cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 11 of 13

Re: ePO console unavailable after upgrade to 5.10.11

These are the errors I see.  First of all, please go to menu, certificate manager, and get a screenshot of everything there.  Upload it to the SR, please don't upload it here as it contains server information.

Second, turn off all epo services, then set up wireshark on the epo server.  Start wireshark with all interfaces chosen, then start only the application server service.  Wait a few minutes, as we want to capture the connection info to the database.  Once you give it a little time, save the wireshark results as pcap or whatever native format it is, and get the orion.log and stderr.log and upload those also to the SR.

Oct 27, 2021 8:46:32 AM org.apache.tomcat.util.net.NioEndpoint$SocketProcessor doRun
SEVERE: Error running socket processor
org.bouncycastle.crypto.fips.FipsUnapprovedOperationError: Attempt to use RSA key with non-approved size: 1024: RSA

Caused by: java.security.cert.CertificateException: Unable to construct a valid chain
at org.bouncycastle.jsse.provider.ProvX509TrustManager.validateChain(ProvX509TrustManager.java:313) ~[bctls-fips-1.0.12.1.jar:1.0.12.1]
at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkTrusted(ProvX509TrustManager.java:272) ~[bctls-fips-1.0.12.1.jar:1.0.12.1]
at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkServerTrusted(ProvX509TrustManager.java:181) ~[bctls-fips-1.0.12.1.jar:1.0.12.1]
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.checkServerTrusted(ProvSSLSocketDirect.java:131) ~[bctls-fips-1.0.12.1.jar:1.0.12.1]
... 80 more
Caused by: java.security.cert.CertPathBuilderException: Unable to find certificate chain.
at org.bouncycastle.jcajce.provider.PKIXCertPathBuilderSpi.engineBuild(Unknown Source) ~[bc-fips-1.0.2.1.jar:1.0.2.1]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_301]
at org.bouncycastle.jsse.provider.ProvX509TrustManager.buildCertPath(ProvX509TrustManager.java:245) ~[bctls-fips-1.0.12.1.jar:1.0.12.1]
at org.bouncycastle.jsse.provider.ProvX509TrustManager.validateChain(ProvX509TrustManager.java:300) ~[bctls-fips-1.0.12.1.jar:1.0.12.1]
at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkTrusted(ProvX509TrustManager.java:272) ~[bctls-fips-1.0.12.1.jar:1.0.12.1]
at org.bouncycastle.jsse.provider.ProvX509TrustManager.checkServerTrusted(ProvX509TrustManager.java:181) ~[bctls-fips-1.0.12.1.jar:1.0.12.1]
at org.bouncycastle.jsse.provider.ProvSSLSocketDirect.checkServerTrusted(ProvSSLSocketDirect.java:131) ~[bctls-fips-1.0.12.1.jar:1.0.12.1]
... 80 more
2021-10-27T08:47:33,278 ERROR [main] dao.SupportFeederDao - Token update failed but as token has not expired so sending the same ITSupportServicesProdFeeder
2021-10-27T08:48:38,851 ERROR [scheduler-InternalTask-thread-16] httpconnections.ApacheClientApiManager - Proxy is not enabled ,failed to connect via proxy
2021-10-27T08:48:38,965 ERROR [scheduler-InternalTask-thread-16] compatibility.DownloadCompatibilityData - downloadFile : certificate_unknown(46)
2021-10-27T08:53:09,978 ERROR [scheduler-InternalTask-thread-13] dispatcher.ThreatNotification - Error processing notification. Operation aborted.
java.sql.SQLException: com.mcafee.orion.core.db.base.DatabaseConnectivityException: Failed to get a connection: Network error IOException: Connection timed out: connect. Navigate to https://localhost:8443/core/config and verify database connection settings

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

ISmith
Level 10
Report Inappropriate Content
Message 12 of 13

Re: ePO console unavailable after upgrade to 5.10.11

Doing so with CU10.

cdinet
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 13 of 13

Re: ePO console unavailable after upgrade to 5.10.11

The 1024 bit certificate is the browser cert.  If you go to server settings, server certificate and regenerate one there, does certificate manager show a 2048bit one after restart of services?

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community