OPSS - Unable start OPAM domain after set TLSV1.2 getting [EclipseLink-4002] database connection exception (Doc ID 2296456.1)

Last updated on AUGUST 15, 2017

Applies to:

Oracle Platform Security for Java - Version 11.1.1.7.0 to 11.1.1.9.0 [Release Oracle11g]
Oracle Privileged Account Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.2.3.0 version, Java Platform Security

After set TLSV1.2 in a OPAM domain, unable start admin server, observing the next error:

[EL Severe]: 2017-08-01 20:11:31.469--ServerSession(2110197395)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection
Error Code: 17002
<Aug 1, 2017 8:11:31 PM GMT+00:00> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-04001: Cannot read the default policy store.>
<Aug 1, 2017 8:11:31 PM GMT+00:00> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-04001: Cannot read the default policy store.
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-04001: Cannot read the default policy store.
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
    at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
    at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)
    at weblogic.security.SecurityService.start(SecurityService.java:141)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: oracle.security.jps.JpsRuntimeException: JPS-04001: Cannot read the default policy store.
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.init(PDPServiceImpl.java:483)
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.<init>(PDPServiceImpl.java:455)
    at oracle.security.jps.az.internal.runtime.provider.PDPServiceProvider.getInstance(PDPServiceProvider.java:100)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
    at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
............
Caused By: oracle.security.jps.service.policystore.PolicyStoreException: There was an internal error in the policy store.
    at oracle.security.jps.az.common.pd.service.PDServiceFinder.getPolicyDistributionService(PDServiceFinder.java:75)
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initializeMixedMode(PDPServiceImpl.java:714)
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initial(PDPServiceImpl.java:685)
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.init(PDPServiceImpl.java:480)
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.<init>(PDPServiceImpl.java:455)
    at oracle.security.jps.az.internal.runtime.provider.PDPServiceProvider.getInstance(PDPServiceProvider.java:100)
............
Caused By: java.lang.RuntimeException: There was an internal error in the policy store.
    at oracle.security.jps.az.internal.management.pd.PD.createControlledPolicyStore(PD.java:416)
    at oracle.security.jps.az.internal.management.pd.PD.initializeInternal(PD.java:232)
    at oracle.security.jps.az.internal.management.pd.PD.createPolicyDistributionService(PD.java:265)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at oracle.security.jps.az.common.pd.service.PDServiceFinder.getPolicyDistributionService(PDServiceFinder.java:63)
    at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initializeMixedMode(PDPServiceImpl.java:714)
..............
Caused By: oracle.security.jps.JpsRuntimeException: JPS-04001: Cannot read the default policy store.
    at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.<init>(LdapPolicyStore.java:554)
    at oracle.security.jps.internal.policystore.PolicyStoreImpl.<init>(PolicyStoreImpl.java:66)
    at oracle.security.jps.internal.policystore.PolicyStoreHelper.getPolicyStoreInstance(PolicyStoreHelper.java:114)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at oracle.security.jps.az.internal.management.pd.PD.createControlledPolicyStore(PD.java:403)
.............
Caused By: oracle.security.jps.JpsException: java.security.PrivilegedActionException: oracle.security.jps.service.idstore.IdentityStoreException: JPS-01051: Credential audit events cannot be logged. Reason oracle.security.jps.service.audit.AuditException: JPS-00054: Failed to create the auditor for JPS.
    at oracle.security.jps.internal.policystore.rdbms.DBStoreManager.<init>(DBStoreManager.java:169)
    at oracle.security.jps.internal.policystore.rdbms.DBStoreManager.getInstance(DBStoreManager.java:120)
    at oracle.security.jps.internal.policystore.ldap.StoreManager.getInstance(StoreManager.java:387)
    at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.<init>(LdapPolicyStore.java:525)
    at oracle.security.jps.internal.policystore.PolicyStoreImpl.<init>(PolicyStoreImpl.java:66)
    at oracle.security.jps.internal.policystore.PolicyStoreHelper.getPolicyStoreInstance(PolicyStoreHelper.java:114)
.............
Caused By: java.security.PrivilegedActionException: oracle.security.jps.service.idstore.IdentityStoreException: JPS-01051: Credential audit events cannot be logged. Reason oracle.security.jps.service.audit.AuditException: JPS-00054: Failed to create the auditor for JPS.
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.internal.policystore.rdbms.DBStoreManager.<init>(DBStoreManager.java:162)
    at oracle.security.jps.internal.policystore.rdbms.DBStoreManager.getInstance(DBStoreManager.java:120)
    at oracle.security.jps.internal.policystore.ldap.StoreManager.getInstance(StoreManager.java:387)
    at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.<init>(LdapPolicyStore.java:525)
    at oracle.security.jps.internal.policystore.PolicyStoreImpl.<init>(PolicyStoreImpl.java:66)
    at oracle.security.jps.internal.policystore.PolicyStoreHelper.getPolicyStoreInstance(PolicyStoreHelper.java:114)
................
Caused By: oracle.security.jps.service.idstore.IdentityStoreException: JPS-01051: Credential audit events cannot be logged. Reason oracle.security.jps.service.audit.AuditException: JPS-00054: Failed to create the auditor for JPS.
    at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProperties.getPolicyStoreCredsFromBootstrapCredStore(LdapPolicyStoreProperties.java:269)
    at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProperties.getPolicyStoreCredsFromCredStore(LdapPolicyStoreProperties.java:214)
    at oracle.security.jps.internal.policystore.rdbms.DBStoreManager$1.run(DBStoreManager.java:164)
    at oracle.security.jps.internal.policystore.rdbms.DBStoreManager$1.run(DBStoreManager.java:162)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.internal.policystore.rdbms.DBStoreManager.<init>(DBStoreManager.java:162)
    at oracle.security.jps.internal.policystore.rdbms.DBStoreManager.getInstance(DBStoreManager.java:120)
    at oracle.security.jps.internal.policystore.ldap.StoreManager.getInstance(StoreManager.java:387)
    at oracle.security.jps.internal.policystore.ldap.LdapPolicyStore.<init>(LdapPolicyStore.java:525)
    at oracle.security.jps.internal.policystore.PolicyStoreImpl.<init>(PolicyStoreImpl.java:66)
    at oracle.security.jps.internal.policystore.PolicyStoreHelper.getPolicyStoreInstance(PolicyStoreHelper.java:114)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
...........
Caused By: oracle.security.jps.service.credstore.CredStoreException: JPS-01051: Credential audit events cannot be logged. Reason oracle.security.jps.service.audit.AuditException: JPS-00054: Failed to create the auditor for JPS.
    at oracle.security.jps.internal.credstore.util.CsfUtil.isEventLoggable(CsfUtil.java:809)
    at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.getCredential(SspCredentialStore.java:630)
    at oracle.security.jps.internal.config.util.BootstrapConfigurationUtil.getCredentialFromBootstrapContext(BootstrapConfigurationUtil.java:649)
    at oracle.security.jps.internal.config.util.BootstrapConfigurationUtil.getCredentialFromBootstrapWallet(BootstrapConfigurationUtil.java:622)
    at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProperties.getPolicyStoreCredsFromBootstrapCredStore(LdapPolicyStoreProperties.java:267)
    at oracle.security.jps.internal.policystore.ldap.LdapPolicyStoreProperties.getPolicyStoreCredsFromCredStore(LdapPolicyStoreProperties.java:214)
    at oracle.security.jps.internal.policystore.rdbms.DBStoreManager$1.run(DBStoreManager.java:164)
    at oracle.security.jps.internal.policystore.rdbms.DBStoreManager$1.run(DBStoreManager.java:162)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.internal.policystore.rdbms.DBStoreManager.<init>(DBStoreManager.java:162)
    at oracle.security.jps.internal.policystore.rdbms.DBStoreManager.getInstance(DBStoreManager.java:120)
..............
Caused By: oracle.security.jps.service.audit.AuditException: JPS-00054: Failed to create the auditor for JPS.
    at oracle.security.jps.internal.audit.DelegateAuditor$DynAuditor.<init>(DelegateAuditor.java:194)
    at oracle.security.jps.internal.audit.AuditServiceImpl.getAuditorUnsecurely(AuditServiceImpl.java:314)
    at oracle.security.jps.internal.audit.AuditServiceImpl.getAuditor(AuditServiceImpl.java:301)
    at oracle.security.jps.internal.audit.AuditServiceImpl.getAuditor(AuditServiceImpl.java:442)
    at oracle.security.jps.internal.audit.AuditServiceImpl$2.run(AuditServiceImpl.java:609)
    at oracle.security.jps.internal.audit.AuditServiceImpl$2.run(AuditServiceImpl.java:607)
    at java.security.AccessController.doPrivileged(Native Method)
.................
Caused By: oracle.security.jps.JpsException: JPS-08511: Audit store was not fully initialized until data source is available.
    at oracle.security.audit.config.dynamic.persistence.internal.ldap.AuditStoreDataManager.checkInitStatus(AuditStoreDataManager.java:230)
    at oracle.security.audit.config.dynamic.persistence.internal.ldap.AuditStoreDataManager.searchAuditDefinition(AuditStoreDataManager.java:417)
    at oracle.security.audit.config.dynamic.persistence.internal.ldap.LdapAuditStore.getComponentDef(LdapAuditStore.java:234)
    at oracle.security.jps.internal.audit.DelegateAuditor$DynAuditor.<init>(DelegateAuditor.java:170)
    at oracle.security.jps.internal.audit.AuditServiceImpl.getAuditorUnsecurely(AuditServiceImpl.java:314)
    at oracle.security.jps.internal.audit.AuditServiceImpl.getAuditor(AuditServiceImpl.java:301)
..................
>
<Aug 1, 2017 8:11:31 PM GMT+00:00> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>



The issue can be reproduced after set TLSV1.2 following procedure documented in

How to Enable the Communication Over TLS1.2 for OPAM 11.1.2.3 with OPAM DB Schemas? (Doc ID 2296073.1)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms