|
|
The Release Notes/Knows Issues list all the deviations from specification you may encounter when installing and running Guardian.
This problems affects Guardian activations of WebLogic Server 9.0 domains only (not subsequent 9.x versions).
Due to an error in WebLogic Server 9.0, the automatic deployment of the Guardian Agent during domain activation does not work. The result is that you have to manually deploy the Guardian Agent to the Administration Server and all Managed Servers before you can evaluate WLS 9.0 domains.
For an overview of how to deploy the Guardian Agent manually, see the Manually Deploy Guardian Agent document. For more information on installing and starting web applications, go to the BEA eDocs website:
These problems affect Guardian evaluations of WebLogic Server 9.0 domains only (not subsequent 9.x versions).
Due to an error in WebLogic Server 9.0, Guardian is unable to determine what patches have been installed. Some of Guardian's signatures depend on being able to identify what patches you have to determine what patches you may still need. The result is that Guardian may falsely report that you need certain patches when you already have them. In order for Guardian to evaluate WLS 9.0 domains properly, please contact BEA Support to get the patch for CR236877.
Due to an error in WebLogic Server 9.0, Guardian is unable to collect Java Management Extensions (JMX) data from the Managed Servers in multi-server domains. Although data is available for the Administration Server, some of Guardian's signatures depend on data gathered from all the servers in a multi-domain environment. The result is that Guardian may miss potential problems that it would have otherwise detected. In order for Guardian to evaluate WLS 9.0 domains properly, please contact BEA Support to get the patch for CR297395.
The patch to fix CR297395 revealed another error in WebLogic Server 9.0 that also causes difficulties for Guardian in evaluating multi-server domains. In order for Guardian to evaluate WLS 9.0 domains properly, please contact BEA Support to get the patch for CR297411.
Due to an error in WebLogic Server 8.1 Service Pack 6 and 7, Guardian's domain activation can cause a Java NullPointerException error to be logged to the WLS console. The domain still activates successfully, though. This error is due to Guardian running a ServerRuntime.getClusterRuntime() operation on a server that does not belong to a cluster. To stop this error from being logged, please contact BEA Support to get the patch for CR284362.
Please note that Guardian uses 128 bit open source encryption for SSL. Using this level of encryption may require you to take additional action to be in compliance with your country's import requirements.
In order to use SSL with strong encryption, you must copy the license.bea file from your WebLogic Server installation directory to your Guardian installation directory. That is, the same directory where the guardian.exe executable resides, which you specified when you installed Guardian. If there's more than one license.bea, make sure you select the one that has a component field containing the word, domestic; for example, component="Encryption/Domestic", or component="SSL/Domestic"
Guardian does not support Secure Sockets Layer (SSL) encryption on WebLogic Server version 8.1 with Service Pack 2. Prior versions of WebLogic Server 8.1 are also not supported. This limitation is due to differences in the jdk javax.crypto.Cipher package in the jdk. In order for Guardian to use SSL, please upgrade to WebLogic Server version 8.1 Service Pack 3 or above.
Activating a domain using SSL with a certificate that is signed by a non-standard certificate authority incurs an exception and fails. The error message is:
ERROR DomainActivationWizard [ModalContext] :
ControllerException com.bea.guardian.controller.ControllerException:
GuardianEngineException thrown. at
com.bea.guardian.controller.ControllerImpl.activateDomain(Unknown Source) at
com.bea.support.guardian.ui.wizards.DomainActivationWizard$ActivateDomain$1.run (Unknown Source) at
org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:113)
Caused by: com.bea.guardian.collection.CollectionException:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
A non-standard certificate authority can be trusted once the root certificate of the non-standard certificate authority has been imported into the cacerts file. If you are using SSL for Guardian and have your own Trusted Authority, you must import the root certificate into your cacerts. Following are the steps to import your Trusted Root Certificate:
Your cacerts file is located in <JRE_INSTALL>/jre##.##/lib/security/cacerts. To find the location of your JRE install, start Guardian, go to Help>About BEA Guardian and click the Configuration Details button. That will display the java.home that points to your JRE install directory.
Download your Trusted Root Certificate (obtained by your Administrator) and place it in the same directory as the cacerts. Example: <JRE_INSTALL>/jre##.##/lib/security/myroot.pem.
Run the <JRE_INSTALL>/jre##.##/bin/keytool command to import your Trusted Root Certificate into the cacerts.
Example: keytool -import -v -file myroot.pem -keystore "<JRE_INSTALL>/jre##.##/lib/security/
cacerts" -storepass changeit -alias myroot
For more information about the keytool command, please go to:
http://docs.sun.com/app/docs/doc/817-0798/6mgisnq6m?a=view
Restart Guardian and activate your domain.
Guardian does not use Secure Sockets Layer (SSL) encryption to install the Guardian Agent on the domain during domain activation, even if you select the https:// protocol in the Domain Activation Wizard. The other parts of the domain activation do use SSL. Please note that no user data is transmitted when installing the Guardian Agent.
One-way SSL sets up a secure connection between a web server and client by requiring the server to present a digital certificate to its clients and by encrypting the data passed between the client and server. It provides authentication of the server, but not the client. With two-way SSL, the server presents a digital certificate to the client, as with one-way SSL. But with two-way SSL, the client must also present a digital certificate to the server before the SSL session is established.
The Evaluation Summary display is blank in Linux when Mozilla is not installed. You can still use another browser, such as Firefox, but you need to have Mozilla installed.
On Linux, Eclipse seems to expect to find some libraries that are a part of Mozilla for rendering HTML/XML. This is releated to Eclipses' use of native libraries for rendering widgets and controls. If you encounter this issue, please take the following steps to resolve it:
The Guardian icons are not displayed on the Welcome Page when Internet Explorer Version 7 is your default browser. To enable hypertext links in the Welcome Page and editor report pages, Guardian inherits certain attributes from your default browser. With IE7 and Eclipse 3.1 (on which Guardian is based), this leads to problems with the Welcome Page display.
Guardian on both Windows and Linux requires write access to temp directories. On Windows, the \temp directory of the drive where you installed installed Guardian needs to be write enabled for Guardian to operate properly. In Linux, the /tmp directory needs to be write enabled. This is particularly important when using Guardian to create BEA support cases.
When Guardian starts, it prompts you for the workspace folder with the "Select Workspace" dialog box. If you click the "Browse" button to select a folder for the workspace, Guardian opens the "Browse for Folder" dialog box. If you then click the "Make New Folder" button and type in a new folder name, that name is not displayed in the "Folder:" text box. However, the new folder you typed in has been selected. If you click the "OK" button, the new folder you just created will be displayed as the workspace in the "Select Workspace" dialog box.
If Guardian fails to run remotely, the error message is not very informative. If you copy a Guardian installation directory to a remote machine's shared folder and try to run it and it fails (for example, due to insufficient privileges), the error message is "An error has occurred, see the log file, [log file path]". But the log file does not contain any additional information. Please note that you can run Guardian from a remote machine's shared folder, you just need to make sure you have write access to the workspace directory you specify.
|