Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

Domino Server Controller does not connect after upgrade to Java6SR16FP20

Daniel Nashed – 16 February 2016 17:33:18
The IBM Java Team disabled MD5 in there latest patch to tighten security. But the Server Console currently can only use MD5 right now.
So by this intentionally change by the IBM Java Team the Domino Console cannot connect any more.


For now to have the Server Controller local and remotely working again you have to re-enable MD5.

This is a similar issue than what we had when the IBM Java team disabled SSLV3 some time ago.


There are two lines that you have to change in the ..jvm/lib/security/java.security file.


You have to remove MD5 from the disabled algorithms for now:


jdk.certpath.disabledAlgorithms=MD2,
MD5, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, RC4,
MD5withRSA, DH keySize < 768


There is currently no other work-around for Windows. On Linux you could use the "monitor" command when using my start script and disable the server controller.


-- Daniel

Comments

1Lars Berntrop-Bos  17.02.2016 8:01:30  Domino Server Controller does not connect after upgrade to Java6SR16FP20

That brings back memories of an earlier mishap in the same area not too long ago, 9.0.1 FP3. You'd think they learned and added this test to the suite...

Hope to enjoy your company at Engage!

2Milan Matejic  17.02.2016 8:26:08  Domino Server Controller does not connect after upgrade to Java6SR16FP20

Thank you very much! :-)

3Martin Ziegler  19.02.2016 6:56:12  Domino Server Controller does not connect after upgrade to Java6SR16FP20

IBM has also released an article about this issue:

{ Link }

4Gunleif Raeg  18.03.2016 8:42:50  Domino Server Controller does not connect after upgrade to Java6SR16FP20

Thanks, very helpful :-)

IBM couldn't help me, you found the solution for me.

5Ben Rose  21.05.2016 13:14:33  Domino Server Controller does not connect after upgrade to Java6SR16FP20

FYI, they broke this again in FP6. No workaround at all.

SSLV3 is gone, MD5 is gone. The only protocol now is SHA-256 which isn't supported on the server side without a patch.

You cannot use 9.0.1 FP6 java console without upgrading every server in your organisation first.

I have a PMR open, sev 1 critsit, 01843,019,866 - if affected feel free to reference this PMR in your ticket to skip a lot of wasted time performing troubleshooting steps.

Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]