IBM Support

Unable to connect Java console to Domino server after applying JVM updater SR16FP20

Flash (Alert)


Abstract

After applying JVM updater SR16FP20, you can no longer connect the Java console to the Domino server. Attempts to connect fail with the error: "Either the Server Controller is not running on host <name> or is not listening on port 2050."

Content

This behavior is related to an intentional change in Java6SR16FP20 to tighten security by disabling the MD5 algorithm by default in latest JVM release. The Domino Server Controller, however, currently requires MD5. IBM is investigating a solution to leverage a more secure cipher for the Domino Server Controller (a.k.a. Domino Java Console). This issue is tracked as SPR# RSSNA6UU79.


Note: This issue does not impact Notes clients.


Resolving the problem

SPR RSSNA6UU79 is fixed in version 9.0.1FP5 Interim Fix 2 (IF2) via a server code fix and an updated JVM patch (SR16FP20). IMPORTANT NOTE: It is required to install both 9.0.1FP5IF2 and the new JVM patch to address the issue. Download links are available in the following technote: http://www-01.ibm.com/support/docview.wss?uid=swg21657963

A fix for 8.5.3FP6 servers is still under investigation.


Workarounds


Option 1: Connect to the server via the Server Console in the Domino Administrator client.

Option 2: Re-enable the MD5 algorithm in JVM on the Domino server.

    a. Navigate to the server's jvm/lib/security/java.security file

    b. Remove the MD5 and MD5withRSA values (shown below in bold font) from the following entries:

      jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
      jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768

    c. Restart Domino.



Diagnosing the problem
This error occurs even though, as shown in the following pictures, the Server Controller is running on the host listed and also is listening on the correct port.
  • ServerController=1 is set in the notes.ini


  • Server Controller is still running.

  • Netstat shows port 2050 is open and PID is for scontroller


Note: You can join the discussion on this topic via the following Notes & Domino 9 forum post: http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?action=openDocument&documentId=1FFEBD8F3877038C85257F5700496D7F

Related information

901x Interim Fixes and JVM patches

Document information

More support for: IBM Domino
Security

Software version: 8.5.3, 9.0.1.5

Operating system(s): Windows

Software edition: All Editions

Reference #: 1977125

Modified date: 18 February 2016


Translate this page: