Issue:
Upgrading the JRE version of the PowerChute Business Edition Agent via the JRE Configuration Tool runs as expected and the service/daemon is restarted successfully. A “Network Communications Lost” message appears in the PowerChute Business Edition Console after the service/daemon has been restarted.
Product Line:
PowerChute Business Edition versions 9.0, 9.0.1, 9.1.0, 9.0.2, 9.1.1, 9.0.3, 9.0.4, 9.2.0
Environment:
OS: Linux, Solaris, Windows x64, x86
Cause:
The latest release of Java JRE 8u60 (and greater) contains a security update which prevents communication between the PowerChute Business Edition Server and the PowerChute Business Edition Agent.
Solution:
After upgrading the Java JRE version to 8u60 (or greater), perform the following steps:
1. Stop the PowerChute Business Edition Agent service/daemon.
Windows:
net stop apcpbeagent
Linux:
/etc/init.d/PBEAgent stop
2. In the Powerchute JRE folder, open the file lib\security\java.security using a text editor.
Sample JRE locations –
Windows x86:
C:\Program Files\APC\PowerChute Business Edition\JreConfigTool\1.8.0_60
Windows x64:
C:\Program Files (x86)\APC\PowerChute Business Edition\JreConfigTool\1.8.0_60
Linux:
/usr/java/jre1.8.0_60 (Default Java JRE install directory)
Go to the line containing the jdk.tls.disabledAlgorithms setting and carry out the following:
Original:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
New:
jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 256
3. The following step needs to be carried out for PowerChute Business Edition Agent versions 9.0 and 9.0.1 if it is managed by a Powerchute Business Edition Console/Server.
In the Powerchute JRE folder, open the lib\security\java.security using a text editor.
Sample JRE locations –
Windows x86:
C:\Program Files\APC\PowerChute Business Edition\JreConfigTool\1.8.0_60
Windows x64:
C:\Program Files (x86)\APC\PowerChute Business Edition\JreConfigTool\1.8.0_60
Linux:
/usr/java/jre1.8.0_60 (Default Java JRE install directory)
Go to the line (should be at the end of the file) containing the jdk.tls.legacyAlgorithms setting and remove ‘RC_128,’ from it:
Original:
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
DH_RSA_EXPORT, RSA_EXPORT, \
DH_anon, ECDH_anon, \
RC4_128, RC4_40, DES_CBC, DES40_CBC
New:
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
DH_RSA_EXPORT, RSA_EXPORT, \
DH_anon, ECDH_anon, \
RC4_40, DES_CBC, DES40_CBC
4. Start the PowerChute Business Edition Agent service/daemon
Windows:
net start apcpbeagent
Linux:
/etc/init.d/PBEAgent start
Upgrading the JRE version of the PowerChute Business Edition Agent via the JRE Configuration Tool runs as expected and the service/daemon is restarted successfully. A “Network Communications Lost” message appears in the PowerChute Business Edition Console after the service/daemon has been restarted.
Product Line:
PowerChute Business Edition versions 9.0, 9.0.1, 9.1.0, 9.0.2, 9.1.1, 9.0.3, 9.0.4, 9.2.0
Environment:
OS: Linux, Solaris, Windows x64, x86
Cause:
The latest release of Java JRE 8u60 (and greater) contains a security update which prevents communication between the PowerChute Business Edition Server and the PowerChute Business Edition Agent.
Solution:
After upgrading the Java JRE version to 8u60 (or greater), perform the following steps:
1. Stop the PowerChute Business Edition Agent service/daemon.
Windows:
net stop apcpbeagent
Linux:
/etc/init.d/PBEAgent stop
2. In the Powerchute JRE folder, open the file lib\security\java.security using a text editor.
Sample JRE locations –
Windows x86:
C:\Program Files\APC\PowerChute Business Edition\JreConfigTool\1.8.0_60
Windows x64:
C:\Program Files (x86)\APC\PowerChute Business Edition\JreConfigTool\1.8.0_60
Linux:
/usr/java/jre1.8.0_60 (Default Java JRE install directory)
Go to the line containing the jdk.tls.disabledAlgorithms setting and carry out the following:
- Remove RC4 as a disabledAlgorithm
- Change DH keysize restriction from 768 to 256
Original:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
New:
jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 256
3. The following step needs to be carried out for PowerChute Business Edition Agent versions 9.0 and 9.0.1 if it is managed by a Powerchute Business Edition Console/Server.
In the Powerchute JRE folder, open the lib\security\java.security using a text editor.
Sample JRE locations –
Windows x86:
C:\Program Files\APC\PowerChute Business Edition\JreConfigTool\1.8.0_60
Windows x64:
C:\Program Files (x86)\APC\PowerChute Business Edition\JreConfigTool\1.8.0_60
Linux:
/usr/java/jre1.8.0_60 (Default Java JRE install directory)
Go to the line (should be at the end of the file) containing the jdk.tls.legacyAlgorithms setting and remove ‘RC_128,’ from it:
Original:
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
DH_RSA_EXPORT, RSA_EXPORT, \
DH_anon, ECDH_anon, \
RC4_128, RC4_40, DES_CBC, DES40_CBC
New:
jdk.tls.legacyAlgorithms= \
K_NULL, C_NULL, M_NULL, \
DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
DH_RSA_EXPORT, RSA_EXPORT, \
DH_anon, ECDH_anon, \
RC4_40, DES_CBC, DES40_CBC
4. Start the PowerChute Business Edition Agent service/daemon
Windows:
net start apcpbeagent
Linux:
/etc/init.d/PBEAgent start