Hi All,

     Afer enabling the TLS V1.2 protocol in my clustered environment ( One DMGR, two horizontal nodes), I am not able to start the nodeagent process in the secondary node.

    It is surprising that,I am able to start the DMGR and nodeagent process of the primary server whereas getting the below exceptions in the nodeagent logs of secondary server.

   I have a horizontal cluster of two servers wherein, physical server1 (primary) contains DMGR,nodeagent and one application server JVM. Physical server2(secondary) contains one nodeagent and one application sever JVM.

   I have followed the below link to enable the TLSv1.2 SSL protocol in WAS 8.5.5.7. Please help me to resolve this issue.

 

  Referred link to enable TLSv1.2 SSL protocol:

https://developer.ibm.com/answers/questions/206952/how-do-i-configure-websphere-application-server-ss.html

  Exceptions in the nodeagent SystemOut and FFDC logs:

 

[7/9/16 5:40:40:083 EDT] FFDC Exception:org.omg.CORBA.TRANSIENT SourceId:com.ibm.ws.orbimpl.services.lsd.LocationServiceImpl.reactivateServers ProbeId:906 Reporter:com.ibm.ws.orbimpl.services.lsd.LocationServiceImpl@2b27c921
org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmcid: IBM minor code: E07 completed: No
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1105)
at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1360)
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:997)
at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1326)
at com.ibm.rmi.corba.ClientDelegate.request(ClientDelegate.java:1614)
at com.ibm.CORBA.iiop.ClientDelegate.request(ClientDelegate.java:1282)
at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:458)
at com.ibm.ws.orb.services.lsd._ORB_ServerStub.ping(_ORB_ServerStub.java:34)
at com.ibm.ws.orbimpl.services.lsd.LocationServiceImpl.reactivateServers(LocationServiceImpl.java:885)
at com.ibm.ws.orbimpl.services.lsd.LocationServiceImpl.getNextTarget(LocationServiceImpl.java:430)
at com.ibm.ws.orbimpl.services.lsd.LocationServiceDaemon.getDirectIOR(LocationServiceDaemon.java:203)
at com.ibm.rmi.iiop.Connection.doLocateRequestWork(Connection.java:3278)
at com.ibm.rmi.iiop.Connection.doWork(Connection.java:3035)
at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:63)
at com.ibm.ws.giop.threadpool.WorkQueueElement.dispatch(WorkQueueElement.java:174)
at com.ibm.ws.giop.threadpool.PooledThread.handleRequest(PooledThread.java:85)
at com.ibm.ws.giop.threadpool.PooledThread.run(PooledThread.java:102)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1881)
Caused by: org.omg.CORBA.COMM_FAILURE: CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_CLIENT_SOCKET: JSSL0080E: javax.net.ssl.SSLHandshakeException - The client and server could not negotiate the desired level of security. Reason: Server chose TLSv1, but that protocol version is not enabled or not supported by the client. vmcid: 0x49421000 minor code: 70 completed: No

 

 [7/9/16 5:40:40:052 EDT] 00000096 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on /wasprd/WebSphere/AppServer/profiles/AppServer/logs/ffdc/nodeagent_eef7f77f_16.07.09_05.40.40.0491817920526708394063.txt com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket 222
[7/9/16 5:40:40:054 EDT] 00000096 ORBRas E com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl createSSLSocket ORB.thread.pool : 0 JSSL0080E: javax.net.ssl.SSLHandshakeException - The client and server could not negotiate the desired level of security. Reason: Server chose TLSv1, but that protocol version is not enabled or not supported by the client. javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
at com.ibm.jsse2.bb.a(bb.java:29)
at com.ibm.jsse2.bb.a(bb.java:534)
at com.ibm.jsse2.ab.s(ab.java:373)
at com.ibm.jsse2.ab.a(ab.java:140)
at com.ibm.jsse2.qc.a(qc.java:701)
at com.ibm.jsse2.qc.h(qc.java:453)
at com.ibm.jsse2.qc.a(qc.java:625)
at com.ibm.jsse2.qc.startHandshake(qc.java:113)
at com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.performSSLHandshakeAndGetSession(WSSSLClientSocketFactoryImpl.java:458)
at com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket(WSSSLClientSocketFactoryImpl.java:210)
at com.ibm.ws.orbimpl.transport.WSSSLTransportConnection.createSocket(WSSSLTransportConnection.java:236)
at com.ibm.ws.orbimpl.transport.WSSSLTransportConnection.createSocket(WSSSLTransportConnection.java:315)
at com.ibm.CORBA.transport.TransportConnectionBase.connect(TransportConnectionBase.java:350)
at com.ibm.ws.orbimpl.transport.WSTransport$1.run(WSTransport.java:503)

   

Hi Pavan,

This technote should help you out
http://www-01.ibm.com/support/docview.wss?uid=swg21394722

Thanks & Regards,
Ershadahemad S. Shaikh
Accelerated Value Leader
IT Specialist – WMQ & WAS
IBM India Pvt Ltd, Nirlon Knowledge Park, B2 Wing 6th and 7th floor,
Western Express Highway, Pahadi Village, Next to Hub Mall, Goregaon East,
Mumbai - 400 063.
Mobile: +91 9987 053 173. Email: ershadahemad@in.ibm.com.
Sametime Unified Telephone number +918043188536



From: Pavan A <applicationserver-ws@lists.imwuc.org>
To: ApplicationServer-ws@lists.imwuc.org
Date: 09-07-2016 03:32 PM
Subject: [ApplicationServer-ws] - Getting SSLHandshakeException in
nodeagent logs in Websphere 8.5.5.7



Hi All,
Afer enabling the TLS V1.2 protocol in my clustered environment ( One
DMGR, two horizontal nodes), I am not able to start the nodeagent process
in the secondary node.
It is surprising that,I am able to start the DMGR and nodeagent
process of the primary server whereas getting the below exceptions in the
nodeagent logs of secondary server.
I have a horizontal cluster of two servers wherein, physical server1
(primary) contains DMGR,nodeagent and one application server JVM. Physical
server2(secondary) contains one nodeagent and one application sever JVM.
I have followed the below link to enable the TLSv1.2 SSL protocol in
WAS 8.5.5.7. Please help me to resolve this issue.

Referred link to enable TLSv1.2 SSL protocol:
https://developer.ibm.com/answers/questions/206952/how-do-i-configure-websphere-application-server-ss.html
Exceptions in the nodeagent SystemOut and FFDC logs:

[7/9/16 5:40:40:083 EDT] FFDC Exception:org.omg.CORBA.TRANSIENT
SourceId:com.ibm.ws.orbimpl.services.lsd.LocationServiceImpl.reactivateServers
ProbeId:906
Reporter:com.ibm.ws.orbimpl.services.lsd.LocationServiceImpl@2b27c921
org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmcid: IBM
minor code: E07 completed: No
at
com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1105)
at
com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1360)
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:997)
at
com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1326)
at com.ibm.rmi.corba.ClientDelegate.request(ClientDelegate.java:1614)
at com.ibm.CORBA.iiop.ClientDelegate.request(ClientDelegate.java:1282)
at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:458)
at
com.ibm.ws.orb.services.lsd._ORB_ServerStub.ping(_ORB_ServerStub.java:34)
at
com.ibm.ws.orbimpl.services.lsd.LocationServiceImpl.reactivateServers(LocationServiceImpl.java:885)
at
com.ibm.ws.orbimpl.services.lsd.LocationServiceImpl.getNextTarget(LocationServiceImpl.java:430)
at
com.ibm.ws.orbimpl.services.lsd.LocationServiceDaemon.getDirectIOR(LocationServiceDaemon.java:203)
at com.ibm.rmi.iiop.Connection.doLocateRequestWork(Connection.java:3278)
at com.ibm.rmi.iiop.Connection.doWork(Connection.java:3035)
at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:63)
at
com.ibm.ws.giop.threadpool.WorkQueueElement.dispatch(WorkQueueElement.java:174)
at
com.ibm.ws.giop.threadpool.PooledThread.handleRequest(PooledThread.java:85)
at com.ibm.ws.giop.threadpool.PooledThread.run(PooledThread.java:102)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1881)
Caused by: org.omg.CORBA.COMM_FAILURE:
CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_CLIENT_SOCKET: JSSL0080E:
javax.net.ssl.SSLHandshakeException - The client and server could not
negotiate the desired level of security. Reason: Server chose TLSv1, but
that protocol version is not enabled or not supported by the client.
vmcid: 0x49421000 minor code: 70 completed: No

[7/9/16 5:40:40:052 EDT] 00000096 FfdcProvider W
com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident
emitted on
/wasprd/WebSphere/AppServer/profiles/AppServer/logs/ffdc/nodeagent_eef7f77f_16.07.09_05.40.40.0491817920526708394063.txt
com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket
222
[7/9/16 5:40:40:054 EDT] 00000096 ORBRas E
com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl createSSLSocket
ORB.thread.pool : 0 JSSL0080E: javax.net.ssl.SSLHandshakeException - The
client and server could not negotiate the desired level of security.
Reason: Server chose TLSv1, but that protocol version is not enabled or
not supported by the client. javax.net.ssl.SSLHandshakeException: Server
chose TLSv1, but that protocol version is not enabled or not supported by
the client.
at com.ibm.jsse2.bb.a(bb.java:29)
at com.ibm.jsse2.bb.a(bb.java:534)
at com.ibm.jsse2.ab.s(ab.java:373)
at com.ibm.jsse2.ab.a(ab.java:140)
at com.ibm.jsse2.qc.a(qc.java:701)
at com.ibm.jsse2.qc.h(qc.java:453)
at com.ibm.jsse2.qc.a(qc.java:625)
at com.ibm.jsse2.qc.startHandshake(qc.java:113)
at
com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.performSSLHandshakeAndGetSession(WSSSLClientSocketFactoryImpl.java:458)
at
com.ibm.ws.security.orbssl.WSSSLClientSocketFactoryImpl.createSSLSocket(WSSSLClientSocketFactoryImpl.java:210)
at
com.ibm.ws.orbimpl.transport.WSSSLTransportConnection.createSocket(WSSSLTransportConnection.java:236)
at
com.ibm.ws.orbimpl.transport.WSSSLTransportConnection.createSocket(WSSSLTransportConnection.java:315)
at
com.ibm.CORBA.transport.TransportConnectionBase.connect(TransportConnectionBase.java:350)
at com.ibm.ws.orbimpl.transport.WSTransport$1.run(WSTransport.java:503)



Site Links: View post online View mailing list online Start new thread
via email Unsubscribe from this mailing list Manage your subscription


This email has been sent to: ershadahemad@in.ibm.com

Hi,

It seems like second node is not honoring your TLS settings because logs say "- The client and server could not negotiate the desired level of security. Reason: Server chose TLSv1, but that protocol version is not enabled or not supported by the client. vmcid: 0x49421000 minor code: 70 completed: No" . Could it be possible second node is not synched properly?

Hi All,

    Thanks for your response!! I was able to resolve the SSL Handshake Exception in WAS 8.5.5.7. All the JVM processes are started without any issues after performing the syncnode two-three times..

 

    The next challenge I am facing is "How to Enable tls v1.2 in IBM Http server 8.5.5.7"? I had gone through several links and implemented it,but still no luck..I am getting the beloe exceptions in error log of http server continuosuly..

 

SSL0222W: SSL Handshake Failed, No ciphers specified.  [source IP:port -> Httpserver IP:webserver secure port]

 

I followed the below link to implement tlsv1.2 in ibm http server. After implementation, I am getting the above exceptions and the application (https) is not accessible over the browser. Could anyone please suggest me about the resolution of this issue? Did I miss anything else to configure? I have even enabled the "StrictSecurity" to "true" in plugin-cfg.xml. Your valuable inputs are much appreciated!! Thanks in advance!!

 

http://portal2portal.blogspot.in/2015/10/ibm-http-server-fun-with-transport.html

 

 

Hi

If you are getting this issue with the new build

try the dirty sync method

Copy the config directory from DMGR and unzip them node directory and replace the config dir.. 

Make sure to take proper backup before you do this..

After which you need to synchronize on full sync mode, your servers should come up seamlessly

Thanks

Gautam
Sr. Middleware Technology Architect / Consultant
+91 9791064487