The following error keeps showing up:
ERROR 12:39:10,529 PriviledgedActionException as:cassandra/datastax3.mytest.org#MYTEST.ORG cause:org.apache.hadoop.ipc.RemoteException: GSS initiate failed
INFO 12:39:10,529 Initiating logout for cassandra/datastax3.mytest.org#MYTEST.ORG
INFO 12:39:10,529 Initiating re-login for cassandra/datastax3.mytest.org#MYTEST.ORG
WARN 12:39:13,009 Auth failed for 170.173.220.222:56765:null
INFO 12:39:13,009 IPC Server listener on 8012: readAndProcess threw exception javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]. Count of bytes read: 0
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]
at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:177)
at org.apache.hadoop.ipc.Server$Connection.saslReadAndProcess(Server.java:1007)
at org.apache.hadoop.ipc.Server$Connection.readAndProcess(Server.java:1180)
at org.apache.hadoop.ipc.Server$Listener.doRead(Server.java:537)
at org.apache.hadoop.ipc.Server$Listener$Reader.run(Server.java:344)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:788)
Original post: http://www.datastax.com/support-forums/topic/error-message-in-systemlog-with-kerberos-enabled
AES 256 is not supported by JVM by default. You need to install unlimited strength cryptography extension first to enable AES 256.
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
Thanks to Piotr for the original answer.
Related
I've turned on less secured apps on google.
Checked use SMTP Authentication in Jenkins.
Tried using AWS Simple email service too.
But still, Authentication required error is showing up
Error logs using Google SMTP
ERROR: 530-5.5.1 Authentication Required. Learn more at
530 5.5.1 https://support.google.com/mail/?p=WantAuthError x9sm20383081pje.27 - gsmtp
com.sun.mail.smtp.SMTPSendFailedException: 530-5.5.1 Authentication Required. Learn more at
530 5.5.1 https://support.google.com/mail/?p=WantAuthError x9sm20383081pje.27 - gsmtp
at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:2057)
at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1580)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1097)
at javax.mail.Transport.send0(Transport.java:195)
at javax.mail.Transport.send(Transport.java:124)
at hudson.tasks.MailSender.run(MailSender.java:130)
at hudson.tasks.Mailer.perform(Mailer.java:175)
at hudson.tasks.Mailer.perform(Mailer.java:138)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:741)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:690)
at hudson.model.Build$BuildExecution.post2(Build.java:186)
at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:635)
at hudson.model.Run.execute(Run.java:1840)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)
Finished: FAILURE
Error logs using using AWS Simple Email Service
ERROR: 530 Authentication required
com.sun.mail.smtp.SMTPSendFailedException: 530 Authentication required
at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:2057)
at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1580)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1097)
at javax.mail.Transport.send0(Transport.java:195)
at javax.mail.Transport.send(Transport.java:124)
at hudson.tasks.MailSender.run(MailSender.java:130)
at hudson.tasks.Mailer.perform(Mailer.java:175)
at hudson.tasks.Mailer.perform(Mailer.java:138)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:741)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:690)
at hudson.model.Build$BuildExecution.post2(Build.java:186)
at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:635)
at hudson.model.Run.execute(Run.java:1840)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)
Finished: FAILURE
I have tried Developer Studio 11.3.0, and 12.0.0. I've tried EAP 6.4.0, and 7.1.0. Everything gives me the same error. I've run it with servers in RHEL on AWS and a DevStudio in Windows 10 or Windows 7. I've run it with server and DevStudio on the same Fedora system. Always the same error when I try to "start" the remote server:
The initialization produced an exception, which can occur due to incorrect security credentials. Please review the exception messages by clicking the Details button.
* java.io.IOException: java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://LOCALHOST:9990. The connection failed
* java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://LOCALHOST:9990. The connection failed
* WFLYPRT0053: Could not connect to http-remoting://LOCALHOST:9990. The connection failed
* Authentication failed: all available authentication mechanisms failed:
JBOSS-LOCAL-USER: javax.security.sasl.SaslException: ELY05128: [JBOSS-LOCAL-USER] Failed to read challenge file [Caused by java.io.FileNotFoundException: /datavirt/jboss/EAP-7.1.0/standalone/tmp/auth/local3848441195962286340.challenge (Permission denied)]
DIGEST-MD5: javax.security.sasl.SaslException: DIGEST-MD5: Server rejected authentication
Here's a bit of the server.log file, where things go wrong. (It's slightly different in 6.4.0, but not substantially.)
2018-09-01 23:20:52,946 TRACE [org.jboss.remoting.endpoint] (management I/O-2) Allocated tick to 8 of endpoint "miramanee:MANAGEMENT" <68fb9f51> (opened org.jboss.remoting3.EndpointImpl$TrackingExecutor#18776914)
2018-09-01 23:20:52,946 TRACE [org.xnio.nio] (management I/O-2) Running task org.jboss.remoting3.remote.ServerConnectionOpenListener$2#228e4439
2018-09-01 23:20:52,946 TRACE [org.xnio.nio.selector] (management I/O-2) Beginning select on sun.nio.ch.EPollSelectorImpl#617c6bff (with timeout)
2018-09-01 23:20:52,946 TRACE [org.xnio.nio] (management I/O-2) Select, queue is empty
2018-09-01 23:20:52,946 TRACE [org.wildfly.security] (management task-7) Handling RealmCallback: selected = [ManagementRealm]
2018-09-01 23:20:52,946 TRACE [org.wildfly.security] (management task-7) Handling NameCallback: authenticationName = admin
2018-09-01 23:20:52,946 TRACE [org.wildfly.security] (management task-7) Principal assigning: [admin], pre-realm rewritten: [admin#ManagementRealm], realm name: [DIGEST], post-realm rewritten: [admin#ManagementRealm], realm rewritten: [admin#ManagementRealm]
2018-09-01 23:20:52,947 TRACE [org.wildfly.security] (management task-7) Handling CredentialCallback: obtained credential for correct realm "ManagementRealm"
2018-09-01 23:20:52,947 TRACE [org.wildfly.security] (management task-7) Handling CredentialCallback: obtained credential: org.wildfly.security.credential.PasswordCredential#b75f36fa
2018-09-01 23:20:52,947 TRACE [org.jboss.remoting.remote.server] (management task-7) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05055: [DIGEST-MD5] Authentication rejected (invalid proof)
at org.wildfly.security.sasl.digest.DigestSaslServer.validateDigestResponse(DigestSaslServer.java:281)
at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateMessage(DigestSaslServer.java:358)
at org.wildfly.security.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:180)
at org.wildfly.security.sasl.digest.DigestSaslServer.evaluateResponse(DigestSaslServer.java:331)
at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106)
I am plumb stumped.
If you want to get it going quickly for learning/etc, then I can just say what I'm doing. I have RHEL 7 & EAP 7.1. I'm using dev studio 12 on same machine. When I added a server into dev studio, I had option to select local or remote. I selected local and had no problems starting via dev studio. The user I'm running dev studio with also has permissions to EAP home directory (I see file perm errors in your error). I also chose management options vs. Filesystem and shell operations. I also test, and this worked picking remote as well. But again, same server for everything/same localhost.
when I tried to SSO using Shibboleth IDP, a login Error occured, when username and password was submitted as, Login Failure: Pool is empty and connection creation failed.
My error logs are as follows
==> /opt/shibboleth-idp/logs/idp-warn.log <==
at org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:102)
Caused by: javax.naming.CommunicationException: localhost:10389
at com.sun.jndi.ldap.Connection.<init>(Connection.java:216)
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)
2018-08-13 09:32:53,752 - WARN [org.ldaptive.pool.BlockingConnectionPool:600] - unable to create active connection
2018-08-13 09:32:53,753 - ERROR [org.ldaptive.pool.BlockingConnectionPool:197] - Could not service check out request
2018-08-13 09:32:53,754 - WARN [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:192] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by admin produced exception
org.ldaptive.pool.PoolExhaustedException: Pool is empty and connection creation failed
at org.ldaptive.pool.BlockingConnectionPool.getConnection(BlockingConnectionPool.java:198)
Can anyone suggest me a way to solve this?
Old question, answer for google.
Check /opt/shibboleth-idp/conf/ldap.properties if your domain/IP and port are correct.
In my case i missed out that the image bitnami/openldap uses port 1389 by default.
the questions are:
(1) How many exception reasons that SSL Exception has?
(2) Are there any specifications or documents for SSL Exception?
We all know that SSL Exception has many types, such as SSLException, SSLHandshakeException, SSLKeyException,SSLPeerUnverifiedException,SSLProtocolException, etc.
for one of them, there are many exception reasons, below are some of them that I searched from internet:
(1) SSLException
1) javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
2) javax.net.ssl.SSLException: Not trusted server certificate Caused by:
java.security.cert.CertificateException:
java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
3) javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
4) javax.net.ssl.SSLException:
java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException:
the trustAnchors parameter must be non-empty
5) javax.net.ssl.SSLException: Invalid padding
(2) SSLHandshakeException
1) javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
2) javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain
3) javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
4) java.net.SocketException: Default SSL context init failed: Keystore was tampered with, or password was incorrect
5) javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
while i am using push notification in my application shows an error like below :
APNCRON: Started at 2012-02-08 00:32:42
3904
Warning: stream_socket_client() [function.stream-socket-client]: SSL operation failed with code 1. OpenSSL Error messages:
error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired in /var/www/vhosts/solecollector.com/httpdocs/nikeadmin/apn_cron.php on line 75
Warning: stream_socket_client() [function.stream-socket-client]: Failed to enable crypto in /var/www/vhosts/solecollector.com/httpdocs/nikeadmin/apn_cron.php on line 75
Warning: stream_socket_client() [function.stream-socket-client]: unable to connect to ssl://gateway.push.apple.com:2195 (Unknown error) in /var/www/vhosts/solecollector.com/httpdocs/nikeadmin/apn_cron.php on line 75
[1] Initiating push for UDID:a7fa910aef49a17bbd59ccf5c4487d9856b5b36e DevToken:20e05c55435094c84d27b2f5b9c217b5924fcb91e582388cc5fe9c9231d15c11 MSG:{"aps":{"badge":6,"sound":"default"}}
Warning: fwrite(): supplied argument is not a valid stream resource in /var/www/vhosts/solecollector.com/httpdocs/nikeadmin/apn_cron.php on line 118
[2] Initiating push for UDID:828ee672c35c99fe8c106ddd2439495aed2fff00 DevToken:b6eb618c8bee91f19561be8b3554823822036d121faac2f7a0d5cc1362c31e96 MSG:{"aps":{"badge":6,"sound":"default"}}
Warning: fwrite(): supplied argument is not a valid stream resource in /var/www/vhosts/solecollector.com/httpdocs/nikeadmin/apn_cron.php on line 118
close and reconnect the Apple server with 5 sec delay at 100
Warning: stream_socket_client() [function.stream-socket-client]: SSL operation failed with code 1. OpenSSL Error messages:
error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired in /var/www/vhosts/solecollector.com/httpdocs/nikeadmin/apn_cron.php on line 91
Warning: stream_socket_client() [function.stream-socket-client]: Failed to enable crypto in /var/www/vhosts/solecollector.com/httpdocs/nikeadmin/apn_cron.php on line 91
Warning: stream_socket_client() [function.stream-socket-client]: unable to connect to ssl://gateway.push.apple.com:2195 (Unknown error) in /var/www/vhosts/solecollector.com/httpdocs/nikeadmin/apn_cron.php on line 91
Error with SSL. Please help...
APNS ssl://gateway.sandbox.push.apple.com:2195 connection fails
Chances are you don't have your .pem configured correctly, or at all.