTILLOC size

SAS multi-threaded procedures can make use of a disk paging location referred to as UTILLOC. SAS Enterprise Session Monitor is designed with the capability to track the size of this UTILLOC usage of each individual session, but to enable this functionality, some extra configuration is required.

Unlike the SAS WORK location, which is a directory created at session startup that is unique to each individual SAS session, SAS UTIL directories are created on-the-fly by SAS procedures as they are required. Therefore, unlike the WORK system option which holds the full path to each session's individual SASWORK directory, the UTILLOC system option points to the parent directory which can contain any number of UTIL directories belonging to a number of other sessions. This makes periodic size measurements of a session's individual set of UTIL directories challenging.

One way of addressing this issue is to create a per-session UTILLOC subdirectory for each session before it is started, using it's usermods initialisation script, and removing the directory after the session has finished executing. This results in all of a given session's UTIL directories being created under the same parent directory, making it more efficient to size and easier to clean up, and the UTILLOC option pointing to a directory dedicated to that particular session.

An example way of doing this for a Workspace Server would be:

Unix

  1. Add the following to the WorkspaceServer_usermods.sh before the set -A USERMODS_OPTIONS= line modifying the values of ESMHOME and UTILROOT for your environment:
    # set a unique subdirectory for the util loc
    UTILROOT=/utilloc
    export ESMUTILLOC=$UTILROOT/$(hostname -s)_$$
    mkdir $ESMUTILLOC;
    export ESMUNQUTIL="-utilloc $ESMUTILLOC"
    
  2. Append the $ESMUNQUTIL variable to the setting of the USERMODS_OPTIONS line in WorkspaceServer_usermods.sh:
    USERMODS_OPTIONS[${#USERMODS_OPTIONS[*]}]=$ESMUNQUTIL
    
  3. Remove the exec from the eval exec $cmd line towards the bottom of the file. After the change, it should read:
    eval $cmd
    
  4. Add the following immediately after the eval $cmd in WorkspaceServer.bat:
    if [ -d "$ESMUTILLOC" ]; then rmdir "$ESMUTILLOC"; fi
    

Windows

  1. Add the following to the WorkspaceServer_usermods.bat before the Set USERMODS_OPTIONS= line modifying the values of ESMHOME and UTILROOT for your environment:
    set ESMHOME=C:\esm\esm-agent
    set UTILROOT=C:\SAS\Util
    for /f %%i in ('%ESMHOME%\jre\bin\java -cp %ESMHOME%\conf\ UUIDGen') do set RANDGUID=%%i
    echo %UTILROOT%\util_%RANDGUID%
    setx ESMUTILOC %UTILROOT%\util_%RANDGUID%
    if not exist %ESMUTILOC% mkdir %ESMUTILOC%
    
  2. Append the following to the Set USERMODS_OPTIONS= line in WorkspaceServer_usermods.bat:
    -utilloc %ESMUTILOC%
    
  3. Add the following immediately after the "%SAS_COMMAND%" %CMD_OPTIONS% in WorkspaceServer.bat:
    rmdir %ESMUTILOC% /s /q 
    

Warning

Unlike the other configuration changes presented in this guide, this change alters the standard SAS behaviour and is therefore not included as part of the standard SAS Enterprise Session Monitor Configurator workflow. This change should be tested and documented. Use at your own risk.**

Real-time monitoring of Workspace Server logs

It is sometimes desirable to be made aware of ERROR and WARNING messages as soon as they are emitted to the Workspace session log, often before they have appeared in the client UI. It may also be useful to review log messages from a previous Workspace session execution, long after that session has completed. In these instances, SAS Enterprise Session Monitor can be configured to monitor SAS Workspace Server logs and to highlight log messages such as ERROR and WARNING messages in real time.

To configure this functionality the following steps need to be taken:

  1. Enable and configure logging for the SAS Workspace Server (not enabled by default)
  2. Modify SAS Enterprise Session Monitor Workspace Server configuration for SAS Workspace Server logging
  3. (Optional) Simplify formatting of the SAS Workspace Server log
  4. Log file management

Configure SAS Workspace Server Logging

SAS product documentation provides instructions for enabling Workspace Server logging.

Modify SAS Enterprise Session Monitor Workspace Server configuration for SAS Workspace Server logging

In order for SAS Enterprise Session Monitor to track the SAS Workspace Server logs that are now being created, the names of those logs need to be communicated to the SAS Enterprise Session Monitor agent.

The original configuration for SAS Workspace Servers involves adding a SAS Enterprise Session Monitor configuration block to the WorkspaceServer_usermods file. Add the following lines inside the ESM CONFIG block, just before the ESM CONFIG END comment:

Slashes matter

The trailing slashes in the below LOGPATH variables are important. Don't forget to add them

export LOGPATH=/opt/sas/config/Lev1/SASApp/WorkspaceServer/Logs/
export ESM_APPSERVER_NAME=$(basename $APPSERVER_ROOT)
set LOGPATH=D:\SAS\Config\Lev1\SASApp\WorkspaceServer\Logs\
for /D %%i in (%APPSERVER_ROOT%) do set ESM_APPSERVER_NAME=%%~ni

(Optional) Simplify formatting of the SAS Workspace Server log

This step is optional

This step is not required by SAS Enterprise Session Monitor. It makes the generated logfiles smaller in size, lessening the impact of enabling the logging on available storage. It also makes them easier to read.

Proceed with caution

This step makes a change to the logconfig.trace.xml. Modifications to this file, if not completed correctly, may cause issues on your system.

It is highly recommended that you familiarise yourself with the documentation for the SAS Logging Facility for your version of SAS, and ensure that you take a backup of any SAS configuration file before making changes.

As noted in the documentation on the SAS Support Site the primary purpose of enabling Workspace Server logging is to provide SAS Technical Support with high-level logging messages which can be used by SAS Technical Support to help resolve issue. As part of this information, SAS prepends a large amount of data to the beginning of each line of the SAS log:

2020-03-31T23:38:35,973 INFO  [00000006] :chris -  Linux LIN X64 3.10.0-957.27.2.el7.x86_64 #1 SMP Mon Jul 29 17:46:05UTC 2019
2020-03-31T23:38:35,973 INFO  [00000006] :chris -       x86_64 CentOS Linux release 7.6.1810 (Core)
2020-03-31T23:38:35,973 INFO  [00000006] :chris -
2020-03-31T23:38:35,973 INFO  [00000006] :chris - You are running SAS 9. Some SAS 8 files will be automatically converted
2020-03-31T23:38:35,974 INFO  [00000006] :chris - by the V9 engine; others are incompatible.  Please see
2020-03-31T23:38:35,974 INFO  [00000006] :chris - http://support.sas.com/rnd/migration/planning/platform/64bit.html

For most purposes, the bulk of this information is not relevant and makes the log file significantly larger and more difficult to read. A small modification to line 14 of the logconfig.trace.xml file removes all of the prepended information, leaving a more traditional and easier to read SAS log:

Modify:

<param name="ConversionPattern" value="%d %-5p [%t] %X{Client.ID}:%u - %m"/>

To:

<param name="ConversionPattern" value="%m"/>

Diffing the two files should yield results like below:

--- a/logconfig.trace.xml
+++ b/logconfig.xml
@@ -11,7 +11,7 @@
       </rollingPolicy>
       <layout>
          <param name="HeaderPattern" value="Host: '%S{hostname}', OS: '%S{os_family}', Release: '%S{os_release}', SAS
-         <param name="ConversionPattern" value="%d %-5p [%t] %X{Client.ID}:%u - %m"/>
+         <param name="ConversionPattern" value="%m"/>
       </layout>
    </appender>

A further small modification to Application message logger of the logconfig.trace.xml file to remove all of the Debug messages making the SAS log even easier to read:

Modify:

   <!-- Application message logger -->
   <logger name="App" immutability="true">
      <level value="Debug"/>
   </logger>

To:

   <!-- Application message logger -->
   <logger name="App" immutability="true">
      <level value="Info"/>
   </logger>

Diffing the two files should yield results like below:

--- a/logconfig.trace.xml
+++ b/logconfig.xml
@@ -11,7 +11,7 @@
   <logger name="App" immutability="true">
-      <level value="Debug"/>
+      <level value="Info"/>
   </logger>

Log file management

With a high number or interactive users or Workspace sessions, you may find that, even if you reduce the size of the log file the number and size of the log repositories can quickly grow. By default SAS creates workspace server logs in a Logs folder within the Workspace folder of your SAS configuration. If filling up this storage location with logfiles poses an issue, consider implementing one or more of the following:

  1. Redirection of log files to another disk. This is most easily accomplished by creating a symbolic link for the Logs directory to an alternate location. Redirecting the files in this way requires fewer SAS configuration file changes.
  2. Regularly delete old logs. For example, schedule a simple script to perform a housekeeping task on your system which deletes files older than a certain age.

The following delete files older than 14 days:

find /opt/sas/config/Lev1/SASApp/WorkspaceServer/Logs -type f -mtime +14 -exec rm -f {} \;
ForFiles /p "D:\SAS\Config\Lev1\SASApp\WorkspaceServer\Logs" /s /d -14 /c "cmd /c del @file"

Warning

The above commands are destructive and assume familiarity with system-level maintenance routines.

Real-time monitoring of SAS/CONNECT server logs

It is sometimes desirable to be made aware of ERROR and WARNING messages as soon as they are emitted to the SAS/CONNECT server session log, often before they have appeared in the client UI. It may also be useful to review log messages from a previous SAS/CONNECT server session execution, long after that session has completed. In these instances, SAS Enterprise Session Monitor can be configured to monitor SAS/CONNECT server logs and to highlight log messages such as ERROR and WARNING messages in real time.

To configure this functionality the following steps need to be taken:

  1. Enable and configure logging for the SAS/CONNECT server (not enabled by default)
  2. Modify the SAS Enterprise Session Monitor SAS/CONNECT server configuration for SAS/CONNECT server logging
  3. (Optional) Simplify formatting of the SAS/CONNECT server log
  4. Log file management

Configure SAS/CONNECT Server Logging

SAS product documentation provides instructions for enabling SAS/CONNECT server logging.

Modify the SAS Enterprise Session Monitor SAS/CONNECT server configuration for SAS/CONNECT server logging

In order for SAS Enterprise Session Monitor to track the SAS/CONNECT server logs that are now being created, the names of those logs need to be communicated to the SAS Enterprise Session Monitor agent.

The original configuration for SAS/CONNECT server involves adding a SAS Enterprise Session Monitor configuration block to the ConnectServer_usermods file. Add the following lines inside the ESM CONFIG block, just before the ESM CONFIG END comment:

Slashes matter

The trailing slashes in the below LOGPATH variables are important. Don't forget to add them

export LOGPATH=/opt/sas/config/Lev1/SASApp/ConnectServer/Logs/
export ESM_APPSERVER_NAME=$(basename $APPSERVER_ROOT)
set LOGPATH=D:\SAS\Config\Lev1\SASApp\ConnectServer\Logs\
for /D %%i in (%APPSERVER_ROOT%) do set ESM_APPSERVER_NAME=%%~ni

(Optional) Simplify formatting of the SAS/CONNECT server log

This step is optional

This step is not required by SAS Enterprise Session Monitor. It makes the generated logfiles smaller in size, lessening the impact of enabling the logging on available storage. It also makes them easier to read.

Proceed with caution

This step makes a change to the logconfig.trace.xml. Modifications to this file, if not completed correctly, may cause issues on your system.

It is highly recommended that you familiarise yourself with the documentation for the SAS Logging Facility for your version of SAS, and ensure that you take a backup of any SAS configuration file before making changes.

As noted in the documentation on the SAS Support Site the primary purpose of enabling SAS/CONNECT server logging is to provide SAS Technical Support with high-level logging messages which can be used by SAS Technical Support to help resolve issue. For most purposes, the bulk of this information is not relevant and makes the log file significantly larger and more difficult to read. A small modification to line 14 of the logconfig.trace.xml file removes all of the prepended information, leaving a more traditional and easier to read SAS log:

For the rolling file appender, modify the layout of the lines written to the log

<param name="ConversionPattern" value="TRACE"/>

To:

<param name="ConversionPattern" value="%m"/>

For the rolling file appender, modify the App.Connect and App.WQ loggers from Trace to Info:

    <logger name="App.Connect">
      <level value="Trace"/>
    </logger>

    <logger name="App.WQ">
      <level value="Trace"/>
    </logger>    

To:

    <logger name="App.Connect">
      <level value="Info"/>
    </logger>

    <logger name="App.WQ">
      <level value="Info"/>
    </logger>   

Diffing the two files should yield results like below:

--- a/logconfig.trace.xml.orig
+++ b/logconfig.trace.xml
@@ -11,7 +11,7 @@
       </rollingPolicy>
       <layout>
-         <param name="ConversionPattern" value="TRACE"/>
+         <param name="ConversionPattern" value="%m"/>
       </layout>
    </appender>

@@ -104,12 +104,12 @@ _ENDDISARM

    <!-- Connect Application logger -->
    <logger name="App.Connect">
-      <level value="Trace"/>
+      <level value="Info"/>
    </logger>

    <!-- WQ logger -->
    <logger name="App.WQ">
-      <level value="Trace"/>
+      <level value="Info"/>
    </logger>

Log file management

With a high number or interactive users or Connect sessions, you may find that, even if you reduce the size of the log file the number and size of the log repositories can quickly grow. By default SAS creates workspace server logs in a Logs folder within the SAS/CONNECT server folder of your SAS configuration. If filling up this storage location with logfiles poses an issue, consider implementing one or more of the following:

  1. Redirection of log files to another disk. This is most easily accomplished by creating a symbolic link for the Logs directory to an alternate location. Redirecting the files in this way requires fewer SAS configuration file changes.
  2. Regularly delete old logs. For example, schedule a simple script to perform a housekeeping task on your system which deletes files older than a certain age.

The following delete files older than 14 days:

find /opt/sas/config/Lev1/SASApp/ConnectServer/Logs -type f -mtime +14 -exec rm -f {} \;
ForFiles /p "D:\SAS\Config\Lev1\SASApp\ConnectServer\Logs" /s /d -14 /c "cmd /c del @file"

Warning

The above commands are destructive and assume familiarity with system-level maintenance routines.

Configuring Error and Warning event generation using SAS Enterprise Session Monitor Logfile Markers

By default, SAS Enterprise Session Monitor is configured to detect Errors and Warnings from SAS logs in the default SAS format, as generated by the Batch Server and SAS Foundation sessions. Following the steps above to reduce the size of the log file will simplify the logfiles generated by the Workspace Server SAS Logging facility so that they follow the same format, and SAS Enterprise Session Monitor will begin to detect Error and Warning messages from the Workspace Server logs without any further configuration.

If you have previously configured Workspace Server logging without updating the logfile format, and do not wish to update that configuration, Workspace Server logs will still be available for viewing through the SAS Enterprise Session Monitor interface. However some changes to the SAS Enterprise Session Monitor log marker configuration will be required to enable the detection of Error and Warning messages that are prepended with a timestamp, or any other properties specified in logconfig.xml.

Changes to the Log Marker configuration are made using the Log Markers configuration screen in the SAS Enterprise Session Monitor Admin Settings section.

Active Process Discovery

SAS Enterprise Session Monitor has two methods of process discovery that can be configured: active and passive. By default, only the passive method is enabled. During passive process discovery the SAS Enterprise Session Monitor agents watch a configured directory (the ESMEVENTS folder) for a new event trigger file. When active process discovery is enabled the SAS Enterprise Session Monitor agent actively scans the node's process table for processes that match a configured set of rules that are specified in a file called filterSpec.yaml which is found in the SAS Enterprise Session Monitor agent's bin folder. Any processes that match the configured rules are added to the list of processes that are monitored by the SAS Enterprise Session Monitor agent. Active and passive process discovery can run simultaneously.

Active vs Passive

The passive process discovery method guarantees that SAS Enterprise Session Monitor creates a record of a process having run on system, even if that session was so short-lived that no metrics were captured about the session. The way that the passive process monitoring works requires the process that is going to be monitored to be able to create the new event trigger file itself. Functions for SAS, shell scripts, and Python currently exist to provide this capability.

There are certain deployment scenarios where we might want to monitor processes that do not have the capability to create SAS Enterprise Session Monitor new event files, or we may not want to touch the configuration of the environment to include the capability to generate the new event trigger files. In this scenario, we would want to use the active process discovery mechanism to monitor processes.

Active process discovery is enabled by uncommenting and setting the value of the monitorAllSessions to True. The monitorAllSessions property enables the active process discovery mode. monitorAllSessions is used in conjunction with monitoringInterval which specifies, in seconds, the interval at which the SAS Enterprise Session Monitor agent scans the node's process table for processes and applies the rules specified in the filterSpec.yaml file.

filterSpec.yaml

The filterSpec.yaml file contains one or more process filter blocks. Each block contains a number of different properties that describe a set of rules that are applied to each process in the scanned node's process table. The blocks in the filterSpec file are parsed in sequential order and the first rule that matches a process is the rule that is applied.

filterSpec:
  - processFilterRegex: ^\/(.+\/)*(?<prog>[^\s]+)
    userFilterRegex: '' 
    ignoreMatching: False
    esmPattern:
      processName: ${prog}
      processType: unk
      processQueue: 
An example filterSpec.yaml file.

Property Sub-property Description Accepts variables? Example
processFilterRegex A regular expression that is applied against each process. If the regular expression matches, the rule block is tried. If it doesn't, the next rule in the file is applied. No ^\/(.+\/)*(?<prog>[^\s]+)
userFilterRegex A regular expression that is applied against the user of each process. You can specify '' to apply to all users. No ^svc_.*
processLogfile A regular expression that is applied against all of the file descriptors of a matched process. If a file is found, that file is passed as the associated log file of the process. Unix only. No .*WorkspaceServer_\w+.*
ignoreMatching A binary (True or False) option that controls whether if a process matches the rule block, the process is added to SAS Enterprise Session Monitor. No False
esmPattern processName This is the name of the session as we want to see it in SAS Enterprise Session Monitor. This can be hardcoded or you can use the results of a named capture group from the processFilterRegex using the special variable format ${var}. Yes ${prog}
esmPattern processType This is the name of the "Category" as we want to see it in SAS Enterprise Session Monitor. This value can be hardcoded or you can use the results of a named capture group from the processFilterRegex using the special variable format ${var}. Yes SAS1
esmPattern processQueue This is the name of the "Queue" as we want to see it in SAS Enterprise Session Monitor. This value can be hardcoded or you can use the results of a named capture group from the processFilterRegex using the special variable format ${var}. Yes normal

Configuring SAS Enterprise Session Monitor for TLS

Transport Layer Security (TLS) is used to provide network security and privacy. In addition to providing encryption services, TLS uses trusted certificates to perform client and server authentication, and it uses message authentication codes to ensure data integrity.

Assumptions in this guide

Assumption 1 - This guide assumes the deployment of SAS Enterprise Session Monitor to a Linux system. The commands for Windows are the same but the commands will need to be updated to reflect the different path structures.

Assumption 2 - This guide assumes that all of the machines in your environment can talk to each other on the short hostname. If you are unable to ping the SAS Enterprise Session Monitor server from the agents without using the FQDN then you will either need to modify the hostname in the instructions or modify the /etc/hosts file on all of the machines in your environment.

Shutdown your environment before starting this guide

Before implementing the steps in this configuration guide it is important to stop all of the SAS Enterprise Session Monitor agents and the SAS Enterprise Session Monitor server in your environment.

Configure SAS Enterprise Session Monitor Server for TLS

  1. Navigate to the root of your SAS Enterprise Session Monitor server installation directory

  2. Generate a private key, a certificate signing request, and a certificate, and add the certificate to the key chain:

./jre/bin/keytool -genkey -keysize 2048 -alias mymachine -validity 36500 -keyalg RSA -dname "CN=localhost,O=MyOrg,L=London,S=UK,C=UK" -keypass changeit -storepass changeit -keystore esm-core/glassfish/domains/domain1/config/keystore.jks
  1. Export the generated certificate for deployment to the SAS Enterprise Session Monitor agents:
./jre/bin/keytool -export -alias mymachine -file mymachine.cer -keypass changeit -storepass changeit -keystore esm-core/glassfish/domains/domain1/config/keystore.jks
  1. Modify the domain.xml file within following location from the root of your SAS Enterprise Session Monitor server installation directory esm-core/glassfish/domains/domain1/config/:

  2. Replace lines 221 and 384 with the following updating the cert-nickname value with the alias of the certificate that you generated in step 2 above:

<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="mymachine">\</ssl>

Configure SAS Enterprise Session Monitor Agent for TLS

  1. Navigate to the root of your SAS Enterprise Session Monitor agent installation directory

  2. In the root of your SAS Enterprise Session Monitor agent installation, create a certs folder.

  3. Copy the mymachine.cer file created in step 3 above into the certs folder created in the step above
  4. Import the certificate into the agent's trusted certificate keystore
    ./jre/bin/keytool -import -trustcacerts -noprompt -file certs/mymachine.cer -alias mymachine -storepass changeit -keystore jre/lib/security/cacerts
    
  5. Verify that the certificate was successfully added to the keystore
    ./jre/bin/keytool -list -v -storepass changeit -keystore jre/lib/security/cacerts
    
  6. Update the following configuration option in conf/esmconfig.sh
    ESMUSESSL=true
    
  7. Restart the SAS Enterprise Session Monitor agent

Additional TLS Tasks

Verify certificate is in the keystore

On the SAS Enterprise Session Monitor server:

./jre/bin/keytool -list -v -storepass changeit -keystore esm-core/glassfish/domains/domain1/config/keystore.jks

Delete certificate from the keychain

On the SAS Enterprise Session Monitor server machine:

jre/bin/keytool -delete -alias localhost -storepass changeit -keystore esm-core/glassfish/domains/domain1/config/keystore.jks

Common Errors

Incorrect hostname or certificate used in generating the certificate

WARNING: java.net.ConnectException: Connection refused (Connection refused)
  javax.xml.ws.WebServiceException: java.net.ConnectException: Connection refused (Connection refused)
  at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:210)
  at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:160)
  at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:93)
  at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598)
  at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557)
  at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542)
  at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439)
  at com.sun.xml.ws.client.Stub.process(Stub.java:222)
  at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:135)
  at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
  at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
  at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118)
  at com.sun.proxy.$Proxy32.sendPackage(Unknown Source)
  at com.boemska.d$1.run(ESMAgentWorker.java:712)
  at java.lang.Thread.run(Thread.java:748)

Caused by: java.net.ConnectException: Connection refused (Connection refused)
  at java.net.PlainSocketImpl.socketConnect(Native Method)
  at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
  at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
  at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
  at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
  at java.net.Socket.connect(Socket.java:589)
  at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:673)
  at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173)
  at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
  at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
  at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
  at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
  at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:307)
  at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:298)
  at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:281)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.setNewClient(AbstractDelegateHttpsURLConnection.java:96)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.setNewClient(AbstractDelegateHttpsURLConnection.java:80)
  at sun.net.www.protocol.http.HttpURLConnection.writeRequests(HttpURLConnection.java:705)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1585)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
  at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:347)
  at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:207)

The domain.xml file is not updated correctly

The following error may be seen when the domain.xml file is not updated correctly on the SAS Enterprise Session Monitor server.

SEVERE: Unable to reach the server.
com.sun.xml.ws.wsdl.parser.InaccessibleWSDLException: 2 counts of InaccessibleWSDLException.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:172)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:144)
at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:264)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:227)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:175)
at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104)
at javax.xml.ws.Service.<init>(Service.java:77)
at com.boemska.ws.ESMServiceService.<init>(ESMServiceService.java:58)
at com.boemska.d.<init>(ESMAgentWorker.java:217)
at com.boemska.d.a(ESMAgentWorker.java:154)
at com.boemska.Main.main(Main.java:100)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.tanukisoftware.wrapper.WrapperStartStopApp.run(WrapperStartStopApp.java:238)
at java.lang.Thread.run(Thread.java:748)

Incomplete or incorrect Agent setup

SEVERE: Unable to reach the server.
com.sun.xml.ws.wsdl.parser.InaccessibleWSDLException: 2 counts of InaccessibleWSDLException.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:172)
at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:144)
at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:264)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:227)
at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:175)
at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104)
at javax.xml.ws.Service.<init>(Service.java:77)
at com.boemska.ws.ESMServiceService.<init>(ESMServiceService.java:58)
at com.boemska.d.<init>(ESMAgentWorker.java:217)
at com.boemska.d.a(ESMAgentWorker.java:154)
at com.boemska.Main.main(Main.java:100)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.tanukisoftware.wrapper.WrapperStartStopApp.run(WrapperStartStopApp.java:238)
at java.lang.Thread.run(Thread.java:748)

  1. There are a number of keywords that have a special meaning within SAS Enterprise Session Monitor including: Batch, STP, WS, CS, GRID, Foundation, SPRE, viya, CMP. You should avoid using these for customer processes unless you are aware of the implications. Please contact technical support for more information: support@sas.com.