APAR status
Closed as program error.
Error description
IBM Spectrum Protect Operations Center login fails below following error after upgrading to V8.1 level. This site cant be reached. Or Login fails with The IBM Spectrum Protect server (Localhost:1500) is not available. Verify that the server is running and there are no connectivity issues and try to log in again error. The following error messages are seen in the operations center logs. tsm_opscntr.log shows: <Timestamp>UTC [tid=65] [ERROR] AesCipher loadProvider loaded: IBMJCEFIPS <Timestamp>UTC [tid=65] [ERROR] DsmAdminAPI startIdentify java.lang.NoClassDefFoundError: com.ibm.jsse2.bf$k (initialization failure) at java.lang.J9VMInternals.initializationAlreadyFail ed(J9VMInternals.java:95) at java.lang.Class.forNameImpl(Native Method) at java.lang.Class.forName(Class.java:339) at java.lang.Thread.run(Thread.java:830) Caused by: java.lang.RuntimeException: Only one system property for original FIPS, SP800-131 SUITEB compliance or Overriding Default Protocol can be set at com.ibm.jsse2.W.<clinit>(W.java:58) at com.ibm.jsse2.bf$a.<clinit>(bf$a.java:11) at java.lang.Class.forNameImpl(Native Method) at java.lang.Class.forName(Class.java:339) at java.security.Provider$Service.getImplClass(Provider.java:1645) at java.security.Provider$Service.newInstance(Provider.java:1603) at sun.security.jca.GetInstance.getInstance(GetInstance.java:248) at sun.security.jca.GetInstance.getInstance(GetInstance.java:176) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:29) at com.ibm.ws.ssl.config.ProtocolHelper.checkProtoco l(ProtocolHelper.java:106) at com.ibm.ws.ssl.config.ProtocolHelper.checkProtoco lValueGood(ProtocolHelper.java:84) at com.ibm.ws.ssl.config.SSLConfigManager.parseSecur eSocketLayer(SSLConfigManager.java:478) Note: Below error messages only appears if you turn on the trace class, API.TCP=ON in the OpsCntrLog.config file (To trace, stop OC, then turn on flag and then start OC). SSLComm openSSLSocket message:The size of the handshake message (57180) exceeds the maximum allowed size (32768), cause:javax.net.ssl.SSLProtocolException: The size of the handshake message (57180) exceeds the maximum allowed size (32768) The problem may occurs only when following conditions are met: 1. The server's certificate changed by a new install, moving to a new machine, or regeneration of its certificate, and for any reason the OC does not already have it in its truststore. 2. The setting SESSIONSECURITY=TRANSITIONAL did not allow the operations center to connect to the server. 3. The HUB server has a very large number of spokes. This is because all the spokes' certificates are kept in the HUBs truststore, cert.kdb, and these are in turn passed to the Operation center when it first connects, overflowing the too-small handshake buffer. 4. The spoke servers use the self-signed TSM certificates and not CA certificates. IBM Spectrum Protect Versions Affected: IBM Spectrum Protect Operations Center V8.1 on all supported platforms. Additional Keywords: TSM IBM Spectrum Protect TS011814284 login, connectivity, initialization failure, site
Local fix
Linux and AIX Platforms: 1. Stop the Operations Center 2. Save/copy the jvm.options file which is in the guiServer directory 3. Add the following line to the jvm.options file: -Djdk.tls.maxHandshakeMessageSize=65536 4. Then, start the Operations Center, it should work without any issue. Windows Platform: 1. Stop the Operations Center 2. Save/copy the wrapper.conf configuration file which is in C:\Program Files\Tivoli\TSM\ui\Liberty\usr\servers\guiServer\conf\ 3. Add the following line to the wrapper.conf file Look for the following lines and add the values. wrapper.java.additional.1=... wrapper.java.additional.2=... ... wrapper.java.additional.6=-Djdk.tls.maxHandshakeMessageSize=65 536 4. Then, start the Operations Center
Problem summary
**************************************************************** * USERS AFFECTED: * * All IBM Spectrum Protect Operations Center server users. * **************************************************************** * PROBLEM DESCRIPTION: * * See error description. * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is currently * * projected to be fixed in level 8.1.19. Note that this is * * subject to change at the discretion of IBM. * ****************************************************************
Problem conclusion
This problem was fixed. Affected platforms for reported release: AIX, Linux, and Windows. Platforms fixed: AIX, Linux, and Windows.
Temporary fix
Comments
APAR Information
APAR number
IT43164
Reported component name
TSM OPERATIONS
Reported component ID
5608E01UI
Reported release
81X
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-02-21
Closed date
2023-03-15
Last modified date
2023-03-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TSM OPERATIONS
Fixed component ID
5608E01UI
Applicable component levels
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"81X","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
15 March 2023