/opt/ejbca_4_0_10/bin/cli.xml:128: Batch generation failed!

Help
2013-08-07
2013-08-26
1 2 > >> (Page 1 of 2)
  • Collin Smith

    Collin Smith - 2013-08-07

    I have seen similar error in other discussion, but so far I have not seen any definitive solution to this failure during install. Does anyone have any suggestions, as to the cause of the following on Ubuntu Server 12.04 LTS?

    BUILD FAILED
    /opt/ejbca_4_0_10/build.xml:64: The following error occurred while executing this line:
    /opt/ejbca_4_0_10/bin/cli.xml:93: The following error occurred while executing this line:
    /opt/ejbca_4_0_10/bin/cli.xml:128: Batch generation failed!

     
  • Tomas Gustavsson

    You have to check in server.log, there you will find the error. Perhaps you have misconfigured your database, that is the most common error.

    Cheers,
    Tomas

     
  • Collin Smith

    Collin Smith - 2013-08-08

    As you can see below, ant bootstrap completes successfully as user ejbca and then as user root, service start ejbca completes successfully. However, then after ejbca started successfully and I switched again to user ejbca the tail command that you suggest running did not return any log info. I opened the folder directly and it was empty. I thought that was odd and then ran ant install which ultimately fails.

    …………..
    …………….
    ………………………..
    showtime:
    [echo] Task completed 2013-08-07 16:10:48 -0400.

    BUILD SUCCESSFUL
    Total time: 31 seconds
    ejbca@ubu1:/opt/ejbca$ logout

    root@ubu1:/opt/jboss/server/ejbca/log# service ejbca start
    * Starting daemon ejbca [ OK ]
    root@ubu1:/opt/jboss/server/ejbca/log# su - ejbca
    ejbca@ubu1:~$ tail -f /opt/jboss/server/ejbca/log/server.log
    tail: cannot open `/opt/jboss/server/ejbca/log/server.log' for reading: No such file or directory
    ejbca@ubu1:~$



    ---------------------Sample Output during ant install----------------------
    [java] javax.naming.CommunicationException: Could not obtain connection to any of these urls: 127.0.0.1:1099 and discovery failed with error: javax.naming.CommunicationException:Receive timed out
    [Root exception is java.net.SocketTimeoutException: Receive timed out]
    [Root exception is javax.naming.CommunicationException: Failed to connect to server /127.0.0.1:1099
    [Root exception is javax.naming.ServiceUnavailableException: Failed to connect to server /127.0.0.1:1099
    [Root exception is java.net.ConnectException: Connection refused]
    ]]
    [java] at org.jnp.interfaces.NamingContext.checkRef(NamingContext.java:1763)
    …….
    ………
    ………..
    …………..
    I understand that the errors above are not good, but would they cause the error generated below?
    --------------------------------------------------------------
    BUILD FAILED
    /opt/ejbca_4_0_10/build.xml:64: The following error occurred while executing this line:
    /opt/ejbca_4_0_10/bin/cli.xml:93: The following error occurred while executing this line:
    /opt/ejbca_4_0_10/bin/cli.xml:128: Batch generation failed!

    The file involved seems to be cli.xml, which I do not recall making any changes to and has something to do with ejbca:adminweb.

    Build.xml
    64 ------> <antcall target="ejbca:adminweb"/>

    cli.xml
    93 ------> <antcall target="ejbca:adminweb"/>
    128 ------> <fail message="Batch generation failed!">

    For reference: See below I have DNS configured properly and the host file contains the local hostname and IP address. Additionally, I added the lines you listed to iptables.

    Output of /etc/host

    127.0.0.1 localhost
    10.1.13.113 ubu1.carrollcc.edu ubu1

    The following lines are desirable for IPv6 capable hosts
    ::1 ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters

    Output of /etc/network/interfaces

    This file describes the network interfaces available on your system
    and how to activate them. For more information, see interfaces(5).

    The loopback network interface
    auto lo
    iface lo inet loopback

    The primary network interface
    auto eth0
    iface eth0 inet static
    address 10.1.13.113
    netmask 255.255.255.0
    network 10.1.13.0
    broadcast 10.1.13.255
    gateway 10.1.13.1
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 10.1.10.19
    dns-search carrollcc.edu
    ~
    "/etc/network/interfaces" 18L, 502C

     
    Last edit: Collin Smith 2013-08-08
  • Tomas Gustavsson

    Yes, the "javax.naming.CommunicationException" means that the client (ant install in this case) can not talk to the application server. So no go.

    This is a network error, some ports (1099?) are blocked somehow.

     
  • Collin Smith

    Collin Smith - 2013-08-09

    The firewall appears to be open, however any connection to 1099 even to its own loopback address are refused when trying to telnet to the port. I have tried other ports and receive the same. A telnet attempt using Ports 22 and 80 work, however a connection to other common ports, even telnet itself fails. As you can see below the firewalls are turned off and if it was just a service available issue why would the telnet command even function since its port receives the same errors?

    /bangs head against wall.....

    root@ubu1:~# service ejbca start
    * Starting daemon ejbca [ OK ]
    root@ubu1:~#*^^^Modified JBOSS service from Branko's Blog^^^*


    root@ubu1:~# iptables -L <----- Default Allow Policy
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination


    root@ubu1:~# ufw status
    Status: inactive


    root@ubu1:~# telnet 127.0.0.1 1099 <-----loopback
    Trying 127.0.0.1...
    telnet: Unable to connect to remote host: Connection refused
    root@ubu1:~# telnet 10.1.13.113 1099 <------Local address
    Trying 10.1.13.113...
    telnet: Unable to connect to remote host: Connection refused
    root@ubu1:~#

     
    Last edit: Collin Smith 2013-08-09
  • Collin Smith

    Collin Smith - 2013-08-12

    Any Thoughts?

     
  • Collin Smith

    Collin Smith - 2013-08-12

    Is it something to do with Ubuntu 12.04 LTS. Should this be installed on an earlier version such as 10.04?

     
  • Tomas Gustavsson

    we always use 12.04 ourselves. I suggest a reinstall of jboss simply following thé Ubuntu quick start guide from thé installation instructions at ejnca.org.

    cheers,
    Tomas

     
  • Collin Smith

    Collin Smith - 2013-08-14

    I did try the quick start guide for Ubuntu, but had other errors using that guide, so I figured I would try Branko's again, but using 10.04. This time around I am getting the same errors, however this time I am also getting log output generated in the jboss server directory. Let me know if any of this output helps. If you still want me to use the Quick start guide I will run through it again and post those results. Thanks for your help.

    Collin

    BUILD FAILED
    /opt/ejbca_4_0_10/build.xml:64: The following error occurred while executing this line:
    /opt/ejbca_4_0_10/bin/cli.xml:93: The following error occurred while executing this line:
    /opt/ejbca_4_0_10/bin/cli.xml:128: Batch generation failed!

    Total time: 19 seconds
    ejbca@ubu3:/opt/ejbca$ tail -f /opt/jboss/server/ejbca/log/server.log
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:421)
    at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)
    at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)
    at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
    at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
    at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:744)
    at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:697)
    at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:524)
    at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:232)

     
  • Mike Kushner

    Mike Kushner - 2013-08-14

    Hi Collin,

    Instead of tail, run less and press shift+g to go to the end of file, then paste the complete stack trace. Most of the relevant information is either in the beginning or in one of the underlying exceptions (signified by the words 'Caused by ...').

    Cheers,
    Mike Kushner
    Developer, Primekey Solutions


    PrimeKey Solutions offers commercial EJBCA and SignServer support
    subscriptions and training courses. Please see www.primekey.se or
    contact info@primekey.se for more information.
    http://www.primekey.se/Services/Support/
    http://www.primekey.se/Services/Training/


     
  • Collin Smith

    Collin Smith - 2013-08-14

    It appears that packages are missing or configuration file/variables are pointing to the wrong locations? Or am I seeing this wrong..

    Concerning ejbca:adminweb...just prior to the output below there are several stacks begining with "javax.naming.NameNotFoundException: ejbca not bound" or similar messages.


    2013-08-14 11:22:52,519 ERROR [org.jboss.system.server.profileservice.ProfileServiceBootstrap] (main) Failed to load profile: Summary of incomplete deployments (SEE PREVIOUS ERRORS FOR DETAILS):

    DEPLOYMENTS MISSING DEPENDENCIES:
    Deployment "jboss.web.deployment:war=/admin-console" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")
    Deployment "jboss.web.deployment:war=/ejbca" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")
    Deployment "jboss.web.deployment:war=/ejbca/adminweb" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")
    Deployment "jboss.web.deployment:war=/ejbca/clearcache" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")
    Deployment "jboss.web.deployment:war=/ejbca/doc" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")
    Deployment "jboss.web.deployment:war=/ejbca/ejbcaws" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")
    Deployment "jboss.web.deployment:war=/ejbca/publicweb" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")
    Deployment "jboss.web.deployment:war=/ejbca/publicweb/apply" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")
    Deployment "jboss.web.deployment:war=/ejbca/publicweb/healthcheck" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")
    Deployment "jboss.web.deployment:war=/ejbca/publicweb/status" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")
    Deployment "jboss.web.deployment:war=/ejbca/publicweb/webdist" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")
    Deployment "jboss.web.deployment:war=/invoker" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")
    Deployment "jboss.web.deployment:war=/jbossws" is missing the following dependencies:
    Dependency "jboss.web:service=WebServer" (should be in state "Create", but is actually in state " NOT FOUND Depends on 'jboss.web:service=WebServer' ")


    DEPLOYMENTS IN ERROR:
    Deployment "WebServer" is in error due to the following reason(s): LifecycleException: Protocol handler initialization failed: java.net.BindException: Address already in use /0.0.0.0:8080
    ***----This is a fresh install, what else would be using it. Would the base config of apache2 added through LAMP do this? I used LAMP to add packages for MySQL ect...*Deployment "jboss.web:service=WebServer" is in error due to the following reason(s): NOT FOUND Depends on 'jboss.web:service=WebServer'
    -----------------------------------
    2013-08-14 11:22:52,523 INFO [org.jboss.bootstrap.microcontainer.ServerImpl] (main) JBoss (Microcontainer) [5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] Started in 1m:7s:985ms

     
    Last edit: Collin Smith 2013-08-14
  • Mike Kushner

    Mike Kushner - 2013-08-15

    It looks rather more like your initial deployment failed. Since JBoss can't start EJBCA properly, naturally batch generation won't work either.

    But, there is more to this stack trace than you're showing us. I'd like you to do the following:

    1, Stop JBoss
    2. delete server.log from JBOSS_HOME/server/default/log
    3. Start JBoss
    4. Attach server.log to your next reply, so we can see the whole thing.

    Cheers,
    Mike Kushner
    Developer, Primekey Solutions


    PrimeKey Solutions offers commercial EJBCA and SignServer support
    subscriptions and training courses. Please see www.primekey.se or
    contact info@primekey.se for more information.
    http://www.primekey.se/Services/Support/
    http://www.primekey.se/Services/Training/


     
    Last edit: Mike Kushner 2013-08-15
  • Collin Smith

    Collin Smith - 2013-08-15

    <B>Deleted the server log</B>

    root@ubu3:/opt/jboss/server/default# rm /opt/jboss/server/ejbca/log/server.log.2013-08-13

    root@ubu3:/opt/jboss/server/default# ls /opt/jboss/server/ejbca/log
    boot.log

    <B>Stop the jboss service</B>

    root@ubu3:/opt/jboss/server/default# service ejbca stop
    * Stopping daemon ejbca [ OK ]

    <B>Verify the service is not running</B>

    root@ubu3:/opt/jboss/server/default# ps -ef | grep jboss
    root 13039 2823 0 11:42 pts/1 00:00:00 grep --color=auto jboss

    <B>Start the jboss service</B>

    root@ubu3:/opt/jboss/server/default# service ejbca start
    * Starting daemon ejbca [ OK ]

    <B>Verify that jboss is running again</B>

    root@ubu3:/opt/jboss/server/default# ps -ef | grep jboss
    ejbca 13079 1 83 11:47 ? 00:00:09 /usr/lib/jvm/java-6-openjdk//bin/java -XX:PermSize=96m -XX:MaxPermSize=128m -Xms128m -Xmx512m -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true -Djava.endorsed.dirs=/opt/jboss/lib/endorsed -classpath /usr/share/java/mysql.jar:/opt/jboss/bin/run.jar:/usr/lib/jvm/java-6-openjdk//lib/tools.jar org.jboss.Main -c ejbca -b 0.0.0.0
    root 13099 2823 0 11:47 pts/1 00:00:00 grep --color=auto jboss

    <B>Verify that a new log has been generated</B>

    root@ubu3:/opt/jboss/server/ejbca# cd log
    root@ubu3:/opt/jboss/server/ejbca/log# ls
    boot.log server.log

     
  • Mike Kushner

    Mike Kushner - 2013-08-15

    Hi Collin,

    Ah, lovely. Well, from your log, we can see the following:

    1. Something is already listening to port 8080.

    2013-08-15 11:47:43,407 ERROR [org.apache.coyote.http11.Http11Protocol] (main) Error initializing endpoint
    java.net.BindException: Address already in use /0.0.0.0:8080

    JBoss requires this port, so either kill of whatever is using it, or modify what ports JBoss uses (not recommended)

    2. You can't connect to your database

    2013-08-15 11:47:52,447 WARN [org.jboss.resource.connectionmanager.JBossManagedConnectionPool] (main) Throwable while attempting to get a new connection: null
    org.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: Access denied for user 'sa'@'localhost' (using password: YES))

    This is in all likelihood detrimental.

    Fixing those two issues is probably a good place to start.

    Cheers,
    Mike Kushner
    Developer, Primekey Solutions


    PrimeKey Solutions offers commercial EJBCA and SignServer support
    subscriptions and training courses. Please see www.primekey.se or
    contact info@primekey.se for more information.
    http://www.primekey.se/Services/Support/
    http://www.primekey.se/Services/Training/


     
  • Collin Smith

    Collin Smith - 2013-08-15

    What confuses me about both of these errors is that this is a fresh Ubuntu 10.04 install. I selected LAMP, openssh-server and the packages required to install ejbca and VMwaretools only.

    Additionally, I am confused why the install is using the default sa account when in the database.properties file located in /opt/ejbca/conf/ I have specified ejbca as the database user to use and the required password for the ejbca database.

    See attached file with pw stripped.

    Would it be using the database.properties.sample file for some reason?

     
  • Mike Kushner

    Mike Kushner - 2013-08-16

    Hi Collin,

    How closely have you been following our install instructions? If you've never made contact with your database, then ant install could never have been successful?

    And no, there is no way EJBCA could be reading database.properties.sample.

    Also, use netstat to find out what's using port 8080.

    Cheers,
    Mike Kushner
    Developer, Primekey Solutions


    PrimeKey Solutions offers commercial EJBCA and SignServer support
    subscriptions and training courses. Please see www.primekey.se or
    contact info@primekey.se for more information.
    http://www.primekey.se/Services/Support/
    http://www.primekey.se/Services/Training/


     
  • Collin Smith

    Collin Smith - 2013-08-16

    Mike,
    While the error indicates that Port 8080 is in use, Netstat shows nothing listening on port 8080. I understand that the install can not be successful if it is unable to contact the database.
    My question was if you had any idea why it would be using the sa account. Is there a location other than the database.properties file that might be directing it to use the wrong information?
    If you looked at the database properties file I included with my last post it shows that I have specified ejbca as the account to use, not sa.
    I have followed both the quickstart guide as well as Branko's more in-depth setup as close to the letter as possible. I am not sure if it is something that I am consistently missing on each build, if VMware tools is a problem or if there are assumptions being made in the guide. In any case I was hoping that your or other developers might be able to fill in the pieces.

    Thanks,
    Collin

    DEPLOYMENTS IN ERROR:
    Deployment "WebServer" is in error due to the following reason(s): LifecycleException: Protocol hand
    ler initialization failed: java.net.BindException: Address already in use /0.0.0.0:8080
    Deployment "jboss.web:service=WebServer" is in error due to the following reason(s): NOT FOUND Dep
    ends on 'jboss.web:service=WebServer'

    2013-08-16 16:43:45,570 INFO [org.jboss.bootstrap.microcontainer.ServerImpl] (main) JBoss (Microcontai
    ner) [5.1.0.GA (build: SVNTag=JBoss_5_1_0_GA date=200905221634)] Started in 57s:520ms
    root@ubu3:/opt/jboss/server/ejbca/log# netstat
    Active Internet connections (w/o servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 .*.edu:ssh
    *.*:64483 ESTABLISHED
    tcp 0 0
    .*.edu:ssh *.:64476 ESTABLISHED
    tcp 0 0 .*.edu:ssh
    *.*:64455 ESTABLISHED
    tcp 0 0
    .*.ed:46700 .*
    .ed:38992 TIME_WAIT
    Active UNIX domain sockets (w/o servers)
    Proto RefCnt Flags Type State I-Node Path
    unix 2 [ ] DGRAM 2625 @/org/kernel/udev/udevd
    unix 6 [ ] DGRAM 3216 /dev/log
    unix 2 [ ] STREAM CONNECTED 278755
    unix 3 [ ] STREAM CONNECTED 8027
    unix 3 [ ] STREAM CONNECTED 8026
    unix 2 [ ] DGRAM 7943
    unix 3 [ ] STREAM CONNECTED 7867
    unix 3 [ ] STREAM CONNECTED 7866
    unix 2 [ ] DGRAM 7783
    unix 3 [ ] STREAM CONNECTED 7685
    unix 3 [ ] STREAM CONNECTED 7684
    unix 2 [ ] DGRAM 7608
    unix 2 [ ] DGRAM 3667
    unix 3 [ ] DGRAM 2659
    unix 3 [ ] DGRAM 2658
    unix 3 [ ] STREAM CONNECTED 2608 @/com/ubuntu/upstart
    unix 3 [ ] STREAM CONNECTED 2607
    root@ubu3:/opt/jboss/server/ejbca/log#

     
  • Tomas Gustavsson

    If you change conf/database.properties you have to do 'ant deploy' to depoy the new datasource to JBoss. The datasource will be located in the file jboss/server/default/deploy/ejbca-ds.xml.

    Cheers,
    Tomas


    PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact info@primekey.se for more information.
    http://www.primekey.se/Services/Support/
    http://www.primekey.se/Services/Training/

     
  • Collin Smith

    Collin Smith - 2013-08-19

    OK, I will try that, however all of the guides I have looked at follow a sequence of:

    1. ant bootstrap
    2. ant install
    3. ant deploy

    I assumed that you needed a successful ant install before an ant deploy.

    Thanks,
    Collin

     
  • Tomas Gustavsson

    you are right. I should have written ant bootstrap. that is what you need to dö.

    try

    ant clean bootstrap

     
  • Collin Smith

    Collin Smith - 2013-08-19

    OK, so I ran ant deploy and initially it failed. So, I decided to run update-rc.d ejbca for the first time and then ant bootstrap once more. This time ant install and deploy worked. I copied off superadmin.p12 to my local workstation and imported it into my browser successfully. I assume at this point I should be able to get to the administration interface of the server, unfortunately I am not. Firefox is apparently unhappy with the length of the certificate...Hopefully this is an easy one to fix???? ;-) very encouraging at least.....
    If you are wondering why I am using 8080, I did initially try using port 8443 but I did not receive any response at all...

    Secure Connection Failed

    An error occurred during a connection to 10.1.13.112:8080.

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

     
    Last edit: Collin Smith 2013-08-19
  • Tomas Gustavsson

    Completely unheard of. Did you try googling for it?

     
  • Collin Smith

    Collin Smith - 2013-08-19

    I will try to do some research on that error. In the mean time, so you do not think I am making this up I have included a screen shot of the browser window. see attached .jpg

     
  • Tomas Gustavsson

    I don't think you are making it up. I'm serious, I have seen a lot of certificate related error messages, and usually have a hunch on what's going on. But for this one, I just don't have a clue. The only thing I can do is google myself, sorry.

    Cheers,
    Tomas

     
  • Collin Smith

    Collin Smith - 2013-08-20

    Tomas can we connect on this outside of sourceforge and post a solution if and when we find one.

     
1 2 > >> (Page 1 of 2)

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks