Following the over-the-top upgrade, I have edited the bootstrap_wlp_winx64.xml and cogconfig.bat to include their former manual entries.
I have also re-applied the signer certificates to cacerts using Ikeyman successfully.
Prior to these steps, I was unable to connect to any of the Oracle databases defined in Cognos Configuration (including he Content Store).

Following these steps, I am now able to successfully test connections to the Oracle databases including the Content Store.
However, on attempting to restart the services, I am now getting the message below.
Any thoughts would be greatly appreciated.
Thanks in advance.

09:00:09, 'LogService', 'StartService', 'FAILED'.
09:00:09, 'LogService', 'StartService', 'Success'.
09:00:10, CAF-WRN-0010 CAF input validation enabled.
09:00:10, CAF-WRN-0021 CAF Third Party XSS checking disabled.
09:00:12, 'CAM', 'StartService', 'Success'.
09:00:19, CM-CFG-5063 A Content Manager configuration error was detected while connecting to the content store.  CM-SYS-5003 Content Manager is unable to connect to the content store. Verify that the database connection properties in the configuration tool are correct and that when you test the connection, the test is successful. Cause: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.    Stack trace:  java.sql.SQLRecoverableException: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:821)     at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:782)     at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)     at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:704)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:105)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:123)     at com.cognos.cm.dbstore.CMDbStoreFactory.getJDBCConnection(CMDbStoreFactory.java:1983)     at com.cognos.cm.dbstore.CMDbStoreFactory.getInitialConnection(CMDbStoreFactory.java:1780)     at com.cognos.cm.dbstore.CMDbStoreFactory.initContentIndependentBeforeLock(CMDbStoreFactory.java:2002)     at com.cognos.cm.dbstore.CMDbStore.initializeContentIndependentBeforeLock(CMDbStore.java:4392)     at com.cognos.cm.server.CMServlet.initializeContentStoreContentIndependentBeforeLock(CMServlet.java:1278)     at com.cognos.cm.server.CMServlet.init(CMServlet.java:1080)     at com.cognos.cm.server.ContentManager.start(ContentManager.java:440)     at com.cognos.cm.server.ContentManagerLifecycleHandler.start(ContentManagerLifecycleHandler.java:65)     at com.cognos.pogo.services.DefaultHandlerService.start(DefaultHandlerService.java:88)     at com.cognos.pogo.services.DispatcherServices.startInitialService(DispatcherServices.java:379)     at com.cognos.pogo.services.DispatcherServices.startInititalServices(DispatcherServices.java:365)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.runWithDispatcherServices(PogoServlet.java:841)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.run(PogoServlet.java:823)     at com.cognos.pogo.util.threads.SafeThread.safeRun(SafeThread.java:70)     at com.cognos.pogo.util.threads.SafeThread.run(SafeThread.java:61)  Caused by: java.io.IOException: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:817)     ... 20 more  Caused by: java.io.IOException: IO Error General SSLEngine problem     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:545)     at oracle.net.nt.SSLSocketChannel.wrapHandshakeMessage(SSLSocketChannel.java:458)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:440)     at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:126)     at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:308)     at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:235)     at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:114)     at oracle.net.ns.NSProtocol.connect(NSProtocol.java:318)     at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1481)     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:540)     ... 20 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.D.A(D.java:655)     at com.ibm.jsse2.as.b(as.java:427)     at com.ibm.jsse2.as.c(as.java:376)     at com.ibm.jsse2.as.wrap(as.java:479)     at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:45)     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:541)     ... 29 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.k.a(k.java:43)     at com.ibm.jsse2.as.a(as.java:509)     at com.ibm.jsse2.D.a(D.java:397)     at com.ibm.jsse2.D.a(D.java:572)     at com.ibm.jsse2.E.a(E.java:585)     at com.ibm.jsse2.E.a(E.java:479)     at com.ibm.jsse2.D.s(D.java:286)     at com.ibm.jsse2.D$b.a(D$b.java:3)     at com.ibm.jsse2.D$b.run(D$b.java:2)     at java.security.AccessController.doPrivileged(AccessController.java:770)     at com.ibm.jsse2.D$c.run(D$c.java:14)     at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:600)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:432)     ... 27 more  Caused by: com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.jsse2.util.f.a(f.java:21)     at com.ibm.jsse2.util.f.b(f.java:151)     at com.ibm.jsse2.util.e.a(e.java:6)     at com.ibm.jsse2.aD.a(aD.java:75)     at com.ibm.jsse2.aD.a(aD.java:40)     at com.ibm.jsse2.aD.checkServerTrusted(aD.java:48)     at com.ibm.jsse2.E.a(E.java:273)     ... 35 more  Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.security.cert.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:149)     at com.ibm.security.cert.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:75)     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:304)     at com.ibm.jsse2.util.f.a(f.java:169)     ... 41 more 
09:00:23, 'ContentManager', 'getActiveContentManager', 'Failure'.
DPR-CMI-4006 Unable to determine the active Content Manager. Will retry periodically.

------------------------------
Adam McIlravey
------------------------------

#CognosAnalyticswithWatson

Hi Adam
Seems like it is a issue with certificates. What is your SHA Algorithm. Also have you verified with iKeyman that the certs are properly installed. Also may be try changing the Standard Conformance to IBM Cognos from NIST SP 800-131 A although NIST is preferred and more secure.
Does HTTP works fine?
Thank you
Sanjay

------------------------------
Sanjay Chakravarty
------------------------------

Original Message:
Sent: Thu March 18, 2021 09:14 AM
From: Adam McIlravey
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Following the over-the-top upgrade, I have edited the bootstrap_wlp_winx64.xml and cogconfig.bat to include their former manual entries.
I have also re-applied the signer certificates to cacerts using Ikeyman successfully.
Prior to these steps, I was unable to connect to any of the Oracle databases defined in Cognos Configuration (including he Content Store).

Following these steps, I am now able to successfully test connections to the Oracle databases including the Content Store.
However, on attempting to restart the services, I am now getting the message below.
Any thoughts would be greatly appreciated.
Thanks in advance.

09:00:09, 'LogService', 'StartService', 'FAILED'.
09:00:09, 'LogService', 'StartService', 'Success'.
09:00:10, CAF-WRN-0010 CAF input validation enabled.
09:00:10, CAF-WRN-0021 CAF Third Party XSS checking disabled.
09:00:12, 'CAM', 'StartService', 'Success'.
09:00:19, CM-CFG-5063 A Content Manager configuration error was detected while connecting to the content store.  CM-SYS-5003 Content Manager is unable to connect to the content store. Verify that the database connection properties in the configuration tool are correct and that when you test the connection, the test is successful. Cause: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.    Stack trace:  java.sql.SQLRecoverableException: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:821)     at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:782)     at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)     at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:704)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:105)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:123)     at com.cognos.cm.dbstore.CMDbStoreFactory.getJDBCConnection(CMDbStoreFactory.java:1983)     at com.cognos.cm.dbstore.CMDbStoreFactory.getInitialConnection(CMDbStoreFactory.java:1780)     at com.cognos.cm.dbstore.CMDbStoreFactory.initContentIndependentBeforeLock(CMDbStoreFactory.java:2002)     at com.cognos.cm.dbstore.CMDbStore.initializeContentIndependentBeforeLock(CMDbStore.java:4392)     at com.cognos.cm.server.CMServlet.initializeContentStoreContentIndependentBeforeLock(CMServlet.java:1278)     at com.cognos.cm.server.CMServlet.init(CMServlet.java:1080)     at com.cognos.cm.server.ContentManager.start(ContentManager.java:440)     at com.cognos.cm.server.ContentManagerLifecycleHandler.start(ContentManagerLifecycleHandler.java:65)     at com.cognos.pogo.services.DefaultHandlerService.start(DefaultHandlerService.java:88)     at com.cognos.pogo.services.DispatcherServices.startInitialService(DispatcherServices.java:379)     at com.cognos.pogo.services.DispatcherServices.startInititalServices(DispatcherServices.java:365)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.runWithDispatcherServices(PogoServlet.java:841)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.run(PogoServlet.java:823)     at com.cognos.pogo.util.threads.SafeThread.safeRun(SafeThread.java:70)     at com.cognos.pogo.util.threads.SafeThread.run(SafeThread.java:61)  Caused by: java.io.IOException: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:817)     ... 20 more  Caused by: java.io.IOException: IO Error General SSLEngine problem     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:545)     at oracle.net.nt.SSLSocketChannel.wrapHandshakeMessage(SSLSocketChannel.java:458)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:440)     at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:126)     at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:308)     at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:235)     at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:114)     at oracle.net.ns.NSProtocol.connect(NSProtocol.java:318)     at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1481)     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:540)     ... 20 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.D.A(D.java:655)     at com.ibm.jsse2.as.b(as.java:427)     at com.ibm.jsse2.as.c(as.java:376)     at com.ibm.jsse2.as.wrap(as.java:479)     at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:45)     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:541)     ... 29 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.k.a(k.java:43)     at com.ibm.jsse2.as.a(as.java:509)     at com.ibm.jsse2.D.a(D.java:397)     at com.ibm.jsse2.D.a(D.java:572)     at com.ibm.jsse2.E.a(E.java:585)     at com.ibm.jsse2.E.a(E.java:479)     at com.ibm.jsse2.D.s(D.java:286)     at com.ibm.jsse2.D$b.a(D$b.java:3)     at com.ibm.jsse2.D$b.run(D$b.java:2)     at java.security.AccessController.doPrivileged(AccessController.java:770)     at com.ibm.jsse2.D$c.run(D$c.java:14)     at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:600)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:432)     ... 27 more  Caused by: com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.jsse2.util.f.a(f.java:21)     at com.ibm.jsse2.util.f.b(f.java:151)     at com.ibm.jsse2.util.e.a(e.java:6)     at com.ibm.jsse2.aD.a(aD.java:75)     at com.ibm.jsse2.aD.a(aD.java:40)     at com.ibm.jsse2.aD.checkServerTrusted(aD.java:48)     at com.ibm.jsse2.E.a(E.java:273)     ... 35 more  Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.security.cert.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:149)     at com.ibm.security.cert.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:75)     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:304)     at com.ibm.jsse2.util.f.a(f.java:169)     ... 41 more 
09:00:23, 'ContentManager', 'getActiveContentManager', 'Failure'.
DPR-CMI-4006 Unable to determine the active Content Manager. Will retry periodically.

------------------------------
Adam McIlravey
------------------------------

#CognosAnalyticswithWatson

SHA Algorithm = SHA-256
I can view the certificates using IKeyMan in Signer Certificates > JKS > cacerts > <install directory>\ibm-jre\jre\lib\security\ - They appear correct, but I am not 100% sure as I don't know exactly what the entries here should be.
Standard Conformance is already IBM Cognos.

Thoughts?

------------------------------
Adam McIlravey
------------------------------

Original Message:
Sent: Thu March 18, 2021 09:26 AM
From: Sanjay Chakravarty
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Hi Adam
Seems like it is a issue with certificates. What is your SHA Algorithm. Also have you verified with iKeyman that the certs are properly installed. Also may be try changing the Standard Conformance to IBM Cognos from NIST SP 800-131 A although NIST is preferred and more secure.
Does HTTP works fine?
Thank you
Sanjay

------------------------------
Sanjay Chakravarty

Original Message:
Sent: Thu March 18, 2021 09:14 AM
From: Adam McIlravey
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Following the over-the-top upgrade, I have edited the bootstrap_wlp_winx64.xml and cogconfig.bat to include their former manual entries.
I have also re-applied the signer certificates to cacerts using Ikeyman successfully.
Prior to these steps, I was unable to connect to any of the Oracle databases defined in Cognos Configuration (including he Content Store).

Following these steps, I am now able to successfully test connections to the Oracle databases including the Content Store.
However, on attempting to restart the services, I am now getting the message below.
Any thoughts would be greatly appreciated.
Thanks in advance.

09:00:09, 'LogService', 'StartService', 'FAILED'.
09:00:09, 'LogService', 'StartService', 'Success'.
09:00:10, CAF-WRN-0010 CAF input validation enabled.
09:00:10, CAF-WRN-0021 CAF Third Party XSS checking disabled.
09:00:12, 'CAM', 'StartService', 'Success'.
09:00:19, CM-CFG-5063 A Content Manager configuration error was detected while connecting to the content store.  CM-SYS-5003 Content Manager is unable to connect to the content store. Verify that the database connection properties in the configuration tool are correct and that when you test the connection, the test is successful. Cause: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.    Stack trace:  java.sql.SQLRecoverableException: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:821)     at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:782)     at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)     at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:704)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:105)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:123)     at com.cognos.cm.dbstore.CMDbStoreFactory.getJDBCConnection(CMDbStoreFactory.java:1983)     at com.cognos.cm.dbstore.CMDbStoreFactory.getInitialConnection(CMDbStoreFactory.java:1780)     at com.cognos.cm.dbstore.CMDbStoreFactory.initContentIndependentBeforeLock(CMDbStoreFactory.java:2002)     at com.cognos.cm.dbstore.CMDbStore.initializeContentIndependentBeforeLock(CMDbStore.java:4392)     at com.cognos.cm.server.CMServlet.initializeContentStoreContentIndependentBeforeLock(CMServlet.java:1278)     at com.cognos.cm.server.CMServlet.init(CMServlet.java:1080)     at com.cognos.cm.server.ContentManager.start(ContentManager.java:440)     at com.cognos.cm.server.ContentManagerLifecycleHandler.start(ContentManagerLifecycleHandler.java:65)     at com.cognos.pogo.services.DefaultHandlerService.start(DefaultHandlerService.java:88)     at com.cognos.pogo.services.DispatcherServices.startInitialService(DispatcherServices.java:379)     at com.cognos.pogo.services.DispatcherServices.startInititalServices(DispatcherServices.java:365)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.runWithDispatcherServices(PogoServlet.java:841)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.run(PogoServlet.java:823)     at com.cognos.pogo.util.threads.SafeThread.safeRun(SafeThread.java:70)     at com.cognos.pogo.util.threads.SafeThread.run(SafeThread.java:61)  Caused by: java.io.IOException: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:817)     ... 20 more  Caused by: java.io.IOException: IO Error General SSLEngine problem     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:545)     at oracle.net.nt.SSLSocketChannel.wrapHandshakeMessage(SSLSocketChannel.java:458)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:440)     at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:126)     at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:308)     at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:235)     at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:114)     at oracle.net.ns.NSProtocol.connect(NSProtocol.java:318)     at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1481)     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:540)     ... 20 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.D.A(D.java:655)     at com.ibm.jsse2.as.b(as.java:427)     at com.ibm.jsse2.as.c(as.java:376)     at com.ibm.jsse2.as.wrap(as.java:479)     at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:45)     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:541)     ... 29 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.k.a(k.java:43)     at com.ibm.jsse2.as.a(as.java:509)     at com.ibm.jsse2.D.a(D.java:397)     at com.ibm.jsse2.D.a(D.java:572)     at com.ibm.jsse2.E.a(E.java:585)     at com.ibm.jsse2.E.a(E.java:479)     at com.ibm.jsse2.D.s(D.java:286)     at com.ibm.jsse2.D$b.a(D$b.java:3)     at com.ibm.jsse2.D$b.run(D$b.java:2)     at java.security.AccessController.doPrivileged(AccessController.java:770)     at com.ibm.jsse2.D$c.run(D$c.java:14)     at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:600)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:432)     ... 27 more  Caused by: com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.jsse2.util.f.a(f.java:21)     at com.ibm.jsse2.util.f.b(f.java:151)     at com.ibm.jsse2.util.e.a(e.java:6)     at com.ibm.jsse2.aD.a(aD.java:75)     at com.ibm.jsse2.aD.a(aD.java:40)     at com.ibm.jsse2.aD.checkServerTrusted(aD.java:48)     at com.ibm.jsse2.E.a(E.java:273)     ... 35 more  Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.security.cert.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:149)     at com.ibm.security.cert.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:75)     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:304)     at com.ibm.jsse2.util.f.a(f.java:169)     ... 41 more 
09:00:23, 'ContentManager', 'getActiveContentManager', 'Failure'.
DPR-CMI-4006 Unable to determine the active Content Manager. Will retry periodically.

------------------------------
Adam McIlravey
------------------------------

#CognosAnalyticswithWatson

If I remember correctly I had a similar problem a while back and it was due to the certificates being install in the wrong KeyStore.

There is a second KeyStore in <installl directory>\jre\lib\security\cacerts. I believe my issue was resolved when I installed the certificates in this KeyStore.

Regards
Dave Vantine

------------------------------
David Vantine
------------------------------

Original Message:
Sent: Thu March 18, 2021 11:10 AM
From: Adam McIlravey
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

SHA Algorithm = SHA-256
I can view the certificates using IKeyMan in Signer Certificates > JKS > cacerts > <install directory>\ibm-jre\jre\lib\security\ - They appear correct, but I am not 100% sure as I don't know exactly what the entries here should be.
Standard Conformance is already IBM Cognos.

Thoughts?

------------------------------
Adam McIlravey

Original Message:
Sent: Thu March 18, 2021 09:26 AM
From: Sanjay Chakravarty
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Hi Adam
Seems like it is a issue with certificates. What is your SHA Algorithm. Also have you verified with iKeyman that the certs are properly installed. Also may be try changing the Standard Conformance to IBM Cognos from NIST SP 800-131 A although NIST is preferred and more secure.
Does HTTP works fine?
Thank you
Sanjay

------------------------------
Sanjay Chakravarty

Original Message:
Sent: Thu March 18, 2021 09:14 AM
From: Adam McIlravey
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Following the over-the-top upgrade, I have edited the bootstrap_wlp_winx64.xml and cogconfig.bat to include their former manual entries.
I have also re-applied the signer certificates to cacerts using Ikeyman successfully.
Prior to these steps, I was unable to connect to any of the Oracle databases defined in Cognos Configuration (including he Content Store).

Following these steps, I am now able to successfully test connections to the Oracle databases including the Content Store.
However, on attempting to restart the services, I am now getting the message below.
Any thoughts would be greatly appreciated.
Thanks in advance.

09:00:09, 'LogService', 'StartService', 'FAILED'.
09:00:09, 'LogService', 'StartService', 'Success'.
09:00:10, CAF-WRN-0010 CAF input validation enabled.
09:00:10, CAF-WRN-0021 CAF Third Party XSS checking disabled.
09:00:12, 'CAM', 'StartService', 'Success'.
09:00:19, CM-CFG-5063 A Content Manager configuration error was detected while connecting to the content store.  CM-SYS-5003 Content Manager is unable to connect to the content store. Verify that the database connection properties in the configuration tool are correct and that when you test the connection, the test is successful. Cause: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.    Stack trace:  java.sql.SQLRecoverableException: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:821)     at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:782)     at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)     at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:704)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:105)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:123)     at com.cognos.cm.dbstore.CMDbStoreFactory.getJDBCConnection(CMDbStoreFactory.java:1983)     at com.cognos.cm.dbstore.CMDbStoreFactory.getInitialConnection(CMDbStoreFactory.java:1780)     at com.cognos.cm.dbstore.CMDbStoreFactory.initContentIndependentBeforeLock(CMDbStoreFactory.java:2002)     at com.cognos.cm.dbstore.CMDbStore.initializeContentIndependentBeforeLock(CMDbStore.java:4392)     at com.cognos.cm.server.CMServlet.initializeContentStoreContentIndependentBeforeLock(CMServlet.java:1278)     at com.cognos.cm.server.CMServlet.init(CMServlet.java:1080)     at com.cognos.cm.server.ContentManager.start(ContentManager.java:440)     at com.cognos.cm.server.ContentManagerLifecycleHandler.start(ContentManagerLifecycleHandler.java:65)     at com.cognos.pogo.services.DefaultHandlerService.start(DefaultHandlerService.java:88)     at com.cognos.pogo.services.DispatcherServices.startInitialService(DispatcherServices.java:379)     at com.cognos.pogo.services.DispatcherServices.startInititalServices(DispatcherServices.java:365)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.runWithDispatcherServices(PogoServlet.java:841)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.run(PogoServlet.java:823)     at com.cognos.pogo.util.threads.SafeThread.safeRun(SafeThread.java:70)     at com.cognos.pogo.util.threads.SafeThread.run(SafeThread.java:61)  Caused by: java.io.IOException: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:817)     ... 20 more  Caused by: java.io.IOException: IO Error General SSLEngine problem     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:545)     at oracle.net.nt.SSLSocketChannel.wrapHandshakeMessage(SSLSocketChannel.java:458)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:440)     at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:126)     at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:308)     at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:235)     at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:114)     at oracle.net.ns.NSProtocol.connect(NSProtocol.java:318)     at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1481)     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:540)     ... 20 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.D.A(D.java:655)     at com.ibm.jsse2.as.b(as.java:427)     at com.ibm.jsse2.as.c(as.java:376)     at com.ibm.jsse2.as.wrap(as.java:479)     at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:45)     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:541)     ... 29 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.k.a(k.java:43)     at com.ibm.jsse2.as.a(as.java:509)     at com.ibm.jsse2.D.a(D.java:397)     at com.ibm.jsse2.D.a(D.java:572)     at com.ibm.jsse2.E.a(E.java:585)     at com.ibm.jsse2.E.a(E.java:479)     at com.ibm.jsse2.D.s(D.java:286)     at com.ibm.jsse2.D$b.a(D$b.java:3)     at com.ibm.jsse2.D$b.run(D$b.java:2)     at java.security.AccessController.doPrivileged(AccessController.java:770)     at com.ibm.jsse2.D$c.run(D$c.java:14)     at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:600)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:432)     ... 27 more  Caused by: com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.jsse2.util.f.a(f.java:21)     at com.ibm.jsse2.util.f.b(f.java:151)     at com.ibm.jsse2.util.e.a(e.java:6)     at com.ibm.jsse2.aD.a(aD.java:75)     at com.ibm.jsse2.aD.a(aD.java:40)     at com.ibm.jsse2.aD.checkServerTrusted(aD.java:48)     at com.ibm.jsse2.E.a(E.java:273)     ... 35 more  Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.security.cert.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:149)     at com.ibm.security.cert.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:75)     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:304)     at com.ibm.jsse2.util.f.a(f.java:169)     ... 41 more 
09:00:23, 'ContentManager', 'getActiveContentManager', 'Failure'.
DPR-CMI-4006 Unable to determine the active Content Manager. Will retry periodically.

------------------------------
Adam McIlravey
------------------------------

#CognosAnalyticswithWatson

@David Vantine

That is the KeyStore that I updated, although in CA 11.1.7 the directory is actually​ <install>\ibm-jre\jre\security.

I also copied over saved versions of the java.security and local/export policy files to ​<install>\ibm-jre\jre\lib\security\policy\limited and the <install>\ibm-jre\jre\lib\security\policy\unlimited.
However, I am still encountering the same problem.

I am now having my Server Operation team restore the servers to their pre-upgrade CA 11.0.13 state and restoring the pre-upgrade Content Store and other Oracle schemas. My thought here is that perhaps another clean install without all the failing restart attempts may have more luck - Fingers Crossed!

Again, if anyone has any other thoughts they would be most appreciated.

------------------------------
Adam McIlravey
------------------------------

Original Message:
Sent: Fri March 19, 2021 11:42 AM
From: David Vantine
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

If I remember correctly I had a similar problem a while back and it was due to the certificates being install in the wrong KeyStore.

There is a second KeyStore in <installl directory>\jre\lib\security\cacerts. I believe my issue was resolved when I installed the certificates in this KeyStore.

Regards
Dave Vantine

------------------------------
David Vantine

Original Message:
Sent: Thu March 18, 2021 11:10 AM
From: Adam McIlravey
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

SHA Algorithm = SHA-256
I can view the certificates using IKeyMan in Signer Certificates > JKS > cacerts > <install directory>\ibm-jre\jre\lib\security\ - They appear correct, but I am not 100% sure as I don't know exactly what the entries here should be.
Standard Conformance is already IBM Cognos.

Thoughts?

------------------------------
Adam McIlravey

Original Message:
Sent: Thu March 18, 2021 09:26 AM
From: Sanjay Chakravarty
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Hi Adam
Seems like it is a issue with certificates. What is your SHA Algorithm. Also have you verified with iKeyman that the certs are properly installed. Also may be try changing the Standard Conformance to IBM Cognos from NIST SP 800-131 A although NIST is preferred and more secure.
Does HTTP works fine?
Thank you
Sanjay

------------------------------
Sanjay Chakravarty

Original Message:
Sent: Thu March 18, 2021 09:14 AM
From: Adam McIlravey
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Following the over-the-top upgrade, I have edited the bootstrap_wlp_winx64.xml and cogconfig.bat to include their former manual entries.
I have also re-applied the signer certificates to cacerts using Ikeyman successfully.
Prior to these steps, I was unable to connect to any of the Oracle databases defined in Cognos Configuration (including he Content Store).

Following these steps, I am now able to successfully test connections to the Oracle databases including the Content Store.
However, on attempting to restart the services, I am now getting the message below.
Any thoughts would be greatly appreciated.
Thanks in advance.

09:00:09, 'LogService', 'StartService', 'FAILED'.
09:00:09, 'LogService', 'StartService', 'Success'.
09:00:10, CAF-WRN-0010 CAF input validation enabled.
09:00:10, CAF-WRN-0021 CAF Third Party XSS checking disabled.
09:00:12, 'CAM', 'StartService', 'Success'.
09:00:19, CM-CFG-5063 A Content Manager configuration error was detected while connecting to the content store.  CM-SYS-5003 Content Manager is unable to connect to the content store. Verify that the database connection properties in the configuration tool are correct and that when you test the connection, the test is successful. Cause: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.    Stack trace:  java.sql.SQLRecoverableException: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:821)     at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:782)     at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)     at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:704)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:105)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:123)     at com.cognos.cm.dbstore.CMDbStoreFactory.getJDBCConnection(CMDbStoreFactory.java:1983)     at com.cognos.cm.dbstore.CMDbStoreFactory.getInitialConnection(CMDbStoreFactory.java:1780)     at com.cognos.cm.dbstore.CMDbStoreFactory.initContentIndependentBeforeLock(CMDbStoreFactory.java:2002)     at com.cognos.cm.dbstore.CMDbStore.initializeContentIndependentBeforeLock(CMDbStore.java:4392)     at com.cognos.cm.server.CMServlet.initializeContentStoreContentIndependentBeforeLock(CMServlet.java:1278)     at com.cognos.cm.server.CMServlet.init(CMServlet.java:1080)     at com.cognos.cm.server.ContentManager.start(ContentManager.java:440)     at com.cognos.cm.server.ContentManagerLifecycleHandler.start(ContentManagerLifecycleHandler.java:65)     at com.cognos.pogo.services.DefaultHandlerService.start(DefaultHandlerService.java:88)     at com.cognos.pogo.services.DispatcherServices.startInitialService(DispatcherServices.java:379)     at com.cognos.pogo.services.DispatcherServices.startInititalServices(DispatcherServices.java:365)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.runWithDispatcherServices(PogoServlet.java:841)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.run(PogoServlet.java:823)     at com.cognos.pogo.util.threads.SafeThread.safeRun(SafeThread.java:70)     at com.cognos.pogo.util.threads.SafeThread.run(SafeThread.java:61)  Caused by: java.io.IOException: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:817)     ... 20 more  Caused by: java.io.IOException: IO Error General SSLEngine problem     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:545)     at oracle.net.nt.SSLSocketChannel.wrapHandshakeMessage(SSLSocketChannel.java:458)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:440)     at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:126)     at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:308)     at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:235)     at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:114)     at oracle.net.ns.NSProtocol.connect(NSProtocol.java:318)     at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1481)     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:540)     ... 20 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.D.A(D.java:655)     at com.ibm.jsse2.as.b(as.java:427)     at com.ibm.jsse2.as.c(as.java:376)     at com.ibm.jsse2.as.wrap(as.java:479)     at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:45)     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:541)     ... 29 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.k.a(k.java:43)     at com.ibm.jsse2.as.a(as.java:509)     at com.ibm.jsse2.D.a(D.java:397)     at com.ibm.jsse2.D.a(D.java:572)     at com.ibm.jsse2.E.a(E.java:585)     at com.ibm.jsse2.E.a(E.java:479)     at com.ibm.jsse2.D.s(D.java:286)     at com.ibm.jsse2.D$b.a(D$b.java:3)     at com.ibm.jsse2.D$b.run(D$b.java:2)     at java.security.AccessController.doPrivileged(AccessController.java:770)     at com.ibm.jsse2.D$c.run(D$c.java:14)     at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:600)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:432)     ... 27 more  Caused by: com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.jsse2.util.f.a(f.java:21)     at com.ibm.jsse2.util.f.b(f.java:151)     at com.ibm.jsse2.util.e.a(e.java:6)     at com.ibm.jsse2.aD.a(aD.java:75)     at com.ibm.jsse2.aD.a(aD.java:40)     at com.ibm.jsse2.aD.checkServerTrusted(aD.java:48)     at com.ibm.jsse2.E.a(E.java:273)     ... 35 more  Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.security.cert.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:149)     at com.ibm.security.cert.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:75)     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:304)     at com.ibm.jsse2.util.f.a(f.java:169)     ... 41 more 
09:00:23, 'ContentManager', 'getActiveContentManager', 'Failure'.
DPR-CMI-4006 Unable to determine the active Content Manager. Will retry periodically.

------------------------------
Adam McIlravey
------------------------------

#CognosAnalyticswithWatson

Hi Adam
I would recommend trying the following:

1. When you are setting up cognos for the first time, it creates a service that requires to be run with an account that has right data base privileges to access the database. Please add the required credentials that have required privileges with database privileges with the cognos service.
2. Additionally check the security supported cipher suites. We have noticed issues with cipher suites that start with ECDHE. Here is an IBM Thread on the issue for reference

How do I fix the SSL exception CWPKI0022E "KeyUsage does not allow digital signatures" in WebSphere Application Server? (ibm.com)

Hopefully your issue gets resolved.

Thanks
Ramakrishna Dronavalli

------------------------------
Ramakrishna Dronavalli
------------------------------

Original Message:
Sent: Fri March 19, 2021 12:27 PM
From: Adam McIlravey
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

@David Vantine

That is the KeyStore that I updated, although in CA 11.1.7 the directory is actually​ <install>\ibm-jre\jre\security.

I also copied over saved versions of the java.security and local/export policy files to ​<install>\ibm-jre\jre\lib\security\policy\limited and the <install>\ibm-jre\jre\lib\security\policy\unlimited.
However, I am still encountering the same problem.

I am now having my Server Operation team restore the servers to their pre-upgrade CA 11.0.13 state and restoring the pre-upgrade Content Store and other Oracle schemas. My thought here is that perhaps another clean install without all the failing restart attempts may have more luck - Fingers Crossed!

Again, if anyone has any other thoughts they would be most appreciated.

------------------------------
Adam McIlravey

Original Message:
Sent: Fri March 19, 2021 11:42 AM
From: David Vantine
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

If I remember correctly I had a similar problem a while back and it was due to the certificates being install in the wrong KeyStore.

There is a second KeyStore in <installl directory>\jre\lib\security\cacerts. I believe my issue was resolved when I installed the certificates in this KeyStore.

Regards
Dave Vantine

------------------------------
David Vantine

Original Message:
Sent: Thu March 18, 2021 11:10 AM
From: Adam McIlravey
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

SHA Algorithm = SHA-256
I can view the certificates using IKeyMan in Signer Certificates > JKS > cacerts > <install directory>\ibm-jre\jre\lib\security\ - They appear correct, but I am not 100% sure as I don't know exactly what the entries here should be.
Standard Conformance is already IBM Cognos.

Thoughts?

------------------------------
Adam McIlravey

Original Message:
Sent: Thu March 18, 2021 09:26 AM
From: Sanjay Chakravarty
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Hi Adam
Seems like it is a issue with certificates. What is your SHA Algorithm. Also have you verified with iKeyman that the certs are properly installed. Also may be try changing the Standard Conformance to IBM Cognos from NIST SP 800-131 A although NIST is preferred and more secure.
Does HTTP works fine?
Thank you
Sanjay

------------------------------
Sanjay Chakravarty

Original Message:
Sent: Thu March 18, 2021 09:14 AM
From: Adam McIlravey
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Following the over-the-top upgrade, I have edited the bootstrap_wlp_winx64.xml and cogconfig.bat to include their former manual entries.
I have also re-applied the signer certificates to cacerts using Ikeyman successfully.
Prior to these steps, I was unable to connect to any of the Oracle databases defined in Cognos Configuration (including he Content Store).

Following these steps, I am now able to successfully test connections to the Oracle databases including the Content Store.
However, on attempting to restart the services, I am now getting the message below.
Any thoughts would be greatly appreciated.
Thanks in advance.

09:00:09, 'LogService', 'StartService', 'FAILED'.
09:00:09, 'LogService', 'StartService', 'Success'.
09:00:10, CAF-WRN-0010 CAF input validation enabled.
09:00:10, CAF-WRN-0021 CAF Third Party XSS checking disabled.
09:00:12, 'CAM', 'StartService', 'Success'.
09:00:19, CM-CFG-5063 A Content Manager configuration error was detected while connecting to the content store.  CM-SYS-5003 Content Manager is unable to connect to the content store. Verify that the database connection properties in the configuration tool are correct and that when you test the connection, the test is successful. Cause: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.    Stack trace:  java.sql.SQLRecoverableException: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:821)     at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:782)     at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)     at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:704)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:105)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:123)     at com.cognos.cm.dbstore.CMDbStoreFactory.getJDBCConnection(CMDbStoreFactory.java:1983)     at com.cognos.cm.dbstore.CMDbStoreFactory.getInitialConnection(CMDbStoreFactory.java:1780)     at com.cognos.cm.dbstore.CMDbStoreFactory.initContentIndependentBeforeLock(CMDbStoreFactory.java:2002)     at com.cognos.cm.dbstore.CMDbStore.initializeContentIndependentBeforeLock(CMDbStore.java:4392)     at com.cognos.cm.server.CMServlet.initializeContentStoreContentIndependentBeforeLock(CMServlet.java:1278)     at com.cognos.cm.server.CMServlet.init(CMServlet.java:1080)     at com.cognos.cm.server.ContentManager.start(ContentManager.java:440)     at com.cognos.cm.server.ContentManagerLifecycleHandler.start(ContentManagerLifecycleHandler.java:65)     at com.cognos.pogo.services.DefaultHandlerService.start(DefaultHandlerService.java:88)     at com.cognos.pogo.services.DispatcherServices.startInitialService(DispatcherServices.java:379)     at com.cognos.pogo.services.DispatcherServices.startInititalServices(DispatcherServices.java:365)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.runWithDispatcherServices(PogoServlet.java:841)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.run(PogoServlet.java:823)     at com.cognos.pogo.util.threads.SafeThread.safeRun(SafeThread.java:70)     at com.cognos.pogo.util.threads.SafeThread.run(SafeThread.java:61)  Caused by: java.io.IOException: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:817)     ... 20 more  Caused by: java.io.IOException: IO Error General SSLEngine problem     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:545)     at oracle.net.nt.SSLSocketChannel.wrapHandshakeMessage(SSLSocketChannel.java:458)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:440)     at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:126)     at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:308)     at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:235)     at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:114)     at oracle.net.ns.NSProtocol.connect(NSProtocol.java:318)     at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1481)     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:540)     ... 20 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.D.A(D.java:655)     at com.ibm.jsse2.as.b(as.java:427)     at com.ibm.jsse2.as.c(as.java:376)     at com.ibm.jsse2.as.wrap(as.java:479)     at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:45)     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:541)     ... 29 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.k.a(k.java:43)     at com.ibm.jsse2.as.a(as.java:509)     at com.ibm.jsse2.D.a(D.java:397)     at com.ibm.jsse2.D.a(D.java:572)     at com.ibm.jsse2.E.a(E.java:585)     at com.ibm.jsse2.E.a(E.java:479)     at com.ibm.jsse2.D.s(D.java:286)     at com.ibm.jsse2.D$b.a(D$b.java:3)     at com.ibm.jsse2.D$b.run(D$b.java:2)     at java.security.AccessController.doPrivileged(AccessController.java:770)     at com.ibm.jsse2.D$c.run(D$c.java:14)     at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:600)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:432)     ... 27 more  Caused by: com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.jsse2.util.f.a(f.java:21)     at com.ibm.jsse2.util.f.b(f.java:151)     at com.ibm.jsse2.util.e.a(e.java:6)     at com.ibm.jsse2.aD.a(aD.java:75)     at com.ibm.jsse2.aD.a(aD.java:40)     at com.ibm.jsse2.aD.checkServerTrusted(aD.java:48)     at com.ibm.jsse2.E.a(E.java:273)     ... 35 more  Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.security.cert.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:149)     at com.ibm.security.cert.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:75)     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:304)     at com.ibm.jsse2.util.f.a(f.java:169)     ... 41 more 
09:00:23, 'ContentManager', 'getActiveContentManager', 'Failure'.
DPR-CMI-4006 Unable to determine the active Content Manager. Will retry periodically.

------------------------------
Adam McIlravey
------------------------------

#CognosAnalyticswithWatson

Adam
Not sure if you have followed this below article. I have installed Internally Signed & wild card certificates and no issues.
https://www.ibm.com/support/pages/how-add-3rd-party-ca-allow-ssl-between-components-ibm-cognos-analytics-11
If you have taken back up of the Configuration, you can always revert back without the re -install
Thank you

------------------------------
Sanjay Chakravarty
------------------------------

Original Message:
Sent: Thu March 18, 2021 09:14 AM
From: Adam McIlravey
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Following the over-the-top upgrade, I have edited the bootstrap_wlp_winx64.xml and cogconfig.bat to include their former manual entries.
I have also re-applied the signer certificates to cacerts using Ikeyman successfully.
Prior to these steps, I was unable to connect to any of the Oracle databases defined in Cognos Configuration (including he Content Store).

Following these steps, I am now able to successfully test connections to the Oracle databases including the Content Store.
However, on attempting to restart the services, I am now getting the message below.
Any thoughts would be greatly appreciated.
Thanks in advance.

09:00:09, 'LogService', 'StartService', 'FAILED'.
09:00:09, 'LogService', 'StartService', 'Success'.
09:00:10, CAF-WRN-0010 CAF input validation enabled.
09:00:10, CAF-WRN-0021 CAF Third Party XSS checking disabled.
09:00:12, 'CAM', 'StartService', 'Success'.
09:00:19, CM-CFG-5063 A Content Manager configuration error was detected while connecting to the content store.  CM-SYS-5003 Content Manager is unable to connect to the content store. Verify that the database connection properties in the configuration tool are correct and that when you test the connection, the test is successful. Cause: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.    Stack trace:  java.sql.SQLRecoverableException: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:821)     at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:782)     at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)     at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:704)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:105)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:123)     at com.cognos.cm.dbstore.CMDbStoreFactory.getJDBCConnection(CMDbStoreFactory.java:1983)     at com.cognos.cm.dbstore.CMDbStoreFactory.getInitialConnection(CMDbStoreFactory.java:1780)     at com.cognos.cm.dbstore.CMDbStoreFactory.initContentIndependentBeforeLock(CMDbStoreFactory.java:2002)     at com.cognos.cm.dbstore.CMDbStore.initializeContentIndependentBeforeLock(CMDbStore.java:4392)     at com.cognos.cm.server.CMServlet.initializeContentStoreContentIndependentBeforeLock(CMServlet.java:1278)     at com.cognos.cm.server.CMServlet.init(CMServlet.java:1080)     at com.cognos.cm.server.ContentManager.start(ContentManager.java:440)     at com.cognos.cm.server.ContentManagerLifecycleHandler.start(ContentManagerLifecycleHandler.java:65)     at com.cognos.pogo.services.DefaultHandlerService.start(DefaultHandlerService.java:88)     at com.cognos.pogo.services.DispatcherServices.startInitialService(DispatcherServices.java:379)     at com.cognos.pogo.services.DispatcherServices.startInititalServices(DispatcherServices.java:365)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.runWithDispatcherServices(PogoServlet.java:841)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.run(PogoServlet.java:823)     at com.cognos.pogo.util.threads.SafeThread.safeRun(SafeThread.java:70)     at com.cognos.pogo.util.threads.SafeThread.run(SafeThread.java:61)  Caused by: java.io.IOException: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:817)     ... 20 more  Caused by: java.io.IOException: IO Error General SSLEngine problem     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:545)     at oracle.net.nt.SSLSocketChannel.wrapHandshakeMessage(SSLSocketChannel.java:458)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:440)     at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:126)     at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:308)     at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:235)     at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:114)     at oracle.net.ns.NSProtocol.connect(NSProtocol.java:318)     at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1481)     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:540)     ... 20 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.D.A(D.java:655)     at com.ibm.jsse2.as.b(as.java:427)     at com.ibm.jsse2.as.c(as.java:376)     at com.ibm.jsse2.as.wrap(as.java:479)     at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:45)     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:541)     ... 29 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.k.a(k.java:43)     at com.ibm.jsse2.as.a(as.java:509)     at com.ibm.jsse2.D.a(D.java:397)     at com.ibm.jsse2.D.a(D.java:572)     at com.ibm.jsse2.E.a(E.java:585)     at com.ibm.jsse2.E.a(E.java:479)     at com.ibm.jsse2.D.s(D.java:286)     at com.ibm.jsse2.D$b.a(D$b.java:3)     at com.ibm.jsse2.D$b.run(D$b.java:2)     at java.security.AccessController.doPrivileged(AccessController.java:770)     at com.ibm.jsse2.D$c.run(D$c.java:14)     at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:600)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:432)     ... 27 more  Caused by: com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.jsse2.util.f.a(f.java:21)     at com.ibm.jsse2.util.f.b(f.java:151)     at com.ibm.jsse2.util.e.a(e.java:6)     at com.ibm.jsse2.aD.a(aD.java:75)     at com.ibm.jsse2.aD.a(aD.java:40)     at com.ibm.jsse2.aD.checkServerTrusted(aD.java:48)     at com.ibm.jsse2.E.a(E.java:273)     ... 35 more  Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.security.cert.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:149)     at com.ibm.security.cert.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:75)     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:304)     at com.ibm.jsse2.util.f.a(f.java:169)     ... 41 more 
09:00:23, 'ContentManager', 'getActiveContentManager', 'Failure'.
DPR-CMI-4006 Unable to determine the active Content Manager. Will retry periodically.

------------------------------
Adam McIlravey
------------------------------

#CognosAnalyticswithWatson

Hi Sanjay,

How can we rollback an Cognos environment without an Re-install if a backup of the configuration exist.?

Is there a "How to" documentation to perform this task. This would be extremely useful to know.

Vincent
 


------------------------------
Vincent Dsouza
------------------------------

Original Message:
Sent: Fri March 19, 2021 12:41 PM
From: Sanjay Chakravarty
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Adam
Not sure if you have followed this below article. I have installed Internally Signed & wild card certificates and no issues.
https://www.ibm.com/support/pages/how-add-3rd-party-ca-allow-ssl-between-components-ibm-cognos-analytics-11
If you have taken back up of the Configuration, you can always revert back without the re -install
Thank you

------------------------------
Sanjay Chakravarty

Original Message:
Sent: Thu March 18, 2021 09:14 AM
From: Adam McIlravey
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Following the over-the-top upgrade, I have edited the bootstrap_wlp_winx64.xml and cogconfig.bat to include their former manual entries.
I have also re-applied the signer certificates to cacerts using Ikeyman successfully.
Prior to these steps, I was unable to connect to any of the Oracle databases defined in Cognos Configuration (including he Content Store).

Following these steps, I am now able to successfully test connections to the Oracle databases including the Content Store.
However, on attempting to restart the services, I am now getting the message below.
Any thoughts would be greatly appreciated.
Thanks in advance.

09:00:09, 'LogService', 'StartService', 'FAILED'.
09:00:09, 'LogService', 'StartService', 'Success'.
09:00:10, CAF-WRN-0010 CAF input validation enabled.
09:00:10, CAF-WRN-0021 CAF Third Party XSS checking disabled.
09:00:12, 'CAM', 'StartService', 'Success'.
09:00:19, CM-CFG-5063 A Content Manager configuration error was detected while connecting to the content store.  CM-SYS-5003 Content Manager is unable to connect to the content store. Verify that the database connection properties in the configuration tool are correct and that when you test the connection, the test is successful. Cause: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.    Stack trace:  java.sql.SQLRecoverableException: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:821)     at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:782)     at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)     at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:704)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:105)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:123)     at com.cognos.cm.dbstore.CMDbStoreFactory.getJDBCConnection(CMDbStoreFactory.java:1983)     at com.cognos.cm.dbstore.CMDbStoreFactory.getInitialConnection(CMDbStoreFactory.java:1780)     at com.cognos.cm.dbstore.CMDbStoreFactory.initContentIndependentBeforeLock(CMDbStoreFactory.java:2002)     at com.cognos.cm.dbstore.CMDbStore.initializeContentIndependentBeforeLock(CMDbStore.java:4392)     at com.cognos.cm.server.CMServlet.initializeContentStoreContentIndependentBeforeLock(CMServlet.java:1278)     at com.cognos.cm.server.CMServlet.init(CMServlet.java:1080)     at com.cognos.cm.server.ContentManager.start(ContentManager.java:440)     at com.cognos.cm.server.ContentManagerLifecycleHandler.start(ContentManagerLifecycleHandler.java:65)     at com.cognos.pogo.services.DefaultHandlerService.start(DefaultHandlerService.java:88)     at com.cognos.pogo.services.DispatcherServices.startInitialService(DispatcherServices.java:379)     at com.cognos.pogo.services.DispatcherServices.startInititalServices(DispatcherServices.java:365)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.runWithDispatcherServices(PogoServlet.java:841)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.run(PogoServlet.java:823)     at com.cognos.pogo.util.threads.SafeThread.safeRun(SafeThread.java:70)     at com.cognos.pogo.util.threads.SafeThread.run(SafeThread.java:61)  Caused by: java.io.IOException: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:817)     ... 20 more  Caused by: java.io.IOException: IO Error General SSLEngine problem     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:545)     at oracle.net.nt.SSLSocketChannel.wrapHandshakeMessage(SSLSocketChannel.java:458)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:440)     at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:126)     at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:308)     at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:235)     at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:114)     at oracle.net.ns.NSProtocol.connect(NSProtocol.java:318)     at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1481)     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:540)     ... 20 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.D.A(D.java:655)     at com.ibm.jsse2.as.b(as.java:427)     at com.ibm.jsse2.as.c(as.java:376)     at com.ibm.jsse2.as.wrap(as.java:479)     at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:45)     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:541)     ... 29 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.k.a(k.java:43)     at com.ibm.jsse2.as.a(as.java:509)     at com.ibm.jsse2.D.a(D.java:397)     at com.ibm.jsse2.D.a(D.java:572)     at com.ibm.jsse2.E.a(E.java:585)     at com.ibm.jsse2.E.a(E.java:479)     at com.ibm.jsse2.D.s(D.java:286)     at com.ibm.jsse2.D$b.a(D$b.java:3)     at com.ibm.jsse2.D$b.run(D$b.java:2)     at java.security.AccessController.doPrivileged(AccessController.java:770)     at com.ibm.jsse2.D$c.run(D$c.java:14)     at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:600)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:432)     ... 27 more  Caused by: com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.jsse2.util.f.a(f.java:21)     at com.ibm.jsse2.util.f.b(f.java:151)     at com.ibm.jsse2.util.e.a(e.java:6)     at com.ibm.jsse2.aD.a(aD.java:75)     at com.ibm.jsse2.aD.a(aD.java:40)     at com.ibm.jsse2.aD.checkServerTrusted(aD.java:48)     at com.ibm.jsse2.E.a(E.java:273)     ... 35 more  Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.security.cert.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:149)     at com.ibm.security.cert.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:75)     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:304)     at com.ibm.jsse2.util.f.a(f.java:169)     ... 41 more 
09:00:23, 'ContentManager', 'getActiveContentManager', 'Failure'.
DPR-CMI-4006 Unable to determine the active Content Manager. Will retry periodically.

------------------------------
Adam McIlravey
------------------------------

#CognosAnalyticswithWatson

These are the steps that I have performed:

1. IT Ops to perform image of all Servers in environment to be upgraded.
2. DBA Team to backup all Oracle databases defined in Cognos Configuration - Content Store, Notification, etc...
3. Export Configuration on all servers.
4. Shutdown all Cognos services on all Servers.
5. Perform over the top install and ensure successful completion.
6. Run NC_DROP script (not sure if this is necessary).
7. Modify configuration files on both servers:
   • Modify <install>\bin64\bootstrap_wlp_winx64.xml
     • Add following text between <spawn> and </spawn> after param>-Xmx${dispatcherMaxMemory}m</param> statement:
       <param>-Doracle.net.ssl_version=0</param>
       <param>-Doracle.net.ssl_client_authentication=false</param>
       <param>-Doracle.net.wallet_location=(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=<path>\wallet)))</param>
   • Modify <install>\bin64\cogconfig.bat
     • Add following text between %_RUNJAVA% -cp %CP% %J_OPTS% CRConfig %1 %2 %3 %4 %5 %6 %7 %8 %9 and :exit /b %ERRORLEVEL% statements:
       
       rem Manual Edit
       set J_OPTS="-Dcom.ibm.jsse2.overrideDefaultTLS=true" %J_OPTS%
       set J_OPTS=-Doracle.net.ssl_version=0 %J_OPTS%
       set J_OPTS=-Doracle.net.wallet_location=(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=<path>\wallet))) %J_OPTS%
       set J_OPTS=-Doracle.net.ssl_client_authentication=false %J_OPTS%
       rem
8. Re-apply certificates to the cacerts file:
   • Re-Import Certificates using Thirdpartycertificatetool.bat
   • Add certificates to cacerts using IKeyman:
     • Key database type: JKS
     • File Name:               cacerts
     • Location:                  <install>\ibm-jre\jre\lib\security
9. Copy saved versions of following files java.security, local_policy, US_export_policy to appropriate locations.
10. Save Cognos Configuration - Completed Successfully
11. Test connection to Content Store - Completed successfully
12. Restart Cognos services on Primary Content Manager - Failed with message in initial thread

------------------------------
Adam McIlravey
------------------------------

Original Message:
Sent: Fri March 19, 2021 12:41 PM
From: Sanjay Chakravarty
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Adam
Not sure if you have followed this below article. I have installed Internally Signed & wild card certificates and no issues.
https://www.ibm.com/support/pages/how-add-3rd-party-ca-allow-ssl-between-components-ibm-cognos-analytics-11
If you have taken back up of the Configuration, you can always revert back without the re -install
Thank you

------------------------------
Sanjay Chakravarty

Original Message:
Sent: Thu March 18, 2021 09:14 AM
From: Adam McIlravey
Subject: CA 11.1.7 FP2 Upgrade with SSL from CA 11.0.13 - Failure to Restart Services

Following the over-the-top upgrade, I have edited the bootstrap_wlp_winx64.xml and cogconfig.bat to include their former manual entries.
I have also re-applied the signer certificates to cacerts using Ikeyman successfully.
Prior to these steps, I was unable to connect to any of the Oracle databases defined in Cognos Configuration (including he Content Store).

Following these steps, I am now able to successfully test connections to the Oracle databases including the Content Store.
However, on attempting to restart the services, I am now getting the message below.
Any thoughts would be greatly appreciated.
Thanks in advance.

09:00:09, 'LogService', 'StartService', 'FAILED'.
09:00:09, 'LogService', 'StartService', 'Success'.
09:00:10, CAF-WRN-0010 CAF input validation enabled.
09:00:10, CAF-WRN-0021 CAF Third Party XSS checking disabled.
09:00:12, 'CAM', 'StartService', 'Success'.
09:00:19, CM-CFG-5063 A Content Manager configuration error was detected while connecting to the content store.  CM-SYS-5003 Content Manager is unable to connect to the content store. Verify that the database connection properties in the configuration tool are correct and that when you test the connection, the test is successful. Cause: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.    Stack trace:  java.sql.SQLRecoverableException: IO Error: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:821)     at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:782)     at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)     at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:704)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:105)     at com.cognos.cm.dbstore.CMDriverManager.getConnection(CMDriverManager.java:123)     at com.cognos.cm.dbstore.CMDbStoreFactory.getJDBCConnection(CMDbStoreFactory.java:1983)     at com.cognos.cm.dbstore.CMDbStoreFactory.getInitialConnection(CMDbStoreFactory.java:1780)     at com.cognos.cm.dbstore.CMDbStoreFactory.initContentIndependentBeforeLock(CMDbStoreFactory.java:2002)     at com.cognos.cm.dbstore.CMDbStore.initializeContentIndependentBeforeLock(CMDbStore.java:4392)     at com.cognos.cm.server.CMServlet.initializeContentStoreContentIndependentBeforeLock(CMServlet.java:1278)     at com.cognos.cm.server.CMServlet.init(CMServlet.java:1080)     at com.cognos.cm.server.ContentManager.start(ContentManager.java:440)     at com.cognos.cm.server.ContentManagerLifecycleHandler.start(ContentManagerLifecycleHandler.java:65)     at com.cognos.pogo.services.DefaultHandlerService.start(DefaultHandlerService.java:88)     at com.cognos.pogo.services.DispatcherServices.startInitialService(DispatcherServices.java:379)     at com.cognos.pogo.services.DispatcherServices.startInititalServices(DispatcherServices.java:365)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.runWithDispatcherServices(PogoServlet.java:841)     at com.cognos.pogo.transport.PogoServlet$PogoStartup.run(PogoServlet.java:823)     at com.cognos.pogo.util.threads.SafeThread.safeRun(SafeThread.java:70)     at com.cognos.pogo.util.threads.SafeThread.run(SafeThread.java:61)  Caused by: java.io.IOException: IO Error General SSLEngine problem, Authentication lapse 0 ms.     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:817)     ... 20 more  Caused by: java.io.IOException: IO Error General SSLEngine problem     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:545)     at oracle.net.nt.SSLSocketChannel.wrapHandshakeMessage(SSLSocketChannel.java:458)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:440)     at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:126)     at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:308)     at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:235)     at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:114)     at oracle.net.ns.NSProtocol.connect(NSProtocol.java:318)     at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1481)     at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:540)     ... 20 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.D.A(D.java:655)     at com.ibm.jsse2.as.b(as.java:427)     at com.ibm.jsse2.as.c(as.java:376)     at com.ibm.jsse2.as.wrap(as.java:479)     at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:45)     at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:541)     ... 29 more  Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem     at com.ibm.jsse2.k.a(k.java:43)     at com.ibm.jsse2.as.a(as.java:509)     at com.ibm.jsse2.D.a(D.java:397)     at com.ibm.jsse2.D.a(D.java:572)     at com.ibm.jsse2.E.a(E.java:585)     at com.ibm.jsse2.E.a(E.java:479)     at com.ibm.jsse2.D.s(D.java:286)     at com.ibm.jsse2.D$b.a(D$b.java:3)     at com.ibm.jsse2.D$b.run(D$b.java:2)     at java.security.AccessController.doPrivileged(AccessController.java:770)     at com.ibm.jsse2.D$c.run(D$c.java:14)     at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:600)     at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:432)     ... 27 more  Caused by: com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.jsse2.util.f.a(f.java:21)     at com.ibm.jsse2.util.f.b(f.java:151)     at com.ibm.jsse2.util.e.a(e.java:6)     at com.ibm.jsse2.aD.a(aD.java:75)     at com.ibm.jsse2.aD.a(aD.java:40)     at com.ibm.jsse2.aD.checkServerTrusted(aD.java:48)     at com.ibm.jsse2.E.a(E.java:273)     ... 35 more  Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors     at com.ibm.security.cert.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:149)     at com.ibm.security.cert.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:75)     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:304)     at com.ibm.jsse2.util.f.a(f.java:169)     ... 41 more 
09:00:23, 'ContentManager', 'getActiveContentManager', 'Failure'.
DPR-CMI-4006 Unable to determine the active Content Manager. Will retry periodically.

------------------------------
Adam McIlravey
------------------------------
#CognosAnalyticswithWatson