ODSEE - Upgrade of NSS Library Breaks Replication over SSL
(Doc ID 2008228.1)
Last updated on AUGUST 01, 2023
Applies to:
Oracle Directory Server Enterprise Edition - Version 11.1.1.7.1 and laterOracle Solaris on x86-64 (64-bit)
Oracle Solaris on SPARC (64-bit)
Symptoms
Broken replication agreements between a HUB and some consumers.
Errors from the HUB instance...
[20/Apr/2015:12:13:44 -0400] - ERROR<8318> - Repl. Transport - <......> op=-1 msgId=-1 - [S] Bind failed with response: Failed to bind to remote (900).
[20/Apr/2015:12:14:15 -0400] - INFORMATION - NSMMReplicationPlugin - <......> op=-1 msgId=-1 - Could not send consumer <CLIENT_IP>:<PORT> the bind request
[20/Apr/2015:12:14:15 -0400] - INFORMATION - NSMMReplicationPlugin - <......> op=-1 msgId=-1 - Could not send consumer <CLIENT_IP>:<PORT> the bind request
Errors on the consumer side...
[20/Apr/2015:11:32:47 -0400] <......> op=-1 msgId=-1 - fd=86 slot=86 LDAPS connection from <CLIENT_IP>:<PORT> to <SERVER_IP>
[20/Apr/2015:11:32:47 -0400] <......> op=0 msgId=-1 - closing from <CLIENT_IP>:<PORT> - B4 - Server failed to flush BER data back to client -
[20/Apr/2015:11:32:47 -0400] <......> op=-1 msgId=-1 - closed.
[20/Apr/2015:11:32:47 -0400] <......> op=0 msgId=-1 - closing from <CLIENT_IP>:<PORT> - B4 - Server failed to flush BER data back to client -
[20/Apr/2015:11:32:47 -0400] <......> op=-1 msgId=-1 - closed.
Network snooping reveals the following...
"TLSv1 61 Alert (Level: Fatal, Description: Bad Certificate)"
Changes
Solaris Cluster patch applied on system hosting the HUB instance, which upgraded the NSS security library.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |