Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

Server Controller Issue when applying 9.0.1 FP5 IF2

Daniel Nashed  31 March 2016 14:27:11
After applying 9.0.1 FP5 IF2 you cannot connect to the server controller -- again!
That's another issue that cannot be fixed allowing MD5 in the java security files.

What you need is an updated version of the JVM patch. The new patch has a release data of 25.3.2016 an can be downloaded from Fixcentral.

Here is the relevant information from the updated technote referenced in the SPR.

SPR RSSNA6UU79 is fixed in version 9.0.1FP5 Interim Fix 2 (IF2) via a server code fix and an updated JVM patch (SR16FP20). IMPORTANT NOTE: It is required to install both 9.0.1FP5IF2 and the new JVM patch to address the issue. Download links are available in the following technote: http://www.ibm.com/support/docview.wss?uid=swg21657963

If you already installed the JVM patch before you will run into an error:

Patching tree diff from ".\jvm" to ".\jvm_dst" using diff file ".\patch.diff"...
    You are attempting to patch:
      pwi3260sr16fp2ifix-20141203_01(SR16 FP2+IV66900))
    With a patch that is valid for:
      src1 pwi3260sr16fp15-20151106_01(SR16 FP15))
    Tree diff file patch failed.


My work-around was to re-install FP5 which includes the previous JVM patch.

From there I was able to run the new JVM patch installer and also upgrade to 9.0.1 FP5 IF2.

If that does not work in your case you have to go all the way back to 9.0.1 because that is the last release that contains a full JVM (9.0.1 -> FP5 -> New JVM Patch -> 9.0.1 FP5 IF2).

In my case reapplying FP5 was sufficient.

After the installation the java.security again has MD5 disabled and the console works. So apparently they build in a fix into IF2 and also did changes in the JVM patch.

There is also a fix included in the Notes Client fix 9.0.1 FP5 IF3 and you also have to update your local JVM with the new patch available.
I have so far just tested if the local server console on the Domino server works again.

But since the SPR is also fixed on client side, I assume it works as well.

-- Udpated JVM Patch Information --

Mar 25, 2016

 interim fix: JVMPatch_SR16FP20_RSSNA6UU79_W32_901.5_ClientServer (40.53 MB)
JVMPatch_SR16FP20_RSSNA6UU79_W32_901.5_ClientServer

interim fix: JVMPatch_SR16FP20_RSSNA6UU79_W64_901.5_Server (76.78 MB)
JVMPatch_SR16FP20_RSSNA6UU79_W64_901.5_Server



Comments

1Sascha  31.03.2016 16:18:43  Server Controller Issue when applying 9.0.1 FP5 IF2

Thanks for working on this.

Helped me !

2Julian  31.03.2016 17:30:30  Server Controller Issue when applying 9.0.1 FP5 IF2

Thanks, Daniel!

3Michael Causing  01.04.2016 20:39:39  Server Controller Issue when applying 9.0.1 FP5 IF2

You have to apply FIRST the IF2 then the updated JVM patch so that you not run into the same issue described in this post.

4Bruno C.  05.04.2016 8:46:51  Server Controller Issue when applying 9.0.1 FP5 IF2

Thanks for sharing ! This saves long time searching...

5Geoff  05.04.2016 9:00:08  Server Controller Issue when applying 9.0.1 FP5 IF2

Thanks so much!!

6Vladimir Kulakov  11.04.2016 11:13:55  Server Controller Issue when applying 9.0.1 FP5 IF2

Thank you, Nash! I don't aplied IF2 on stable 9.0.1FP5 yesterday!

7Ben Rose  21.05.2016 17:41:45  Server Controller Issue when applying 9.0.1 FP5 IF2

FYI, they broke this again in FP6. No workaround at all.

SSLV3 is gone, MD5 is gone. The only protocol now is SHA-256 which isn't supported on the server side without a patch.

You cannot use 9.0.1 FP6 java console without upgrading every server in your organisation first.

I have a PMR open, sev 1 critsit, 01843,019,866 - if affected feel free to reference this PMR in your ticket to skip a lot of wasted time performing troubleshooting steps.

Archives


  • [IBM Lotus Domino]
  • [Domino on Linux]
  • [Nash!Com]
  • [Daniel Nashed]