Yes, i wondered what exactly was masterpassword as it peeped on me when
i was checking manually what was up, too.
The other error we got showed this nice record:
[copy] Copying 1 file to C:\space\sjsas\stage\glassfish
[echo] Unzipping xws-security.zip...
unzip] Expanding: C:\space\sjsas\stage\glassfish\xws-security.zip into
C:\space\sjsas\stage\glassfish
[echo] WARNING: currently we add non-CA certs to GF truststore, this
will be changed later
[java] Exception in thread "main" java.io.IOException: Keystore was
tampered with, or password was incorrect
[java] at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
[java] at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
[java] Java Result: 1
[java] at java.security.KeyStore.load(KeyStore.java:1185)
[java] at KeyImport.copyKey(KeyImport.java:54)
[java] at KeyImport.main(KeyImport.java:73)
[java] Caused by: java.security.UnrecoverableKeyException: Password
verification failed
[java] at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
[java] ... 4 more
[java] Exception in thread "main" java.io.IOException: Keystore was
tampered with, or password was incorrect
[java] at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
[java] at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
[java] Java Result: 1
[java] at java.security.KeyStore.load(KeyStore.java:1185)
[java] at KeyImport.copyKey(KeyImport.java:54)
[java] at KeyImport.main(KeyImport.java:73)
[java] Caused by: java.security.UnrecoverableKeyException: Password
verification failed
[java] at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
[java] ... 4 more
[java] Exception in thread "main" java.io.IOException: Keystore was
tampered with, or password was incorrect
[java] at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
[java] at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
[java] at java.security.KeyStore.load(KeyStore.java:1185)
I thought first it was due to admin cmd not having been executed with
dead domain but also here passwd was claimed
in the underlying error and this is OK too, after masterpassword is set.
Regards,
David
Sankar Neelakandan wrote:
> Kedar,
> The exact problem is,
> In B55 when the domain is created without MASTERPASSWORD in
> passwordfile the start-domain works without prompting for masterpassword.
> But in B56 when the domain is created without MASTERPASSWORD in
> passwordfile the start-domain doesn't work without providing the
> master password. (If the domain is started without a console there is
> no prompting for masterpassword and fails with the noconsole message)
>
> Please see the following logs.
>
>
> bash-3.00# cat /password.txt
> AS_ADMIN_PASSWORD=adminadmin
>
>
> bash-3.00# glassfishv3/glassfish/bin/asadmin create-domain --adminport
> 4848 --user admin --passwordfile /password.txt domain1
> Deprecated syntax: create-domain, Options: [passwordfile, user]
> Using port 4848 for Admin.
> Using default port 8080 for HTTP Instance.
> Using default port 7676 for JMS.
> Using default port 3700 for IIOP.
> Using default port 8181 for HTTP_SSL.
> Using default port 3820 for IIOP_SSL.
> Using default port 3920 for IIOP_MUTUALAUTH.
> Using default port 8686 for JMX_ADMIN.
> Distinguished Name of the self-signed X.509 Server Certificate is:
> [CN=easqesf4,OU=GlassFish,O=Sun Microsystems,L=Santa
> Clara,ST=California,C=US]
> Domain domain2 created.
> Command create-domain executed successfully.
>
> bash-3.00# glassfishv3/glassfish/bin/asadmin start-domain domain2
> No valid master password found
> Enter master password (3 attempt(s) remain)> Sorry, incorrect master
> password, retry
> Enter master password (2 attempt(s) remain)> Sorry, incorrect master
> password, retry
> Enter master password (1 attempt(s) remain)> Sorry, incorrect master
> password, retry
> Number of attempts (3) exhausted, giving up
> Command start-domain failed.
>
> When started without console it fails with the following error message
>
>
> bash-3.00# glassfishv3/glassfish/bin/asadmin start-domain domain1
> Deprecated syntax: start-domain, Options: [passwordfile, user]
> No valid master password found
> Command start-domain failed.
> No console, no prompting possible
>
>
>
> Kedar Mhaswade wrote:
>> Dave,
>>
>> It should be AS_ADMIN_MASTERPASSWORD. AS_ADMIN_USERPASSWORD is
>> for (an entirely) different purpose.
>>
>> If you don't really care about master password (:-0) you can just
>> have AS_ADMIN_MASTERPASSWORD=changeit added to this password.txt
>> file and I am pretty sure this will be fixed.
>>
>> But I think we need to address this use case. My understanding was
>> that in this case, (i.e. the way your password.txt seems) we should
>> have defaulted the master password to "changeit". I am not sure if
>> this is due to recent changes to create-domain command as well. We'll
>> investigate.
>>
>> For now, just add this one more line to password.txt to get unblocked.
>>
>> -Kedar
>>
>> David Ronge wrote:
>>> Hi Kedar,
>>>
>>> yes, we delete domain1 first to be sure the eventual setup change of
>>> default domain won't give us some obscure diffs and to keep setup
>>> stable.
>>>
>>> (delete-domain.1:
>>> [exec] Domain domain1 deleted.
>>> [exec] Command delete-domain executed successfully.
>>> No passwd used.)
>>> content of the password.txt is here:
>>> AS_ADMIN_PASSWORD=adminadmin
>>> AS_ADMIN_USERPASSWORD=changeit
>>>
>>> create-by-admin-command:
>>> [echo] exec: create-domain --user admin --passwordfile
>>> /space/test4u/cvswork/sunsw/tango/qe-tests/gf-setup/password.txt
>>> domain1
>>> [echo] With properties:
>>> [echo] http.ssl.port=8181:orb.listener.port=3007:imq.port=7676
>>> [exec] Deprecated syntax: create-domain, Options: [passwordfile,
>>> user]
>>> [exec] Using port 4848 for Admin.
>>> [exec] Using port 8080 for HTTP Instance.
>>> [exec] Using default port 7676 for JMS.
>>> [exec] Using port 3007 for IIOP.
>>> [exec] Using port 8181 for HTTP_SSL.
>>> [exec] Using default port 3820 for IIOP_SSL.
>>> [exec] Using default port 3920 for IIOP_MUTUALAUTH.
>>> [exec] Using default port 8686 for JMX_ADMIN.
>>> [exec] Distinguished Name of the self-signed X.509 Server
>>> Certificate is:
>>> [exec] [CN=eas-x2100-1.India.Sun.COM,OU=GlassFish,O=Sun
>>> Microsystems,L=Santa Clara,ST=California,C=US]
>>> [exec] Domain domain1 created.
>>> [exec] Command create-domain executed successfully.
>>>
>>> is the target used, more precisely, target corresponding to the
>>> above log is here:
>>> <target name="create-by-admin-command" depends="get-asadmin"
>>> if="create.by.admin.command">
>>> <!-- propertyset refid="full.domain.propertyset"/ -->
>>> <echo message="exec: create-domain --user admin --passwordfile
>>> ${basedir}/password.txt ${domain.name}"/>
>>> <property name="dmn.specif.1"
>>> value="http.ssl.port=${https.port}" />
>>> <property name="dmn.specif.2"
>>> value="${dmn.specif.1}:orb.listener.port=${orb.port}" />
>>> <property name="dmn.specif.0"
>>> value="${dmn.specif.2}:imq.port=${imq.port}" />
>>> <echo message="With properties:"/>
>>> <echo message="${dmn.specif.0}"/>
>>>
>>> <exec executable="${asadmin.executable}" dir="${basedir}"
>>> resultproperty="asadmin.result">
>>> <!-- in ${gf.install.home} or ${basedir} ? -->
>>> <arg value="create-domain"/>
>>> <arg value="--user"/>
>>> <arg value="admin"/>
>>> <arg value="--passwordfile"/>
>>> <arg value="password.txt"/><!-- ${basedir}/... -->
>>> <arg value="--instanceport"/>
>>> <arg value="${instance.port}"/>
>>> <arg value="--adminport"/>
>>> <arg value="${admin.port}"/>
>>> <arg value="--domaindir"/>
>>> <arg value="${gf.install.home}/domains"/>
>>> <arg value="--domainproperties"/>
>>> <arg value="${dmn.specif.0}"/>
>>> <!-- leave as last item value - (first that is not an
>>> option) -->
>>> <arg value="${domain.name}"/>
>>> </exec>
>>> </target>
>>>
>>> with --domainproperties echoed as visible.
>>> There's alternative setup target using setup.xml but that is used
>>> with V2 only for continuity.
>>> (The property set contains the original default ports mainly - i
>>> think these are exclusively defaults - you can see better.)
>>>
>>> The master password claimed is AS_ADMIN_PASSWORD - according to the
>>> password.txt? Or the other entry?
>>>
>>> ~dave
>>>
>>> Kedar Mhaswade wrote:
>>>> Hi David,
>>>>
>>>> VB Kumar told me that you guys were seeing some issues here.
>>>>
>>>> Yes, I made some changes to the master password handling in b55. It
>>>> was
>>>> not a big deal as far as users are concerned. I am sorry that it
>>>> seems to
>>>> affect you. But I do think that you guys are creating domain
>>>> differently.
>>>> As you can see the console output of start-domain, it contains:
>>>>
>>>> >>> [exec] No valid master password found
>>>> >>> [exec] No console, no prompting possible
>>>> >>> [exec] Command start-domain failed.
>>>> >>> [exec] Result: 1
>>>>
>>>> So, it's not failing for deprecated syntax, but for something else.
>>>> Can I get the entire sequence of commands you run? For example, is the
>>>> same password.txt provided to both create-domain and start-domain
>>>> commands?
>>>> I somehow think that the master password for this domain is not the
>>>> default
>>>> ("changeit") or there is a bug in what I recently did ...
>>>>
>>>> Let me know either way. My commit log is here:
>>>> http://fisheye4.atlassian.com/changelog/glassfish-svn/trunk/v3/admin/cli/src/main/java/com/sun/enterprise/admin/cli/commands?cs=29406
>>>>
>>>>
>>>> -Kedar
>>>>
>>>>
>>>> David Ronge wrote:
>>>>> This way:
>>>>>
>>>>> <target name="start-a-domain" if="a.domain.exists"
>>>>> unless="skip.domain" depends="check.domain.exists">
>>>>> <property name="a.domain.name"
>>>>> value="${default.domain}"/><!-- convenience default -->
>>>>> <echo message="STARTING domain ${a.domain.name}..." />
>>>>> <echo message="stuff.dir ${stuff.dir}..." />
>>>>> <exec executable="${gf.install.home}/bin/asadmin.bat"
>>>>> os="Windows XP,Windows 2000,Windows 2003"
>>>>> dir="${stuff.dir}" spawn="true" failonerror="false">
>>>>> <arg value="start-domain"/>
>>>>> <arg value="--user"/>
>>>>> <arg value="admin"/>
>>>>> <arg value="--passwordfile"/>
>>>>> <arg value="password.txt"/>
>>>>> <arg value="${a.domain.name}"/>
>>>>> </exec>
>>>>> <exec executable="${gf.install.home}/bin/asadmin"
>>>>> dir="${stuff.dir}" os="SunOS,Linux,AIX,Mac OS X">
>>>>> <arg line="start-domain --user admin --passwordfile
>>>>> password.txt ${a.domain.name}"/>
>>>>> </exec>
>>>>> <echo message="STARTED domain ${a.domain.name}..." />
>>>>> </target>
>>>>>
>>>>> (start-domain command seemed not to be obligatory with user and
>>>>> passwd data but stop-domain did when file-user was added etc.
>>>>> So we include it for start too.)
>>>>> This worked reliably unless some integration fault prevented
>>>>> proper start due to bundling error or start failure of some
>>>>> essential service.
>>>>>
>>>>> ~dave
>>>>>
>>>>> Jane Young wrote:
>>>>>> Can you provide the syntax used to start the domain?
>>>>>>
>>>>>> Thanks,
>>>>>> Jane
>>>>>>
>>>>>>
>>>>>> David Ronge wrote:
>>>>>>> Hi, is there any instruction to handle starting/stopping domain
>>>>>>> differently now?
>>>>>>> The behavior has changed ~ with build b55 as now i can see >
>>>>>>>
>>>>>>> start-a-domain:
>>>>>>> [echo] STARTING domain domain1...
>>>>>>> [echo] stuff.dir
>>>>>>> /space/test4u/cvswork/sunsw/tango/qe-tests/gf-setup...
>>>>>>> [exec] Deprecated syntax: start-domain, Options:
>>>>>>> [passwordfile, user]
>>>>>>> [exec] No valid master password found
>>>>>>> [exec] No console, no prompting possible
>>>>>>> [exec] Command start-domain failed.
>>>>>>> [exec] Result: 1
>>>>>>> [echo] STARTED domain domain1...
>>>>>>>
>>>>>>> it says "deprecated" but the coming syntax simply doesn't work
>>>>>>> without change.
>>>>>>> Can someone please give me a clue?
>>>>>>> Our team tests Metro/jaxws webservices on V2/V3/Tomcat... so
>>>>>>> managing GF administration is sort of routine for us.
>>>>>>> (Still, if there's page to look at when something stops working
>>>>>>> the old way it would be nice.)
>>>>>>>
>>>>>>> Thank you much in advance.
>>>>>>>
>>>>>>> Regards,
>>>>>>> David
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>>
>>>>>>> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
>>>>>>> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
>>>>> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>>>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>>
>