I've setup a GlassFish cluster with a node agent that works so far. I deleted the generated s1as certificate from my keystore.jks and now have a certificate I requested by our own CA (self signed) with a newly generated key pair. I imported the certificate for the new s1as key pair and the certificate of our CA into keystore.jks. This works for a single server setup to serve SSL requests. I've imported our CA's cert into the domains cacerts.jks, too.
Immediately when I switch on security (SSL) for the admin listener synchronisation to the node agent stops working. If I switch it off again, sync works again.
In the node agent's server.log I can see the following messages related to this issue:
com.sun.enterprise.ee.synchronization.DASCommunicationException: Unable to communicate with Domain Administration Server.
at com.sun.enterprise.ee.synchronization.BaseSynchronizationDriver.synchronizeInternal(BaseSynchronizationDriver.java:281)
at com.sun.enterprise.ee.synchronization.BaseSynchronizationDriver.synchronize(BaseSynchronizationDriver.java:129)
at com.sun.enterprise.ee.synchronization.SynchronizationMain.main(SynchronizationMain.java:126)
[#|2010-06-11T14:55:46.252+0200|WARNING|sun-appserver2.1|javax.ee.enterprise.system.tools.synchronization|_ThreadID=10;_ThreadName=main;|SYNC029: There was an
exception during synchronization. Please try again and a full synchronization will be initiated. If the problem persists for a server instance, you may backup and remove the cache repository (for example, directories under nodeagents/na1/server1/) and restart the node-agent (ex. asadmin stop-node-agent; start-node
-agent --startinstances=false) and the server instance (ex. asadmin start-instance). All necessary configuration for the server instance (server1 in example)
will be downloaded from Domain Administration Server by synchronization.
com.sun.enterprise.ee.synchronization.DASCommunicationException: Unable to communicate with Domain Administration Server.
at com.sun.enterprise.ee.synchronization.BaseSynchronizationDriver.synchronizeInternal(BaseSynchronizationDriver.java:281)
at com.sun.enterprise.ee.synchronization.BaseSynchronizationDriver.synchronize(BaseSynchronizationDriver.java:129)
at com.sun.enterprise.ee.synchronization.SynchronizationMain.main(SynchronizationMain.java:126)
I repeated the setup of a new domain a couple of times on Linux and Windows. Only switching on SSL on the admin port works as long as I do not exchange the initially generated s1as cert. When I visit the admin console via my web browser the expected certificate/key ist used. Alone the cluster instance synchronisation does not work.
Can anyone recommend any further steps to track this problem?
Thanks in advance!
mdo
[Message sent by forum member 'mdo']
http://forums.java.net/jive/thread.jspa?messageID=474173