000038503 - AFX Server and remote agents fail to start after updating Java to 1.8u242 or later in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Feb 25, 2020Last modified by RSA Customer Support Employee on Feb 25, 2020
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000038503
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0, 7.1.1, 7.2.0
 
IssueRSA Identity Governance & Lifecycle Access Fulfillment Express (AFX) fails on startup after updating Java JDK version to 1.8u242 (1.8.0.242) or later. Remote collection agents also fail to start.
 

The following ERROR level log message is logged to the esb.AFX-INIT.log file ($AVEKSA_HOME/AFX/esb/logs/esb.AFX-INIT.log):
 




2020-02-07 16:28:04.123 [ERROR] com.aveksa.afx.server.init.ServerInitializationComponent:79 -
Server initialization failed! Please correct the issue and restart AFX.
...
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path validation failed: sun.security.validator.ValidatorException:
TrustAnchor with subject "CN=aveksa_ca, OU=Aveksa, O=Aveksa, L=Waltham, ST=Massachusetts, C=US" is not a CA certificate

 

The following ERROR level log message is logged in the mule_ee.log file (/home/oracle/AFX/esb/logs/mule_ee.log):
 




ERROR 2020-02-07 16:28:04,368 [WrapperListener_start_runner] org.mule.module.launcher.DefaultArchiveDeployer:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Failed to deploy artifact '10_AFX-INIT', see below       +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
org.mule.module.launcher.DeploymentInitException: ValidatorException:
TrustAnchor with subject "CN=aveksa_ca, OU=Aveksa, O=Aveksa, L=Waltham, ST=Massachusetts, C=US" is not a CA certificate


The same errors can be seen in the remote collection agent log file aveksaAgent.log file located in /home/{remoteagentuser}/AveksaAgent/logs.
ResolutionThis issue is being investigated by the Engineering team in order to provide a permanent resolution in a future release.
 
WorkaroundRevert back to a Java version earlier than Java JDK version 1.8u242 (1.8.0.242).
 

Attachments

    Outcomes