Patch Pre-check Fails on JCS when using Custom Identity and Custom Trust for SSL on WebLogic Server

(Doc ID 2358621.1)

Last updated on FEBRUARY 12, 2018

Applies to:

Java Cloud Service - Version N/A and later
Information in this document applies to any platform.

Symptoms

Current Environment: WLS 12.2.1.2.171027


ISSUE:

- While running patch pre-check via JCS UI , we get the following error

- The following error is shown in the activity log..

Jan 30, 2018 11:27:24 PM UTC Phase initialize completed
Jan 30, 2018 11:27:24 PM UTC pre-check-patch job [20721366] initiated by
[XXXXXXXX@XXXXXXXXXX.com] started...
Jan 30, 2018 11:27:24 PM
UTC patching.action.precheck-pre-action.phase_completed
Jan 30, 2018 11:27:34 PM UTC Verifying that the Database service is running
on host: xxxxxxxxxx.
Jan 30, 2018 11:27:35 PM UTC Verifying that the Admin Server is running on
host: xxxxxxxxxxxxxx.
Jan 30, 2018 11:27:35 PM UTC Verified that the Database service is running on
host: xxxxxxxxxxxx.
Jan 30, 2018 11:27:35 PM UTC Verified that the Admin Server is running on
host: xxxxxxxxxxxxxx.
Jan 30, 2018 11:27:35 PM UTC Verifying that the Node Manager is running on
host: xxxxxxxxxxxxxx.
Jan 30, 2018 11:28:30 PM UTC Failed
Jan 30, 2018 11:28:30 PM UTC Failure: [Could not reach Node Manager on host:
wonopcdap1-wls-1. Please start the Node Manager and then try again. You can
refer to Oracle Fusion Middleware documentation for further details]

 

 - The nodemanager process was running when the patch precheck was run from the JCS UI

-  We can use WLST to connect to the nodemanager after setting JAVA_OPTIONS for WLST

 [oracle@xxxxxxxxxxxx~]$ . /u01/app/oracle/middleware/wlserver/server/bin/setWLSEnv.sh
CLASSPATH=/u01/jdk/lib/tools.jar:/u01/app/oracle/middleware/wlserver/modules/features/wlst.wls.classpath.jar:

PATH=/u01/app/oracle/middleware/wlserver/server/bin:/u01/app/oracle/middleware/wlserver/../oracle_common/modules/org.apache.ant_1.9.2/bin:/u01/jdk/jre/bin:/u01/jdk/bin:/u01/jdk/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/u01/app/oracle/tools/home/oracle/bin:/u01/app/oracle/middleware/wlserver/../oracle_common/modules/org.apache.maven_3.2.5/bin

Your environment has been set.
[oracle@xxxxxxxxxxx ~]$ java -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=/u01/data/domains/example_domain/ssl/example.jks -Dweblogic.security.SSL.trustedCAkeystore=/u01/data/domains/example_domain/ssl/example.jks weblogic.WLST

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> nmConnect("username","password","hostname","5556","domain name","domain path","SSL")
Connecting to Node Manager ...
<Feb 7, 2018 9:31:32 PM UTC> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Feb 7, 2018 9:31:32 PM UTC> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
<Feb 7, 2018 9:31:32 PM UTC> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier.>
Successfully Connected to Node Manager.
wls:/nm/wonopcda_domain>

 

- Using wlst.sh , we cannot connect to the nodemanager 

 

[oracle@xxxxxxxxxxxx ~]$ /u01/app/oracle/middleware/oracle_common/common/bin/wlst.sh

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> nmConnect("weblogic","xxxxxxxxx","xxxxxxxxx","5556","xxxxxxxxxx", "u01/data/domains/xxxxxxxxxx","ssl")
Connecting to Node Manager ...
<Feb 7, 2018 9:23:58 PM UTC> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Feb 7, 2018 9:23:58 PM UTC> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
<Feb 7, 2018 9:23:58 PM UTC> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier.>
Traceback (innermost last):
File "<console>", line 1, in ?
File "<iostream>", line 111, in nmConnect
File "<iostream>", line 553, in raiseWLSTException
WLSTException: Error occurred while performing nmConnect : Cannot connect to Node Manager. : General SSLEngine problem
Use dumpStack() to view the full stacktrace :
wls:/offline>

 

 

Changes

 - Customer configured WebLogic Server to use Custom Identity and Custom Trust for SSL

 - Nodemanager password was not modified and is the same from the time the instance was provisioned.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms