Download
Downloadable File
File link | File size | File description |
---|---|---|
Abstract
Server does not start after enabling AES encryption
Download Description
PH34028 resolves the following problem:
ERROR DESCRIPTION:
The server does not start after enabling AES encryption. When the issue happens, SystemOut.log and ffdc shows error messages that suggest keystore failed to open and sockets are not created.
---Sample SystemOut.log ------
PROBLEM SUMMARY:
USERS AFFECTED:
All users of IBM WebSphere Application Server that has AES encryption enabled.
PROBLEM DESCRIPTION:
The server fails to decrypt the AES encrypted passwords at startup due to timing issue
RECOMMENDATION:
Install a fix pack or interim fix that contains this APAR.
At server startup, occasionally, the AES encrypted passwords were not successfully decrypted. It was due to the delay in loading necessary information to perform decryption.
PROBLEM CONCLUSION:
The timing issue has been fixed.
The fix for this APAR is targeted for inclusion in fix pack 8.5.5.20 and 9.0.5.8. For more information, see 'Recommended Updates for WebSphere Application Server':
https://www.ibm.com/support/pages/node/715553
Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
ERROR DESCRIPTION:
The server does not start after enabling AES encryption. When the issue happens, SystemOut.log and ffdc shows error messages that suggest keystore failed to open and sockets are not created.
---Sample SystemOut.log ------
[12/21/20 14:37:22:671 CET] 00000001 SecurityCompo A JSAS0009I: IOR interceptor registered.
[12/21/20 14:37:22:729 CET] 00000001 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on C:\IBM\Workflow\V20\profiles\DmgrProfile\logs\ffdc\dmgr_93c5a0df_20.12.21_14.37.22.7134680412014954678933.txt com.ibm.ws.ssl.provider.AbstractJSSEProvider 601
[12/21/20 14:37:22:731 CET] 00000001 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on C:\IBM\Workflow\V20\profiles\DmgrProfile\logs\ffdc\dmgr_93c5a0df_20.12.21_14.37.22.729508452025414219953.txt com.ibm.websphere.ssl.JSSEHelper.getSSLContext 704
[12/21/20 14:37:22:733 CET] 00000001 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on C:\IBM\Workflow\V20\profiles\DmgrProfile\logs\ffdc\dmgr_93c5a0df_20.12.21_14.37.22.7321517362465944198880.txt com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.createSSLServerSocket 459
---Sample trace (SASRas=all) output ----------
************* End Display Current Environment *************
[1/4/21 11:23:58:197 CET] 00000001 ManagerAdmin I
TRAS0018I: The trace state has changed. The new trace state is *=info:com.ibm.ws.security.=all:com.ibm.websphere.security.=all:SASRas=all.
...
[1/4/21 11:23:59:488 CET] 00000001 ModelMgr I WSVR0801I: Initializing all server configuration models
[1/4/21 11:24:21:603 CET] 00000001 PropertyManag 3 getInstance reinitialize=true
[1/4/21 11:24:21:603 CET] 00000001 PropertyManag 3 getInstance no param
[1/4/21 11:24:21:605 CET] 00000001 PropertyManag > initialize Entry
[1/4/21 11:24:21:605 CET] 00000001 PropertyManag > getCellName Entry
[1/4/21 11:24:21:606 CET] 00000001 PropertyManag 3 isServer=false Trying to get local.cell System property
[1/4/21 11:24:21:606 CET] 00000001 PropertyManag < cellName null Exit
The following trace entry in the trace snip above shows that the server has failed to obtain the cell name:
[1/4/21 11:24:21:606 CET] 00000001 PropertyManag < cellName null Exit
USERS AFFECTED:
All users of IBM WebSphere Application Server that has AES encryption enabled.
PROBLEM DESCRIPTION:
The server fails to decrypt the AES encrypted passwords at startup due to timing issue
RECOMMENDATION:
Install a fix pack or interim fix that contains this APAR.
At server startup, occasionally, the AES encrypted passwords were not successfully decrypted. It was due to the delay in loading necessary information to perform decryption.
PROBLEM CONCLUSION:
The timing issue has been fixed.
The fix for this APAR is targeted for inclusion in fix pack 8.5.5.20 and 9.0.5.8. For more information, see 'Recommended Updates for WebSphere Application Server':
https://www.ibm.com/support/pages/node/715553
Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
None
Installation Instructions
Download Package
IMPORTANT NOTE:
|
WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021, use properly registered IDs to download fixes for WebSphere Application Server below.
|
DOWNLOAD | RELEASE DATE | SIZE(Bytes) |
DOWNLOAD Options |
---|---|---|---|
The fixes for this APAR are in transition and will be available for download as soon as possible. |
Problems Solved
PH34028
On
Technical Support
Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).
Document Location
Worldwide
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.18;8.5.5.19;9.0.5.7","Edition":"Base","Line of Business":{"code":"LOB45","label":"Automation"}}]
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
18 June 2021
UID
ibm16438825