1 2 Previous Next 15 Replies Latest reply on Apr 26, 2016 2:11 PM by Jay Bhavsar

    Issue while creating Patch Catalog

    Jay Bhavsar

      While creating Patch Catalog I am getting below errors

       

       

      Error 04/13/2016 10:35:58 Error occured while creating the Feed, Error: Error while creating catalog metadata directory (Caused By: JNI fileExists '//msuselkg1699//d/depot//patch/catalog/catalog_2000404' failed:: No authorization to access host)

       

       

      Error 04/13/2016 10:35:58 Error while finding associated catalog for the catalog update job: RHEL_04132016_CUJ-2016-04-13 10-35-30-410-0500 (DBKey:SJobKeyImpl:3088-4), Error: java.io.IOException: JNI fileExists '//msuselkg1699/d/depot//patch/catalog/catalog_2000404' failed:: No authorization to access host (Caused By: JNI fileExists '//msuselkg1699/d/depot//patch/catalog/catalog_2000404' failed:: No authorization to access host)

       

       

      I will attach Screenshot for you.

      Our Repository Server is uxuselkg104 but in log it is going to msuselkg1699 (i.e. instead of path //uxuselkg104.admin.cargill.com/opt/bbsa_repo/rhel/rhel6L_04132016 it is taking //msuselkg1699//d/depot//patch/catalog/catalog_2000404)

       

      Screenshot attached.

       

      Please help

        • 1. Re: Issue while creating Patch Catalog
          Bill Robinson

          look in the agent log on msuselkg1699.  for when you get the 'no authorization to access host'. what role:user do you see connecting ?

           

          i'm assuming msuselkg1699 is the file server - there is patch related data stored there even though the patches themselves are stored on another server.

          • 2. Re: Issue while creating Patch Catalog
            Monoj Padhy

            As stated by Bill, there are some additional files(metadata) stored in our file server related to patch catalog. I am sure your your role:user don not have write permission against file server. Have a look at your agent security files (msuselkg1699). Make sure proper entry is available for the user and role combination as below.

             

            role:user      rw,map=administrator/root

             

            you may wish to have a look here.

            Configuring the users or users.local files - BMC Server Automation 8.5 - BMC Documentation

             

            -

            Monoj

            • 3. Re: Issue while creating Patch Catalog
              Jay Bhavsar

              Hello All,

               

              Users.local have below entries

               

              BLAdmins:*rw,map=rotartsinimda
              RBACAdmins:*rw,map=rotartsinimda

               

               

              System:System

              rw,map=rotartsinimda

               

              and rscd.log has SYSTEM (Not_available): (Not_available): new_connection: SSL Protocol Mismatch Error in it.

               

              attaching rscd.log

              • 4. Re: Issue while creating Patch Catalog
                Jay Bhavsar

                27089557207ad78d8ea6 0000000001 04/13/16 23:27:41.147 INFO     rscd -  MSUSELKG1699 6848 SYSTEM (Not_available): (Not_available): FIPS Enabled

                029d17c579f46ead15a2 0000000002 04/13/16 23:27:41.147 INFO     rscd -  MSUSELKG1699 6848 SYSTEM (Not_available): (Not_available): Agent version is 8.5.01.304

                cecc0408f8def18ebd32 0000000003 04/13/16 23:27:41.147 INFO     rscd -  MSUSELKG1699 6848 SYSTEM (Not_available): (Not_available): The operation completed successfully. 

                8a6ace046ea25bea597b 0000000004 04/13/16 23:27:41.163 INFO     rscd -  MSUSELKG1699 6848 SYSTEM (Not_available): (Not_available): Platform Details: x86_64;MSUSELKG1699;6.1;WindowsNT;7601;x86_64

                de8df7afbe3813391beb 0000000005 04/13/16 23:27:41.163 INFO     rscd -  MSUSELKG1699 6848 SYSTEM (Not_available): (Not_available): Main: **** RSCD started (app) ****

                d79948f31a33e2bf93b8 0000000006 04/13/16 23:27:41.163 INFO     rscd -  MSUSELKG1699 4804 SYSTEM (Not_available): (Not_available): User Privilege Mapping enabled.

                7fdefd0e2e448899c897 0000000007 04/13/16 23:27:41.163 INFO     rscd -  MSUSELKG1699 4804 SYSTEM (Not_available): (Not_available): The following local user will be used by the agent for user privilege mapping: BladeLogicRSCD

                ec0ee648577cc255ea0c 0000000008 04/13/16 23:29:28.882 ERROR    rscd -  10.47.134.241 6468 SYSTEM (Not_available): (Not_available): new_connection: SSL Protocol Mismatch Error

                1d022c7f42363be8baff 0000000009 04/13/16 23:29:28.991 ERROR    rscd -  10.47.134.241 6132 SYSTEM (Not_available): (Not_available): new_connection: SSL Protocol Mismatch Error

                c02d56c965ffb0a66e98 0000000010 04/13/16 23:31:49.768 ERROR    rscd -  10.47.134.241 932 SYSTEM (Not_available): (Not_available): new_connection: SSL Protocol Mismatch Error

                2c12c144db1142bd4ca3 0000000011 04/13/16 23:31:49.877 ERROR    rscd -  10.47.134.241 6700 SYSTEM (Not_available): (Not_available): new_connection: SSL Protocol Mismatch Error

                fb82df298ab3e88e650a 0000000012 04/13/16 23:37:41.692 INFO     rscd -  MSUSELKG1699 6848 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.

                ecc4cd368d713987bb01 0000000013 04/13/16 23:47:41.707 INFO     rscd -  MSUSELKG1699 6848 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.

                97cd7f16d959cae329aa 0000000014 04/13/16 23:49:43.046 INFO     rscd -  MSUSELKG1699 6108 SYSTEM (Not_available): (Not_available): FIPS already enabled

                cd0bbd36caf24c77a4d6 0000000015 04/13/16 23:49:43.358 INFO     rscd -  MSUSELKG1699 6108 BladeLogicRSCD (Not_available): (Not_available): The operation completed successfully. 

                e6a5717086bc2e07b9ca 0000000016 04/13/16 23:49:48.334 INFO1    rscd -  10.47.134.247 1940 BladeLogicRSCD@MSUSELKG1699->rotartsinimda@MSUSELKG1699:PrivilegeMapped (BLAdmins:BLAdmin): CM: > [Client] Retrieving local user accounts

                4becaebc61eeebcbbf95 0000000017 04/13/16 23:49:48.459 INFO     rscd -  MSUSELKG1699 1940 BladeLogicRSCD (Not_available): (Not_available): Getting Users details

                47039b78ed4916f05b8a 0000000018 04/13/16 23:49:49.301 INFO     rscd -  MSUSELKG1699 1940 BladeLogicRSCD (Not_available): (Not_available): Got Users details: 4 entries

                389c0fe44f799a896823 0000000019 04/13/16 23:57:41.722 INFO     rscd -  MSUSELKG1699 6848 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.

                200500f90c6790863671 0000000020 04/14/16 00:07:41.737 INFO     rscd -  MSUSELKG1699 6848 SYSTEM (Not_available): (Not_available): Main: Starting AgentHouseKeeping.

                • 5. Re: Issue while creating Patch Catalog
                  Monoj Padhy

                  verify your secure file content as below

                  rscd:port=4750:protocol=5:tls_mode=encryption_only:encryption=tls

                  default:port=4750:protocol=5:tls_mode=encryption_only:encryption=tls

                   

                  Also verify if your gui user has access to secure file. i believe its unable to read secure file content properly.

                   

                  try to execute agentinfo MSUSELKG1699 from your client machine and observe the output.

                   

                  Error Buffer - Permission Denied

                  Problem with RSCD

                  Error Message in rscd.log:  SYSTEM (???): ???: new_connection: SSL finish error.

                  • 6. Re: Issue while creating Patch Catalog
                    Jay Bhavsar

                    Now,

                    Error.PNG

                    While creating new aptch catalog, I am getting

                     

                    Error while updating feed: Either service is Unavailable or credentials are Invalid. Failed to connect to RHN xml rpc server. (Caused By: Login to https://rhn.redhat.com/rpc/apifailed. can't proceed:  (Caused By: I/O error while communicating with HTTP server: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty (Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty (Caused By: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty (Caused By: the trustAnchors parameter must be non-empty)))))

                    • 7. Re: Issue while creating Patch Catalog
                      Bill Robinson

                      ok, and you are running the cuj as a member of BLAdmins ?

                      • 8. Re: Issue while creating Patch Catalog
                        Bill Robinson

                        that error looks like you don't have the correct rhn credentials entered or there is some issue connecting w/ the redhat site.  are you using a proxy?  can the appserver connect directly to the redhat site ?  this is just a rhel5 or 6 catalog, not rhel7 ?

                         

                        also - why are you using an online catalog?  in your other post you said you needed to have the child channels available.  that will only work in an offline catalog.

                        • 10. Re: Issue while creating Patch Catalog
                          Jay Bhavsar

                          Hello Bill,

                           

                          The credentials are correct. I checked the same credentials for logging into RHEL site directly.

                          Yes we are using proxy. Let me know how can I chcek if proxy is blocking this However I can access RHEL site from appserver through IE.

                           

                          I am using online catalog this time for base channels.

                           

                          Regards,

                          Jay

                          • 11. Re: Issue while creating Patch Catalog
                            Jay Bhavsar

                            In Appserver1 I can see below error,

                             

                            [25 Apr 2016 04:47:41,158] [PSU-Thread-1] [ERROR] [BLAdmin:BLAdmins:] [Patch-Metadata-Updator] Error while updating metadata

                            com.bmc.sa.patchfeed.FeedException: Either service is Unavailable or credentials are Invalid. Failed to connect to RHN xml rpc server.

                              at com.bmc.sa.patchfeed.redhat.util.RhnApiService.loginToRhn(Unknown Source)

                              at com.bmc.sa.patchfeed.redhat.RedHatFeedUpdator.run(Unknown Source)

                              at java.lang.Thread.run(Unknown Source)

                              at com.bladelogic.om.patch.app.psu.PSUThreadFactory$PSUThread.run(PSUThreadFactory.java:81)

                            Caused by: com.bmc.sa.patchfeed.FeedException: Login to https://rhn.redhat.com/rpc/apifailed. can't proceed:

                              at com.bmc.sa.patchfeed.redhat.util.RhnApiServiceManager.login(Unknown Source)

                              ... 4 more

                            Caused by: org.apache.xmlrpc.XmlRpcException: I/O error while communicating with HTTP server: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

                              at com.bmc.sa.patchfeed.util.net.xmlrpc.XmlRpcApacheTransport.writeRequest(Unknown Source)

                              at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:151)

                              at org.apache.xmlrpc.client.XmlRpcHttpTransport.sendRequest(XmlRpcHttpTransport.java:143)

                              at org.apache.xmlrpc.client.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:56)

                              at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:167)

                              at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:137)

                              at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:126)

                              ... 5 more

                            Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

                              at sun.security.ssl.Alerts.getSSLException(Unknown Source)

                              at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

                              at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

                              at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)

                              at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

                              at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

                              at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)

                              at org.apache.http.impl.conn.HttpClientConnectionOperator.upgrade(HttpClientConnectionOperator.java:169)

                              at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:329)

                              at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:398)

                              at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)

                              at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)

                              at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)

                              at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)

                              at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:186)

                              at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)

                              at com.bmc.sa.patchfeed.util.net.client.ApacheConnectionClientImpl.executeMethod(Unknown Source)

                              ... 12 more

                            Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

                              at sun.security.validator.PKIXValidator.<init>(Unknown Source)

                              at sun.security.validator.Validator.getInstance(Unknown Source)

                              at sun.security.ssl.X509TrustManagerImpl.getValidator(Unknown Source)

                              at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(Unknown Source)

                              at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

                              at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

                              at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

                              at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

                              at sun.security.ssl.Handshaker.processLoop(Unknown Source)

                              at sun.security.ssl.Handshaker.process_record(Unknown Source)

                              at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

                              at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

                              ... 25 more

                            Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

                              at java.security.cert.PKIXParameters.setTrustAnchors(Unknown Source)

                              at java.security.cert.PKIXParameters.<init>(Unknown Source)

                              at java.security.cert.PKIXBuilderParameters.<init>(Unknown Source)

                              ... 37 more

                            [25 Apr 2016 04:47:41,158] [WorkItem-Thread-6] [ERROR] [BLAdmin:BLAdmins:] [Patch-Metadata-Updator] Error while updating feed: Either service is Unavailable or credentials are Invalid. Failed to connect to RHN xml rpc server. (Caused By: Login to https://rhn.redhat.com/rpc/apifailed. can't proceed:  (Caused By: I/O error while communicating with HTTP server: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty (Caused By: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty (Caused By: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty (Caused By: the trustAnchors parameter must be non-empty)))))

                            [25 Apr 2016 04:47:41,174] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Patches newly added: 0

                            [25 Apr 2016 04:47:41,174] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Patches updated: 0

                            [25 Apr 2016 04:47:41,175] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Patches obsoleted: 0

                            [25 Apr 2016 04:47:41,175] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Patches failed to be process: 0

                            [25 Apr 2016 04:47:41,175] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Patches downloaded: 0

                            [25 Apr 2016 04:47:41,175] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Patches failed to be downloaded: 0

                            [25 Apr 2016 04:47:41,176] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Patches with invalid/deprecated urls: 0

                            [25 Apr 2016 04:47:41,176] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Referrers newly added: 0

                            [25 Apr 2016 04:47:41,176] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Referrers updated: 0

                            [25 Apr 2016 04:47:41,176] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Referrers obsoleted: 0

                            [25 Apr 2016 04:47:41,177] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Referrers failed to be process: 0

                            [25 Apr 2016 04:47:41,372] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Creating the ISystem object for the host:uxuselkg104.admin.cargill.com and the root dir:/opt/bbsa_repo/pcs/PRODRHEL6ONLINE

                            [25 Apr 2016 04:47:41,392] [Job-Execution-1] [INFO] [BLAdmin:BLAdmins:] [CatalogUpdate] Catalog update progress is completed.

                            [25 Apr 2016 04:47:41,393] [Job-Execution-1] [ERROR] [BLAdmin:BLAdmins:] [CatalogUpdate] The job 'PROD_RHEL6_ONLINE_JAYESH_CUJ-2016-04-25 04-15-08-312-0500' has failed

                            • 12. Re: Issue while creating Patch Catalog
                              Bill Robinson

                              http or https proxy?  if https, did you add the proxy's cert to the cacerts file for the appserver ?

                              • 13. Re: Issue while creating Patch Catalog
                                Jay Bhavsar

                                Hello Bill,

                                 

                                I have gone through OS Patching Vendor Health Dashboard  and downloaded http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

                                but let me know how can I use keytool

                                 

                                keytool.exe -import -alias DigiCertSHA2HighAssuranceServerCA -file DigiCertSHA2HighAssuranceServerCA.crt -keystore <installationDirectory>\NSH\jre\lib\security\cacerts

                                 

                                 

                                shall I directly run from cmd or is their any other way because from cmd it is giving me error that keytool is not recognized as an internal or external command.

                                 

                                Regards,

                                Jay

                                • 14. Re: Issue while creating Patch Catalog
                                  Bill Robinson

                                  keytool will be in the jre directory.  if it's not in the path you can't just run it and expect the os to find it.

                                   

                                  on windows it should be in NSH\jre\bin.

                                  1 2 Previous Next