JRE 1 - Avaya Support
advertisement
JCE Cryptography Expired Patch Sun file jce1_2_1.jar, which OA uses for signing certificate for reports and admin client, expired on 27 July 2005. This readme describes how to replace this with jce1_2_2.jar and its supporting file for Solaris, Windows, and AIX. This fix only addresses the issue with the JCE cryptography expiring; therefore, it is not cumulative. The JCE cryptography patch can be applied in conjunction with the latest OA patch for any supported release. OA Versions Affected: 6.0.X, 6.1, 6.1.X , and 7.0 IMPACT: Affects the functionality of OA Admin Client, OA TRW and Graphical Reports, and OA Authentication Server. OA Real-Time is not affected by this jce file. Real-Time will only be change if it co-exists with either Historical or Reporting Subsystems. If Real-Time exists by itself or OA Event Collector no action is required. The common errors have been seen reports.log and adminclient.log: 1. + 1122650988.896 UTC; altTZ(360); 1672-PlayerEventHandler:l10: Reason: com.avaya.cc.cvx.security.AuthenticationService$CantProceedException: Could not authenticate aut server: AUTHENTICATION SERVER NOT LEGIT 2. 1122574930.859 UTC; altTZ(360); 3280-main:l10: ALARM - emergency: CRM-BI/OA stumbras 0=ClientID:StartupService|Error initializing service: com.avaya.stumbras.services.dbpool.DbPoolService java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot set up certs for trusted CAs at javax.crypto.b.<clinit>([DashoPro-V1.2-120198]) at javax.crypto.SecretKeyFactory.getInstance([DashoPro-V1.2-120198]) at com.avaya.cc.cvx.security.CryptoServices.initialize(CryptoServices.java:249) at com.avaya.cc.cvx.security.CryptoServices.<init>(CryptoServices.java:234) at com.avaya.cc.cvx.security.CryptoServices.getInstance(CryptoServices.java:69) NOTE: For this operation you will need to bring down all OA process and applications and thus disrupt data flow for the time it is down. Plan this work for a low usage time of day. Also, please review this readme before attempting to apply this patch 1 Procedure for Windows and Solaris Version (6.0, 6.0.X, 6.1, 6.1.X) Stop All OA Systems To stop each system, follow the instructions outlined in the Avaya Operational Analyst Maintenance and Troubleshooting Guide, section “Starting and Stopping OA-Related Processes”. In general, the following steps will work: As OA Administrator: 1. On each Solaris system, from a terminal window, type “pa stop all”. Also, stop iplanet, initsrv, namesrv and TimesTen . Order of shutdown is important and must be in a certain order. a. To stop web server on Solaris SunOne: i. Older SunOne 6.0 Solaris: cd /usr/iplanet/server/https-stumbras ./stop ii. Newer SunOne 6.1 Solaris: cd / opt/SUNWwbsvr/https-stumbras ./stop As Root: b. Edit the /etc/inittab file and change respawn next to nm and in to off; execute init q . This will stop the name service and the init service. c. To stop TimesTen you will enter this command, if you used the default TimesTen settings: /etc/init.d/tt_avaya_bi stop As OA Administrator: 2. On each Windows system, from a command window, type “pa stop all” to stop OA processes. Order of shutdown is important and must be in a certain order. a. Go to Microsoft Window Services i. Stop ORBacus Naming Service ii. Stop Avaya Business Intelligence Service iii. Stop Stumbras-Tomcat (Reporting Subsystem) iv. Stop TimesTen 3. Use ICManager to stop all running instances of ECServer and ECBridge. 2 The Jce 1.2.2 patch consist of the following jars listed below. You will need to backup the current version of these files on your Windows and Solaris system. jce1_2_2.jar local_policy.jar sunjce_provider.jar US_export_policy.jar Note: The back-up copy of these jar should not be located anywhere within the BI directory. They should be moved to another location. If the files are left within the BI directory, web servers will attempt to use the older jars. 3 Patch for Windows OA Historical and Reporting Subsytem (6.X.X) 1. Copy the four jars to %PABASE%\jars. 2. Copy the four jars to %JAVA_HOME%\jre\lib\ext (ie. Default location: C:\Program Files\JavaSoft\JRE\1.3.1_06\lib\ext) Note: Check path by running in command prompt: echo $PATH in a command window 3. Edit %PABASE%\stumbras\tomcat\conf\nt_service.properties, change the jce1_2_1.jar to read jce1_2_2.jar instead. 4. Edit environment variable system classpath, change the jce1_2_1.jar to read jce1_2_2.jar instead. Patch for Windows OA Admin Client (6.X.X) 1. Copy the four jars to %PABASE%\jars. 2. Copy the four jars to %JAVA_HOME%\jre\lib\ext (ie. Default location: C:\Program Files\JavaSoft\JRE\1.3.1_06\lib\ext) 3. Edit %PABASE%\cfg\java.policy, change the jce1_2_1.jar to read jce1_2_2.jar instead. Note: If you are still having problems bringing up the admin client, you will need to edit the AdminPol.html located at %PABASE% using notepad. The change will be done twice, replace the jce1_2_1.jar to read jce1_2_2.jar instead. Patch for Solaris OA Historcial and Reporting Subsytem (6.X.X) 1. Copy the four jars to %PABASE%\jars. a. Perform chmod 750 to the four jars b. Perform chown with proper user and group (ie chown biadmin:oaadmin sunjce_provider.jar) 2. Copy the four jars to %JAVA_HOME%\jre\lib\ext (ie. Default location: /usr/java/jre/lib/ext) 3. Edit %IPLANET_HOME%/config/jvm12.conf, change the jce1_2_1 to read jce1_2_2 instead. 4. Edit classpath %PABASE%/.profile AOA_CP, change the jce1_2_1 to read jce1_2_2 instead. Re-execute the .profile to update current environment variables. Note: If you are running with Solaris 6.1 SunOne on JDK 1.4 then steps 2 and 3 are not required. You also will not find jvm12.conf because it was replaced by server.xml. 4 Procedure for Windows and Solaris Version (7.0) Patch for Windows OA Historical and Reporting Subsytem (7.0) 1. Copy the four jars to %PABASE%\jars. 2. Edit environment variable system classpath, change the jce1_2_1.jar to read jce1_2_2.jar instead. Patch for Solaris OA Historcial and Reporting Subsytem (7.0) 1. Copy the four jars to %PABASE%\jars. a. Perform chmod 750 to the four jars b. Perform chown with proper user and group (ie chown biadmin:oaadmin sunjce_provider.jar) 2. Edit classpath %PABASE%/.profile AOA_CP, change the jce1_2_1 to read jce1_2_2 instead. Re-execute the .profile to update current environment variables. Patch for Windows OA Admin Client (7.0) 1. Copy the four jars to %PABASE%\jars. 2. Edit %PABASE%\cfg\java.policy, change the jce1_2_1.jar to read jce1_2_2.jar instead. Note: If you are still having problems bringing up the admin client, you will need to edit the AdminPol.html located at %PABASE% using notepad. The change will be done twice, replace the jce1_2_1.jar to read jce1_2_2.jar instead. 5 OA Start-UP Procedures Windows and Solaris Start Systems Up To start up each system, follow the instructions outlined in the Avaya Operational Analyst Maintenance and Troubleshooting Guide, section “Starting and Stopping OA-Related Processes”. In general, the following steps will work: 1. Ensure historical server, initsrv, namesrv, TimesTen for Solaris are running or TimesTen, Avaya BI, and ORBacus Naming Service for Windows. For Solaris: (Order of startup is important and must be in a certain order) As Root: a. Edit the /etc/inittab file and change off next to nm and in to respawn; execute init q . This will stop the name service and the init service. b. To start TimesTen you will enter this command, if you used the default TimesTen settings: /etc/init.d/tt_avaya_bi start As OA Administrator: c. To start web server on Solaris SunOne: i. Older SunOne 6.0 Solaris: cd /usr/iplanet/server/https-stumbras ./start ii. Newer SunOne 6.1 Solaris: cd / opt/SUNWwbsvr/https-stumbras ./start As OA Administrator: For Windows: (Order of startup is important and must be in a certain order) Go to Microsoft Window Services i. Start TimesTen ii. Start ORBacus Naming Service iii. Start Avaya Business Intelligence Service iv. Start Stumbras-Tomcat (Reporting Subsystem) 2. If a non-historical server ensure the OA services have started. (Refer to the startup above for Solaris or Windows). 3. Run “pa start all” on the historical server as an OA Administrator. 4. Verify the system started cleanly by using the pa list and amui list commands. 5. Run “pa start all” on all of the non-historical servers as an OA Administrator. 6. Verify the system started cleanly by using the pa list and amui list commands. 7. Start up ICManager and start the ECB process(es). Ensure they are up and have assigned to MSMQ before proceeding. The status line at the bottom of ICManager will alert you that they have assigned. 8. For each non-historical server, from the ICManager, start EC for each nonhistorical subsystem. 6 Procedure for AIX (6.1.X , 7.0) Stop All OA Systems To stop each system, follow the instructions outlined in the Avaya Operational Analyst Maintenance and Troubleshooting Guide, section “Starting and Stopping OA-Related Processes”. In general, the following steps will work: On each AIX system, from a terminal window, type “pa stop all”. Also, stop WebSphere, httpd, initsrv, namesrv and TimesTen . a. To stop WebSphere, cd to $PABASE/bin and execute stopWebSphere server1 b. To stop httpd on 6.1.x, cd to where you have your IHS installed and execute ./apachectl stop On 6.1.x, this will be in /usr/IBMHttpServer/bin. For 7.0, the default location is /usr/IBMIHS/bin c. Edit the /etc/inittab file and change respawn next to nm and in to off; exec init q This will stop the name service and the init service. d. To stop TimesTen you will enter this command, if you used the default TimesTen settings: /usr/bin/stopsrc –s tt_avaya_bi Patch for AIX OA Historcial and Reporting Subsytem (6.1.X, 7.0) 1. Copy the four jars to $PABASE\jars. a. Perform chmod 750 to the four jars b. Perform chown with proper user and group (ie chown biadmin:oaadmin sunjce_provider.jar) Note: The back-up copy of these jar should not be located anywhere within the BI directory. They should be moved to another location. If the files are left within the BI directory, Websphere will attempt to use the older jars. 2. Edit classpath $PABASE/.profile, change the jce1_2_1 to read jce1_2_2 instead. Re-execute the .profile to update the environment variables. 7 OA Start-UP Procedures AIX Start Systems Up To start up each system, follow the instructions outlined in the Avaya Operational Analyst Maintenance and Troubleshooting Guide, section “Starting and Stopping OA-Related Processes”. In general, the following steps will work: 1. Ensure historical server, initsrv and namesrv and TimesTen for AIX are running a. Edit the /etc/inittab file and change off next to nm and in to respawn; exec init q This will stop the name service and the init service. b. To start TimesTen you will enter this command, if you used the default TimesTen settings: /usr/bin/startsrc –s tt_avaya_bi c. Verify TimesTen startup with lssrc -s tt_avaya_bi 2. Run “pa start all” on the historical server. 3. Verify the system started cleanly by using the pa list and amui list commands. 4. Run “pa start all” on all of the non-historical servers 5. Verify the system started cleanly by using the pa list and amui list commands. 6. Start up ICManager and start the ECB process(es). Ensure they are up and have assigned to MSMQ before proceeding. The status line at the bottom of ICManager will alert you that they have assigned. 7. For each non-historical server, from the ICManager, start EC for each non-historical subsystem. 8. Ensure that web service is started on each reporting subsystem .To start web service, cd $PABASE/bin and execute startWebSphere This will start both the Websphere Application Service and httpd processes. TECHNICAL SUPPORT ================== Customers in the U.S. can contact Avaya Operational Analyst Technical Support via the WWW, email and telephone: - WWW (WebQ Support Knowledgebase): - Email: - Phone (U.S.): - Phone (Direct): http://www.avaya.com/support/qq crmsupport@avaya.com 1-888-TECH-SPT (1-888-832-4778) 1-512-425-2201 International customers should contact their regional Avaya Center of Excellence (CoE) for assistance. 8
