dev@glassfish.java.net

node-agent startup security issues

From: Harpreet Singh <Harpreet.Singh_at_Sun.COM>
Date: Tue, 12 Sep 2006 17:26:19 -0700

Hi

I see a NSS exception while starting the node-agent. Here are my
commands followed by the exception:
1. asadmin create-domain domain1
2. asadmin create-node-agent --savemasterpassword=true myagent
3. asadmin create-instance --nodeagent inst1
4. asadmin start-node-agent myagent
I have done this multiple times with a newly created domain and node agent.

(Another email will follow about the pain points we put developers
through to delete a node agent and create new ones)

Thanks
Harpreet
> Please enter the admin user name>admin
> Please enter the admin password>
> Node Agent myagent failed to startup. Please check the server log for
> more details.
> CLI137 Command start-node-agent failed.
> [#|2006-09-12T16:36:26.913-0700|SEVERE|sun-appserver-ee9.1|javax.enterprise.system.core.security|_ThreadID=10;_ThreadName=main;|SEC8001:
> Exception in initializing SunPKCS11.
> java.lang.Exception: NSS password is invalid. Failed to authenticate
> to PKCS11 slot: internal
> at
> com.sun.enterprise.ee.security.NssStore.initSlotNative(Native Method)
> at
> com.sun.enterprise.ee.security.NssStore.<init>(NssStore.java:121)
> at
> com.sun.enterprise.ee.security.NssStore.getInstance(NssStore.java:154)
> at
> com.sun.enterprise.ee.security.NssStore.getInstance(NssStore.java:147)
> at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.initNSS(EESecuritySupportImpl.java:139)
> at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.<init>(EESecuritySupportImpl.java:83)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
> at java.lang.Class.newInstance0(Class.java:350)
> at java.lang.Class.newInstance(Class.java:303)
> at
> com.sun.enterprise.pluggable.PluggableFeatureFactoryBaseImpl.invoke(PluggableFeatureFactoryBaseImpl.java:71)
> at $Proxy1.getSecuritySupport(Unknown Source)
> at
> com.sun.enterprise.security.SecurityUtil.getSecuritySupport(SecurityUtil.java:354)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.initializeSecurity(NodeAgent.java:1148)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.configureAgent(NodeAgent.java:1256)
> at
> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.init(BaseNodeAgent.java:154)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:567)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:482)
> at
> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.run(BaseNodeAgent.java:127)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgentMain.startup(NodeAgentMain.java:167)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgentMain.main(NodeAgentMain.java:208)
> |#]
>
> [#|2006-09-12T16:36:26.934-0700|WARNING|sun-appserver-ee9.1|javax.ee.enterprise.system.nodeagent|_ThreadID=10;_ThreadName=main;|NAGT0003:An
> exception has occurred during the initialization of the NodeAgent.
> java.lang.IllegalStateException: NSS password is invalid. Failed to
> authenticate to PKCS11 slot: internal
> at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.initNSS(EESecuritySupportImpl.java:149)
> at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.<init>(EESecuritySupportImpl.java:83)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
> at java.lang.Class.newInstance0(Class.java:350)
> at java.lang.Class.newInstance(Class.java:303)
> at
> com.sun.enterprise.pluggable.PluggableFeatureFactoryBaseImpl.invoke(PluggableFeatureFactoryBaseImpl.java:71)
> at $Proxy1.getSecuritySupport(Unknown Source)
> at
> com.sun.enterprise.security.SecurityUtil.getSecuritySupport(SecurityUtil.java:354)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.initializeSecurity(NodeAgent.java:1148)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.configureAgent(NodeAgent.java:1256)
> at
> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.init(BaseNodeAgent.java:154)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:567)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:482)
> at
> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.run(BaseNodeAgent.java:127)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgentMain.startup(NodeAgentMain.java:167)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgentMain.main(NodeAgentMain.java:208)
> |#]
>
> [#|2006-09-12T16:36:26.938-0700|WARNING|sun-appserver-ee9.1|javax.ee.enterprise.system.nodeagent|_ThreadID=10;_ThreadName=main;|NAGT0002:An
> exception has occurred during the sychronization of this node with the
> DAS.
> com.sun.enterprise.ee.admin.servermgmt.AgentException: NSS password is
> invalid. Failed to authenticate to PKCS11 slot: internal
> at
> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.init(BaseNodeAgent.java:161)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:567)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:482)
> at
> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.run(BaseNodeAgent.java:127)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgentMain.startup(NodeAgentMain.java:167)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgentMain.main(NodeAgentMain.java:208)
> Caused by: java.lang.IllegalStateException: NSS password is invalid.
> Failed to authenticate to PKCS11 slot: internal
> at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.initNSS(EESecuritySupportImpl.java:149)
> at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.<init>(EESecuritySupportImpl.java:83)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
> at java.lang.Class.newInstance0(Class.java:350)
> at java.lang.Class.newInstance(Class.java:303)
> at
> com.sun.enterprise.pluggable.PluggableFeatureFactoryBaseImpl.invoke(PluggableFeatureFactoryBaseImpl.java:71)
> at $Proxy1.getSecuritySupport(Unknown Source)
> at
> com.sun.enterprise.security.SecurityUtil.getSecuritySupport(SecurityUtil.java:354)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.initializeSecurity(NodeAgent.java:1148)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.configureAgent(NodeAgent.java:1256)
> at
> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.init(BaseNodeAgent.java:154)
> ... 5 more
> |#]
>
> [#|2006-09-12T16:36:26.943-0700|SEVERE|sun-appserver-ee9.1|javax.ee.enterprise.system.nodeagent|_ThreadID=10;_ThreadName=main;|NAGT0014:Unexpected
> Node Agent exception.
> com.sun.appserv.server.ServerLifecycleException:
> com.sun.enterprise.ee.admin.servermgmt.AgentException: NSS password is
> invalid. Failed to authenticate to PKCS11 slot: internal
> at
> com.sun.enterprise.ee.nodeagent.NodeAgentMain.startup(NodeAgentMain.java:172)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgentMain.main(NodeAgentMain.java:208)
> Caused by: com.sun.enterprise.ee.admin.servermgmt.AgentException: NSS
> password is invalid. Failed to authenticate to PKCS11 slot: internal
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:576)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:482)
> at
> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.run(BaseNodeAgent.java:127)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgentMain.startup(NodeAgentMain.java:167)
> ... 1 more
> Caused by: com.sun.enterprise.ee.admin.servermgmt.AgentException: NSS
> password is invalid. Failed to authenticate to PKCS11 slot: internal
> at
> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.init(BaseNodeAgent.java:161)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:567)
> ... 4 more
> Caused by: java.lang.IllegalStateException: NSS password is invalid.
> Failed to authenticate to PKCS11 slot: internal
> at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.initNSS(EESecuritySupportImpl.java:149)
> at
> com.sun.enterprise.ee.security.EESecuritySupportImpl.<init>(EESecuritySupportImpl.java:83)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
> at java.lang.Class.newInstance0(Class.java:350)
> at java.lang.Class.newInstance(Class.java:303)
> at
> com.sun.enterprise.pluggable.PluggableFeatureFactoryBaseImpl.invoke(PluggableFeatureFactoryBaseImpl.java:71)
> at $Proxy1.getSecuritySupport(Unknown Source)
> at
> com.sun.enterprise.security.SecurityUtil.getSecuritySupport(SecurityUtil.java:354)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.initializeSecurity(NodeAgent.java:1148)
> at
> com.sun.enterprise.ee.nodeagent.NodeAgent.configureAgent(NodeAgent.java:1256)
> at
> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.init(BaseNodeAgent.java:154)
> ... 5 more
> |#]
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.