My Oracle Support Banner

"Could not decrypt the CustomTrustKeyStorePassPhrase attribute" when starting SOA managed server on second node (Doc ID 2353204.1)

Last updated on APRIL 17, 2023

Applies to:

Oracle SOA Suite - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

On a 2 node system, the managed server on node2 will not start.

The Admin Server and managed server on node1 start fine.

The managed server on node2 reports the following errors in the logfiles :-

<Jan 10, 2018 10:14:58 AM CST> <Critical> <Security> <BEA-090518> <Could not decrypt the CustomTrustKeyStorePassPhrase attribute value of {AES}XhPrWZ3aQlkrtHSfUnthQ63NGmp7QCuNZQWyLP+9xaY= from the file /u01/soauser/oracle/admin/soa_domain/mserver/soa_domain/servers/WLS_SOA2/data/nodemanager/boot.properties. If you have copied an encrypted attribute from boot.properties from another domain into /u01/soauser/oracle/admin/soa_domain/mserver/soa_domain/servers/WLS_SOA2/data/nodemanager/boot.properties, change the encrypted attribute to its cleartext value then reboot the server. The attribute will be re-encrypted. Otherwise, change all encrypted attributes to their cleartext values, then reboot the server. All encryptable attributes will be re-encrypted. The decryption failed with the exception weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte..>

<Jan 10, 2018 10:14:58 AM CST> <Critical> <Security> <BEA-090518> <Could not decrypt the username attribute value of {AES}Yh4k4+/waIfd2J9o7PeXaRmBrveugW0TaLS8F80toBU= from the file /u01/soauser/oracle/admin/soa_domain/mserver/soa_domain/servers/WLS_SOA2/data/nodemanager/boot.properties. If you have copied an encrypted attribute from boot.properties from another domain into /u01/soauser/oracle/admin/soa_domain/mserver/soa_domain/servers/WLS_SOA2/data/nodemanager/boot.properties, change the encrypted attribute to its cleartext value then reboot the server. The attribute will be re-encrypted. Otherwise, change all encrypted attributes to their cleartext values, then reboot the server. All encryptable attributes will be re-encrypted. The decryption failed with the exception weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte..>

<Jan 10, 2018 10:14:58 AM CST> <Critical>.......

 

The above messages show errors trying to decrypt the CustomTrustKeyStorePassPhrase and username attributes from the boot.properties file.

The boot.properties file contains the user credentials used by the node manager to start the weblogic server.

The majority of the time, this error can be resolved by recreating the boot.properties as described in Doc ID 2245762.1.

However even after recreating the boot.properties, in this case the managed server on node2 still cannot be started, and reports the same errors.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.