000021446 - BEA WebLogic Admin Server for RSA Federated Identity Module (FIM) does not restart after adding a new DefaultKeyStore

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021446
Applies ToBEA WebLogic 7.0
RSA Federated Identity Manager (FIM) 2.0
IssueBEA WebLogic Admin Server for RSA Federated Identity Module (FIM) does not restart after adding a new DefaultKeyStore
WebLogic admin server log file, adminserver.log, shows the following exceptions/errors:

***************************************************************************
The WebLogic Server did not start up properly.
Exception raised:
Realm myrealm not properly configured.
The realm has more than one trusted CA keystore configured.
The realm has more than one private key keystore configured.
at weblogic.management.security.RealmImpl.validate(RealmImpl.java:42)
at java.lang.reflect.Method.invoke(Native Method)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:1287)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:928)
at weblogic.management.commo.CommoProxy.invoke(CommoProxy.java:384)
at $Proxy57.validate(Unknown Source)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:643)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:620)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:742)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:530)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:917)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
--------------- nested within: ------------------
weblogic.security.service.SecurityServiceRuntimeException: Security Realm [myrealm] improperly configured - with nested exception:
[Realm myrealm not properly configured.
The realm has more than one trusted CA keystore configured.
The realm has more than one private key keystore configured.]
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:647)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:620)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:742)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:530)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:917)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: weblogic.security.service.SecurityServiceRuntimeException: Security Realm [myrealm] improperly configured - with nested exception:
[Realm myrealm not properly configured.
The realm has more than one trusted CA keystore configured.
The realm has more than one private key keystore configured.]
Realm myrealm not properly configured.
The realm has more than one trusted CA keystore configured.
The realm has more than one private key keystore configured.
at weblogic.management.security.RealmImpl.validate(RealmImpl.java:42)
at java.lang.reflect.Method.invoke(Native Method)
at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:1287)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1557)
at com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1525)
at weblogic.management.internal.RemoteMBeanServerImpl.invoke(RemoteMBeanServerImpl.java:928)
at weblogic.management.commo.CommoProxy.invoke(CommoProxy.java:384)
at $Proxy57.validate(Unknown Source)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:643)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:620)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:742)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:530)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:917)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
--------------- nested within: ------------------
weblogic.security.service.SecurityServiceRuntimeException: Security Realm [myrealm] improperly configured - with nested exception:
[Realm myrealm not properly configured.
The realm has more than one trusted CA keystore configured.
The realm has more than one private key keystore configured.]
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:647)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:620)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:742)
at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:530)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:917)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
***************************************************************************
Cause
WebLogic does not allow more than one DefaultKeyStore
ResolutionThe following steps can be taken to recover the previous WebLogic environment. This will remove the new keystore recently added, and enable WebLogic administration server startup successfully. It is assumed that RSA Federated Identity Management Module (FIM) is installed at c:\RSASecurity\ (on a Windows box):

1. Make a backup of c:\RSASecurity\ before proceeding with the remaining steps below

2. Go to the directory c:\RSASecurity\CTFIMM\rsaappserver\config\csfdomain. In this directory, there should be 2 files: config.xml and config.booted. Rename config.xml to config.xml.notworking and config.booted to config.xml.

3. Delete the following directory and all subdirectories:    c:\RSASecurity\CTFIMM\rsaapserver\config\csfdomain\userConfig\Security

4. Start WebLogic admin and managed servers

NOTE: Do not create a new default keystore in WebLogic without first removing the existing one
Workaround
Created a second DefaultKeyStore through WebLogic administration console
Legacy Article IDa22944

Attachments

    Outcomes