Wednesday 20 April 2016

Managed Server failed to start with Reason: [Management:141266]Parsing Failure in config.xml

========================================================================
Applies To:
WLS - 10.3.6.0.11
OSB - 11.1.1.7.4
========================================================================
Problem:
Unable to start managed server where as admin server came up fine with no issues.

Error:
<Apr 19, 2016 3:08:48 AM CDT> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: [Management:141266]Parsing Failure in config.xml: failed to find method MethodName{methodName='setCacheInAppDirectory', paramTypes=[boolean]} on class weblogic.management.configuration.AppDeploymentMBeanImpl>
<Apr 19, 2016 3:08:48 AM CDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Apr 19, 2016 3:08:48 AM CDT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Apr 19, 2016 3:08:48 AM CDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
<Apr 19, 2016 3:08:58 AM> <INFO> <poc_osb_dev> <poc_osb_dev_ms01> <Server failed during startup so will not be restarted>
Apr 19, 2016 3:08:58 AM weblogic.nodemanager.server.AbstractServerManager log
INFO: Server failed during startup so will not be restarted

========================================================================
Cause:
WLS patches applied to admin host and managed server host were different.

Admin host:
WebLogic Server Temporary Patch for BUG20448343 Fri Feb 06 12:39:35 IST 2015 WebLogic Server 10.3.6.0.11 PSU Patch for BUG20181997 TUE NOV 12 15:54:42 IST 2015 WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050

Managed server host:
WebLogic Server Temporary Patch for BUG14747231 Wed Dec 19 00:41:27 MST 2012 WebLogic Server Temporary Patch for BUG14030073 Tue Jul 31 11:44:25 IST 2012 WebLogic Server Temporary Patch for BUG13961904 Sat Oct 13 07:42:54 CDT 2012  WebLogic Server Temporary Patch for 13573621 Wed Jan 18 18:53:18 IST 2012  WebLogic Server Temporary Patch for BUG14322089 Wed Jul 25 16:00:29 IST 2012  WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050
========================================================================
Resolution:
We need to apply same WLS patches to managed server host as like admin server and restart the server.
This should resolve your issue.
Posted by at No comments:

Friday 15 April 2016

BAD_CERTIFICATE alert was received (java.lang.RuntimeException: Cannot convert identity certificate)

========================================================================
Applies To:
WLS - 10.3.6
OSB - 11.1.1.7
========================================================================
Problem:
Services which are having HTTPS/SSL endpoints aren't working properly.

Error:
<<Mar 29, 2016 3:48:10 PM CDT> <Warning> <Security> <puru-host> <poc_osb_admin> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <ecba9489e228dd77:-11ecd046:1535560a37c:-7ffd-000000000000fe95> <1459284490478> <BEA-090482> <BAD_CERTIFICATE alert was received from XX.XX.XXX.XXX - XX.XX.XXX.XXX. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>

Reason:
java.lang.RuntimeException: Cannot convert identity certificate
========================================================================
Cause:
Recently target system renewed their certificates and new certificates installed on downstream side which has SHA256RSA signature algorithm and old certificates were having SHA1RSA which was working fine.
Weblogic is having default SSL implementation(CERTICOM)
========================================================================
Resolution:
We need to enforce weblogic server to use JSSE if any cipher suite is unsupported by default SSL implementation(CERTICOM).
To change SSL implementation from CERTICOM to JSSE and resolve issue kindly follow below steps,
1. Navigate Environment -> servers -> [server name] -> Configuration -> SSL -> Advanced tab -> Enable Use JSSE SSL
2. Also we need to import new root and intermediate certificates from renewed cert if they aren't existed in CACERT
Login to each domain host and perform below,
cd $JAVA_HOME/jre/bin
To list CACERTS, use below command,
keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
To import cert, kindly use,
./keytool -import -alias alias_name -keystore $JAVA_HOME/jre/lib/security/cacerts -trustcacerts -file $Cert_location/cert.pem
3. Restart servers for changes to take effect and test the service.

Posted by at No comments:
Subscribe to: Posts (Atom)