glassfish
  1. glassfish
  2. GLASSFISH-19207

after running asadmin enable-secure-admin , encounter problem stop/start glassfish

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 4.0_b58, 4.0_b59
    • Fix Version/s: None
    • Component/s: grizzly-kernel
    • Labels:
      None
    • Environment:

      running Glassfish-4.0-b59 on window XP platform with jdk1.7.0_07

      Description

      This started on glassfish-4.0-b59 and b58, did not have this issue on glassfish-4.0-b57.

      after running asadmin enable-secure-admin, and re-cycling glassfish
      you cannot stop/start glassfish anymore.

      error from the command line is this:
      Z:\glassfish3\glassfish\bin>asadmin stop-domain
      NCLS-ADMIN-0010
      CLI306: Warning - The server located at Z:\glassfish3\glassfish\domains\domain
      is not running.
      Command stop-domain executed successfully.

      When the process is checked glassfish is running.
      Also, this was confirmed multiple times on b58 and 59 with same results.

      The server.log is attached.

      1. after-change-domain.xml
        29 kB
        Tim Quinn
      2. after-startup-domain.xml
        28 kB
        Tim Quinn
      3. server.log-b59
        23 kB
        teelucksingh

        Issue Links

          Activity

          Hide
          Tim Quinn added a comment -

          I could not reproduce this on Mac OS X with Java 1.7.0_7 and promoted GlassFish build 59.

          The error from the server log (thanks for that) shows that there is something going wrong in the SSL handshake. The secure admin logic has not changed in the recent builds, so it's not yet clear why the errors are happening in your environment.

          I'm now trying to get a Windows XP system set up to try to reproduce the error there.

          Show
          Tim Quinn added a comment - I could not reproduce this on Mac OS X with Java 1.7.0_7 and promoted GlassFish build 59. The error from the server log (thanks for that) shows that there is something going wrong in the SSL handshake. The secure admin logic has not changed in the recent builds, so it's not yet clear why the errors are happening in your environment. I'm now trying to get a Windows XP system set up to try to reproduce the error there.
          Hide
          Tim Quinn added a comment -

          I was able to reproduce the problem on Windows XP with Java 1.7.0_7 and GlassFish build 59.

          I also saw the problem using Java 1.6.0 instead.

          There was a Grizzly integration just prior to build 58, so I am transferring this to the Grizzly component.

          Show
          Tim Quinn added a comment - I was able to reproduce the problem on Windows XP with Java 1.7.0_7 and GlassFish build 59. I also saw the problem using Java 1.6.0 instead. There was a Grizzly integration just prior to build 58, so I am transferring this to the Grizzly component.
          Hide
          oleksiys added a comment -

          I see nothing wrong w/ Grizzly, the exception is thrown from SSL layer.
          Reassigning to security team, may be this is caused by recent JDK updates.

          Thanks.

          Show
          oleksiys added a comment - I see nothing wrong w/ Grizzly, the exception is thrown from SSL layer. Reassigning to security team, may be this is caused by recent JDK updates. Thanks.
          Hide
          Tim Quinn added a comment - - edited

          I have reproduced the problem on a Windows XP system.

          Using GlassFish build 57 things work with both Java 1.6.0-37 and 1.7.0_09.

          Using build 58 the sequence of steps fails with both versions of Java.

          Here are the steps I used:

          Install GlassFish.

          asadmin start-domain
          asadmin change-admin-password # answer prompts to give a non-empty admin password
          asadmin enable-secure-admin # you should be prompted for the user and pw; press enter for the user and enter the new pw you set for the pw
          asadmin stop-domain
          asadmin start-domain
          asadmin uptime

          Both b57 and b58 will display the server's SSL cert information and prompt the user whether to trust it. (This is normal.)

          b57 then prompts for the password and, if you provide it, the uptime command completes normally as expected.
          b58 does not prompt for the password but instead reports the error.

          Show
          Tim Quinn added a comment - - edited I have reproduced the problem on a Windows XP system. Using GlassFish build 57 things work with both Java 1.6.0-37 and 1.7.0_09. Using build 58 the sequence of steps fails with both versions of Java. Here are the steps I used: Install GlassFish. asadmin start-domain asadmin change-admin-password # answer prompts to give a non-empty admin password asadmin enable-secure-admin # you should be prompted for the user and pw; press enter for the user and enter the new pw you set for the pw asadmin stop-domain asadmin start-domain asadmin uptime Both b57 and b58 will display the server's SSL cert information and prompt the user whether to trust it. (This is normal.) b57 then prompts for the password and, if you provide it, the uptime command completes normally as expected. b58 does not prompt for the password but instead reports the error.
          Hide
          larry.mccay added a comment -

          After careful review, I am reassigning this to the grizzly team. There was a change made for SPDY which you can view here: http://java.net/projects/grizzly/sources/git/revision/f51d0801c29505b1c74768b73b15207c4b0ac418

          SSLUtils and SSLFilter were both modified in this change and appear in the stacktrace in windows environments.
          There have been issues with SPDY on windows due to a lack of support for NPN - perhaps there is some assumption of SPDY support leaking into SSL here?

          Show
          larry.mccay added a comment - After careful review, I am reassigning this to the grizzly team. There was a change made for SPDY which you can view here: http://java.net/projects/grizzly/sources/git/revision/f51d0801c29505b1c74768b73b15207c4b0ac418 SSLUtils and SSLFilter were both modified in this change and appear in the stacktrace in windows environments. There have been issues with SPDY on windows due to a lack of support for NPN - perhaps there is some assumption of SPDY support leaking into SSL here?
          Hide
          Ryan Lubke added a comment - - edited

          The code referenced in the Oct 31 comment isn't currently what is integrated in v4 so it's not relevant.. For what it's worth, the correct code is in the 2.3.x branch.

          That said, I've looked at the stacktrace and I'm in agreement with Alexey - this isn't a Grizzly issue.

          See:

          Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available
          	at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:158)
          	at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:207)
          	at sun.security.ssl.JsseJce.getKeyGenerator(JsseJce.java:267)
          	at sun.security.ssl.RSAClientKeyExchange.generateDummySecret(RSAClientKeyExchange.java:249)
          

          This implies something isn't installed correctly or a configuration option is messing things up.
          One possible problem that the searches pointed to was java.ext.dirs property causing issues.

          I don't currently have a Windows VM available for testing. Tim or Tee, could either of you provide the domain.xml from your win32 environment once you start getting the error?

          Note: I'm still of the opinion that this isn't a Grizzly issue, but will spend a few cycles to see if we can narrow down the issue.

          Show
          Ryan Lubke added a comment - - edited The code referenced in the Oct 31 comment isn't currently what is integrated in v4 so it's not relevant.. For what it's worth, the correct code is in the 2.3.x branch. That said, I've looked at the stacktrace and I'm in agreement with Alexey - this isn't a Grizzly issue. See: Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:158) at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:207) at sun.security.ssl.JsseJce.getKeyGenerator(JsseJce.java:267) at sun.security.ssl.RSAClientKeyExchange.generateDummySecret(RSAClientKeyExchange.java:249) This implies something isn't installed correctly or a configuration option is messing things up. One possible problem that the searches pointed to was java.ext.dirs property causing issues. I don't currently have a Windows VM available for testing. Tim or Tee, could either of you provide the domain.xml from your win32 environment once you start getting the error? Note: I'm still of the opinion that this isn't a Grizzly issue, but will spend a few cycles to see if we can narrow down the issue.
          Hide
          Tim Quinn added a comment -

          Attaching two domain.xml files:

          after-startup-domain.xml - the file just after creating a new domain and starting it
          after-change-domain.xml - the file just after enabling secure admin and restarting the domain

          Both are from b58 (the first GlassFish build where this problem first appeared)

          Show
          Tim Quinn added a comment - Attaching two domain.xml files: after-startup-domain.xml - the file just after creating a new domain and starting it after-change-domain.xml - the file just after enabling secure admin and restarting the domain Both are from b58 (the first GlassFish build where this problem first appeared)
          Hide
          Tim Quinn added a comment -

          At Ryan's request, here's some more information.

          The GlassFish server.log shows java.ext.dirs defined as

          C:\Program Files\Java\jre7/lib/ext:C:\Program Files\Java\jre7/jre/lib/ext:C:\tim\asgroup\b58\glassfish3\glassfish\domains\domain1/lib/ext

          There is no lib directory under the jre directory on my system, so I ran

          dir "C:\Program Files\Java\jre7\lib\ext" "C:\tim\asgroup\b58\glassfish3\glassfish\domains\domain1\lib\ext"

          and here's the result:

          Volume in drive C has no label.
          Volume Serial Number is 8C50-8553

          Directory of C:\Program Files\Java\jre7\lib\ext

          10/23/2012 06:45 AM <DIR> .
          10/23/2012 06:45 AM <DIR> ..
          09/24/2012 09:28 PM 84,196 access-bridge.jar
          09/24/2012 09:17 PM 8,934 dnsns.jar
          09/24/2012 09:27 PM 43,593 jaccess.jar
          09/24/2012 10:00 PM 1,013,521 localedata.jar
          10/22/2012 05:05 PM 829 meta-index
          09/24/2012 09:16 PM 15,943 sunec.jar
          09/24/2012 09:26 PM 198,176 sunjce_provider.jar
          09/24/2012 09:17 PM 30,695 sunmscapi.jar
          09/24/2012 09:17 PM 238,226 sunpkcs11.jar
          09/24/2012 09:29 PM 68,654 zipfs.jar
          10 File(s) 1,702,767 bytes

          Directory of C:\tim\asgroup\b58\glassfish3\glassfish\domains\domain1\lib\ext

          12/05/2012 01:34 PM <DIR> .
          12/05/2012 01:34 PM <DIR> ..
          0 File(s) 0 bytes
          2 Dir(s) 8,502,603,776 bytes free

          Show
          Tim Quinn added a comment - At Ryan's request, here's some more information. The GlassFish server.log shows java.ext.dirs defined as C:\Program Files\Java\jre7/lib/ext:C:\Program Files\Java\jre7/jre/lib/ext:C:\tim\asgroup\b58\glassfish3\glassfish\domains\domain1/lib/ext There is no lib directory under the jre directory on my system, so I ran dir "C:\Program Files\Java\jre7\lib\ext" "C:\tim\asgroup\b58\glassfish3\glassfish\domains\domain1\lib\ext" and here's the result: Volume in drive C has no label. Volume Serial Number is 8C50-8553 Directory of C:\Program Files\Java\jre7\lib\ext 10/23/2012 06:45 AM <DIR> . 10/23/2012 06:45 AM <DIR> .. 09/24/2012 09:28 PM 84,196 access-bridge.jar 09/24/2012 09:17 PM 8,934 dnsns.jar 09/24/2012 09:27 PM 43,593 jaccess.jar 09/24/2012 10:00 PM 1,013,521 localedata.jar 10/22/2012 05:05 PM 829 meta-index 09/24/2012 09:16 PM 15,943 sunec.jar 09/24/2012 09:26 PM 198,176 sunjce_provider.jar 09/24/2012 09:17 PM 30,695 sunmscapi.jar 09/24/2012 09:17 PM 238,226 sunpkcs11.jar 09/24/2012 09:29 PM 68,654 zipfs.jar 10 File(s) 1,702,767 bytes Directory of C:\tim\asgroup\b58\glassfish3\glassfish\domains\domain1\lib\ext 12/05/2012 01:34 PM <DIR> . 12/05/2012 01:34 PM <DIR> .. 0 File(s) 0 bytes 2 Dir(s) 8,502,603,776 bytes free
          Hide
          Ryan Lubke added a comment -

          Sorry for the delay in coming back to this.

          I've just tested this with b76 on Windows 7 without issue.

          @Tim and/or @Tee: Are you still able to reproduce this on XP with b76 (or later)?

          Show
          Ryan Lubke added a comment - Sorry for the delay in coming back to this. I've just tested this with b76 on Windows 7 without issue. @Tim and/or @Tee: Are you still able to reproduce this on XP with b76 (or later)?
          Hide
          Ryan Lubke added a comment -

          Closing as cannot reproduce. If someone is still able to reproduce this, please re-open with details.

          Show
          Ryan Lubke added a comment - Closing as cannot reproduce. If someone is still able to reproduce this, please re-open with details.

            People

            • Assignee:
              Ryan Lubke
              Reporter:
              teelucksingh
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: