Resolving connection issues

Review this topic if you can't connect to the source system from Migration Assistant. Here are some common causes of connection issues and suggestions to resolve them.

Connection error due to CORS configuration

If you use Cross-Origin Resource Sharing (CORS), make sure that the source system allows connections from the target system. CORS settings are configured in %AIWDATA%\config\tomcatsec\corsAllowedOrigins.cfg. Instructions for updating the file are included in it.

Connection error due to configuration mismatch

If your target system or source system is configured to use HTTPS but the other system is not, the connection is often denied. Either set up both systems to use HTTPS or disable it on both and try to run Migration Assistant again.

Certificate errors due to self-signed certificates

Self-signed certificates cause certificate errors during the connection process. To overcome the errors:

  • Disable HTTPS on both systems during migration.

    OR

  • Import the certificate from the source system into the Certificate Authority Certificates file on the target system.

    This file lists trusted certificates, so the server knows it is safe to connect to systems that use them. To import the certificate:

    1. Get a copy of the certificate from your Network or Security Administrator.

      If you need to provide the name of the certificate, it's usually listed in the keystore file that you configured in RICOH ProcessDirector (Administration Settings Security).

      To export the certificate, use keytool. Type this command at a command prompt on the source server, replacing your_keystore and file.cert with the appropriate values:

      keytool -export -alias tomcat -keystore your_keystore -rfc -file file.cert

      When prompted, enter the password for the keystore.

    2. Log in to the target system and upload the exported certificate.
    3. Determine the location of the Java truststore and its password on the target system.
      1. Open %AIWPATH%\ws\bin\setenv.sh in a text editor.
      2. Look for a line that begins with export JAVA_OPTS=, like this: 

        export JAVA_OPTS="-Xms128m -server -XX:NewSize=256m -XX:MaxNewSize=256m -XX:+DisableExplicitGC -Xms128m -Xmx2048m -XX:MaxPermSize=256m -Dcom.ibm.tools.attach.enable=no -Duser.language=en -Duser.region=US -Dlog4j.configurationFile=$AIWDATA/config/log4j.tomcat.properties -Djavax.net.ssl.trustStore=/path/to/mytruststore.jks -Djavax.net.ssl.trustStorePassword=my_password"

      3. Look for entries that begin with: -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword

        • If you find an entry for -Djavax.net.ssl.trustStore, use the location listed as the truststore directory.
        • If you find an entry for -Djavax.net.ssl.trustStorePassword, use that password for truststore_password.
        • If you do not find either or both entries, use these default values:

          Truststore directory: C:\Program Files\Ricoh\ProcessDirector\jre\jre\lib\security

          Truststore password: changeit

    4. Open a command window and navigate to the Java truststore directory:

      cd truststore_directory

    5. Import the certificate into the Java truststore on the target system.
      1. Run this command, substituting the host name of the RICOH ProcessDirector server for hostname, the name of the certificate to import for file.cert, the name of your Certificate Authority Certificates file for cacerts, and the correct password for truststore_password:

        keytool -import -v -trustcacerts -alias hostname -file file.cert -keystore cacerts -storepass truststore_password

    6. List the certificates on the target system to verify that the certificate was imported:

      keytool -list -v -keystore truststore -storepass truststore_password

Parent topic: Running the Migration Assistant