Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000035592 - AFX server does not start after upgrade to 7.0.1 or higher of RSA Identity Governance & Lifecycle

Document created by RSA Customer Support

on Oct 7, 2017

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000035592
Applies To	RSA Product Set: RSA Identity Governance & Lifecycle RSA Product/Service Type: Access Fulfillment Express (AFX) RSA Version/Condition: 7.0.1 and 7.0.2 Platform: Websphere
Issue	After upgrading to 7.0.1 or 7.0.2 from an earlier version of RSA Identity Governance and Lifecycle, AFX fails to start. The errors in the logs are: esb.AFX-INIT.log 2017-09-20 17:06:04.117 [ERROR] com.aveksa.afx.server.init.SubmitInitializationRequestComponent:156 - Error submitting initialization request to RSA Identity Governance and Lifecycle server! 2017-09-20 17:06:04.117 [ERROR] com.aveksa.afx.server.init.SubmitInitializationRequestComponent:162 - Unable to establish secure (SSL) connection with RSA Identity Governance and Lifecycle server. 2017-09-20 17:06:04.118 [ERROR] com.aveksa.afx.server.init.SubmitInitializationRequestComponent:171 - SSL certificates for RSA Identity Governance and Lifecycle server and AFX were not issued by the same RSA Identity Governance and Lifecycle Certificate Authority(CA). You may encounter this problem if the RSA Identity Governance and Lifecycle certificate store has been changed, but either the RSA Identity Governance and Lifecycle server OR AFX installation hasn't been updated with the respective keystore containing new certificate and CA entries. Please update both the RSA Identity Governance and Lifecycle server and AFX installations with latest respective keystore available for download in the RSA Identity Governance and Lifecycle application. 2017-09-20 17:06:04.119 [ERROR] com.aveksa.afx.server.init.ServerInitializationComponent:79 - Server initialization failed! Please correct the issue and restart AFX. org.mule.api.transport.DispatchException: Failed to route event via endpoint: DefaultOutboundEndpoint{endpointUri=https://sedcasod0020.emea.isn.corpintra.net:8444/aveksa/afx/initialization, connector=HttpsConnector mule_ee.log ERROR 2017-09-12 16:07:44,357 [WrapperListener_start_runner] org.mule.module.launcher.DefaultArchiveDeployer: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Failed to deploy artifact '10_AFX-INIT', see below + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ org.mule.module.launcher.DeploymentInitException: CertPathBuilderException: Could not build a validated path. at org.mule.module.launcher.application.DefaultMuleApplication.init(DefaultMuleApplication.java:196) at org.mule.module.launcher.artifact.ArtifactWrapper$2.execute(ArtifactWrapper.java:62) at org.mule.module.launcher.artifact.ArtifactWrapper.executeWithinArtifactClassLoader(ArtifactWrapper.java:129) at org.mule.module.launcher.artifact.ArtifactWrapper.init(ArtifactWrapper.java:57) at org.mule.module.launcher.DefaultArtifactDeployer.deploy(DefaultArtifactDeployer.java:25) at org.mule.module.launcher.DefaultArchiveDeployer.guardedDeploy(DefaultArchiveDeployer.java:310) at org.mule.module.launcher.DefaultArchiveDeployer.deployArtifact(DefaultArchiveDeployer.java:330) at org.mule.module.launcher.DefaultArchiveDeployer.deployExplodedApp(DefaultArchiveDeployer.java:297) at org.mule.module.launcher.DefaultArchiveDeployer.deployExplodedArtifact(DefaultArchiveDeployer.java:108) at org.mule.module.launcher.DeploymentDirectoryWatcher.deployExplodedApps(DeploymentDirectoryWatcher.java:289) at org.mule.module.launcher.DeploymentDirectoryWatcher.start(DeploymentDirectoryWatcher.java:146) at org.mule.module.launcher.MuleDeploymentService.start(MuleDeploymentService.java:99) at org.mule.module.launcher.MuleContainer.start(MuleContainer.java:152) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.mule.module.reboot.MuleContainerWrapper.start(MuleContainerWrapper.java:52) at org.tanukisoftware.wrapper.WrapperManager$11.run(WrapperManager.java:4048) Caused by: org.mule.api.config.ConfigurationException: Error creating bean with name 'serverInitialization' defined in URL [file:/home/afxusr/AFX/esb/apps/10_AFX-INIT/mule-config.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.aveksa.afx.server.init.ServerInitializationComponent]: Constructor threw exception; nested exception is org.mule.api.lifecycle.InitialisationException: Server initialization failed! Please correct the issue and restart AFX. esb.AFX-MAIN.log 2017-09-12 16:07:45.588 [ERROR] org.mule.module.launcher.application.DefaultMuleApplication:361 - null java.lang.IllegalArgumentException: Could not resolve placeholder 'afx.server.activemq.password' in string value "${afx.server.activemq.password}"
Cause	Starting in 7.0.1, the required Quality of Protection (QoP) protocol is TLSv1.2. By default, Websphere defines this value as SSL_TLS.
Resolution	Steps to resolve this error are in the RSA Identity Governance and Lifecycle Installation Guide under the section entitled "Create a Keystore in the WebSphere Server." Here are the steps: 1. In the WebSphere console, click Security > SSL certificate and key management > SSL configurations. 2. Select the associated Aveksa Agent SSL configuration. 3. Under Additional Properties, select Quality of Protection (QoP) settings. 4. Under Client authentication, select Required. 5. Under Protocol, select TLSv1.2. 6. Click OK to save the changes. 7. Restart WebSphere.

Attachments

Outcomes

0 Comments

Recommended Content