IBM Support

Sametime Community Server will not start with incomplete TLS settings

Technote (troubleshooting)


Problem

Sametime Community Server will not start with incomplete TLS settings

Symptom

When the Sametime Community Server is started, no error is printed to the Domino console. However, many Sametime services are not started. Users cannot log in to Sametime.

Issuing a "netstat -an" command shows port 1533 is not listening.
In the Sametime server logs (sametime*.log), there are many login failures with reason code 0x80000221:

I StCommunity 15/Mar/16, 09:35:31 Server TLS configuration initialized
W StCommunity 15/Mar/16, 09:35:31 Security warning: Client authentication is off
W StCommunity 15/Mar/16, 09:35:31 Security warning: Host verification is off
...
W StConfiguration 15/Mar/16, 09:35:33 Logged out, reason 0x80000221
...
W StLogger 15/Mar/16, 09:35:33 Logged out, reason 0x80000221
...
W StPlaces 15/Mar/16, 09:35:34 Logged out, reason 0x80000221
...
W StOnlineDir 15/Mar/16, 09:35:35 Logged out, reason 0x80000221
...



Cause

TLS is enabled for server connections, but TLS settings are incomplete. Typically, in the sametime.ini file, the following line is present under the [Connectivity] section:

VPS_TLS_PORT=1516

But other TLS settings such as TLS key store, TLS trust store, etc., are not configured in the sametime.ini file. Server SAs fail to communicate over TLS due to the incomplete TLS configuration.
This could happen if the administrator accidentally changes the option in SSC > Sametime Community Servers > Connectivity > Server connections to either "Both Allowed" or "Strict TLS," but does not complete the other TLS settings as described in the product wiki:
http://www.ibm.com/support/knowledgecenter/SSKTXQ_9.0.0/admin/config/st_adm_security_comm_serv_tls.dita?lang=en


Environment

Sametime 9.0 HF1

Resolving the problem

In SSC > Sametime Community Servers > Connectivity > Server connections, disable TLS for server connections by selecting the "Legacy Sametime Encryption" option and click OK.

This removes TLS settings in sametime.ini on the Sametime Community Server.

Or (not recommended) manually remove incomplete TLS settings (VPS_TLS_PORT=1516) in the sametime.ini file, and make sure VPS_PORT=1516 is present under the [Connectivity] section.

Restart the Sametime Community Server for the changes to take effect.

Document information

More support for: IBM Sametime
Community Server

Software version: 9.0.0.1

Operating system(s): AIX, Linux, Windows

Reference #: 1979166

Modified date: 23 March 2016