Automic Community

Expand all | Collapse all

Latest java release on 9.2.2

  • 1.  Latest java release on 9.2.2

    Posted 01-17-2019 05:10 PM

    anyone attempt to upgrade java to 8u201 yet? I have on a few servers and workstations and after doing so those users were unable to login to the program. it was throwing an rmi server error.

    I have downgraded some of them to 8u191 and they were able to get in. 191 was starting to prompt to be updated else I would of left it as is for the time being.

    thank you!



  • 2.  Re: Latest java release on 9.2.2

    Posted 01-18-2019 11:18 AM

    Hi ChrisFonger611023,

     

    It look like other users have also reported this to support, seem like the 201 update of Java have some new configuration change in which it is not supported with Applications Manager.

     

    It look like beside "downgrading" java there is one other workaround, mentioned in this Knowledge Article: Applications Manager connection error after instal - CA Knowledge 



  • 3.  Re: Latest java release on 9.2.2

    Posted 01-23-2019 12:34 PM

    Luu,

    I looked at that knowledge article that referenced " jdk.tls " Java security variable.  Reviewed it on client PC and remote agent server and saw no reference to the "NULL"/"anon" parameter values but we still had to roll back our JAVA versions as indicated.  Please advise.

     

    Thank you.

     

    Clifford Dawkins



  • 4.  Re: Latest java release on 9.2.2

    Posted 01-23-2019 01:50 PM

    Hi Clifford,


    Within the Java.security file, there is a section call:   "Jdk.tls.disableAlgorithms" what you are looking at is the "jdk,tls.lagacyAlgorithms" from the screenshot.

     

    If you look at the "jdk.tls.diabledAlgorithms" section in the java.security file there will be reference about what was mention in the KE.

     

     

     

    The AM technician here had upgraded their Java and a comparison of the old version and new, this was one of the changed we had noticed.  Other customer who has experience this, has removed those two parameter mentioned/highlighted and have reported it working.  Let us know if you are not able to find the jdk.tls.disabledalgorithms  section on your java security file (on the java 8_201 you upgraded to).



  • 5.  Re: Latest java release on 9.2.2

    Posted 01-23-2019 02:03 PM

    Thanks for responding Luu,

    I will have an admin review but we'll likely just "roll back" Java till

    AM 9.3 available. 

     

    Clifford



  • 6.  Re: Latest java release on 9.2.2

    Posted 01-18-2019 11:18 AM

    Yeah, we had one server get updated to 201 last night during regular patching and services would not come back up. We eventually traced it back to 201, and rolled back to 192 to fix. I let our server guys know not to push 201 out to any of our other servers.



  • 7.  Re: Latest java release on 9.2.2

    Posted 01-24-2019 10:42 AM

    We are on AM 9.1.3 and just encountered the same issue with java 8u202.  It was just on our client workstations, though.  We had to roll back to the previous version we were on.  The error message referenced cipher suites and we could not log into the client. 

     

    Thank you,

    Dominic



  • 8.  Re: Latest java release on 9.2.2

    Posted 01-24-2019 10:53 AM

    Hi DominicAloi607137,

     

    Yes, this is a known issues as Oracle Java had made changes for version 8_201, 8_202... The only options currently available at the moment is to rollback the Java upgrade or used what was discussed in the Knowledge article regardign the jdk.tls.disableAlgorithms (link below):

     

    Applications Manager connection error after instal - CA Knowledge 



  • 9.  Re: Latest java release on 9.2.2

    Posted 01-28-2019 09:46 AM

    Could you clarify a little on the reason that the software is incompatible with the security changes in Java 8 update 201? Does this mean that the software is always talking with either the anon or null cipher suite in Java? From a security perspective, these are considered weak/broken cipher suites and these are generally disabled by default in most web solutions (which is why Java is now disabling them as well). Is there a timeframe for when the next release will be available that will support proper encryption and allow us to apply this new version of Java without a workaround to re-enable these weak ciphers?



  • 10.  Re: Latest java release on 9.2.2

    Posted 01-28-2019 08:18 PM

    Hi Kevin,

     

    This does not mean that the software is always talking with either anon or null cipher suites. It's more likely that it is used at some point during the handshake or partially for communication. However, because the problem has only been brought to our attention recently with the new Java update, our team is still reviewing the issue for an RCA and solution. The specifics and time frame for a fix will be provided as soon as our review is complete.

     

    Regards,

    Phearith Mao



  • 11.  Re: Latest java release on 9.2.2

    Posted 01-29-2019 08:33 AM

    Is there a plan/date for a patch/release to resolve this issue ?

    Thanks.



  • 12.  Re: Latest java release on 9.2.2

    Posted 02-04-2019 12:32 PM

    Hi ChristopherJ.Mills609947 

     

    Currently look to be projected with the upcoming 9.3 release in March. 



  • 13.  Re: Latest java release on 9.2.2

    Posted 03-12-2019 01:38 PM

    I was told that the release of 9.3 is tentative for the 22nd of March.  The release will have a documentation update but no change to fix this.  So basically you will have 2 workarounds and 1 solution.

    Workaround 1 = don't upgrade java.

    Workaround 2 = modify the java.security file on each client machine.

    or

    Solution = create a user_kesystore and user_keystore_config file and copy both files to the master, all agents and all client machines.

    None of these fixes are ideal.



  • 14.  Re: Latest java release on 9.2.2

    Posted 03-14-2019 12:17 PM

    I was told earlier this week that 9.3 would be coming out today 3/14.   When did you get your information?



  • 15.  Re: Latest java release on 9.2.2

    Posted 03-14-2019 01:11 PM

    Tech support told me 2 days ago on the 12th.

    The release date for version 9.3 is sometime around March 22 at this point.

     

    The main take away that I got is that the issue is not being fixed.  We are being provided with 3 workarounds with one of them being called a solution.