Morning all, have a few production servers, and recently when I try to
stop a service, I am getting the following error;
./asadmin stop-domain production
NCLS-ADMIN-00010
NCLS-ADMIN-00010
CLI306: Warning - The server
located at /opt/payara5/glassfish/domains/production is not running.
No domains are currently
running.
Command stop-domain failed.
However, you can see that it is;
root@p1:/opt/payara5/bin# ps aux
|grep payara
root 17333 45.4 5.2 3109936
410412
pts/0 Sl 16:54 0:19
/usr/lib/jvm/java-8-openjdk-amd64/bin/java -cp
/opt/payara5/glassfish/modules/glassfish.jar
-XX:+UnlockDiagnosticVMOptions -XX:NewRatio=2 -Xmx512m
-Xbootclasspath/p:/opt/payara5/glassfish/lib/grizzly-npn-bootstrap-1.8.1.jar
-server
-javaagent:/opt/payara5/glassfish/lib/monitor/flashlight-agent.jar
-Djavax.xml.accessExternalSchema=all
-Djavax.net.ssl.trustStore=/opt/payara5/glassfish/domains/production/config/cacerts.jks
-Djdk.tls.rejectClientInitiatedRenegotiation=true
-Djdk.corba.allowOutputStreamSubclass=true
-Dfelix.fileinstall.dir=/opt/payara5/glassfish/modules/autostart/
-Dorg.glassfish.additionalOSGiBundlesToStart=org.apache.felix.shell,org.apache.felix.gogo.runtime,org.apache.felix.gogo.shell,org.apache.felix.gogo.command,org.apache.felix.shell.remote,org.apache.felix.fileinstall
-Dcom.sun.aas.installRoot=/opt/payara5/glassfish
-Dfelix.fileinstall.poll=5000
-Djava.security.policy=/opt/payara5/glassfish/domains/production/config/server.policy
-Djava.endorsed.dirs=/opt/payara5/glassfish/modules/endorsed:/opt/payara5/glassfish/lib/endorsed
-Dosgi.shell.telnet.maxconn=1
-Dfelix.fileinstall.bundles.startTransient=true
-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory
-Dfelix.fileinstall.log.level=2
-Djavax.net.ssl.keyStore=/opt/payara5/glassfish/domains/production/config/keystore.jks
-Djava.security.auth.login.config=/opt/payara5/glassfish/domains/production/config/login.conf
-Dfelix.fileinstall.disableConfigSave=false
-Dorg.glassfish.grizzly.DEFAULT_MEMORY_MANAGER=org.glassfish.grizzly.memory.HeapMemoryManager
-Dfelix.fileinstall.bundles.new.start=true
-Dcom.sun.aas.instanceRoot=/opt/payara5/glassfish/domains/production
-Dosgi.shell.telnet.port=6666 -Dgosh.args=--nointeractive
-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as
-Dorg.jboss.weld.serialization.beanIdentifierIndexOptimization=false
-Dosgi.shell.telnet.ip=127.0.0.1 -DANTLR_USE_DIRECT_CLASS_LOADING=true
-Djava.awt.headless=true
-Dcom.ctc.wstx.returnNullForDefaultNamespace=true
-Djava.ext.dirs=/usr/lib/jvm/java-8-openjdk-amd64/lib/ext:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext:/opt/payara5/glassfish/domains/production/lib/ext
-Djdbc.drivers=org.h2.Driver
-Dorg.glassfish.grizzly.nio.DefaultSelectorHandler.force-selector-spin-detection=true
-Djava.library.path=/opt/payara5/glassfish/lib:/usr/java/packages/lib/amd64:/usr/lib/x86_64-linux-gnu/jni:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/usr/lib/jni:/lib:/usr/lib
com.sun.enterprise.glassfish.bootstrap.ASMain -upgrade false -domaindir
/opt/payara5/glassfish/domains/production -read-stdin true
-asadmin-args
--host,,,localhost,,,--port,,,4848,,,--secure=false,,,--terse=false,,,--extraterse=false,,,--echo=false,,,--interactive=true,,,--autoname=false,,,start-domain,,,--verbose=false,,,--watchdog=false,,,--debug=false,,,--domaindir,,,/opt/payara5/glassfish/domains,,,production
-domainname production -instancename server -type DAS -verbose false
-asadmin-classpath /opt/payara5/glassfish/lib/client/appserver-cli.jar
-debug false -asadmin-classname com.sun.enterprise.admin.cli.AdminMain
-watchdog false
If I kill that PID, it will start and work fine again, but trying to see
what the issue is. I did see this in the logs on startup
"javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol
is disabled or cipher suites are inappropriate)" Looking at the keytool
and the cacerts file, there are a lot of certificates, 2 recently
expired, but I don't think I have ever generated, and believe that they
just came with the original download.
So, is there a new file I can just download, can I disable SSL
completely (and use secure-admin), as this is behind a load balancer
that does the SSL and talks direct via HTTP?
If I need to do anything else, feel free to suggest.
Thanks much!