IBM Support

PH34028: SERVER DOES NOT START AFTER ENABLING AES ENCRYPTION

A fix is available

PH34028:Server does not start after enabling AES encryption

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The server does not start after enabling AES encryption. When
the issue happens, SystemOut.log and ffdc shows error messages
that suggest keystore failed to open and sockets are not
created.

---Sample SystemOut.log ------
12/21/20 14:37:22:671 CET]
00000001 SecurityCompo A JSAS0009I: IOR interceptor
registered.
[12/21/20 14:37:22:729 CET] 00000001 FfdcProvider W
com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC
Incident emitted on C:\IBM\Workflow\V20\profiles\DmgrProfile\log
s\ffdc\dmgr_93c5a0df_20.12.21_14.37.22.7134680412014954678933.tx
t com.ibm.ws.ssl.provider.AbstractJSSEProvider 601
[12/21/20
14:37:22:731 CET] 00000001 FfdcProvider W
com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC
Incident emitted on C:\IBM\Workflow\V20\profiles\DmgrProfile\log

s\ffdc\dmgr_93c5a0df_20.12.21_14.37.22.729508452025414219953.txt
com.ibm.websphere.ssl.JSSEHelper.getSSLContext 704
[12/21/20
14:37:22:733 CET] 00000001 FfdcProvider W
com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC
Incident emitted on C:\IBM\Workflow\V20\profiles\DmgrProfile\log
s\ffdc\dmgr_93c5a0df_20.12.21_14.37.22.7321517362465944198880.tx
t com.ibm.ws.security.orbssl.WSSSLServerSocketFactoryImpl.create
SSLServerSocket
459
--------------------------------------------


---Sample trace (SASRas=all) output ----------
Current trace specification =
*=info:com.ibm.ws.security.=all:com.ibm.websphere.security.=all:
SASRas=all
************* End Display Current Environment *************
[1/4/21 11:23:58:197 CET] 00000001 ManagerAdmin  I
TRAS0018I: The trace state has changed. The new trace state is
*=info:com.ibm.ws.security.=all:com.ibm.websphere.security.=all:
SASRas=all.
...
[1/4/21 11:23:59:488 CET] 00000001 ModelMgr      I
WSVR0801I: Initializing all server configuration models
[1/4/21 11:24:21:603 CET] 00000001 PropertyManag 3
getInstance reinitialize=true
[1/4/21 11:24:21:603 CET] 00000001 PropertyManag 3
getInstance no param
[1/4/21 11:24:21:605 CET] 00000001 PropertyManag >  initialize
Entry
[1/4/21 11:24:21:605 CET] 00000001 PropertyManag >
getCellName Entry
[1/4/21 11:24:21:606 CET] 00000001 PropertyManag 3
isServer=false Trying to get local.cell System property
[1/4/21 11:24:21:606 CET] 00000001 PropertyManag <  cellName
null Exit   <==========  Server fails to obtain cellName

---------------------------------------------------

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server                                      *
*                  that has AES encryption enabled.            *
****************************************************************
* PROBLEM DESCRIPTION: The server fails to decrypt the AES     *
*                      encrypted passwords at startup due to   *
*                      timing issue                            *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
At server startup, occasionally, the AES encrypted passwords
were
not successfully decrypted. It was due to the delay in loading
necessary information to perform decryption.

    



Problem conclusion


    

  • The timing issue has been fixed.

The fix for this APAR is targeted for inclusion in fix pack
8.5.5.20 and 9.0.5.8. For more information, see 'Recommended
Updates for WebSphere Application Server':
https://www.ibm.com/support/pages/node/715553

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH34028
    • 

  • Reported component name
    WEBS APP SERV N
    • 

  • Reported component ID
    5724H8800
    • 

  • Reported release
    850
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-02-01
    • 

  • Closed date
    2021-03-03
    • 

  • Last modified date
    2021-04-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WEBS APP SERV N
    • 

  • Fixed component ID
    5724H8800
    • 



Applicable component levels


    

  • R850  PSY
       UP
    • 

  • R900  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 November 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback