3 Replies Latest reply: Aug 5, 2009 11:44 PM by 807567 RSS

    Sun Update Connection problems

    807567
      Hi,

      Currently, I am trying to setup my solaris 10sparc server with the sun update connection. My server need to connect to internet through a proxy server. I have problem where the GUI is disable (security issue) and i need all the commands to setup it. Below is the problems which i havent figure out:

      # smpatch analyze
      Failure: Cannot connect to retrieve detectors.jar: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      # smpatch analyze -C patchpro.log.level=3 -C patchpro.debug=true
      Effective proxy host : "my_proxy"
      Effective proxy port : "my_proxy_port"
      Effective proxy user : ""
      ... Submitting download request against a GUUS server
      ... ... Hostname of URL is getupdates.sun.com
      ... ... Filename of URL is /xml/motd.xml
      ... ... File path portion of URL is /xml/motd.xml
      Defining request header : IF_MODIFIED_SINCE... valueThu Jan 01 07:30:00 MYT 1970
      Effective proxy host : "my_proxy"
      Effective proxy port : "my_proxy_port"
      Effective proxy user : ""
      ... Submitting download request against a GUUS server
      ... ... Hostname of URL is getupdates.sun.com
      ... ... Filename of URL is /database/current.zip
      ... ... File path portion of URL is /database/current.zip
      Effective proxy host : "my_proxy"
      Effective proxy port : "my_proxy_port"
      Effective proxy user : ""
      ... Submitting download request against a GUUS server
      ... ... Hostname of URL is getupdates.sun.com
      ... ... Filename of URL is /detector/detectors.jar
      ... ... File path portion of URL is /detector/detectors.jar
      Defining request header : IF_MODIFIED_SINCE... valueThu Jan 01 07:30:00 MYT 1970
      Defining request header : IF_MODIFIED_SINCE... valueThu Jan 01 07:30:00 MYT 1970
      Failure: Cannot connect to retrieve current.zip: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      ##The suc.sh result##
      User:
      Logname: root
      Wed Aug 5 10:23:13 MYT 2009
      hostname


      smpatch settings:

      patchpro.backout.directory - ""
      patchpro.baseline.directory - /var/sadm/spool
      patchpro.download.directory - /var/sadm/spool
      patchpro.install.types - rebootafter:reconfigafter:standard
      patchpro.patch.source https://getupdates.sun.com/ https://getupdates1.sun.com/
      patchpro.patchset - current
      patchpro.proxy.host my_proxy ""
      patchpro.proxy.passwd **** ****
      patchpro.proxy.port my_proxy_port 8080
      patchpro.proxy.user - ""


      smpatch analyze:

      Failure: Cannot connect to retrieve current.zip: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


      Sun UC patch revision:

      120335-04
      121081-06
      121118-13
      121453-02
      122231-01
      123003-03
      123005-07
      123630-03
      123893-05
      124171-07


      Solaris release:

      Solaris 10 10/08 s10s_u6wos_07b SPARC
      Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
      Use is subject to license terms.
      Assembled 27 October 2008


      Java -version:

      java version "1.5.0_16"
      Java(TM) Platform, Standard Edition for Business (build 1.5.0_16-b02)
      Java HotSpot(TM) Server VM (build 1.5.0_16-b02, mixed mode)


      Cacao Java version:

      java-home=/usr/jdk/jdk1.5.0_16


      Software Cluster:

      CLUSTER=SUNWCall


      All ccr properties:

      18:
      Property not defined: 18

      cns.assetid:


      cns.br.SunUCenabled:
      true

      cns.ccr.keyGenPath:
      /usr/lib/cc-ccr/bin/ccrKeyGen

      cns.clientid:


      cns.httpproxy.auth:


      cns.httpproxy.ipaddr:
      my_proxy

      cns.httpproxy.port:
      my_proxy_port

      cns.regtoken:


      cns.security.password:


      cns.security.privatekey:


      cns.security.publickey:


      cns.swup.UMautolaunch:
      false

      cns.swup.autoAnalysis.enabled:
      true

      cns.swup.checkinInterval:
      2

      cns.swup.lastCheckin:
      0

      cns.swup.patchbaseline:
      current

      cns.swup.regRequired:
      true

      cns.transport.serverurl:




      patchsvr not installed.



      Sun UC package status:

      SUNWbreg not installed
      SUNWdc not installed


      Please attach /tmp/svora001-050809-suc-out.Z in your reply to the Sun Update Connection Technical Support Team.


      Hope anyone can help to check my problems and provide me some idea to solve it.
      Thanks

      Regards
      win
        • 1. Re: Sun Update Connection problems
          807567
          I see a number of issues in the output, but let's look at them one at a time:
          Failure: Cannot connect to retrieve current.zip: sun.security.validator.ValidatorException: PKIX path building failed:
          sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
          This means that there is a problem with the certificates used on the server which do need to get updated every few years. I would suggest that you firstly apply the following patches:
          121081-08
          121118-16
          137137-09
          123893-15
          This should bring the system up to a point where the correct certificates are installed.
          Note that:
          * it may be best to use a patch cluster due to the kernel patch needing to be update (there may be a large number of dependencies).
          * the server has changed from getupdates.sun.com to getupdates1.sun.com, so you will need to correct this:
          # smpatch unset patchpro.patch.source
          You will then need to register the system using sconadm, the command line registration tool:

          * Ensure that cacao processes are not running:
          # /usr/sbin/cacaoadm stop
          # sleep 30
          Kill any remaining cacaodm processes (check with 'ps -ef | grep ccr')

          * Clear out any old registration data and logs:
          # rm /var/cacao/instances/default/logs/* /var/scn/persistence/SCN*
          # /usr/lib/cc-ccr/bin/eraseCCRRepository
          * Create a registration template:
          # grep -v '^#' /usr/lib/breg/data/RegistrationProfile.properties > /var/tmp/RegistrationProfile.properties
          # chmod 600 /var/tmp/RegistrationProfile.properties
          * Edit the template:
          You will need to include your Sun Online Account (SOA) details, subscription key (contract ID), and HTTP proxy details if required. Note that NTLM proxies that do not allow failback to basic authentication cannot be used.

          The template should look similar to the following:
          userName=<soa-user>
          password=<soa-pass>
          
          subscriptionKey=
          
          proxyHostName=
          proxyPort=
          proxyUserName=
          proxyPassword=
          * Register the system:
          If you are using an HTTP proxy you will need to run an additional command prior to registering:
          # sconadm proxy -r /var/tmp/RegistrationProfile.properties
          Otherwise register using the following command:
          # sconadm register -a -r /var/tmp/RegistrationProfile.properties
          Note that registration can take several minutes depending on the configuration and load of the system.

          * Troubleshooting:
          In the event that the registration fails, please collect the following log files for investigation, along with the file generated by the data collection script (suc.sh):
          /tmp/basicreg<timestamp>.log
          /var/cacao/instances/default/logs/cacao.0

          I would suggest that you place these files inside a tar ball and upload them to our [Support Files site|http://supportuploads.sun.com/], and once this has been done inform us of the path and filename. Alternatively you may wish to open a support call and reference this thread.

          Please do not post these files in the public forum.
          • 2. Re: Sun Update Connection problems
            807567
            Hi,

            I have done with the patches given and follow the steps given and the output for register as belows:

            # /usr/sbin/sconadm register -a -r /tmp/RegistrationProfile.properties
            sconadm is running
            Authenticating user ...
            failed registration!

            # sconadm proxy -r /tmp/RegistrationProfile.properties
            sconadm is running
            #

            Is it seems ok with the registration?After that i try the smpatch analyze also output with same errors

            # smpatch analyze
            Failure: Cannot connect to retrieve detectors.jar: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


            Any more place i need to change my settings?How about settings in my proxy?

            Regards
            unix_bee
            • 3. Re: Sun Update Connection problems
              807567
              Hi,

              I already upload files

              ===============================================================================
              Thanks for your upload

              Your file has been stored as "/cores/sunupdate.tar.gz.2 " on the Supportfiles service.

              Size of the file (in bytes) : 20384.

              The file has a cksum of : 789199169 .


              You can verify the checksum of the file by comparing this value with the output of /usr/bin/cksum filename on your local machine. If there is any difference in the checksum values, please re-upload the file.

              ================================================================================

              Regards
              unix_bee