F Troubleshooting BDSS

This appendix lists troubleshooting issues.

F.1 Exchange 2007 Connector Fails First-Time Synchronization


The first-time synchronization using the Exchange 2007 Connector fails with an error indicating Certificate chain received from <server> was not trusted causing SSL handshake failure, but subsequent synchronizations succeed.


BDSS terminates the synchronization if Oracle WebLogic Server loads a certificate store at run time that contains any certificates with a signature algorithm named SHA256withRSA. Beginning with JDK jdk1.6.0_13, the cacerts store has two certificates that have this signature algorithm. To prevent this error from occurring, you can first remove these certificates, which have aliases of ttelesecglobalrootclass2ca and ttelesecglobalrootclass3ca, using the keytool utility and then restart Oracle WebLogic Server. Alternatively, you can ignore this error.

Use the keytool utility to remove certificates as follows:


The commands included in these instructions assume the default store (typically located in <JDK>\jre\lib\security and password.
  1. Use the following command to list the certificates in the cacerts store. Note all of the aliases with entries containing Signature algorithm name: SHA256withRSA.

    keytool -list - v -keystore cacerts -storepass changeit
  2. For each alias obtained from Step 1, use the following command to remove the certificates from the store:

    keytool -delete -keystore <keystore file name> -alias <certificate alias name> -storepass <store pass phrase>

    For example, enter

    keytool -delete -keystore cacerts -alias ttelesecglobalrootclass2ca -storepass changegit


You can also ignore this error if it occurs one time after the start of Oracle WebLogic Server and the start of a synchronization session. User synchronization fails when BDSS issues the error, but subsequent synchronization sessions do not fail.