5 Replies Latest reply on Mar 27, 2015 7:49 AM by bistromath

    Unable to keep EPO application server running.

    bistromath

      Hi All,

       

      Yesterday I couldn't login to EPO on a server that has worked just fine for some time now. A colleague said he had logged in successfully earlier this week.

      Now the Application server will start but crashes after 20 seconds or so.

       

      Orion.log

       

      2015-03-27 09:37:30,010 INFO  [main] http11.Http11BaseProtocol  - Initializing Coyote HTTP/1.1 on http-8443

      2015-03-27 09:37:30,088 INFO  [main] http11.Http11BaseProtocol  - Initializing Coyote HTTP/1.1 on http-8444

      2015-03-27 09:37:30,088 INFO  [main] startup.Catalina  - Initialization processed in 3556 ms

      2015-03-27 09:37:30,104 INFO  [main] core.StandardService  - Starting service Catalina

      2015-03-27 09:37:30,120 INFO  [main] core.StandardEngine  - Starting Servlet Engine:

      2015-03-27 09:37:30,120 INFO  [main] core.StandardHost  - XML validation disabled

      2015-03-27 09:37:38,404 INFO  [main] http11.Http11BaseProtocol  - Starting Coyote HTTP/1.1 on http-8443

      2015-03-27 09:37:38,747 INFO  [main] http11.Http11BaseProtocol  - Starting Coyote HTTP/1.1 on http-8444

      2015-03-27 09:37:38,809 INFO  [main] storeconfig.StoreLoader  - Find registry server-registry.xml at classpath resource

      2015-03-27 09:37:38,934 ERROR [main] core.OrionCore   - executable signature verification failed

      org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'core.ext.signature.verifier' defined in URL [jndi:/localhost/core/WEB-INF/beans.xml]: Cannot resolve reference to bean 'core.extensionInstaller' while setting bean property 'extensionInstaller'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'core.extensionInstaller' defined in URL [jndi:/localhost/core/WEB-INF/beans.xml]: Cannot resolve reference to bean 'core.db' while setting constructor argument with index 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'core.db' defined in URL [jndi:/localhost/core/WEB-INF/beans.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.mcafee.orion.core.db.base.Database]: Constructor threw exception; nested exception is java.sql.SQLException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'core.extensionInstaller' defined in URL [jndi:/localhost/core/WEB-INF/beans.xml]: Cannot resolve reference to bean 'core.db' while setting constructor argument with index 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'core.db' defined in URL [jndi:/localhost/core/WEB-INF/beans.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.mcafee.orion.core.db.base.Database]: Constructor threw exception; nested exception is java.sql.SQLException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'core.db' defined in URL [jndi:/localhost/core/WEB-INF/beans.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.mcafee.orion.core.db.base.Database]: Constructor threw exception; nested exception is java.sql.SQLException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

      Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.mcafee.orion.core.db.base.Database]: Constructor threw exception; nested exception is java.sql.SQLException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

      Caused by: java.sql.SQLException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

      at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnostic(SQLDiagnostic.java:368)

      at net.sourceforge.jtds.jdbc.TdsCore.tdsErrorToken(TdsCore.java:2820)

      at net.sourceforge.jtds.jdbc.TdsCore.nextToken(TdsCore.java:2258)

      at net.sourceforge.jtds.jdbc.TdsCore.login(TdsCore.java:610)

      at net.sourceforge.jtds.jdbc.ConnectionJDBC2.<init>(ConnectionJDBC2.java:345)

      at net.sourceforge.jtds.jdbc.ConnectionJDBC3.<init>(ConnectionJDBC3.java:50)

      at net.sourceforge.jtds.jdbc.Driver.connect(Driver.java:180)

      at java.sql.DriverManager.getConnection(DriverManager.java:571)

      at java.sql.DriverManager.getConnection(DriverManager.java:187)

      at com.mcafee.orion.core.db.sqlserver.JtdsJdbcDriver.getConnection(JtdsJdbcDriver. java:90)

      at com.mcafee.orion.core.db.base.DriverRegistry.getConnection(DriverRegistry.java: 204)

      at com.mcafee.orion.core.db.base.DriverRegistryConnectionFactory.createConnection( DriverRegistryConnectionFactory.java:32)

      at org.apache.commons.dbcp.PoolableConnectionFactory.makeObject(PoolableConnection Factory.java:582)

      at com.mcafee.orion.core.db.base.DbConnectionPool$LoggingConnectionFactory.makeObj ect(DbConnectionPool.java:322)

      at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.j ava:1188)

      at com.mcafee.orion.core.db.base.DbConnectionPool$CountingGenericObjectPool.borrow Object(DbConnectionPool.java:236)

      at org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java: 106)

      at com.mcafee.orion.core.db.base.DbConnectionPool.getConnection(DbConnectionPool.j ava:63)

      at com.mcafee.orion.core.db.base.Database.getConnection(Database.java:458)

      at com.mcafee.orion.core.db.base.Database.validate(Database.java:619)

      at com.mcafee.orion.core.db.base.Database.init(Database.java:664)

      at com.mcafee.orion.core.db.base.Database.<init>(Database.java:349)

      at com.mcafee.orion.core.db.base.Database.<init>(Database.java:359)

      at com.mcafee.orion.core.db.base.Database.<init>(Database.java:369)

      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessor Impl.java:57)

      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructor AccessorImpl.java:45)

      at java.lang.reflect.Constructor.newInstance(Constructor.java:526)

      at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:85)

      at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantia te(SimpleInstantiationStrategy.java:87)

      at org.springframework.beans.factory.support.ConstructorResolver.autowireConstruct or(ConstructorResolver.java:186)

      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.au towireConstructor(AbstractAutowireCapableBeanFactory.java:799)

      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.cr eateBeanInstance(AbstractAutowireCapableBeanFactory.java:717)

      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.cr eateBean(AbstractAutowireCapableBeanFactory.java:384)

      at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(Abstr actBeanFactory.java:251)

      at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingl eton(DefaultSingletonBeanRegistry.java:156)

      at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractB eanFactory.java:248)

      at com.mcafee.orion.core.spring.MultiParentBeanFactory.getBean(MultiParentBeanFact ory.java:185)

      at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractB eanFactory.java:160)

      at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveRe ference(BeanDefinitionValueResolver.java:261)

      at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveVa lueIfNecessary(BeanDefinitionValueResolver.java:109)

      at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructo rArguments(ConstructorResolver.java:373)

      at org.springframework.beans.factory.support.ConstructorResolver.autowireConstruct or(ConstructorResolver.java:120)

      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.au towireConstructor(AbstractAutowireCapableBeanFactory.java:799)

      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.cr eateBeanInstance(AbstractAutowireCapableBeanFactory.java:717)

      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.cr eateBean(AbstractAutowireCapableBeanFactory.java:384)

      at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(Abstr actBeanFactory.java:251)

      at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingl eton(DefaultSingletonBeanRegistry.java:156)

      at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractB eanFactory.java:248)

      at com.mcafee.orion.core.spring.MultiParentBeanFactory.getBean(MultiParentBeanFact ory.java:185)

      at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractB eanFactory.java:160)

      at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveRe ference(BeanDefinitionValueResolver.java:261)

      at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveVa lueIfNecessary(BeanDefinitionValueResolver.java:109)

      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.ap plyPropertyValues(AbstractAutowireCapableBeanFactory.java:1099)

      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.po pulateBean(AbstractAutowireCapableBeanFactory.java:861)

      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.cr eateBean(AbstractAutowireCapableBeanFactory.java:421)

      at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(Abstr actBeanFactory.java:251)

      at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingl eton(DefaultSingletonBeanRegistry.java:156)

      at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractB eanFactory.java:248)

      at com.mcafee.orion.core.spring.MultiParentBeanFactory.getBean(MultiParentBeanFact ory.java:185)

      at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractB eanFactory.java:160)

      at com.mcafee.orion.core.OrionCore.verifyExecutableSignatures(OrionCore.java:470)

      at com.mcafee.orion.core.OrionCore.afterStart(OrionCore.java:400)

      at com.mcafee.orion.core.server.OrionLifecycleListener.lifecycleEvent(OrionLifecyc leListener.java:136)

      at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.j ava:120)

      at org.apache.catalina.core.StandardServer.start(StandardServer.java:705)

      at org.apache.catalina.startup.Catalina.start(Catalina.java:552)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:43)

      at java.lang.reflect.Method.invoke(Method.java:606)

      at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)

      at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

      2015-03-27 09:37:38,934 FATAL [main] core.OrionCore   - killing server. reason = executable signature verification failed

       

       

      I get similar "untrusted domain" messages in SQL server, have verified the credentials the EPO logs in with too.

      SQL server was rebooted recently so some patches may have activated and there have also been some recent certificates expired in our CA.

       

      Any idea anyone?

        • 1. Re: Unable to keep EPO application server running.
          Peter M

          Moved to ePO for a faster response.

          ----

          Peter

          Moderator

          • 2. Re: Unable to keep EPO application server running.
            hem

            From snap of log.

             

            Constructor threw exception; nested exception is java.sql.SQLException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

            Caused by: java.sql.SQLException: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

            at net.sourceforge.jtds.jdbc.SQLDiagnostic.addDiagnostic(SQLDiagnostic.java:368

             

            Did you change the password for Windows user which is used to connect to the ePO database?

             

            Please open ePO \core\config page (https://server name:8443/core/config), enter the new credentials->test connection->Apply, restart the ePO services.

             

            That should take care of the issue.

            • 3. Re: Unable to keep EPO application server running.
              bistromath

              Hello Hem,

               

              The password hasn't been changed and I've confirmed by using those credentials to successfully logon to a different server.

              Because I can't keep the application service running for more that 20 seconds I can't login via the web console. But if it was using a different password it would lock the account out which it isn't.

              This (appears) to have happened after a reboot of the SQL server on Thu AM, not sure that it's EPO server but struggling to troubleshoot.

              • 4. Re: Unable to keep EPO application server running.
                Richard Carpenter

                Hi bistromath

                 

                This looks like the Account used to connect to the SQL Server cannot authenticate to the Database INstance.

                 

                Is your SQL Database on the same server as your ePO installation - using the SQLEXPRESS install, or are you using a Remote SQL Server to host the ePO database?

                 

                You can check this in the server.ini file in <epoinstallfolder>/DB/server.ini and look for DataSource=

                 

                Regards

                Rich

                Volunteer Moderator - Business Products

                Certified McAfee Product Specialist - ePO

                • 5. Re: Unable to keep EPO application server running.
                  bistromath

                  Hi Rich,

                   

                  It is on a separate server, not express.

                  I can login to the remote SQL server using the credentials in

                  C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Server\conf\orion\db.properties

                  And it logs on and I can query the epo DB.

                   

                  Any idea what would make it think that it's an untrusted domain (they are on the same domain)?