cancel
Showing results for 
Search instead for 
Did you mean: 

Authentication failed

mchrist
Level 3

Professionals,

a newly installed NBU 7.6.1 Java GUI uses the wrong certificate to authenticate to the Master Server. In the log I can see:

not_ok
15:19:10.863 [66715856] <16> session_dispatch: Request count = 0 tag = 510
15:19:10.864 [66715856] <2> populateCertificatePath: Certificate to be used for SSL [/usr/openv/var/vxss/credentials/i68448e1]
15:19:10.864 [66715856] <4> command_SECURE_CHANNEL_INIT: Using certificate [/usr/openv/var/vxss/credentials/i68448e1] and Responding SECURE_CHANNEL_PROCEED.
15:19:11.098 [66715856] <4> session_secure_lookup: Initiating SSL Accept
15:19:11.098 [66715856] <2> populateCertificatePath: Certificate to be used for SSL [/usr/openv/var/vxss/credentials/i68448e1]
15:19:11.151 [66715856] <16> VssAccept: (../../libVnbat/vss_auth.cpp,2226): vrtsAtSecConnAcceptEx returned FAILURE
15:19:11.152 [66715856] <16> tls_accept: io.c.3291: VssAccept( ) failed
15:19:11.152 [66715856] <16> session_secure_lookup: FAILED!! to accept SSL connection from client.Possibly this could be caused by a network blip, JavaGUI unable to authenticate X509 certificate that was presented OR user of JavaGUI interactively selected __NOT__ to trust X509 certificate presented.
15:19:11.152 [66715856] <16> session_dispatch: session_secure_lookup FAILED!!! fd =  0
15:19:12.153 [50725166] <16> poll_listen: can't find file descriptor in polling table
15:19:12.153 [50725166] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID

Locally started the same Java GUI version looks like this:

ok
15:27:14.596 [50725328] <16> session_dispatch: Request count = 0 tag = 510
15:27:14.597 [50725328] <2> populateCertificatePath: Certificate to be used for SSL [/usr/openv/var/vxss/credentials/i68448v1.sbb.ch]
15:27:14.597 [50725328] <4> command_SECURE_CHANNEL_INIT: Using certificate [/usr/openv/var/vxss/credentials/i68448v1.sbb.ch] and Responding SECURE_CHANNEL_PROCEED.
15:27:14.871 [50725328] <4> session_secure_lookup: Initiating SSL Accept
15:27:14.871 [50725328] <2> populateCertificatePath: Certificate to be used for SSL [/usr/openv/var/vxss/credentials/i68448v1.sbb.ch]
15:27:14.889 [50725328] <4> tls_accept: io.c.3300: SSL Channel established for fd[0]
15:27:14.889 [50725328] <4> session_secure_lookup: SSL Connection Accepted!
15:27:14.948 [50725328] <16> session_dispatch: Request count = 1 tag = 118
15:27:15.383 [50725328] <16> session_dispatch: Request count = 2 tag = 101
15:27:15.435 [50725328] <16> command_LOGON_TO_MSERVER: putenv(BPJAVA_MASTER_IPC_STRING=) failed
15:27:15.459 [65142984] <16> isVxssActive: authentication determination failed, assume none required: (193) VxSS authentication is requested but not allowed

The name I used was i68448v1.sbb.ch in both cases. The error shown is 526 at the Java GUI. I tried different names in the "Host name" field but always the same result.

Question: Where is the (wrong) information stored? How does Java handle the name?

Thanks for a hint!

Matthias
 

1 REPLY 1

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

In all honesty - very few of the 'regulars' here on Connect are actually using NBAC.

It will be best if you log a Support call with Symantec.

 

Just please come back and tell us how it was fixed....