MFT Embedded servers are not starting in SOA suite 12.2..1.0.0

Issue –> Both the FTP and sFTP Embedded servers in Oracle MFT domain are not able to be started. When the start button is clicked, the embedded server status moves from Stopped to Failed.

Error –> 

[ERROR] [] [oracle.mft.COMMON] [tid: [ACTIVE].ExecuteThread: ’38’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: <anonymous>] [ecid: 0c70210eb-5a2e-471f-8132-94412facnjab-00000009,0:44] [APP: mft-app] [partition-name: DOMAIN] [tenant-name: GLOBAL] Embedded Servers initialization failed[[
MFTException [threadName=[ACTIVE] ExecuteThread: ’38’ for queue: ‘weblogic.kernel.Default (self-tuning)’, errorID=2185305d-2d6e-43ca-b745-d12f06cc7b5e, errorDesc=MFT-3601_Error while starting the hosted server {0} with root dir {1} and port {2}., cause=Exception creating DefaultSslConfiguration: Problem with Keystore creation. Keystore should not be null.]
at oracle.tip.mft.init.MFTServer.initEmbeddedServers(MFTServer.java:663)
at oracle.tip.mft.init.MFTServer.initialize(MFTServer.java:341)

Cause –> The Keystores were not configured for these servers. Oracle Managed File Transfer uses SSL and SSH keys for embedded server security and must be configured for FTPs and sFTP Embedded Servers.

Solution –> You will need to configure the SSL Keystore for your FTP server, and the SSH Keystore for your sFTP server.

After this is done, please restart your managed server and retry starting the embedded servers.

The steps to configure these have been copied below. Please note that you will need to connect to the MFT Host and Port with WLST for these commands to work.

Configuring the SSL Keystore

The default keystore is used for storing Oracle MFT SSL keys and certificates. To configure the default keystore, use WLST and the Oracle Managed File Transfer console.

The steps for this process are:

1. Start WLST 

2. Access the Oracle Platform Security Services key store service:

svc = getOpssService(name=’KeyStoreService’)
3. Create the SSL keystore:

svc.createKeyStore(appStripe='<StripeName>’, name='<StoreName>’, password='<StorePassword>’, permission=false/true)
4. Create the SSL keys:

svc.generateKeyPair(appStripe=’StripeName’, name=’StoreName’, password=’StorePassword’, dn=’cn=CompanyURL’, keysize=’1024′,alias=’Alias’, keypassword=’KeyPassword’)
For example:

svc.generateKeyPair(appStripe=’mft’, name=’mftDefaultStore’, password=’P@s$W0rd’, dn=’cn=www.mycompany.org’, keysize=’1024′,alias=’mftssl’, keypassword=’P@s$W0rd2′)
Specify mft as the stripe name and mftDefaultStore as the store name. Oracle Managed File Transfer uses these names by default. The store and key passwords are optional.

When securing the FTP server, you reference the SSL private key alias configured in this step. See the Certificate Alias description in FTPS (FTP Over SSL).

5. Exit WLST .

6. In the Oracle Managed File Transfer console, on the left pane of the Administration page, click Keystores.

7. If you specified key and store passwords in previous steps, you must enter them on this page. Enter the key password in the Private Key Password field and the store password in the Key Password field.

8. Click Save.

Configuring the SSL Keystore

The default keystore is used for storing Oracle MFT SSL keys and certificates. To configure the default keystore, use WLST and the Oracle Managed File Transfer console.

Configuring the SSH Keystore

To configure the SSH keystore, use WLST and the Oracle Managed File Transfer console.

The steps for this process are:

1. Start WLST.

2. Use the generateKeys WLST command to create a password-protected private SSH key. The key type is RSA and the key size is 1024 bits. For example:

generateKeys(‘SSH’, ‘P@s$W0rd’,’/export/ssh/ssh-pvt-keys.ppk’)
If you are an advanced user and want to set additional key parameters, you can use the ssh-keygen command instead. For example:

ssh-keygen -t rsa -b 2048 -f /export/ssh/ssh-pvt-keys.ppk -N P@a$W0rd

For more information about ssh-keygen, see ssh-keygen(1) – Linux man page.
The password is optional for either command.

3. Use the importCSFKey WLST command to import and create an alias for the key. For example:

importCSFKey(‘SSH’, ‘PRIVATE’, ‘mftssh’, ‘/export/ssh/ssh-pvt-keys.ppk’)

When securing the sFTP server, you reference the SSH private key alias configured in this step. See the Host Key Alias description in sFTP (SSH-FTP).
4. Exit WLST.

5. In the Oracle Managed File Transfer console, on the left pane of the Administration page, click Keystores.

6. If you specified a password in step 2, you must enter it in the SSH Private Key Password field.

7. Click Save.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s