Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

SSL Configuration issue on 12.2.1.4.0 with nodemanager

Received Response
279
Views
11
Comments
DentsplySirona
DentsplySirona Rank 4 - Community Specialist
edited Aug 13, 2024 5:34PM in Oracle Analytics Cloud and Server

I am upgrading from 12.2.1.2 to 12.2.1.4 and I have configured SSL the same on .4 as I did on .2 however when I try to start the Severs the nodemanger is failing to start.  I am on a windows server.  I get the following error:

D:\OBIEE12c\user_projects\domains\bi\bitools\bin>start.cmd -i AdminServer

BI_PRODUCT_HOME set as D:\OBIEE12c\bi\

ORACLE_HOME set as D:\OBIEE12c

Starting domain; Using domainHome: D:\OBIEE12c\user_projects\domains\bi ...

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

<Nov 13, 2018 10:05:05 AM EST> <Info> <Security> <BEA-090905> <Disabling the Cry

ptoJ JCE Provider self-integrity check for better startup performance. To enable

this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true

.>

<Nov 13, 2018 10:05:05 AM EST> <Info> <Security> <BEA-090906> <Changing the defa

ult Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disabl

e this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>

<Nov 13, 2018 10:05:05 AM EST> <Info> <Security> <BEA-090909> <Using the configu

red custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSH

ostnameVerifier$NullHostnameVerifier.>

Node manager not running. Starting it...

NMProcess: NODEMGR_HOME is already set to D:\OBIEE12c\user_projects\domains\bi\n

odemanager

NMProcess: CLASSPATH=.;D:\Java\jdk\lib\tools.jar;D:\OBIEE12c\wlserver\server\lib

\weblogic.jar;D:\OBIEE12c\oracle_common\modules\thirdparty\ant-contrib-1.0b3.jar

;D:\OBIEE12c\wlserver\modules\features\oracle.wls.common.nodemanager.jar;D:\Java

\jdk\lib\tools.jar;D:\OBIEE12c\wlserver\modules\features\wlst.wls.classpath.jar;

D:\OBIEE12c\wlserver\modules\features\oracle.wls.common.grizzly.jar;D:\OBIEE12c\

oracle_common\modules\oracle.jps\jps-manifest.jar

NMProcess:

NMProcess: D:\OBIEE12c\user_projects\domains\bi\nodemanager>"D:\Java\jdk\bin\jav

a.exe"  -server -Xms32m -Xmx200m -Djdk.tls.ephemeralDHKeySize=2048 -Dcoherence.h

ome=D:\OBIEE12c\coherence -Dbea.home=D:\OBIEE12c -DNodeManagerHome=D:\OBIEE12c\u

ser_projects\domains\bi\nodemanager -DLogToStderr=false -DQuitEnabled=true -Dweb

logic.RootDirectory=D:\OBIEE12c\user_projects\domains\bi  -Doracle.security.jps.

config=D:\OBIEE12c\user_projects\domains\bi\config\fmwconfig\jps-config-jse.xml

-Dcommon.components.home=D:\OBIEE12c\oracle_common -Dopss.version=12.2.1.3 -Dweb

logic.RootDirectory=D:\OBIEE12c\user_projects\domains\bi   -Doracle.bi.home.dir=

D:\OBIEE12c\bi -Doracle.bi.config.dir=D:\OBIEE12c\user_projects\domains\bi\confi

g\fmwconfig\biconfig -Doracle.bi.environment.dir=D:\OBIEE12c\user_projects\domai

ns\bi\config\fmwconfig\bienv -Doracle.bi.12c=true -Ddomain.home=D:\OBIEE12c\user

_projects\domains\bi -Dfile.encoding=utf-8 -Djava.system.class.loader=com.oracle

.classloader.weblogic.LaunchClassLoader "-Djava.security.policy=D:\OBIEE12c\wlse

rver\server\lib\weblogic.policy" "-Dweblogic.nodemanager.JavaHome=D:\Java\jdk" w

eblogic.NodeManager -v

NMProcess: ( was unexpected at this time.

NMProcess: Stopped draining NMProcess

NMProcess: Stopped draining NMProcess

Failed to start node manager after a timeout of 600000 millisecs.   Final except

ion: Error occurred while performing nmConnect : Cannot connect to Node Manager.

: Connection refused: connect. Could not connect to NodeManager. Check that it

is running at w8001bi09.internal.dentsply.net/10.218.20.83:9506.

Use dumpStack() to view the full stacktrace :

Unable to connect to NodeManager on host: W8001BI09, due to Error occurred while

performing nmConnect : Cannot connect to Node Manager. : Connection refused: co

nnect. Could not connect to NodeManager. Check that it is running at w8001bi09.i

nternal.dentsply.net/10.218.20.83:9506.

Use dumpStack() to view the full stacktrace :

Fatal: Failed to start one or more Servers (return 3)

And In the NodeManager log file I am getting this:

<Nov 13, 2018 10:05:11 AM EST> <INFO> <Loading domains file: D:\OBIEE12c\user_projects\domains\bi\nodemanager\nodemanager.domains>

<Nov 13, 2018 10:05:12 AM EST> <INFO> <Loading identity key store: FileName=D:\OBIEE12c\user_projects\domains\bi\SSL_CERT\my_key_identity.jks, Type=jks, PassPhraseUsed=true>

<Nov 13, 2018 10:05:12 AM EST> <SEVERE> <Fatal error in NodeManager server>

weblogic.nodemanager.common.ConfigException: Identity key store file not found: D:\OBIEE12c\user_projects\domains\bi\SSL_CERT\my_key_identity.jks

at weblogic.nodemanager.server.SSLConfig.loadKeyStoreConfig(SSLConfig.java:225)

at weblogic.nodemanager.server.SSLConfig.access$000(SSLConfig.java:33)

at weblogic.nodemanager.server.SSLConfig$1.run(SSLConfig.java:118)

at java.security.AccessController.doPrivileged(Native Method)

at weblogic.nodemanager.server.SSLConfig.<init>(SSLConfig.java:115)

at weblogic.nodemanager.server.NMServer.<init>(NMServer.java:169)

at weblogic.nodemanager.server.NMServer.getInstance(NMServer.java:134)

at weblogic.nodemanager.server.NMServer.main(NMServer.java:589)

at weblogic.NodeManager.main(NodeManager.java:31)

I have the Admin Server and bi_server setup correctly and The location and file do exist:  D:\OBIEE12c\user_projects\domains\bi\SSL_CERT\my_key_identity.jks

Has something changed with .4?    Where else can I look?

«1

Answers

  • Joel
    Joel Rank 8 - Analytics Strategist

    Are these the steps you followed?

    Oracle Support Document 2188982.1 (OBIEE 12c:  How To Configure SSL Including Examples) can be found at: https://support.oracle.com/epmos/faces/DocumentDisplay?id=2188982.1

  • DentsplySirona
    DentsplySirona Rank 4 - Community Specialist

    Yes and I followed the exact same steps that I did when I installed version 12.2.1.2.  .2 works but .4 does not. 

  • Michael Verzijl
    Michael Verzijl Rank 6 - Analytics Lead

    What is currently stored in your nodemanager.properties file?

  • DentsplySirona
    DentsplySirona Rank 4 - Community Specialist

    nodemanger.properties:

    #Mon Oct 15 16:09:34 EDT 2018

    #Tue Oct 09 15:55:19 EDT 2018

    #Mon Oct 01 15:51:36 EDT 2018

    #Node manager properties

    #Mon Oct 01 15:50:42 EDT 2018

    DomainsFile=D\:\\OBIEE12c\\user_projects\\domains\\bi\\nodemanager\\nodemanager.domains

    LogLimit=0

    PropertiesVersion=12.2.1.3.0

    AuthenticationEnabled=true

    NodeManagerHome=D\:\\OBIEE12c\\user_projects\\domains\\bi\\nodemanager

    JavaHome=D\:\\Java\\jdk

    LogLevel=INFO

    DomainsFileEnabled=true

    ListenAddress=w8001bi09.internal.dentsply.net

    NativeVersionEnabled=true

    ListenPort=9506

    LogToStderr=true

    weblogic.StartScriptName=startWebLogic.cmd

    SecureListener=true

    LogCount=1

    QuitEnabled=false

    LogAppend=true

    weblogic.StopScriptEnabled=false

    StateCheckInterval=500

    CrashRecoveryEnabled=false

    weblogic.StartScriptEnabled=true

    LogFile=D\:\\OBIEE12c\\user_projects\\domains\\bi\\nodemanager\\nodemanager.log

    LogFormatter=weblogic.nodemanager.server.LogFormatter

    ListenBacklog=50

    KeyStores=CustomIdentityAndCustomTrust

    CustomIdentityKeyStoreType=jks

    CustomIdentityKeyStoreFileName=D\:\\OBIEE12c\\user_projects\\domains\\bi\\SSL_CERT\\my_key_identity.jks

    CustomIdentityKeyStorePassPhrase={AES}VgrFVBZ2QkjGNGfSXDOsqOnY2ApeLbCVRAJWyFm+cPo=

    CustomIdentityPrivateKeyPassPhrase={AES}Wj79ge+UkM7ZgME40ygQ1ZUdx3Hxuz4ctD8j4s24Yrk=

    CustomIdentityAlias=server_identity

    CustomTrustKeyStoreFileName=D\:\\OBIEE12c\\user_projects\\domains\\bi\\SSL_CERT\\my_key_trust.jks

  • Michael Verzijl
    Michael Verzijl Rank 6 - Analytics Lead

    Which JDK are you using?

  • DentsplySirona
    DentsplySirona Rank 4 - Community Specialist

    Version 1.8.0_172

  • Michael Verzijl
    Michael Verzijl Rank 6 - Analytics Lead

    Could you try with 1.8.0_171 to see if it works? I have that running here with SSL and works fine.

  • DentsplySirona
    DentsplySirona Rank 4 - Community Specialist

    I can try, but couple questions first.  Are you on a Windows OS (I am using Windows 2012 R2)  and are you using OBIEE version 12.2.1.4.  I have a 12.2.1.2 system that works fine on 1.8.0_172 and due to security issue prefer not to downgrade to an earlier version.

  • handat
    handat Rank 5 - Community Champion

    You should try it as Michael suggest with 1.8.0_171 with debug enabled ( -Djavax.net.debug=all) and compare that with 1.8.0_172 also with debug enabled to see what the difference is during the handshake. You might just need to change the supported/required algorithm in java.security or if your existing certificate needs replacement with stronger keys which will be revealed once you compare the debug outputs.

  • DentsplySirona
    DentsplySirona Rank 4 - Community Specialist

    I am still trying to understand the difference between 12.2.1.2 and 12.2.1.4.  I have this working fine on .2 but when trying to setup .4 it does not work.  All settings and steps are the same.  How if 1.8.0_172 works fine with .2 does it not work in the new version.  Why would I downgrade my java version to work with a newer version of OBIEE.  None of this makes any sense to me and downgrading to java is not a simple task with OBIEE and the security issues also leave me hesitant.