This discussion is archived
3 Replies Latest reply: Aug 5, 2009 9:44 PM by 807567 RSS

Sun Update Connection problems

807567 Newbie
Currently Being Moderated
Hi,

Currently, I am trying to setup my solaris 10sparc server with the sun update connection. My server need to connect to internet through a proxy server. I have problem where the GUI is disable (security issue) and i need all the commands to setup it. Below is the problems which i havent figure out:

# smpatch analyze
Failure: Cannot connect to retrieve detectors.jar: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

# smpatch analyze -C patchpro.log.level=3 -C patchpro.debug=true
Effective proxy host : "my_proxy"
Effective proxy port : "my_proxy_port"
Effective proxy user : ""
... Submitting download request against a GUUS server
... ... Hostname of URL is getupdates.sun.com
... ... Filename of URL is /xml/motd.xml
... ... File path portion of URL is /xml/motd.xml
Defining request header : IF_MODIFIED_SINCE... valueThu Jan 01 07:30:00 MYT 1970
Effective proxy host : "my_proxy"
Effective proxy port : "my_proxy_port"
Effective proxy user : ""
... Submitting download request against a GUUS server
... ... Hostname of URL is getupdates.sun.com
... ... Filename of URL is /database/current.zip
... ... File path portion of URL is /database/current.zip
Effective proxy host : "my_proxy"
Effective proxy port : "my_proxy_port"
Effective proxy user : ""
... Submitting download request against a GUUS server
... ... Hostname of URL is getupdates.sun.com
... ... Filename of URL is /detector/detectors.jar
... ... File path portion of URL is /detector/detectors.jar
Defining request header : IF_MODIFIED_SINCE... valueThu Jan 01 07:30:00 MYT 1970
Defining request header : IF_MODIFIED_SINCE... valueThu Jan 01 07:30:00 MYT 1970
Failure: Cannot connect to retrieve current.zip: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

##The suc.sh result##
User:
Logname: root
Wed Aug 5 10:23:13 MYT 2009
hostname


smpatch settings:

patchpro.backout.directory - ""
patchpro.baseline.directory - /var/sadm/spool
patchpro.download.directory - /var/sadm/spool
patchpro.install.types - rebootafter:reconfigafter:standard
patchpro.patch.source https://getupdates.sun.com/ https://getupdates1.sun.com/
patchpro.patchset - current
patchpro.proxy.host my_proxy ""
patchpro.proxy.passwd **** ****
patchpro.proxy.port my_proxy_port 8080
patchpro.proxy.user - ""


smpatch analyze:

Failure: Cannot connect to retrieve current.zip: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


Sun UC patch revision:

120335-04
121081-06
121118-13
121453-02
122231-01
123003-03
123005-07
123630-03
123893-05
124171-07


Solaris release:

Solaris 10 10/08 s10s_u6wos_07b SPARC
Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 27 October 2008


Java -version:

java version "1.5.0_16"
Java(TM) Platform, Standard Edition for Business (build 1.5.0_16-b02)
Java HotSpot(TM) Server VM (build 1.5.0_16-b02, mixed mode)


Cacao Java version:

java-home=/usr/jdk/jdk1.5.0_16


Software Cluster:

CLUSTER=SUNWCall


All ccr properties:

18:
Property not defined: 18

cns.assetid:


cns.br.SunUCenabled:
true

cns.ccr.keyGenPath:
/usr/lib/cc-ccr/bin/ccrKeyGen

cns.clientid:


cns.httpproxy.auth:


cns.httpproxy.ipaddr:
my_proxy

cns.httpproxy.port:
my_proxy_port

cns.regtoken:


cns.security.password:


cns.security.privatekey:


cns.security.publickey:


cns.swup.UMautolaunch:
false

cns.swup.autoAnalysis.enabled:
true

cns.swup.checkinInterval:
2

cns.swup.lastCheckin:
0

cns.swup.patchbaseline:
current

cns.swup.regRequired:
true

cns.transport.serverurl:




patchsvr not installed.



Sun UC package status:

SUNWbreg not installed
SUNWdc not installed


Please attach /tmp/svora001-050809-suc-out.Z in your reply to the Sun Update Connection Technical Support Team.


Hope anyone can help to check my problems and provide me some idea to solve it.
Thanks

Regards
win
  • 1. Re: Sun Update Connection problems
    807567 Newbie
    Currently Being Moderated
    I see a number of issues in the output, but let's look at them one at a time:
    Failure: Cannot connect to retrieve current.zip: sun.security.validator.ValidatorException: PKIX path building failed:
    sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    This means that there is a problem with the certificates used on the server which do need to get updated every few years. I would suggest that you firstly apply the following patches:
    121081-08
    121118-16
    137137-09
    123893-15
    This should bring the system up to a point where the correct certificates are installed.
    Note that:
    * it may be best to use a patch cluster due to the kernel patch needing to be update (there may be a large number of dependencies).
    * the server has changed from getupdates.sun.com to getupdates1.sun.com, so you will need to correct this:
    # smpatch unset patchpro.patch.source
    You will then need to register the system using sconadm, the command line registration tool:

    * Ensure that cacao processes are not running:
    # /usr/sbin/cacaoadm stop
    # sleep 30
    Kill any remaining cacaodm processes (check with 'ps -ef | grep ccr')

    * Clear out any old registration data and logs:
    # rm /var/cacao/instances/default/logs/* /var/scn/persistence/SCN*
    # /usr/lib/cc-ccr/bin/eraseCCRRepository
    * Create a registration template:
    # grep -v '^#' /usr/lib/breg/data/RegistrationProfile.properties > /var/tmp/RegistrationProfile.properties
    # chmod 600 /var/tmp/RegistrationProfile.properties
    * Edit the template:
    You will need to include your Sun Online Account (SOA) details, subscription key (contract ID), and HTTP proxy details if required. Note that NTLM proxies that do not allow failback to basic authentication cannot be used.

    The template should look similar to the following:
    userName=<soa-user>
    password=<soa-pass>
    
    subscriptionKey=
    
    proxyHostName=
    proxyPort=
    proxyUserName=
    proxyPassword=
    * Register the system:
    If you are using an HTTP proxy you will need to run an additional command prior to registering:
    # sconadm proxy -r /var/tmp/RegistrationProfile.properties
    Otherwise register using the following command:
    # sconadm register -a -r /var/tmp/RegistrationProfile.properties
    Note that registration can take several minutes depending on the configuration and load of the system.

    * Troubleshooting:
    In the event that the registration fails, please collect the following log files for investigation, along with the file generated by the data collection script (suc.sh):
    /tmp/basicreg<timestamp>.log
    /var/cacao/instances/default/logs/cacao.0

    I would suggest that you place these files inside a tar ball and upload them to our [Support Files site|http://supportuploads.sun.com/], and once this has been done inform us of the path and filename. Alternatively you may wish to open a support call and reference this thread.

    Please do not post these files in the public forum.
  • 2. Re: Sun Update Connection problems
    807567 Newbie
    Currently Being Moderated
    Hi,

    I have done with the patches given and follow the steps given and the output for register as belows:

    # /usr/sbin/sconadm register -a -r /tmp/RegistrationProfile.properties
    sconadm is running
    Authenticating user ...
    failed registration!

    # sconadm proxy -r /tmp/RegistrationProfile.properties
    sconadm is running
    #

    Is it seems ok with the registration?After that i try the smpatch analyze also output with same errors

    # smpatch analyze
    Failure: Cannot connect to retrieve detectors.jar: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


    Any more place i need to change my settings?How about settings in my proxy?

    Regards
    unix_bee
  • 3. Re: Sun Update Connection problems
    807567 Newbie
    Currently Being Moderated
    Hi,

    I already upload files

    ===============================================================================
    Thanks for your upload

    Your file has been stored as "/cores/sunupdate.tar.gz.2 " on the Supportfiles service.

    Size of the file (in bytes) : 20384.

    The file has a cksum of : 789199169 .


    You can verify the checksum of the file by comparing this value with the output of /usr/bin/cksum filename on your local machine. If there is any difference in the checksum values, please re-upload the file.

    ================================================================================

    Regards
    unix_bee