Harpreet,
This error happens when DAS/NA master passwords do not match.
Also here are some inherent issues with the kind of problem that had to
be resolved.
DAS and NA are two decoupled processes i.e. one can run without the
other once each once goes follows a certain state diagram.
Unfortunately this leads to changes that need to be done (from a user
perspective) on both the entities but as one can be down they lead to
non-atomic best-effort actions. Delete node agent is one such example
(see its repercusion in bug 6170688). So it would be good to have delete
mirror create, but it has set of tradeoffs and assumptions. In 9.1 we
are trying to resolve as best we can per such case. Would be glad to get
more inputs here though so send in that mail.
thanks,
Nandini
Harpreet Singh wrote:
> Hi
>
> I see a NSS exception while starting the node-agent. Here are my
> commands followed by the exception:
> 1. asadmin create-domain domain1
> 2. asadmin create-node-agent --savemasterpassword=true myagent
> 3. asadmin create-instance --nodeagent inst1
> 4. asadmin start-node-agent myagent
> I have done this multiple times with a newly created domain and node
> agent.
>
> (Another email will follow about the pain points we put developers
> through to delete a node agent and create new ones)
>
> Thanks
> Harpreet
>> Please enter the admin user name>admin
>> Please enter the admin password>
>> Node Agent myagent failed to startup. Please check the server log for
>> more details.
>> CLI137 Command start-node-agent failed.
>> [#|2006-09-12T16:36:26.913-0700|SEVERE|sun-appserver-ee9.1|javax.enterprise.system.core.security|_ThreadID=10;_ThreadName=main;|SEC8001:
>> Exception in initializing SunPKCS11.
>> java.lang.Exception: NSS password is invalid. Failed to authenticate
>> to PKCS11 slot: internal
>> at
>> com.sun.enterprise.ee.security.NssStore.initSlotNative(Native Method)
>> at
>> com.sun.enterprise.ee.security.NssStore.<init>(NssStore.java:121)
>> at
>> com.sun.enterprise.ee.security.NssStore.getInstance(NssStore.java:154)
>> at
>> com.sun.enterprise.ee.security.NssStore.getInstance(NssStore.java:147)
>> at
>> com.sun.enterprise.ee.security.EESecuritySupportImpl.initNSS(EESecuritySupportImpl.java:139)
>>
>> at
>> com.sun.enterprise.ee.security.EESecuritySupportImpl.<init>(EESecuritySupportImpl.java:83)
>>
>> at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>> at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
>>
>> at
>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
>>
>> at
>> java.lang.reflect.Constructor.newInstance(Constructor.java:494)
>> at java.lang.Class.newInstance0(Class.java:350)
>> at java.lang.Class.newInstance(Class.java:303)
>> at
>> com.sun.enterprise.pluggable.PluggableFeatureFactoryBaseImpl.invoke(PluggableFeatureFactoryBaseImpl.java:71)
>>
>> at $Proxy1.getSecuritySupport(Unknown Source)
>> at
>> com.sun.enterprise.security.SecurityUtil.getSecuritySupport(SecurityUtil.java:354)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.initializeSecurity(NodeAgent.java:1148)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.configureAgent(NodeAgent.java:1256)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.init(BaseNodeAgent.java:154)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:567)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:482)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.run(BaseNodeAgent.java:127)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgentMain.startup(NodeAgentMain.java:167)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgentMain.main(NodeAgentMain.java:208)
>>
>> |#]
>>
>> [#|2006-09-12T16:36:26.934-0700|WARNING|sun-appserver-ee9.1|javax.ee.enterprise.system.nodeagent|_ThreadID=10;_ThreadName=main;|NAGT0003:An
>> exception has occurred during the initialization of the NodeAgent.
>> java.lang.IllegalStateException: NSS password is invalid. Failed to
>> authenticate to PKCS11 slot: internal
>> at
>> com.sun.enterprise.ee.security.EESecuritySupportImpl.initNSS(EESecuritySupportImpl.java:149)
>>
>> at
>> com.sun.enterprise.ee.security.EESecuritySupportImpl.<init>(EESecuritySupportImpl.java:83)
>>
>> at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>> at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
>>
>> at
>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
>>
>> at
>> java.lang.reflect.Constructor.newInstance(Constructor.java:494)
>> at java.lang.Class.newInstance0(Class.java:350)
>> at java.lang.Class.newInstance(Class.java:303)
>> at
>> com.sun.enterprise.pluggable.PluggableFeatureFactoryBaseImpl.invoke(PluggableFeatureFactoryBaseImpl.java:71)
>>
>> at $Proxy1.getSecuritySupport(Unknown Source)
>> at
>> com.sun.enterprise.security.SecurityUtil.getSecuritySupport(SecurityUtil.java:354)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.initializeSecurity(NodeAgent.java:1148)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.configureAgent(NodeAgent.java:1256)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.init(BaseNodeAgent.java:154)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:567)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:482)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.run(BaseNodeAgent.java:127)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgentMain.startup(NodeAgentMain.java:167)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgentMain.main(NodeAgentMain.java:208)
>>
>> |#]
>>
>> [#|2006-09-12T16:36:26.938-0700|WARNING|sun-appserver-ee9.1|javax.ee.enterprise.system.nodeagent|_ThreadID=10;_ThreadName=main;|NAGT0002:An
>> exception has occurred during the sychronization of this node with
>> the DAS.
>> com.sun.enterprise.ee.admin.servermgmt.AgentException: NSS password
>> is invalid. Failed to authenticate to PKCS11 slot: internal
>> at
>> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.init(BaseNodeAgent.java:161)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:567)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:482)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.run(BaseNodeAgent.java:127)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgentMain.startup(NodeAgentMain.java:167)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgentMain.main(NodeAgentMain.java:208)
>>
>> Caused by: java.lang.IllegalStateException: NSS password is invalid.
>> Failed to authenticate to PKCS11 slot: internal
>> at
>> com.sun.enterprise.ee.security.EESecuritySupportImpl.initNSS(EESecuritySupportImpl.java:149)
>>
>> at
>> com.sun.enterprise.ee.security.EESecuritySupportImpl.<init>(EESecuritySupportImpl.java:83)
>>
>> at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>> at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
>>
>> at
>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
>>
>> at
>> java.lang.reflect.Constructor.newInstance(Constructor.java:494)
>> at java.lang.Class.newInstance0(Class.java:350)
>> at java.lang.Class.newInstance(Class.java:303)
>> at
>> com.sun.enterprise.pluggable.PluggableFeatureFactoryBaseImpl.invoke(PluggableFeatureFactoryBaseImpl.java:71)
>>
>> at $Proxy1.getSecuritySupport(Unknown Source)
>> at
>> com.sun.enterprise.security.SecurityUtil.getSecuritySupport(SecurityUtil.java:354)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.initializeSecurity(NodeAgent.java:1148)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.configureAgent(NodeAgent.java:1256)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.init(BaseNodeAgent.java:154)
>>
>> ... 5 more
>> |#]
>>
>> [#|2006-09-12T16:36:26.943-0700|SEVERE|sun-appserver-ee9.1|javax.ee.enterprise.system.nodeagent|_ThreadID=10;_ThreadName=main;|NAGT0014:Unexpected
>> Node Agent exception.
>> com.sun.appserv.server.ServerLifecycleException:
>> com.sun.enterprise.ee.admin.servermgmt.AgentException: NSS password
>> is invalid. Failed to authenticate to PKCS11 slot: internal
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgentMain.startup(NodeAgentMain.java:172)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgentMain.main(NodeAgentMain.java:208)
>>
>> Caused by: com.sun.enterprise.ee.admin.servermgmt.AgentException: NSS
>> password is invalid. Failed to authenticate to PKCS11 slot: internal
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:576)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:482)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.run(BaseNodeAgent.java:127)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgentMain.startup(NodeAgentMain.java:167)
>>
>> ... 1 more
>> Caused by: com.sun.enterprise.ee.admin.servermgmt.AgentException: NSS
>> password is invalid. Failed to authenticate to PKCS11 slot: internal
>> at
>> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.init(BaseNodeAgent.java:161)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.synchronizeWithDASInternal(NodeAgent.java:567)
>>
>> ... 4 more
>> Caused by: java.lang.IllegalStateException: NSS password is invalid.
>> Failed to authenticate to PKCS11 slot: internal
>> at
>> com.sun.enterprise.ee.security.EESecuritySupportImpl.initNSS(EESecuritySupportImpl.java:149)
>>
>> at
>> com.sun.enterprise.ee.security.EESecuritySupportImpl.<init>(EESecuritySupportImpl.java:83)
>>
>> at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>> at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
>>
>> at
>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
>>
>> at
>> java.lang.reflect.Constructor.newInstance(Constructor.java:494)
>> at java.lang.Class.newInstance0(Class.java:350)
>> at java.lang.Class.newInstance(Class.java:303)
>> at
>> com.sun.enterprise.pluggable.PluggableFeatureFactoryBaseImpl.invoke(PluggableFeatureFactoryBaseImpl.java:71)
>>
>> at $Proxy1.getSecuritySupport(Unknown Source)
>> at
>> com.sun.enterprise.security.SecurityUtil.getSecuritySupport(SecurityUtil.java:354)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.initializeSecurity(NodeAgent.java:1148)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.NodeAgent.configureAgent(NodeAgent.java:1256)
>>
>> at
>> com.sun.enterprise.ee.nodeagent.BaseNodeAgent.init(BaseNodeAgent.java:154)
>>
>> ... 5 more
>> |#]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>