This content has been marked as final. Show 11 replies
The most common cause for this relatively common problem is that the wrong credentials have been configured for the keystore. This causes the Server to be incapable of accessing the database. I suggest you look in the server log too. This may give you a better indication of the actual problem. For example, we've had several instances where the keystore was not generated in the first place - this is usually indicated by a FileNotFoundException in the log.
In logs I've found such exception:
####<Jun 23, 2010 11:36:27 AM MSD> <Info> <EJB> <srv-irm> <IRM_server1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <BEA1-0007F362AB5853942330> <e42cdf55d810a152:550cf77:1295fdd5c83:-7fff-0000000000000883> <1277278587611> <BEA-010227> <EJB Exception occurred during invocation from home or business: weblogic.ejb.container.internal.StatelessEJBLocalHomeImpl@1e82753 threw exception: oracle.irm.engine.content.store.KeyStoreAccessException: IRM-01012: There has been an error using the key store. The cause of this exception was:
java.security.UnrecoverableKeyException: Given final block not properly padded>
And I have no idea what does it mean.
Excellent. I have good news and bad news...
Good news: the server found the path to a keystore and opened the file correctly. (I assume this is good news because it's unlikely for you to have created more than one keystore.)
Bad news: you're missing or using an incorrect password.
Now you might ask WHY doesn't it just say 'incorrect password'. The reason is that the keystore uses the password as a part of the decryption key of the keystore. So therefore, it doesn't know whether the password is incorrect or the keystore has been tampered with, so all it can say is that the data seems incorrect - or tthat the final block of encrypted data didn't make sense.
...which is what you're getting.
...and how can I correct this situation?
I did everything as in documentation, and repeat key-file generation two times. After it I set passwords with wlsh.cmd.
And have the same results.
I just can't understand on what stage I have an error...
Edited by: user508254 on 23.06.2010 3:59
Just to let you know I have been discussing this (just in case) with Development so I know my facts are straight. :) The problem is definitely that one of the two passwords required is incorrect. When you run wlst.cmd, you are required to insert two passwords. The first password is the one that secures the entire keystore file. The second password is the one which secures the database encryption key inside the keystore. If you cannot see where you're going wrong, reproduce here:
1. The keytool command you're using. (i.e.cut and paste the command you used into your response).
2. The sequence you used in the wlst.cmd section. Obviously you will need to hide the userid and password by calling them 'dummy' and 'password'.
With those I should be able to see where you're going wrong. Incidentally, please note that you must use quote or double-quote marks as described in the documentation. If you don't use either, then you should get a syntax error on the command line.
Thank you, Frank for your help.
I don't know why, but at last I succeded in context creation.
I hope on your further help in my discovering Oracle IRM :)
Glad to hear you got going!
I get this error in the IRM log.
java.security.UnrecoverableKeyException: Given final block not properly padded
I tried creating keystore several times, but still cannot create a new context.
Error after issing the wlst.cmd command:
Problem invoking WLST - java.io.FileNotFoundException: C:\Oracle\Middleware\Orac
le_ECM1\common\bin\connect('weblogic','********','t3:\hostname:7001') (The file
name, directory name, or volume label syntax is incorrect)
Command I used:
wlst.cmd connect('weblogic','s********','t3://hostname:7001') createCred("IRM","keystore:irm.jks","dummy","********") createCred("IRM","key:irm.jks:oracle.irm.wrap","dummy","********")
1. install new version of JRE
2. run setWLSEnv.cmd before start WLST (C:\Oracle\Middleware\wlserver_10.3\server\bin\setWLSEnv.cmd)
3. start WLST (C:\Oracle\Middleware\Oracle_ECM1\common\bin\wlst.cmd)
4. run connect command
5. run createCred command
After I ran the commands one per line, it completed. I can now create contexts. Thanks for your help.