cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
manix
Calcite | Level 5 manix
Calcite | Level 5
Go to Solution

error at login in SAS

Posted 2 weeks ago (641 views)

Hello, i have the the following error when trying to ligin into SAS:

500 Internal Server Error

An error occurred. Please contact your system administrator.

I tried to restart SAS(using the command ansible-playbook viya-ark/playbooks/viya-mmsu/viya-services-start.yml)

  but the same error appears.

 

I looked into a elastic search  log :

 

[2025-09-17T14:13:05,657][WARN ][o.e.t.OutboundHandler ] [yDJPxQE] send message failed [channel: Netty4TcpChannel{localAddress=0.0.0.0/0.0.0.0:9300, remoteAddress=/172.16.18.42:45028}]
java.nio.channels.ClosedChannelException: null
at io.netty.channel.AbstractChannel$AbstractUnsafe.write(...)(Unknown Source) ~[?:?]
[2025-09-17T14:13:05,667][WARN ][o.e.c.NodeConnectionsService] [yDJPxQE] failed to connect to node {sRvANwN}{sRvANwN4RNK70-zh2C2VLw}{rnTpgYXvSBum2U_4dEQQ5Q}{sas3.onrc.ro}{172.16.18.42:9300} (tried [1] times)
org.elasticsearch.transport.ConnectTransportException: [sRvANwN][172.16.18.42:9300] connect_exception
at org.elasticsearch.transport.TcpTransport$ChannelsConnectedListener.onFailure(TcpTransport.java:1309) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.action.ActionListener.lambda$toBiConsumer$2(ActionListener.java:100) ~[elasticsearch-6.8.6.jar:6.8.6]
at org.elasticsearch.common.concurrent.CompletableContext.lambda$addListener$0(CompletableContext.java:42) ~[elasticsearch-core-6.8.6.jar:6.8.6]
at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:774) ~[?:1.8.0_262]
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:750) ~[?:1.8.0_262]
at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:488) ~[?:1.8.0_262]
at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:1990) ~[?:1.8.0_262]
at org.elasticsearch.common.concurrent.CompletableContext.completeExceptionally(CompletableContext.java:57) ~[elasticsearch-core-6.8.6.jar:6.8.6]
at org.elasticsearch.transport.netty4.Netty4TcpChannel.lambda$new$1(Netty4TcpChannel.java:72) ~[?:?]
at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:511) ~[?:?]
at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:504) ~[?:?]
at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:483) ~[?:?]
at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:424) ~[?:?]
at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:121) ~[?:?]
at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.fulfillConnectPromise(AbstractNioChannel.java:327) ~[?:?]
at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:343) ~[?:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644) ~[?:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:556) ~[?:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:510) ~[?:?]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:470) ~[?:?]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:909) ~[?:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_262]
Caused by: io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: sas3.onrc.ro/172.16.18.42:9300
at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method) ~[?:?]
at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:714) ~[?:?]
at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:327) ~[?:?]
at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:340) ~[?:?]
... 6 more
Caused by: java.net.ConnectException: Connection refused
at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method) ~[?:?]
at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:714) ~[?:?]
at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:327) ~[?:?]
at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:340) ~[?:?]
... 6 more
[2025-09-17T14:13:06,646][INFO ][o.e.n.Node ] [yDJPxQE] stopping ...
[2025-09-17T14:13:06,659][INFO ][c.f.s.a.s.SinkProvider ] [yDJPxQE] Closing DebugSink
[2025-09-17T14:13:06,822][WARN ][o.e.d.z.ZenDiscovery ] [yDJPxQE] not enough master nodes discovered during pinging (found [[Candidate{node={yDJPxQE}{yDJPxQEqTC6XJfikTZgIZA}{IvifT4ShT3Gc3DQRsqXRDg}{sas1.onrc.ro}{172.16.18.44:9300}, clusterStateVersion=13187}]], but needed [2]), pinging again
[2025-09-17T14:13:06,948][INFO ][o.e.n.Node ] [yDJPxQE] stopped

 

 

Could it be a connection error(ports blocked etc) or do I have to restart some services?

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: error at login in SAS

Posted Monday (199 views)  |   In reply to manix
If you are logging in with a user ID and password to SAS Logon, SAS Logon will attempt a connection to the configured LDAP Server to lookup the distinguished name of the supplied account ID and attempt an LDAP bind using that DN and the supplied password. If this connection is being attempted against a TLS secured LDAP server (e.g. port 636, 3269) then Viya needs to have the issuing/root certificate for the server certificate in it's trust store for that connection to succeed. The error message suggests that it does not, so you would need to get the root and any intermediate certificates to complete the trust chain for the certificate being returned by the LDAP server and add it to Viya's certificate trust store.
Adding certificates to the trust store is documented here:

Add Certificates to the Truststore (Linux Full Deployment)
https://go.documentation.sas.com/doc/en/calcdc/3.5/calencryptmotion/n1xdqv1sezyrahn17erzcunxwix9.htm...
--
Greg Wootton | Principal Systems Technical Support Engineer

View solution in original post

0 Likes
Reply
3 REPLIES 3
manix
Calcite | Level 5 manix
Calcite | Level 5

Re: error at login in SAS

Posted Monday (224 views)  |   In reply to manix

IT seems to be a certificate issue:

in the logs from the folder /opt/sas/viya/config/var/log/saslogon/default i have the following error:

 

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:450)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:317)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1670)
... 158 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:445)

 

The certificate was installed this week. Maybe it saw not installed correctly/at the correct location?

0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: error at login in SAS

Posted Monday (200 views)  |   In reply to manix
If you are logging in with a user ID and password to SAS Logon, SAS Logon will attempt a connection to the configured LDAP Server to lookup the distinguished name of the supplied account ID and attempt an LDAP bind using that DN and the supplied password. If this connection is being attempted against a TLS secured LDAP server (e.g. port 636, 3269) then Viya needs to have the issuing/root certificate for the server certificate in it's trust store for that connection to succeed. The error message suggests that it does not, so you would need to get the root and any intermediate certificates to complete the trust chain for the certificate being returned by the LDAP server and add it to Viya's certificate trust store.
Adding certificates to the trust store is documented here:

Add Certificates to the Truststore (Linux Full Deployment)
https://go.documentation.sas.com/doc/en/calcdc/3.5/calencryptmotion/n1xdqv1sezyrahn17erzcunxwix9.htm...
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply
manix
Calcite | Level 5 manix
Calcite | Level 5

Re: error at login in SAS

Posted Tuesday (180 views)  |   In reply to gwootton

It worked.Thank you very much!

0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • 2 weeks ago
  • 642 views
  • 0 likes
  • 2 in conversation