Forum Stats

  • 3,838,629 Users
  • 2,262,385 Discussions
  • 7,900,715 Comments

Discussions

[OBIPS] [ERROR:10] Exception in handler thread. An error occurred during processing of the SSL prot

User_U0LN6
User_U0LN6 Member Posts: 16 Red Ribbon

Dear All,

After instalation and migration (upgrade), this error apears in sawlog0.log

[2019-11-08T16:56:50-03:00] [OBIPS] [ERROR:10] [] [saw.rpc.server.handleConnection] [ecid: 005_hfGUt30F^6p5oR9DiY000C9h00000T,0:545] [tid: 3875157760] [SI-Name: ] [IDD-Name: ] [IDD-GUID: ] [userId: ] Exception in handler thread. An error occurred during processing of the SSL protocol.

Error Codes: I2GIBJSN:

Location: saw.rpc.ssl.read, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads

139646146852608:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:643:

[[

File:socketrpcserver.cpp

Line:596

Location:

        saw.rpc.server.handleConnection

        saw.rpc.server.dispatch

        saw.threadpool.socketrpcserver

        saw.threads

]]

[2019-11-08T16:56:55-03:00] [OBIPS] [ERROR:31] [] [saw.rpc.ssl.read] [ecid: 005_hfGUt30F^6p5oR9DiY000C9h00000T,0:547] [tid: 1241028352] [SI-Name: ] [IDD-Name: ] [IDD-GUID: ] [userId: ] An error occurred during processing of the SSL protocol.

139647807690496:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:643:

[[

File:sslsocket.cpp

Line:619

Location:

        saw.rpc.ssl.read

        saw.rpc.server

        saw.rpc.server.handleConnection

        saw.rpc.server.dispatch

        saw.threadpool.socketrpcserver

        saw.threads

]]

[2019-11-08T16:56:55-03:00] [OBIPS] [ERROR:10] [] [saw.rpc.server.handleConnection] [ecid: 005_hfGUt30F^6p5oR9DiY000C9h00000T,0:547] [tid: 1241028352] [SI-Name: ] [IDD-Name: ] [IDD-GUID: ] [userId: ] Exception in handler thread. An error occurred during processing of the SSL protocol.

Error Codes: I2GIBJSN:

Location: saw.rpc.ssl.read, saw.rpc.server, saw.rpc.server.handleConnection, saw.rpc.server.dispatch, saw.threadpool.socketrpcserver, saw.threads

139647807690496:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:643:

[[

File:socketrpcserver.cpp

Line:596

Location:

        saw.rpc.server.handleConnection

        saw.rpc.server.dispatch

        saw.threadpool.socketrpcserver

        saw.threads

]]

I 'm finding in Support.Oracle.com but dowt have anything message. Only this bug is fixed in biee11.1.17 BUT my BIEE is 12.1.2.4.

Thank You,

Tagged:

Best Answer

  • User_U0LN6
    User_U0LN6 Member Posts: 16 Red Ribbon
    edited Nov 8, 2019 3:34PM Answer ✓

    STOP BIEE ALL COMPONENT'S by default script

    ./stop.sh

    [[email protected] bin]$ ./ssl.sh internalssl true

    Logging to: /data/oracle/bieeinst/user_projects/domains/bieeinstc/bilogs/sslcommand.log

    Reading domain

    Setting protocol to https for server bi_server1

    Rebinding channel certificates for server bi_server1

    Checking certificate exists for endpoint: BI-SECURITY-SOAP.bi_server1 https://bieehost.company.com.al:9536/bi-security/service - custom channel bi_internal_channel1

    No new certificates required.

    Internal BIEE communications have been configured to use SSL with certificates

    matching the current listening addresses.  Rerun if you change the addresses.

    To achieve end to end security you also need to review the SSL configuration

    of other components, including the external ports of WebLogic servers.

    All certificates have more than 30 days to expiry.

    Startup all BIEE servers to consume the new configuraton.  For example run the start[.sh] command line tool in the same directory as this ssl tool.

    [[email protected] bin]$

    [[email protected] bin]$

    [[email protected] bin]$ ./ssl.sh report

    Logging to: /data/oracle/bieeinst/user_projects/domains/bieeinstc/bilogs/sslcommand.log

    Internal SSL enabled

       Client verification disabled (One way SSL)

       Using all available default ciphers

    Type: OBICCS

        Scanning endpoint OBICCS.obiccs1 tcp(s)://bieehost.company.com.al:9539(9539)/ - System Component

    Type: OBIJH

        Scanning endpoint OBIJH.obijh1 tcp(s)://bieehost.company.com.al:9541(9541)/ - System Component

    Type: OBIPS

        Scanning endpoint OBIPS.obips1 tcp(s)://bieehost.company.com.al:9538(9538)/ - System Component

    Type: OBIS

        Scanning endpoint OBIS.obis1 tcp(s)://bieehost.company.com.al:9545(9545)/ - System Component

    Type: OBISCH

        Scanning endpoint OBISCH.obisch1 tcp(s)://bieehost.company.com.al:9542(9542)/ - System Component

    Type: BI-SECURITY-SOAP

        Scanning endpoint BI-SECURITY-SOAP.bi_server1 https://bieehost.company.com.al:9536/bi-security/service - custom channel bi_internal_channel1

    Summary: Out of 6 endpoints 0 succeeded, and 6 failed.

    Ping successes (0):

    Ping failures (6):

    Target: obiccs1:OBICCS @ bieehost.company.com.al:9539

      Java client: SSL ping failed.  Failed to connect.  Server may be down.

      Openssl client: SSL connection failed.  See detailed log output.

    Target: obijh1:OBIJH @ bieehost.company.com.al:9541

      Java client: SSL ping failed.  Failed to connect.  Server may be down.

      Openssl client: SSL connection failed.  See detailed log output.

    Target: obips1:OBIPS @ bieehost.company.com.al:9538

      Java client: SSL ping failed.  Failed to connect.  Server may be down.

      Openssl client: SSL connection failed.  See detailed log output.

    Target: obis1:OBIS @ bieehost.company.com.al:9545

      Java client: SSL ping failed.  Failed to connect.  Server may be down.

      Openssl client: SSL connection failed.  See detailed log output.

    Target: obisch1:OBISCH @ bieehost.company.com.al:9542

      Java client: SSL ping failed.  Failed to connect.  Server may be down.

      Openssl client: SSL connection failed.  See detailed log output.

    Target: bi_server1:BI-SECURITY-SOAP @ bieehost.company.com.al:9536

      Java client: SSL ping failed.  Failed to connect.  Server may be down.

      Openssl client: SSL connection failed.  See detailed log output.

    The first certificate to expire will expire on: 10/23/39 3:27 PM

    All certificates have more than 30 days to expiry.

    START BIEE ALL COMPONENT'S by default script

    ./start.sh

    [[email protected] bin]$ ./ssl.sh report

    Logging to: /data/oracle/bieeinst/user_projects/domains/bieeinstc/bilogs/sslcommand.log

    Internal SSL enabled

       Client verification disabled (One way SSL)

       Using all available default ciphers

    Type: OBICCS

        Scanning endpoint OBICCS.obiccs1 tcp(s)://bieehost.company.com.al:9539(9539)/ - System Component

    Type: OBIJH

        Scanning endpoint OBIJH.obijh1 tcp(s)://bieehost.company.com.al:9541(9541)/ - System Component

    Type: OBIPS

        Scanning endpoint OBIPS.obips1 tcp(s)://bieehost.company.com.al:9538(9538)/ - System Component

    Type: OBIS

        Scanning endpoint OBIS.obis1 tcp(s)://bieehost.company.com.al:9545(9545)/ - System Component

    Type: OBISCH

        Scanning endpoint OBISCH.obisch1 tcp(s)://bieehost.company.com.al:9542(9542)/ - System Component

    Type: BI-SECURITY-SOAP

        Scanning endpoint BI-SECURITY-SOAP.bi_server1 https://bieehost.company.com.al:9536/bi-security/service - custom channel bi_internal_channel1

    Summary: Out of 6 endpoints 6 succeeded, and 0 failed.

    Ping successes (6):

    Target: obiccs1:OBICCS @ bieehost.company.com.al:9539

      Java client: SSL ping OK.

         Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.

      Openssl client: SSL ping OK.

    Target: obijh1:OBIJH @ bieehost.company.com.al:9541

      Java client: SSL ping OK.

         Protocol: TLSv1.2. Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. One way SSL.

      Openssl client: SSL ping OK.

    Target: obips1:OBIPS @ bieehost.company.com.al:9538

      Java client: SSL ping OK.

         Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.

      Openssl client: SSL ping OK.

    Target: obis1:OBIS @ bieehost.company.com.al:9545

      Java client: SSL ping OK.

         Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.

      Openssl client: SSL ping OK.

    Target: obisch1:OBISCH @ bieehost.company.com.al:9542

      Java client: SSL ping OK.

         Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.

      Openssl client: SSL ping OK.

    Target: bi_server1:BI-SECURITY-SOAP @ bieehost.company.com.al:9536

      Java client: SSL ping OK.

         Protocol: TLSv1.2. Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. One way SSL.

      Openssl client: SSL ping OK.

    Ping failures (0):

    The first certificate to expire will expire on: 10/23/39 3:27 PM

    All certificates have more than 30 days to expiry.

Answers

  • User_U0LN6
    User_U0LN6 Member Posts: 16 Red Ribbon
    edited Nov 8, 2019 3:34PM Answer ✓

    STOP BIEE ALL COMPONENT'S by default script

    ./stop.sh

    [[email protected] bin]$ ./ssl.sh internalssl true

    Logging to: /data/oracle/bieeinst/user_projects/domains/bieeinstc/bilogs/sslcommand.log

    Reading domain

    Setting protocol to https for server bi_server1

    Rebinding channel certificates for server bi_server1

    Checking certificate exists for endpoint: BI-SECURITY-SOAP.bi_server1 https://bieehost.company.com.al:9536/bi-security/service - custom channel bi_internal_channel1

    No new certificates required.

    Internal BIEE communications have been configured to use SSL with certificates

    matching the current listening addresses.  Rerun if you change the addresses.

    To achieve end to end security you also need to review the SSL configuration

    of other components, including the external ports of WebLogic servers.

    All certificates have more than 30 days to expiry.

    Startup all BIEE servers to consume the new configuraton.  For example run the start[.sh] command line tool in the same directory as this ssl tool.

    [[email protected] bin]$

    [[email protected] bin]$

    [[email protected] bin]$ ./ssl.sh report

    Logging to: /data/oracle/bieeinst/user_projects/domains/bieeinstc/bilogs/sslcommand.log

    Internal SSL enabled

       Client verification disabled (One way SSL)

       Using all available default ciphers

    Type: OBICCS

        Scanning endpoint OBICCS.obiccs1 tcp(s)://bieehost.company.com.al:9539(9539)/ - System Component

    Type: OBIJH

        Scanning endpoint OBIJH.obijh1 tcp(s)://bieehost.company.com.al:9541(9541)/ - System Component

    Type: OBIPS

        Scanning endpoint OBIPS.obips1 tcp(s)://bieehost.company.com.al:9538(9538)/ - System Component

    Type: OBIS

        Scanning endpoint OBIS.obis1 tcp(s)://bieehost.company.com.al:9545(9545)/ - System Component

    Type: OBISCH

        Scanning endpoint OBISCH.obisch1 tcp(s)://bieehost.company.com.al:9542(9542)/ - System Component

    Type: BI-SECURITY-SOAP

        Scanning endpoint BI-SECURITY-SOAP.bi_server1 https://bieehost.company.com.al:9536/bi-security/service - custom channel bi_internal_channel1

    Summary: Out of 6 endpoints 0 succeeded, and 6 failed.

    Ping successes (0):

    Ping failures (6):

    Target: obiccs1:OBICCS @ bieehost.company.com.al:9539

      Java client: SSL ping failed.  Failed to connect.  Server may be down.

      Openssl client: SSL connection failed.  See detailed log output.

    Target: obijh1:OBIJH @ bieehost.company.com.al:9541

      Java client: SSL ping failed.  Failed to connect.  Server may be down.

      Openssl client: SSL connection failed.  See detailed log output.

    Target: obips1:OBIPS @ bieehost.company.com.al:9538

      Java client: SSL ping failed.  Failed to connect.  Server may be down.

      Openssl client: SSL connection failed.  See detailed log output.

    Target: obis1:OBIS @ bieehost.company.com.al:9545

      Java client: SSL ping failed.  Failed to connect.  Server may be down.

      Openssl client: SSL connection failed.  See detailed log output.

    Target: obisch1:OBISCH @ bieehost.company.com.al:9542

      Java client: SSL ping failed.  Failed to connect.  Server may be down.

      Openssl client: SSL connection failed.  See detailed log output.

    Target: bi_server1:BI-SECURITY-SOAP @ bieehost.company.com.al:9536

      Java client: SSL ping failed.  Failed to connect.  Server may be down.

      Openssl client: SSL connection failed.  See detailed log output.

    The first certificate to expire will expire on: 10/23/39 3:27 PM

    All certificates have more than 30 days to expiry.

    START BIEE ALL COMPONENT'S by default script

    ./start.sh

    [[email protected] bin]$ ./ssl.sh report

    Logging to: /data/oracle/bieeinst/user_projects/domains/bieeinstc/bilogs/sslcommand.log

    Internal SSL enabled

       Client verification disabled (One way SSL)

       Using all available default ciphers

    Type: OBICCS

        Scanning endpoint OBICCS.obiccs1 tcp(s)://bieehost.company.com.al:9539(9539)/ - System Component

    Type: OBIJH

        Scanning endpoint OBIJH.obijh1 tcp(s)://bieehost.company.com.al:9541(9541)/ - System Component

    Type: OBIPS

        Scanning endpoint OBIPS.obips1 tcp(s)://bieehost.company.com.al:9538(9538)/ - System Component

    Type: OBIS

        Scanning endpoint OBIS.obis1 tcp(s)://bieehost.company.com.al:9545(9545)/ - System Component

    Type: OBISCH

        Scanning endpoint OBISCH.obisch1 tcp(s)://bieehost.company.com.al:9542(9542)/ - System Component

    Type: BI-SECURITY-SOAP

        Scanning endpoint BI-SECURITY-SOAP.bi_server1 https://bieehost.company.com.al:9536/bi-security/service - custom channel bi_internal_channel1

    Summary: Out of 6 endpoints 6 succeeded, and 0 failed.

    Ping successes (6):

    Target: obiccs1:OBICCS @ bieehost.company.com.al:9539

      Java client: SSL ping OK.

         Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.

      Openssl client: SSL ping OK.

    Target: obijh1:OBIJH @ bieehost.company.com.al:9541

      Java client: SSL ping OK.

         Protocol: TLSv1.2. Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. One way SSL.

      Openssl client: SSL ping OK.

    Target: obips1:OBIPS @ bieehost.company.com.al:9538

      Java client: SSL ping OK.

         Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.

      Openssl client: SSL ping OK.

    Target: obis1:OBIS @ bieehost.company.com.al:9545

      Java client: SSL ping OK.

         Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.

      Openssl client: SSL ping OK.

    Target: obisch1:OBISCH @ bieehost.company.com.al:9542

      Java client: SSL ping OK.

         Protocol: TLSv1.2. Cipher: TLS_RSA_WITH_AES_128_CBC_SHA256. One way SSL.

      Openssl client: SSL ping OK.

    Target: bi_server1:BI-SECURITY-SOAP @ bieehost.company.com.al:9536

      Java client: SSL ping OK.

         Protocol: TLSv1.2. Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. One way SSL.

      Openssl client: SSL ping OK.

    Ping failures (0):

    The first certificate to expire will expire on: 10/23/39 3:27 PM

    All certificates have more than 30 days to expiry.