Troubleshooting
License Issues
Issues related to the aqilink license could lead to one of the following errors in the log.
Add the license in the app.yaml.
If there is no aqilinkLicense key at all, or license key is invalid, the related error in the log file would be similar to:
2024-10-09T07:46:40Z panic license is not valid
panic: license is not valid
Cannot decrypt properties with public key
Right after starting aqilink, if the console output displays the error message as shown in the image below, verify that the passwords (used in the configuration files storage.yaml and/or sapConnection.yaml) were encrypted with the private key corresponding to the public key used for decryption. It is likely an issue with a mismatched key pair. Ensure that the correct public key is copied into the Docker image (Production Mode) or that the correct public key is mapped to the Docker container (Development Mode).
Refer to Password Encryption and Initial Setup.
Certificate with identifier used to sign the client assertion is expired
This this error can only raise if you use Microsoft SharePoint.
If your SharePoint connection to SAP is broken and you encounter a similar error message as shown below in the aqilink log file, this suggests that the certificate used in Microsoft Azure AD is either invalid or has expired. In this case, verify the certificate's validity in the Azure AD portal. If there is a need to renew the certificate, ensure that any changed properties related to the certificate (such as the Thumbprint or the private key of the new certificate) are updated in the related storage configurations (Refer to Storage Connections).
[Nest] 21 - 01/24/2024, 9:57:00 AM ERROR [TaskProducerService] ServerError: invalid_client: 700027 -
[2024-01-24 09:57:00Z]: AADSTS700027: The certificate with identifier used to sign the client assertion is expired on
application. [Reason - The key used is expired., Thumbprint of key used by client: 'CDB57E003884DDE011897304FE291EB539812CCC',
Found key 'Start=01/23/2023 13:33:28, End=01/23/2024 13:33:28', Please visit the Azure Portal, Graph Explorer
or directly use MS Graph to see configured keys for app Id '94bc0b64-d83e-4b45-afd0-3b2c84f16a00'.
Review the documentation at https://docs.microsoft.com/en-us/graph/deployments to determine the corresponding service
endpoint and https://docs.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http to
build a query request URL, such as 'https://graph.microsoft.com/beta/applications/94bc0b64-d83e-4b45-afd0-3b2c84f16a00'].
Trace ID: 5b14185d-49d6-47f1-be9a-48c578b24d00 Correlation ID: 74445a33-31f6-4b60-8319-db813e3bbe17 Timestamp: 2024-01-24 09:57:00Z - Correlation ID: 74445a33-31f6-4b60-8319-db813e3bbe17 - Trace ID: 5b14185d-49d6-47f1-be9a-48c578b24d00
SAP: 500 Internal Server
When testing the basic connection via aqilink to the repository, if the message 500 Internal Server Error is returned, this may indicate several potential issues with the current configuration.
To gain more insights into the cause, check the log file of the related container! Below you'll find some common issues which results in that error message.
Password Encryption
If you use the password encryption (which is recommended), the error is most likely related to this. To resolve it:
- Ensure that the relevant
privateKeyfile into the container. Refer to Map private key into container section. - Ensure that the path to the
privateKeyfile is specified correctly in theapp.yamlusing the privateKeyPath parmeter, pointing to the correct path/file. Refer to Password Encryption section. - Verify that you are using the correct
privateKey. Try decrypting the password within the container to check if it's correct. Refer to Decrypt Passwords section.
Related to Hyland Nuxeo
If Nuxeo is the repository behind aqilink, ensure that the service name in the Docker compose.yaml matches the name in the baseUrl parameter of the storage.yaml configuration file. Also, verify that all services in the compose file are using the same network.