Knowledge Partner
Knowledge Partner
393 views

NAM LAG - jcc java errors - final block not padded?

I'm seeing this on my LAG (in the Admin Console shows "server is not reporting", which usually means a jcc problem).

jcc log shows:

May 07, 2019 1:12:53 PM com.novell.jcc.server.JCCServerImpl H
INFO: Starting JCC Server
May 07, 2019 1:12:55 PM com.novell.jcc.util.JCCUtils logSevere
SEVERE: AM#100706017: Exception - delete admin info failed
com.novell.jcc.server.JCCServerImpl B
Given final block not properly padded
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:989)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:845)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
at javax.crypto.Cipher.doFinal(Cipher.java:2165)
at com.novell.jcc.sockets.CipherSocketUtils.decryptData(y:492)
at com.novell.jcc.server.JCCServerImpl.B(y:3088)
at com.novell.jcc.server.JCCServerImpl.A(y:961)
at com.novell.jcc.server.JCCServerImpl.H(y:751)
at com.novell.jcc.server.JCCServerImpl.main(y:2294)

May 07, 2019 1:12:55 PM com.novell.jcc.util.JCCSettings A
INFO: Current settings
rmiPort: 1197
localMgmtPort: 1443
localMgmtIP: 10.10.179.202
remoteMgmtPort: 8444
remoteMgmtIP: [10.10.109.200]
jccProxyPort: 2483
agProxyPort: 444
sslvpnProxyPort: 3423
healthFreq: 300
statsFreq: 300
remoteMgmtIPFreq: 3600
externTomcatDir: /opt/novell/nam/mag
secure: true


I've tried re-pushing the config to no avail.
IDP is up and running just fine

IDP and AG use the same GeoTrust Wildcard SSL cert, so I know the cert itself is fine. (and was working until recently)

AG 4.3.2.0-15
0 Likes
3 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: NAM LAG - jcc java errors - final block not padded?

On 10-05-2019 4:44 AM, kjhurni wrote:
>
> I'm seeing this on my LAG (in the Admin Console shows "server is not
> reporting", which usually means a jcc problem).
>
> jcc log shows:
>
>
> Code:
> --------------------
> May 07, 2019 1:12:53 PM com.novell.jcc.server.JCCServerImpl H
> INFO: Starting JCC Server
> May 07, 2019 1:12:55 PM com.novell.jcc.util.JCCUtils logSevere
> SEVERE: AM#100706017: Exception - delete admin info failed
> com.novell.jcc.server.JCCServerImpl B
> Given final block not properly padded
> javax.crypto.BadPaddingException: Given final block not properly padded
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:989)
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:845)
> at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
> at javax.crypto.Cipher.doFinal(Cipher.java:2165)
> at com.novell.jcc.sockets.CipherSocketUtils.decryptData(y:492)
> at com.novell.jcc.server.JCCServerImpl.B(y:3088)
> at com.novell.jcc.server.JCCServerImpl.A(y:961)
> at com.novell.jcc.server.JCCServerImpl.H(y:751)
> at com.novell.jcc.server.JCCServerImpl.main(y:2294)
>
> May 07, 2019 1:12:55 PM com.novell.jcc.util.JCCSettings A
> INFO: Current settings
> rmiPort: 1197
> localMgmtPort: 1443
> localMgmtIP: 10.10.179.202
> remoteMgmtPort: 8444
> remoteMgmtIP: [10.10.109.200]
> jccProxyPort: 2483
> agProxyPort: 444
> sslvpnProxyPort: 3423
> healthFreq: 300
> statsFreq: 300
> remoteMgmtIPFreq: 3600
> externTomcatDir: /opt/novell/nam/mag
> secure: true
> --------------------
>
>
> I've tried re-pushing the config to no avail.
> IDP is up and running just fine


Have you tried simply restarting the jcc service? From memory, with these errors, reimporting the device is pretty much the only option.

> IDP and AG use the same GeoTrust Wildcard SSL cert, so I know the cert
> itself is fine. (and was working until recently)


The device manager stuff uses internal certs so thats not an issue there.


> AG 4.3.2.0-15
>
>



--
Cheers,
Edward
0 Likes
Knowledge Partner
Knowledge Partner

Re: NAM LAG - jcc java errors - final block not padded?

edmaa;2499537 wrote:
On 10-05-2019 4:44 AM, kjhurni wrote:
>
> I'm seeing this on my LAG (in the Admin Console shows "server is not
> reporting", which usually means a jcc problem).
>
> jcc log shows:
>
>
> Code:
> --------------------
> May 07, 2019 1:12:53 PM com.novell.jcc.server.JCCServerImpl H
> INFO: Starting JCC Server
> May 07, 2019 1:12:55 PM com.novell.jcc.util.JCCUtils logSevere
> SEVERE: AM#100706017: Exception - delete admin info failed
> com.novell.jcc.server.JCCServerImpl B
> Given final block not properly padded
> javax.crypto.BadPaddingException: Given final block not properly padded
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:989)
> at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:845)
> at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
> at javax.crypto.Cipher.doFinal(Cipher.java:2165)
> at com.novell.jcc.sockets.CipherSocketUtils.decryptData(y:492)
> at com.novell.jcc.server.JCCServerImpl.B(y:3088)
> at com.novell.jcc.server.JCCServerImpl.A(y:961)
> at com.novell.jcc.server.JCCServerImpl.H(y:751)
> at com.novell.jcc.server.JCCServerImpl.main(y:2294)
>
> May 07, 2019 1:12:55 PM com.novell.jcc.util.JCCSettings A
> INFO: Current settings
> rmiPort: 1197
> localMgmtPort: 1443
> localMgmtIP: 10.10.179.202
> remoteMgmtPort: 8444
> remoteMgmtIP: [10.10.109.200]
> jccProxyPort: 2483
> agProxyPort: 444
> sslvpnProxyPort: 3423
> healthFreq: 300
> statsFreq: 300
> remoteMgmtIPFreq: 3600
> externTomcatDir: /opt/novell/nam/mag
> secure: true
> --------------------
>
>
> I've tried re-pushing the config to no avail.
> IDP is up and running just fine


Have you tried simply restarting the jcc service? From memory, with these errors, reimporting the device is pretty much the only option.

> IDP and AG use the same GeoTrust Wildcard SSL cert, so I know the cert
> itself is fine. (and was working until recently)


The device manager stuff uses internal certs so thats not an issue there.


> AG 4.3.2.0-15
>
>



--
Cheers,
Edward


Thanks Edward.

Yes, restarted jcc (and the appliance) multiple times to no avail.

I'm trying to remember, but when doing the jcc-reimport (I think that's the name of the script, will have to dig through some really really old emails), does one also have to whack the AG device from the Admin Console?
0 Likes
Knowledge Partner
Knowledge Partner

Re: NAM LAG - jcc java errors - final block not padded?

kjhurni;2500015 wrote:
Thanks Edward.

Yes, restarted jcc (and the appliance) multiple times to no avail.

I'm trying to remember, but when doing the jcc-reimport (I think that's the name of the script, will have to dig through some really really old emails), does one also have to whack the AG device from the Admin Console?


Woohoo, got it working again.

Thank you for your help.

I followed this here to get the script names and whatnot:

https://www.netiq.com/documentation/access-manager-44/admin/data/t458oj7ilp2i.html
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.