The connection between IS and SFTP server is verified OK thru IS Admin Portal “Settings > SFTP > User Alias Settings”. However, there is “Pipe closed” exception while flow service SFTP file as bellowing. What problem is it and any solution for it?

------------------------------------Pipe close----------------------------------------------------------------------

com.jcraft.jsch.JSchException: java.io.IOException: Pipe closed
com.wm.app.b2b.server.ServiceException
com.wm.app.b2b.server.ServiceException: com.jcraft.jsch.JSchException: java.io.IOException: Pipe closed
at pub.CommonUtils.throwAsServiceException(CommonUtils.java:81)
at pub.client.sftp.login(sftp.java:410)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.wm.app.b2b.server.JavaService.baseInvoke(JavaService.java:443)
at com.wm.app.b2b.server.invoke.InvokeManager.process(InvokeManager.java:648)
at com.wm.app.b2b.server.util.tspace.ReservationProcessor.process(ReservationProcessor.java:39)
at com.wm.app.b2b.server.invoke.StatisticsProcessor.process(StatisticsProcessor.java:49)
at com.wm.app.b2b.server.invoke.ServiceCompletionImpl.process(ServiceCompletionImpl.java:243)
at com.wm.app.b2b.server.invoke.ValidateProcessor.process(ValidateProcessor.java:49)
at com.wm.app.b2b.server.invoke.PipelineProcessor.process(PipelineProcessor.java:171)
at com.wm.app.b2b.server.ACLManager.process(ACLManager.java:303)
at com.wm.app.b2b.server.invoke.DispatchProcessor.process(DispatchProcessor.java:34)
at com.wm.app.b2b.server.AuditLogManager.process(AuditLogManager.java:375)
at com.wm.app.b2b.server.invoke.InvokeManager.invoke(InvokeManager.java:547)
at com.wm.app.b2b.server.invoke.InvokeManager.invoke(InvokeManager.java:386)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:238)
at com.wm.app.b2b.server.BaseService.invoke(BaseService.java:225)
at com.wm.lang.flow.FlowInvoke.invoke(FlowInvoke.java:247)
at com.wm.lang.flow.FlowState.invokeNode(FlowState.java:520)
at com.wm.lang.flow.FlowState.step(FlowState.java:389)
at com.wm.lang.flow.FlowState.invoke(FlowState.java:360)
at com.wm.app.b2b.server.FlowSvcImpl.baseInvoke(FlowSvcImpl.java:1080)
at com.wm.app.b2b.server.invoke.InvokeManager.process(InvokeManager.java:648)
at com.wm.app.b2b.server.util.tspace.ReservationProcessor.process(ReservationProcessor.java:39)
at com.wm.app.b2b.server.invoke.StatisticsProcessor.process(StatisticsProcessor.java:49)
at com.wm.app.b2b.server.invoke.ServiceCompletionImpl.process(ServiceCompletionImpl.java:243)
at com.wm.app.b2b.server.invoke.ValidateProcessor.process(ValidateProcessor.java:49)
at com.wm.app.b2b.server.invoke.PipelineProcessor.process(PipelineProcessor.java:171)
at com.wm.app.b2b.server.ACLManager.process(ACLManager.java:303)
at com.wm.app.b2b.server.invoke.DispatchProcessor.process(DispatchProcessor.java:34)
at com.wm.app.b2b.server.AuditLogManager.process(AuditLogManager.java:375)
at com.wm.app.b2b.server.invoke.InvokeManager.invoke(InvokeManager.java:547)
at com.wm.app.b2b.server.invoke.InvokeManager.invoke(InvokeManager.java:386)
at com.wm.app.b2b.server.wss.ISAdapter.invokeEndpointService(ISAdapter.java:295)
at com.wm.app.b2b.server.wss.ISAdapter.decodeSOAPRequestAndInvokeEndpointService(ISAdapter.java:200)
at com.wm.app.b2b.server.wss.ISAdapter.execute(ISAdapter.java:139)
at com.wm.app.b2b.server.wss.ISDynamicMessageReceiver$1.invokeBusinessLogic(ISDynamicMessageReceiver.java:20)
at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
at com.wm.app.b2b.server.wss.ISDynamicMessageReceiver.invokeBusinessLogic(ISDynamicMessageReceiver.java:31)
at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:120)
at com.wm.app.b2b.server.wss.ISDynamicMessageReceiver.receive(ISDynamicMessageReceiver.java:110)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:311)
at com.wm.app.b2b.server.wss.HTTPTransportListener.doService(HTTPTransportListener.java:250)
at com.wm.app.b2b.server.wss.HTTPTransportListener.process(HTTPTransportListener.java:136)
at com.wm.app.b2b.server.HTTPRootWebServicesHandler.process(HTTPRootWebServicesHandler.java:49)
at com.wm.app.b2b.server.HTTPDispatch.handleRequest(HTTPDispatch.java:173)
at com.wm.app.b2b.server.Dispatch.run(Dispatch.java:384)
at com.wm.util.pool.PooledThread.run(PooledThread.java:127)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.jcraft.jsch.JSchException: java.io.IOException: Pipe closed
at com.jcraft.jsch.ChannelSftp.start(ChannelSftp.java:315)
at com.jcraft.jsch.Channel.connect(Channel.java:152)
at com.jcraft.jsch.Channel.connect(Channel.java:145)
at com.wm.app.b2b.server.sftp.client.SFTPSession.<init>(SFTPSession.java:20)
at com.wm.app.b2b.server.sftp.client.SFTPSession.createSession(SFTPSession.java:28)
at com.wm.app.b2b.server.sftp.client.SFTPSessionManager.addSession(SFTPSessionManager.java:75)
at pub.client.sftp.login(sftp.java:403)
… 52 more
Caused by: java.io.IOException: Pipe closed
at java.io.PipedInputStream.read(PipedInputStream.java:308)
at java.io.PipedInputStream.read(PipedInputStream.java:378)
at com.jcraft.jsch.ChannelSftp.fill(ChannelSftp.java:2882)
at com.jcraft.jsch.ChannelSftp.header(ChannelSftp.java:2908)
at com.jcraft.jsch.ChannelSftp.start(ChannelSftp.java:262)
… 58 more

pub.client.sftp:login
Default
2016/11/11 16:29:36.912

pub.client.sftp:login

Hi Aaron,

please make sure you have the latest IS_Core_Fix and SCG_TPL_Fix applied to your IS.

There have been some issues with the JCraft Secure Channel lib which is used for connecting to SFTP servers.

Regards,
Holger

Hi Aaron,

I have replied to your other post for this topic.

Addendum:
Accidentally thought that there has been a duplicate post.

Regards,
Holger

Additionally can you share your flow service steps (outline) and when do you get this error at which flow step?

Hi M@he$h,

I got this error at the step pub.client.sftp.login. The flow service steps are simple: 1. login SFTP server; 2. put files; 3. logout SFTP server

Hi Holger von Thomsen,

Could you share how to make sure I have the latest IS_Core_Fix and SCG_TPL_Fix applied to my IS, and more details about the JCraft Secure Channel lib? I could not find your history posts about it.

Hi Aaron,

you wil have to look into SUM (choose “View installed Fixes”) and compare this with the list of “Explore single Fixes” available on Empower.

Or you try to download new Fixes from Empower using SUM and check what it suggests for these fixes.

You can post the output of SUM of the installed Fixes here and we might be able to tell you if you are on the right level or what might be missing and why.

Regards,
Holger

Ok looks like a simple flow steps. You may consider installing the latest fixes as mentioned above. Also make sure you have good connectivity and there is no network glitch with your SFTP server.

Hi Aaron,

without knowing your current wm Version I cannot tell you which Fixes you might look for and which defects of these might relate to your issue.

Regards,
Holger

Hi Aaron,

I had accidentally open this thread twice and have overseen that it was originating from the same forum.

The JCratft Secure Channel lib is part of the SCG TPL component and the Readme for the appropriate Fix mentions that it is replacing with a newer version to avoid some of the issues described in this thread.

SCG TPL stands for “Shared Component Group - Third Party Library”, as the JCraft Secure Channel lib is not developed by SAG, but the JCraft developers team.

Regards,
Holger

Hi Holger von Thomsen,

My current WM version is 9.7. And to supplementary, The SFTP service was OK a few weeks ago. I am confused about why it doesn’t work right now.

Hi Aaron,

you wil have to look into SUM (choose “View installed Fixes”) and compare this with the list of “Explore single Fixes” available on Empower.

Or you try to download new Fixes from Empower using SUM and check what it suggests for these fixes.

You can post the output of SUM of the installed Fixes here and we might be able to tell you if you are on the right level or what might be missing and why.

Regards,
Holger

Hi Holger,

Since my IS servers are maintained by other party, how could I check if the IS has installed Software AG update manager and how to use it to follow your instructions thru remote session?

Hi,

Are your files bigger and/or the connection slower than before?
Has the SFTP server changed version or settings (lower timeout)?
Do you see any errors on the SFTP server log?

As for the fix levels, you can see them from the ‘about’ page on the top left corner of the web admin page (scroll to the bottom of the page for the packages version list).

Best Regards,

[color=red]olger von Thomsen
Post Mon Nov 14, 2016 2:00 PM Subject: Re:getting “Pipe closed” exception when SFTP file
Hi Aaron,

you wil have to look into SUM (choose “View installed Fixes”) and compare this with the list of “Explore single Fixes” available on Empower.

Or you try to download new Fixes from Empower using SUM and check what it suggests for these fixes.

You can post the output of SUM of the installed Fixes here and we might be able to tell you if you are on the right level or what might be missing and why.

Regards,
Holger[/color]

Hi Holger,

The fixes list as following:
Product webMethods Integration Server
Version 9.7.0.0
Updates
IS_9.7_PreQAFix_PIE-35119_UnquotedJSONFlds
IS_9.7_SPM_Fix1
IS_9.7_SPM_Fix2
IS_9.7_Core_Fix11

Hi Aaron,

unfortunately the About-Page of the IS as well as the Updates-Page are not showing Fixes for SCG-Components.

Please request the Fix SCG_9.7_TPL_Fix2 to be installed on the IS installation.
Additionally the SCG_9.7_Entrust_Fix1 should be installed too.

Please note the mentioned SCG-Fixes (besides others) are requirements for IS_9.7_Core_Fix10 and newer.

Extract from the Readme for SCG_9.7_TPL_Fix2:

PIE-38019 
Integration Server acting as an SFTP client faces issues while
attempting to connect to an SFTP server.

When attempting to connect to an SFTP server, Integration 
Server acting as an SFTP client issues the following error:
[ISS.0147.9010] Cannot get host key from server [host_X]:22.
Details: com.jcraft.jsch.JSchException: Algorithm 
negotiation fail
This issue occurs because there is no common key exchange 
algorithm between the SFTP client and SFTP server.

This issue is now resolved by updating the jsch jar file from 
0.1.51 version to 0.1.53 version. The 0.1.53 version supports 
most of the key exchange algorithms that are required to be 
present in the SFTP client to connect to SFTP server.

This might be related to the following issue fixed in IS_9.7_Core_Fix10:

PIE-39298 (IS_9.7_Core_Fix10)
Error in getting SFTP server host key, if a key exchange 
algorithm is not supported by SFTP server.

Jsch has a default key exchange algorithm order. During the 
handshake, jsch checks the client key exchange algorithms 
one by one with SFTP server key-exchange algorithms. The 
first matching algorithm is used as the key-exchange 
algorithm between SFTP client and SFTP server. However, Jsch
does not support 2048-bit keys for 
diffie-hellman-group-exchange-sha256 and 
diffie-hellman-group-exchange-sha1 key exchange algorithms 
in Java 1.7 and earlier versions. Consequently, if the
Integration Server runs with Java 1.7 or earlier version 
and SFTP server expects 2048-bit keys for these algorithms, 
then the handshake between SFTP server and SFTP client  
fails. To avoid this issue, the order of these key exchange 
can be changed using the watt.ssh.jsch.kex parameter so that,
any other matching key exchange algorithm can be selected as
the key exchange algorithm between the SFTP client and SFTP 
server.

To address this issue, Integration Server now include a 
server configuration parameter to change the order of the 
key exchange algorithm.

watt.ssh.jsch.kex
Specifies the order of the key exchange algorithm for Jsch. 
The specified order overrides the default key exchange 
algorithms order supported by Jsch.

For example:
watt.ssh.jsch.kex=diffie-hellman-group-exchange-sha1,
diffie-hellman-group1-sha1,diffie-hellman-group14-sha1

If the SFTP server expects 2048-bit keys for 
diffie-hellman-group-exchange-sha1, then the order of this 
algorithm can be changed so that, any other matching 
algorithm can be selected as key exchange algorithm between 
the SFTP client and SFTP server.

watt.ssh.jsch.kex=diffie-hellman-group1-sha1,
diffie-hellman-group14-sha1,
diffie-hellman-group-exchange-sha1

Integration Server must be restarted for changes to this 
parameter to take effect.

PIE-39357 (IS_9.7_Core_Fix10)
Integration Server fails to retrieve the SFTP Get Host Key
during the SFTP Server Alias creation.

SFTP Server Alias creation fails with 'Auth Cancel'
exception, as Integration Server fails to retrieve the SFTP
Get Host Key.

The issue is now resolved.

Regards,
Holger