Troubleshooting
You might encounter any of the following exceptions at startup:
TCRuntimeException: ... Wrong secret provided ?
The following exception indicates that the keychain file uses the default obfuscation scheme, but that the -O flag was not used with the keychain script:
com.tc.exception.TCRuntimeException:
com.terracotta.management.keychain.crypto.SecretMismatchException:
Wrong secret provided ?
Be sure to use the -O flag whenever using the keychain script.
No Configured SSL certificate
The following exception indicates that no SSL certificate was found for the server named "myServer":
Fatal Terracotta startup exception:
*********************************************************************
Security is enabled but server myServer has no configured SSL certificate.
*********************************************************************
Check that the expected SSL certificate was created for myServer and stored at the configured location.
IllegalStateException: Invalid cluster security configuration
This exception can occur when the security section in the Terracotta configuration file is not set up properly. However, this type of exception can also indicate problems elsewhere in the security setup. For example, an exception similar to the following can occur:
java.lang.IllegalStateException: Invalid cluster security configuration.
Unable to find connection credentials to server myOtherServer
This exception indicates that credentials cannot be found for the server named "myOtherServer". These credentials might be missing from or do not exist in the configured authentication source.
RuntimeException: Couldn't access a Console instance to fetch the password from!
This results from using "nohup" during startup. The startup process requires a console for reading password entry. You cannot run the startup process in the background if it requires manual password entry. For information on how to avoid having to manually enter the master keychain password, see
Reading the Keychain Master Password from a File.
TCRuntimeException: Couldn't create KeyChain instance ...
The keychain file specified in the Terracotta configuration cannot be found. Check for the existence of the file at the location specified in <keychain>/<url> or the property com.tc.security.keychain.url.
RuntimeException: Couldn't read from file ...
This exception appears just after an incorrect password is entered for an
encrypted keychain file.
RuntimeException: No password available in keyChain for ...
This exception appears if no keychain password entry is found for the server's certificate. You must explicitly
store the certificate password in the keychain file.
This exception can also appear if the resolved hostname or IP address is different from the one in the keychain entry:
tc://terracotta@localhost:9530 is the entry, but when the server configuration is read then
localhost is resolved to an IP address. The entry searched for becomes
tc://terracotta@<a.certain.ip.address>:9530.
tc://terracotta@<a.certain.ip.address>:9530 is the entry, but when the server configuration is read then
<a.certain.ip.address> is resolved to a host name. The entry searched for becomes
tc://terracotta@my.host.com:9530.
Two Active Servers (Split Brain)
Instead of an active-mirror 2-server stripe, both servers assert active status after being started. This exception can be caused by the failure of the SSL handshake. An entry similar to the following might appear in the server log:
2013-05-17 12:10:24,805 [L2_L2:TCWorkerComm # 1_W]
ERROR com.tc.net.core.TCConnection - SSL handshake error:
unable to find valid certification path to requested target, closing connection.
For each server, ensure that all keychain entries are accurate, and that the required certificates are available from the appropriate truststores.
No Messages Indicating Security Enabled
If servers start with no errors, but there are no messages indicating that security is enabled, ensure that the <servers> element contains secure="true" .