BEA WebLogic Server and WebLogic Express 8.1 Messages

Security Subsystem Messages

The Security1.0 catalog contains messages in the range BEA90000 - BEA100000. Messages in this catalog are part of the weblogic.security Internationalization package and the weblogic.i18n Localization package.

BEA-090000

Error: Unsupported circular group definition, arg0.

Description	Circular groups are not supported because they cause the server to loop endlessly when any method attempts to traverse the group tree graph.
Cause	Unsupported Feature.
Action	Do not define circular groups.

BEA-090001

Error: Failed to broadcast LoginFailureRecord to the other cluster servers, arg0.

Description	The failure to broadcast a login failure to all the servers in a cluster means that some of the servers have one less invalid login attempt recorded for a particular user. This difference effects how quickly the user account is locked on those servers.
Cause	IO Exception.
Action	For more information on how the invalid login attempts are handled, see the security documentation at http://e-docs.bea.com.

BEA-090002

Error: Failed to broadcast unlock user arg0 to the other clustered servers.\narg1

Description	Because all the servers in a cluster did not receive the unlock user message, the user may not be able to login to some servers in the cluster if the user attempts a login before the expiration of the LockoutDuration period. Explicitly unlocking the user account using the Administration Console results in another attempt to broadcast the unlock user message to the entire cluster.
Cause	IO Exception.
Action	For more information on how locked user account lockouts are handled, see the security documentation at http://e-docs.bea.com.

BEA-090003

Warning: Problem with native crypto acceleration switching to pure Java.

Description	Problem with native crypto acceleration switching to pure Java.
Cause	None.
Action	No action required.

BEA-090004

Warning: Problem closing enumeration : arg0.

Description	Unexpected exception occurred while closing an enumeration.
Cause	Unexpected exception.
Action	Review the exception message in the log message and see if the message identifies the cause of the exception.

BEA-090010

Warning: ACL arg0 contains non-existent principal arg1 - ignoring principal.

Description	An ACL contains an entry for a principal that does not exist, the principal is ignored.
Cause	The principal contained in the ACL does not exist.
Action	Modify the ACL and remove the principal.

BEA-090020

Info: User lockout expired, unlocking user arg0.

Description

user arg0 has been locked out for the specified lockout time. The user has been unlocked and can login again.

BEA-090021(retired)

Info: Locking account, user arg0.

Description	Locking account, user arg0.
Cause	The user exceeded the number of invalid login attempts defined for the Lockout Threshold and the Lockout Reset Duration attributes. Therefore, the user account is locked.
Action	For information about unlocking user accounts, see the security documentation at http://e-docs.bea.com.

BEA-090022

Info: Explicitly unlocked, user arg0.

Description	A locked user account was explicitly unlocked using the Administration Console.
Action	For information about unlocking a user account, see the security documentation at http://e-docs.bea.com.

BEA-090030

Info: Switched to Group arg0.

Description

Thread group identity has been switched to a different group.

BEA-090031

Error: Failed to Switch to Group arg0.

Description	The server failed to switch the operating system level group identity.
Cause	The current process lacks the operating system permissions needed to switch the group identity.
Action	Contact the system administrator.

BEA-090032

Info: Switched to User arg0.

Description

The thread user identity has been switched to a different user.

BEA-090033

Error: Failed to Switch to User arg0.

Description	The server failed to switch the operating system level user identity.
Cause	The current process lacks the operating system permissions needed to switch user identity.
Action	Contact the system administrator.

BEA-090034

Emergency: Not listening for SSL, arg0.

Description	The server failed to start the SSL listen thread.
Cause	An IOException was thrown when creating the SSL listen thread.
Action	Read the exception text for more help on diagnosing the problem. Contact the system administrator.

BEA-090035(retired)

Info: Not listening on administrative port, arg0.

Description

Not listening on administrative port, arg0.

BEA-090036(retired)

Info: Read access denied for package: arg0.

Description

Read access denied for package: arg0.

BEA-090037(retired)

Info: Write access denied for package: arg0.

Description

Write access denied for package: arg0.

BEA-090038

Info: Checking User arg0 for Permission arg1 arg2.

Description

Checking User arg0 for Permission arg1 arg2.

BEA-090039

Info: Access failed (Thread = arg0), caused arg1.

Description

Access failed (Thread = arg0), caused arg1.

BEA-090040

Warning: The File realm contains more users than the maximum specified. Maximum = arg0, currently have arg1.

Description	The File realm contains more users than the maximum specified in the Max Users attribute.
Cause	The File realm sets a limit on the maximum number of supported users. The system has exceeded that limit.
Action	Raise the value of the Max Users attribute.

BEA-090041

Warning: The File realm contains more groups than the maximum specified. Maximum = arg0, currently have arg1.

Description	The File realm contains more groups than the maximum specified in the Max Groups attribute.
Cause	The File realm sets a limit on the maximum number of supported groups. The system has exceeded that limit.
Action	Raise the value of the Max Groups attribute.

BEA-090042

Warning: The File realm contains more ACLs than the maximum specified. Maximum = arg0, currently have arg1.

Description	The File realm contains more ACLs than the maximum specified in the Max ACLs attribute.
Cause	The File realm sets a limit on the maximum number of supported ACLs. The system has exceeded that limit.
Action	Raise the value of the Max ACLs attribute.

BEA-090043

Warning: Group arg0 should exist but doesn't.

Description	Referenced group does not exist.
Cause	When adding members to a group, the specified group was not found.
Action	Verify that the group is defined in the fileRealm.properties file or in the Groups tab of the Administration Console.

BEA-090044

Warning: Principal arg0 does not exist and therefore cannot be added to group arg1.

Description	Unable to add a principal that does not exist to group.
Cause	When specifying group members, a principal that does not exist was specified.
Action	Add the specified principal to a security realm.

BEA-090045

Warning: Permission arg0 does not exist.

Description	Permission arg0 does not exist.
Cause	When loading ACLs, the specified permission was not found.
Action	Verify that the ACL and the permission are specified correctly.

BEA-090046

Warning: ACL arg0 does not exist.

Description	Unable to lookup an ACL entry that does not exist.
Cause	When loading ACLs, the specified permission was not found.
Action	Verify that the ACL is specified correctly.

BEA-090047

Warning: Principal arg0 does not exist thus cannot be added to ACL arg1.

Description	The principal does not exist and therefore cannot be added to an ACL.
Cause	The principal specified in the ACL does not exist in any security realm.
Action	Add the principal to a security realm.

BEA-090048

Warning: Made an in-memory only change to the File realm.

Description	Changes have been made to the File realm on a Managed server and these changes can only be made in memory.
Cause	Changes made to the File realm cannot be written to filerealm.properties.
Action	Make the changes on the Admin server and the changes are propagated to the Managed servers.

BEA-090049

Warning: System user arg0 does not exist, creating it.

Description	If the system user is not present in any security realm, then it is created automatically with the password of the username that logged into the system.
Cause	The system user is required.
Action	Ensure the system user was created in a security realm before booting the server.

BEA-090050(retired)

Warning: Guest user does not exist, creating it.

BEA-090051

Error: Error creating security runtime management.

Description	During the initialization of the security service, the MBean for security failed to initialize.
Cause	During initialization, the security runtime registers with the OAM infrastructure. If this process fails, a management exception is thrown.
Action	Verify that the user booting the server is a member of the admin group.

BEA-090052

Critical: Server installed as Windows NT service with incorrect password for user arg0; The password may have been changed since the server was installed as a Windows NT Service. Contact the Windows NT system administrator.

Description	User authentication failed; contact the Windows NT system administrator.
Cause	The server is incorrectly configured as Windows NT service.
Action	Contact the Windows NT system administrator.

BEA-090053(retired)

Emergency: Authentication failure - enter the password to boot WebLogic server again.

Description	Authentication for user denied; enter the correct password.
Cause	The password entered in a command-line argument or in the password.ini file is incorrect.
Action	Enter the correct password.

BEA-090054(retired)

Info: Getting boot password from user.

Description

Password for booting WebLogic server is incorrect or missing. Successfully obtained password from user.

BEA-090055

Warning: The LDAP realm V1 is deprecated. Please use the LDAP realm V2.

Description	There are two different LDAP security realms, LDAP realm V1 and LDAP realm V2. WebLogic Server also provides LDAP Authentication providers. Upgrade to the newer LDAP security realm or to one of the LDAP Authentication providers.
Cause	The LDAP realm V1 is deprecated and will be removed in a future release.
Action	Use LDAP realm V2 or one of the LDAP Authentication providers.

BEA-090056

Notice: User userName hadnumAttempts, locking account for lockoutDuration minutes.

Description	Too many invalid login attempts have been made for this user account. The user account is locked until the Lockout Duration expires.
Cause	User exceeded the value of Lockout Threshhold attempts within the period of time specified in the Lockout Reset Duration attribute. The user account is locked.
Action	For more information about protecting user accounts, see the security documentation at http://e-docs.bea.com.

BEA-090057

Error: Default Security Audit Provider Error Exception arg0

Description	An exception occurred in the WebLogic Auditing provider while attempting to write an Audit Record
Cause	An Audit Log File exception occurred.
Action	Check errors or access permissions for the DefaultAuditRecorder.log file.

BEA-090058

Error: A Security Provider Exception occurred in a non-default AuditProvider arg0

Description	See the error logging information for the Auditing provider for details.
Cause	A Security exception occurred during an audit write event.
Action	Check errors or access permissions for the Auditing provider.

BEA-090059

Warning: The "accessDecisionClassName" AccessDecision class encountered an invalid Principal while attempting to check access to a WebLogic resource. Error: e

Description	Access to a WebLogic resource is denied because the Principal that was previously successfully authenticated no longer is a valid Principal. Access to the requested WebLogic resource is denied.
Cause	It is possible for this error to occur if a user has been deleted from a security realm while that user is still active.
Action	If the user was mistakenly removed from the security realm, define them in the security realm again. Otherwise, no action is needed.

BEA-090060

Error: The AccessDecision class "accessDecisionClassName" returned an error: e.

Description	While attempting to check access to a WebLogic resource, an AccessDecision returned an exception.
Cause	There are multiple possible causes.
Action	Carefully read the returned error to determine if any action is required.

BEA-090061

Error: The RoleMapper class "roleMapperClassName" returned an error: e.

Description	While attempting to return a list of security roles, a Role Mapping provider returned an exception.
Cause	There are multiple possible causes.
Action	Carefully read the returned error to determine if any action is required.

BEA-090062

Error: The UserProfiler class "userProfilerClassName" returned an error: e.

Description	While attempting to return a user profile, a User Profiler returned an exception.
Cause	There are multiple possible causes.
Action	Carefully read the returned error to determine if any action is required.

BEA-090063

Error: The DeployableRoleProvider class "deployableRoleProviderClassName" returned an error: e.

Description	While attempting to deploy, redploy, or undeploy a security role, a deployable Role Mapping provider returned an exception.
Cause	There are multiple possible causes.
Action	Carefully read the returned error to determine if any action is required.

BEA-090064

Error: The DeployableAuthorizationProvider class "deployableAuthorizationProviderClassName" returned an error: e.

Description	While attempting to deploy, redploy, or undeploy a security policy, a deployable Authorization provider returned an exception.
Cause	There are multiple possible causes.
Action	Carefully read the returned error to determine if any action is required.

BEA-090065

Info: Getting boot identity from user.

Description	The identity used for booting WebLogic server is incorrect or missing. Obtained identity from user.
Cause	The boot identity not provided by command-line argument or a problem exists with the boot.properties file.

BEA-090066

Warning: Problem handling boot identity. The following exception was generated: exception

Description	An unexpected exception occurred during the handling of boot identity.
Cause	Security permissions are not correct.
Action	Contact the system administrator.

BEA-090067

Info: User lockout expired, unlocking user arg0 in security realm arg1.

Description	User lockout expired, unlocking user.
Cause	The period of time specified for the Lockout Duration attribute has expired for this user account. The user account was locked for exceeding the number of invalid login attempts specified in the Lockout Threshold attribute within the period of time specified in the Lockout Reset Duration attribute.

BEA-090068(retired)

Info: Explicitly unlocked user arg0 in security realm arg1.

Description	Explicitly unlocked user.
Cause	A locked user account was explicitly unlocked using the Administration Console.
Action	For more information about unlocking user accounts, see the security documentation at http://e-docs.bea.com.

BEA-090069(retired)

Error: Failed to broadcast LoginFailureRecord for user arg0 in security realm arg1 to the other cluster servers, arg2.

Description	The failure to broadcast the login failure to other servers in a cluster means that the servers have one less invalid login attempt recorded for this user. Therefore, the user account may not be locked on all servers in a cluster at the same time.
Cause	IOException
Action	For more information, see the security documentation at http://e-docs.bea.com.

BEA-090070

Error: Failed to broadcast unlock user arg0 in security realm arg1 to the other cluster servers, arg2.

Description	Because not all servers in a cluster receive this message at the same time, the user may not be able to login to other servers in the cluster before the expiration of the Lockout Duration period. Unlocking the user account through the Administration Console results in another attempt to broadcast the unlock user message.
Cause	IOException
Action	For more information about unlocking user accounts, see the security documentation at http://e-docs.bea.com.

BEA-090071(retired)

Info: Locking user arg0 in security realm arg1.

Description	The user account has exceeded the number of invalid login attempts specified in the Lockout Threshhold attribute within the period of time specified in the Lockout Reset Duration attribute. The user account is locked in this security realm.
Action	For more information about protecting user accounts, see the security documentation at http://e-docs.bea.com.

BEA-090072

Critical: Boot problem with filter rules. The reason was: e. The problem is in the rules for the connection filter.

Description	A parse exception occurred while reading the filter rules for a connection filter.
Cause	Rules for the filter are possibly corrupted.
Action	Contact the system administrator and have the rules corrected.

BEA-090073

Warning: Problem with updating filter rules. The reason was: e. The problem is in the rules for the connection filter. The rules will not be updated in the repository.

Description	A parse exception occurred while trying to update the rules for a connection filter.
Cause	Rules for the filter are incorrect.
Action	Correct the offending rules.

BEA-090074

Info: Initializing arg0 provider using LDIF template file arg1.

Description	The security provider has not had its LDIF information loaded. An attempt is made to load the LDIF information.
Cause	Either this is the first time this security provider has been initialized or the marker file indicating initialization (with a .initialized extension) has been removed from the system.
Action	Look for a matching LoadedLDIFFForProvider message which indicates the successful loading the LDIF information for this security provider.

BEA-090075

Info: The arg0 provider has had its LDIF information loaded from: arg1

Description	Successfully loaded LDIF for this security provider.
Cause	The provider was requested to import data.

BEA-090076

Notice: A failure occurred attempting to load LDIF for provider arg0 from file arg1.

Description	A failure occurred attempting to load LDIF for provider arg0 from file arg1. The exception is e.
Cause	An exception occurred attempting to open a temporary file as part of the load process.
Action	Examine the exception and correct the cause.

BEA-090077

Info: A failure occurred attempting to create arg1 for the arg0 provider had been loaded. The exception is arg2.

Description	A successful load of the LDIF information for provider arg0 occurred. While attempting to write the marker file arg1 indicating the successful loading of the LDIF information, an exception occurred: arg2
Cause	Read the exception.
Action	Take appropriate action to keep the exception from happening again. The marker file can be created manually.

BEA-090078

Notice: User userName in security realm realmName has hadnumAttempts, locking account for lockoutDuration minutes.

Description	Invalid login attempts exceeded the value set for this user account. The user account is locked until the Lockout Duration period expires.
Cause	User exceeded the number of invalid login attempts specified in the Lockout Threshhold attribute within the period of time specified in the Lockout Reset Duration attribute. The user account is locked.
Action	For more information, see the security documentation at http://e-docs.bea.com.

BEA-090079

Error: Failed to broadcast LoginFailureRecord for security realm arg0 to the other cluster servers, arg1.

Description	The failure to broadcast the login failure to the other servers in the cluster means the servers have one less recorded invalid login attempt for this user. This affects how quickly the user is locked out on the other servers in a cluster.
Cause	IO Exception.
Action	For more information, see the security documentation at http://e-docs.bea.com.

BEA-090080

Info: The Server Private Key for server arg0 was found in SSL.ServerKeyFileName.

Description	The server is using the private key specified in the Server Key File Name attribute.
Action	For more information, see the security documentation at http://e-docs.bea.com.

BEA-090081(retired)

Error: The server was unable to find the SSL configuration.

Description	The server is not configured to use SSL but is attempting to obtain SSL configuration information.
Action	For more information on SSL configuration, see the security documentation at http://e-docs.bea.com.

BEA-090082

Notice: Security initializing using security realm arg0.

Description	This message is displayed when the security subsystem is initializing during server startup. This message logs the default configured security realm arg0.
Cause	This message is for informational purposes.
Action	Verify the correct security realm is configured.

BEA-090083

Notice: Storing boot identity in the file: file

Description	The security system is storing the boot identity in the specified file either because the appropriate command-line argument was passed in or because the server generated a default config.xml file based on user input.
Cause	This message is for informational purposes.
Action	Do not delete this file if you want the server to continue to boot without prompting for username and password.

BEA-090084

Emergency: Server failed to bind to the configured Admin port. The port may already be used by another process.

Description	The Admin listen port was not opened successfully. As a result the admin port cannot be used to administer the server via the Administration Console or other Administration clients.
Cause	Most likely another process is using the Admin port thus causing a port conflict.
Action	Inspect the log file for messages that identify the reason that the Admin listen port could not be opened.

BEA-090085

Emergency: Server failed to bind to the configured port. The port may already be used by another process.

Description	None of the listen ports were opened successfully. As a result the listen or admin port cannot be used.
Cause	Most likely another process opened the port thus causing a port conflict.
Action	Inspect the log file for messages that identify the reason why none of the listen ports could be opened.

BEA-090086(retired)

Emergency: An SSL issue prevented the server from opening the Admin port. As a result the Admin port cannot be used to manage the server via the Administration Console and other Administration clients. The SSL error was: arg0

Description	An SSL issue prevented the server from opening the Admin port. As a result the Admin port cannot be used to manage the server via the Administration Console and other Administration clients.
Cause	Most likely another process opened the Admin port thus causing a port conflict.
Action	Inspect the log file for messages that identify the reason why none of the listen ports could be opened.

BEA-090087

Emergency: Server failed to bind to the configured Admin port. The port may already be used by another process.

Description	None of the listen ports were opened successfully. As a result the Admin port cannot be used to manage the server via the Administration Console and other Administration clients.
Cause	Most likely another process opened the Admin port thus causing a port conflict.
Action	Inspect the log file for messages that identify the reason why none of the listen ports could be opened.

BEA-090088

Warning: Private Key keystore alias is not specified in the SSL configuration of server arg0, security realm arg1. Assuming 6.x private key configuration. Loading the private key from a file.

Description	In order to use secure communication, SSL must be initialized with the private key of the server. The private key can be stored in either a keystore or a file. If a keystore alias is not specified, the server assumes this configuration is a 6.x configuration and it looks for the private key in a file.
Cause	The keystore alias is not specified in the Server Private Key Alias attribute.
Action	Set the Server Private Key Alias attribute with the alias used to load the private key of the server into the keystore.

BEA-090089

Notice: SSL did not find the passphrase for the private key of the server on server server for security realm realm. This may cause an error when SSL attempts to load the private key of the server.

Description	In order to use secure communication, SSL must be initialized with the private key of the server which is stored in a keystore secured by its own passphrase. SSL did not find a configured private key passphrase.
Cause	Either the Server Private Key PassPhrase attribute is not set or the Identity PassPhrase attribute is not set.
Action	If a passphrase is required to retrieve the private key from a keystore, set the Server Private Key PassPhrase attribute.

BEA-090090(retired)

Error: An unexpected exception was thrown while trying to load SSL configuration data on server arg0 for security realm arg1.

Description	An unexpected exception was thrown while SSL was trying to access its private key configuration data.
Action	Review the documentation on the keyStore and SSL configuration. Verify that the private key alias and passphrase were configured correctly. For more information, see the security documentation at http://e-docs.bea.com.

BEA-090091

Error: SSL was unable to get a required Security Service.

Description	An unexpected exception was thrown while SSL was attempting to obtain a Security service.
Cause	A security service was requested, but no value was returned.
Action	It is likely the server's configuration has been corrupted. Restore the configuration files from backup. For more information, see the security documentation at http://e-docs.bea.com.

BEA-090092(retired)

Notice: SSL will load trusted CAs from the JDK cacerts keyStore: arg0 for security realm arg2 on server arg1.

Cause	A trusted CA keystore was not configured, so SSL will load the set of trusted CAs from the JDK cacerts keystore.
Action	To use trusted CAs other than the ones specified in the JDK cacerts keystore, configure a trusted CA keystore that contains the desired trusted CAs. For more information, see the security documentation at http://e-docs.bea.com.

BEA-090093

Info: No pre-WLS 8.1 Keystore providers are configured for server arg0 for security realm arg1.

Description	Pre-WLS 8.1 SSL configurations (for private keys and/or trusted CAs) that use keystores will not work.
Action	To use pre-WLS 8.1 keystores with the SSL configuration, at least one Keystore Provider must be configured.

BEA-090094(retired)

Error: SSL cannot find or open the JDK cacerts keystore arg0 for security realm arg2 on server arg1.

Description	A trusted CA keystore was not configured, so SSL attempted load the set of trusted CAs from the JDK cacerts keystore. However, the JDK cacerts keystore was not found or SSL was unable to open it.
Action	SSL cannot be used for secure connections because it could not load trusted CAs from the configured keystore or from the JDK cacerts keystore. For more information, see the security documentation at http://e-docs.bea.com.

BEA-090095

Error: SSL cannot instantiate the keystore arg1 on server arg0.

Description	SSL was unable to obtain an instantiation of the configured keystore for the named server.
Cause	An exception occurred while creating the keystore. This exception caused the create to fail.
Action	Most likely, the keystore was not configured correctly. Check that the keystore provider has been configured on the named server. Review the server log for subsequent messages that contain the exception from the keystore provider.

BEA-090096

Error: The MBeans configured for the Keystore provider on server arg0 for security realm arg1 are not Keystore MBeans.

Description	Since the MBeans are not Keystore MBeans, they do not contain the correct data for the Keystore provider.
Cause	The MBeans passed to the WebLogic key management initialization method are not Keystore MBeans.
Action	Most likely, the Keystore provider was not configured correctly. Check that the Keystore provider has been configured on the named server.

BEA-090097

Error: The KeyManager class for private keys server arg0 for security realm arg1 could not be instantiated.

Description	The internal Security service KeyManager could not be found.
Cause	The Key Manager Security service is null.
Action	There was a problem with the installation of WebLogic Server because the KeyManager is an internal class that supports the WebLogic Security service.

BEA-090098(retired)

Error: The JDK cacerts keystore arg0 for security realm arg2 on server arg1 cannot be accessed.

Description	The keystore cannot be accessed because of an java.lang.IOException.
Action	Most likely there is a password problem with the JDK cacerts keystore.

BEA-090099(retired)

Error: The JDK cacerts keystore arg0 for security realm arg2 on server arg1 cannot be accessed.

Description	The keystore cannot be accessed because of an java.lang.IOException.
Action	Most likely there is a password problem with the JDK cacerts keystore.

BEA-090100(retired)

Error: SSL was unable to get the arg0 Keystore provider from the provider arg1. Check that the provider arg1 has been correctly added to the J2EE provider list.

Description	When trying to get an instance of the J2EE keystore, the JDK toolkit returned a null.
Action	Most likely there is a problem with the java.security file which lists the available keystores.

BEA-090101

Error: A keystore exception was thrown when the server arg1 attempted to load trusted CAs from the keystore file arg0.

Description	When trying to load a keystore file, the JDK returned a keystore exception.
Cause	The keystore JDK method threw a keystore exception.
Action	There is a problem with the keystore file. Check that the file is intact and valid. Use the JDK keytool utility to display the contents of the file. If the file is corrupt, down load a new file from the JavaSoft web site or configure a trusted CA keystore. For more information, see the security documentation at http://e-docs.bea.com.

BEA-090102(retired)

Error: SSL was unable to get the arg0 keystore from the provider arg1.

Description	When trying to get an instance of the J2EE keystore, the JDK threw a NoSuchProvider exception.
Action	Most likely there is a problem with the java.security file which lists the available keystores.

BEA-090103(retired)

Error: SSL was unable to find algorithm for the arg0 keystore

Description	When trying to load the keystore, the JDK threw a NoSuchAlgorithm exception.
Action	Most likely there is a problem with the java.security file which lists the available keystores.

BEA-090104(retired)

Error: SSL was unable to load certificates into memory from the default keystore using the arg0 keystore type from the provider arg1.

Description	When trying to load the keystore, the JDK threw a Certificate exception.
Action	Most likely there is a problem with the java.security file which lists the available keystores. Or the keystore could have been modified using a J2EE security provider that has not been configured for WebLogic Server. Check for differences in the classpaths and security provider lists between the keystore management tool and WebLogic Server.

BEA-090105(retired)

Error: No aliases were found in the JDK cacerts keystore or the trusted CA keystore on server arg0 for security realm arg1.

Description	When attempting to load trusted CAs, the keystore was found to contain no aliases by which the trusted CAs can be retrieved.
Action	If a trusted CA keystore is configured, check that the keystore contains the expected trusted CAs. Also, check the configured the keystore is the intended keystore. When using the JDK cacerts keystore for trusted CAs, check that it has not been modified to remove the desired trusted CAs. For more information, see the security documentation at http://e-docs.bea.com.

BEA-090106(retired)

Error: The Server was unable to find the SSL configuration on server arg0 for security realm arg1.

Description	The Server is not configured to use SSL, but is attempting to obtain SSL configuration information.
Action	Check that SSL is configured and enabled on the server specified in the message. For more information, see the security documentation at http://e-docs.bea.com.

BEA-090107(retired)

Error: The Server was unable to find the private key on server arg0, security realm arg1. Make sure the private key keystore exists and contains the key entry under specified alias.

Description	The Server attempted to access the privateKeystore configured on the named server, but was unable to access it, or it did not contain the key.
Action	Check that a private key keystore is configured on the server named in the log. Verify that the private key keystore exists. Check that the keystore is a valid and contains the private keys necessary to use SSL on the server. For more information, see the security documentation at http://e-docs.bea.com.

BEA-090108

Error: The server was unable to retrieve the private key aliased by arg2 from the configured keystore on server arg0 for security realm arg1. Private key password might be invalid.

Description	The server attempted to retrieve the private key from the identity keystore configured on the named server but received an unexpected exception. This message is probably caused by an incorrect private key passphrase.
Cause	An exception was thrown by the keystore getKey method.
Action	Check that a private key keystore is configured on the server. Verify that the private key keystore exists. Check that the keystore is a valid and contains the private key necessary to use SSL on the server. Verify that the passphrase configured for the private key was the one used to load the private key into the keystore when the private key was created. This exception most often occurs when the passphrase is invalid. Check the log for subsequent messages that contain the key store exception. For more information, see the security documentation at http://e-docs.bea.com.

BEA-090109

Error: The server was unable to find the configured private key on server arg0 in the file specified by the SSL Server Key File Name attribute.

Description	The server attempted to load the private key for the server from the file specified by in the Server Key File Name attribute.
Cause	The server looks at the Server Key File Name attribute to load the private key of the server when it cannot find the private key in a configured keystore using the alias specified in the Server Private Key Alias attribute as the alias string. One possible cause of this error is that server is not configured with a private key keystore or the server is configured to use the pre-7.0 SSL attribute Server Key File Name.
Action	A pre-7.0 configuration is being used for SSL connections, however that configuration does not specify a value for the Server Key File Name attribute. Either provide a value for the Server Key File Name attribute or configure a keystore for the server. SSL will not be able to initialize until the configuration is corrected. For more information, see the security documentation available at http://e-docs.bea.com.

BEA-090110

Error: The server was unable to find the configured certificate on server arg0 in the file specified by the Server Certificate File Name attribute arg1.

Description	The server attempted to load the digital certificate for the server from the file specified by the Server Certificate File Name attribute.
Cause	The server looks at the Server Certificate File Name attribute to load the certificate for the server. One possible cause of this error is that server is not configured with a certificate, or there is a problem with the file configured as the servers certificate.
Action	Verify that a certificate file is configured for the server and that the certificate contained in the file is valid. For more information, see the security documentation available at http://e-docs.bea.com.

BEA-090111(retired)

Info: The Server loaded arg2 trusted CAs from the RootCA keystore on server arg0 in the file specified by the SSL ServerCertificateFileName attribute arg1.

Description	The Server attempted to load the servers certificate from the file specified by the SSL attribute "ServerCertificateFileName".
Cause	The Server looks at the SSL "ServerCertificateFileName" attribute to load the certificate. One possible cause of this error is that server is not configured with a certificate, or there is a problem with the file configured as the servers certificate.
Action	Verify that a certificate file is configured for the server and that the certificate contained in the file is valid. For more information, see the security documentation at http://e-docs.bea.com.

BEA-090112

Critical: SSL is configured to require clients to present their certificates, however, no trusted certificates have been loaded. The trusted certificates are necessary for validating client certificates.

Description	A problem has been detected in the SSL configuration. SSL is configured to require clients to present their certificates, however, no trusted certificates necessary for validating client certificates have been loaded.
Cause	Either the "Client Certificates Enforced" option was set by mistake or the problem is with SSL trusted certificates configuration.
Action	Clear the "Client Certificates Enforced" option or specify the location of keystore that contains the trusted certificates.

BEA-090113

Info: Loaded arg0 client trusted CAs from keystore.

Cause

Loaded number of trusted certificate authority from trust keystore

BEA-090114(retired)

Warning: Configuration on server arg0 has problems; the server may fail to boot correctly if they are not corrected.

BEA-090115

Info: Created new Administrative User adminUserName

Description	When the server generates a default configuration, the username and password provided on the command line or at the prompts becomes the Administrative user for that configuration. This username and password is required for all administrative tasks such as logging into the Administration Console or issuing restricted commands from weblogic.Admin.
Cause	The server was booted from a directory with no config.xml file and you answered yes to when prompted to generate a default configuration. As part of this process, WebLogic Server creates a new Administrative username and password based on the values from command line or security prompts.
Action	This username and password is needed for performing administrative functions such as logging into the Administration Console or issuing restricted administrative commands using weblogic.Admin.

BEA-090116

Info: The server arg0 is using the private key it retrieved from keystore aliased by arg1.

Description

The server found the private key aliased by the named string in the configured keystore and is using it to initialize SSL.

BEA-090117(retired)

Warning: The Server arg0 has a 7.0 security realm, but found and will use the private key from the SSL ServerKeyFileName. The Server expected to find the private key in the configuredKeystore.

Description	The Server has a 7.0 security realm which means it expected to find the private key in the configuredKeystore. Instead, it found the private key configured by the SSL ServerKeyFileName. It is using the private key from the SSL ServerKeyFileName to initialize SSL.
Action	Add the servers private key to the configured keystore, and modify the SSL configuration to reference the alias and password by which the private key was stored. Remove the SSL Server Key FileName attribute. This process upgrades the configuration to the current release.

BEA-090118

Warning: LDIF template file arg1 was empty. The WebLogic provider arg0 has been bootstrapped but has not been initialized with any LDIF data.

Description	The security provider has not had its LDIF information loaded because the file was empty. This error may result in the server being unable to boot if no users with boot privileges can be found in any security provider.
Cause	A WebLogic provider LDIF template file may have been overwritten with an empty file.
Action	If the server boots successfully, no action is needed. If the server does not boot successfully then an attempt should be made to recover non-empty LDIFT template file from the WebLogic Server kit.

BEA-090119

Warning: LDIF template file arg1 not found. The WebLogic provider arg0 has been bootstrapped but has not been initialized with any LDIF data.

Description	The security provider has not had its LDIF information loaded because the file was not found. This error may result in the server being unable to boot if no users with boot privileges can be found in any security provider.
Cause	A WebLogic provider LDIF template file may have been deleted by mistake.
Action	If the server boots successfully, no action is needed. If the server does not boot successfully, an attempt should be made to recover the LDIFT template file from the WebLogic Server kit.

BEA-090120

Warning: Cannot find the file specified by SSL.TrustedCAFileName arg0 on server arg1.

Description	The server attempted to load trusted CAs from the file specified by Trusted CA File Name attribute, but the file was not found.
Cause	The specified file was not found.
Action	Verify that the specified file exists in the expected directory and/or that the value of Trusted CA File Name attribute refers to an existing file.

BEA-090121

Info: Loaded arg0 client root CAs from TrustedCA File.

Cause

Trusted CA certificates were loaded from a trusted CA file

BEA-090122

Info: Loaded arg0 client root CAs from Default Key Store file arg1

Cause

Trusted CA certificates were loaded from the default keystore

BEA-090123

Warning: Cannot access specified trusted CA file arg0 on server arg1

Description	The server attempted to read trusted CAs from the file specified by Trusted CA File Name attribute but failed with IOException.
Cause	File might be read protected
Action	Make sure the trusted CA file is accessible by the server.

BEA-090124

Warning: Cannot read certificates from the trusted CA file arg0 on server arg1.

Description	The server attempted to read trusted CA certificates from the file specified by Trusted CA File Name attribute but failed with a KeyManagement exception.
Cause	File format is not supported by the server.
Action	Make sure the file format is valid and is supported by the server.

BEA-090125

Info: Loaded arg0 trusted certificates from keystore file specified on the command line: arg1

Cause

Trusted certificates were loaded from keystore specified on the command line

BEA-090126

Critical: Unable to read a valid version number for property arg0 from file arg1. Received exception arg2.

Description	Encountered a arg2 exception while attempting to read the value of the arg0 property from the file arg1. This failure means that the provider will not be initialized properly and there may be security failures.
Cause	The value for the arg0 property may have been corrupted.
Action	Shutdown the server. Attempt to determine what the proper value for the arg0 property should be and edit the file so that it reflects that value. If it is not possible to determine the proper value for the arg0 property, edit the file and reset the arg0 value to 0. Reboot WebLogic Server.

BEA-090127

Critical: Encountered a arg2 exception while attempting to read from file arg1 for WebLogic arg0 provider.

Description	As part of initializing the WebLogic arg0 provider failed to read file arg1.
Cause	The arg1 file may have been deleted while it was being accessed.
Action	Shutdown the server. Attempt to restore the file from a backup. If no backup is available,reboot the server. Note that the default WebLogic provider might not be correctly initialized.

BEA-090128(retired)

Critical: LDIF update template file arg1 not found. The WebLogic provider arg0 has been bootstrapped but has not been updated with the latest required LDIF data.

Description	The arg0 WebLogic provider has not had its LDIF information updated because the arg1 file was not found. This problem may result in the server being unable to boot or in security failures.
Cause	A WebLogic provider LDIF update template file may have been deleted by mistake.
Action	An attempt should be made to recover the LDIFT update template file from the WebLogic Server kit and the server should be rebooted.

BEA-090129

Info: Updating arg0 provider to version arg2 using LDIF update template file arg1.

Description	The arg0 provider has not had its LDIF information updated to the version arg2. An attempt is made to load the LDIF from: arg1
Cause	This security provider has not yet been updated or the marker file indicating initialization (with a .initialized extension) has been removed.
Action	Look for a matching LoadedLDIFFForProvider message in the log file which indicates success loading the LDIF information for this security provider.

BEA-090130

Critical: Failure arg3 while attempting to update the LDIF to version arg2 in file arg1 for WebLogic arg0 provider.

Description	Received a arg3 while attempting to update the LDIF version to arg2 for the arg0 provider. This message typically means that although the LDIF has been updated, WebLogic Server could not write to the the marker file to indicate that the LDIF update was successful. WebLogic Server will try to load the LDIF the next time the security provider is initialized.
Cause	The directory into which the arg1 is to be written may not be writable, the file may not be writable, or the file may not be a valid properties file.
Action	Ensure both the directory and file are writable. If they are writable, restore the file from backup or open the file and see if the properties within it are corrupt and correct accordingly. The version for provider arg0 needs to be set to arg2 in the file.

BEA-090131

Error: Could not create a keystoreType JDK keystore instance. Exception: exception

Description	When trying to create a JDK keystore of type keystoreType, an exception was thrown.
Cause	keystoreType is not a valid JDK keystore type or the JDK keystore type is not properly configured.
Action	Verify that the correct keystore type was specified and that the keystore type is correctly specified in the java.security file. Verify that the code for the JDK keystore is in the JDK extensions directory. Reboot the server. after correcting the problem.

BEA-090132

Error: Could not open the keystore file pathname for read access. Exception: exception

Description	When opening the specified keystore file using a FileInputStream, a FileNotFound exception was thrown.
Cause	The file does not exist, the file is a directory rather than a regular file or the file cannot be opened for reading.
Action	Verify that the correct path to the keystore file was specified and that the keystore file exists. Reboot the server after correcting the problem.

BEA-090133

Error: Could not load a keystoreType keystore from the file pathname. Exception: exception

Description	When calling the load method for the keystore, an IOException was thrown.
Cause	There is an I/O or format problem with the keystore data.
Action	Verify that the path to the keystore, the keystore type, and the password for the keystore were specified correctly. Note that some keystore types (for example, JKS) do not require a password for read-only access. Read the exception text for more help on diagnosing the problem. Reboot the server after correcting the problem.

BEA-090134

Error: Could not load a keystoreType keystore from the file pathname. Exception: exception

Description	The keystore load method threw a CertificateException when loading the keystore from the specified file.
Cause	Some certificates in the keystore could not be loaded.
Action	Verify that the crypto providers required by the certificates in the keystore are properly configured in the java.security file and that their code is in the JDK extensions directory. Look at the exception text for more information on diagnosing the problem. Reboot the server after correcting the problem.

BEA-090135

Error: Could not load a keystoreType keystore from the file pathname. Exception: exception

Description	The keystore load method threw a NoSuchAlgorithmException when loading the keystore from the file pathname.
Cause	The algorithm used to check the integrity of the keystore cannot be found.
Action	Verify that the algorithm used to check the keystore integrity is properly configured in the java.security file and that the code is in the JDK extensions directory. Read the exception text for more information on diagnosing the problem. Reboot the server after correcting the problem.

BEA-090136

Error: Could not open the keystore file pathname for write access. Exception exception

Description	When creating the keystore output file pathname via a File output stream, the File output stream constructor threw a File Not Found exception.
Cause	The file may exists but is a directory rather than a regular file, the file does not exist and cannot be created, or the file cannot be opened.
Action	Verify that the correct pathname to the keystore was specified and that the parent directory exists. If neither of these problems exist, read the exception text for more information on diagnosing the problem. Reboot the server after correcting the problem.

BEA-090137

Error: Could not store a keystoreType keystore in the file pathname. Exception: exception

Description	When storing the keystore to a file, the keystore store method threw an IOException.
Cause	There was an I/O problem with the keystore data.
Action	Verify that the passphrase is correct. Some JDK keystore implementations require the use of the password for a previous keystore. Read the exception text for more information on diagnosing the problem. Reboot the server after correcting the problem.

BEA-090138

Error: Could not store a keystoreType keystore in the file pathname. Exception: exception

Description	When storing the keystore to a file, the keystore store method threw a CertificateException.
Cause	Some certificates included in the keystore could not be stored.
Action	Verify that the crypto providers required by the certificates in the keystore are properly configured in the java.security file and that their code is in the JDK extensions directory. Look at the exception text for more information on diagnosing the problem. Reboot the server after correcting the problem.

BEA-090139

Error: Could not store a keystoreType keystore in the file pathname. Exception: exception

Description	When storing the keystore to a file, the keystore store method threw a No Such Algorithm exception.
Cause	The data integrity algorithm for the keystore could not be found.
Action	Verify that the algorithm used to check the keystore integrity is properly configured in the java.security file and that the code is in the JDK extensions directory. Read the exception text for more information on diagnosing the problem. Reboot the server after correcting the problem.

BEA-090140

Error: Could not store a keystoreType keystore in the file pathname. Exception: exception

Description	When storing the keystore to a file, the keystore store method threw a Key Store exception.
Cause	The keystore has not been initialized (loaded).
Action	Make sure to load the keystore before storing it. Read the exception text for more information on diagnosing the problem. Reboot the server after correcting the problem.

BEA-090141

Info: The WebLogic keystore provider provider in security realm realm cannot be used for private keys because its private key keystore was not configured.

Description	.
Cause	The Private Key Store Location attribute was not specified.
Action	To use the WebLogic Keystore provider to store private keys, perform the following steps. Create a JDK keystore and load the private keys into the keystore. Use the Administration Console to attributes on the WebLogic Keystore provider. Set the Private Key Store Location attribute to the pathname of JDK keystore file. Set the Private Key Store Passphrase attribute to the passphrase of the JDK keystore file (some keystore types (for example, JKS) allow an empty passphrase for read-only access). Set the Type attribute to the type of the JDK keystore (the Type attribute may be left empty if the JDK keystore uses the default keystore type configured in the java.security file). Reboot the server.

BEA-090142

Info: The WebLogic keystore provider provider in security realm realm cannot be used for trusted (root) CAs because its trusted (root) CA keystore was not configured.

Cause

The Root Key Store Location attribute was not specified.

Action

To use the WebLogic Keystore provider to store trusted CAs, perform the following steps. Create a JDK keystore. Load the trusted CA certificates into the keystore. Set attributes on the WebLogic Keystore provider. Set the Root Key Store Location attribute to the pathname of JDK keystore file. Set the Root Key Store Passphrase attribute to the passphrase of the JDK keystore file (some keystore types (for example, JKS) allow an empty passphrase for read-only access). Set the Type attribute to the JDK keystore type (the type may be left empty if the JDK keystore uses the default keystore type configured in the java.security file). Reboot the server.

BEA-090143

Info: The WebLogic keystore provider provider in security realm realm cannot be used for private keys because its configured private key keystore file location does not exist.

Cause

The file location does not exist as a global pathname or in the domain directory.

Action

To use the WebLogic Keystore provider to store private keys, perform the following steps. Create a JDK keystore and load the private keys into the keystore. Use the Administration Console to attributes on the WebLogic Keystore provider. Set the Private Key Store Location attribute to the pathname of JDK keystore file. Set the Private Key Store Passphrase attribute to the passphrase of the JDK keystore file (some keystore types (for example, JKS) allow an empty passphrase for read-only access). Set the Type attribute to the type of the JDK keystore (the Type attribute may be left empty if the JDK keystore uses the default keystore type configured in the java.security file). Reboot the server.

BEA-090144

Info: The WebLogic keystore provider provider in security realm realm cannot be used for trusted (root) CAs because its configured trusted (root) CA keystore file location does not exist.

Cause

The file location does not exist as a global pathname or in the domain directory.

Action

BEA-090145

Error: The WebLogic Keystore provider provider in security realm realm cannot be used for private keys because its private key type keystore could not be loaded from the file pathname.

Description	The private key keystore could not be loaded because of an error.
Cause	See the error logged before this one for details.
Action	Verify that the Root Keystore Location attribute is specified correctly. Verify that the Root Keystore PassPhrase attribute matches the passphrase of the keystore. Some keystore types (for example, JKS) allow an empty passphrase for read-only access. Verify that the Type attribute is correct. The Type attribute may be left empty if the JDK keystore uses the keystore type configured in the java.security file. Verify that the private key keystore exists and is properly configured. Verify that a keystore for the type specified is properly configured. After correcting the problem, reboot the server.

BEA-090146

Error: The WebLogic Keystore provider provider in security realm realm cannot be used for trusted CAs because its trusted CA type keystore could not be loaded from the file pathname.

Description	The trusted CA keystore could not be loaded because of an error.
Cause	See the error logged before this one for details.
Action	Verify that the Private Keystore Location attribute is correct. Verify that the Private Keystore PassPhrase attribute matches the passphrase of the keystore. Note that some keystore types (for example, JKS) allow an empty passphrase for read-only access. Verify that the Type attribute is correct. The Type attribute may be empty if the JDK keystore uses the keystore type configured in the java.security file. Verify that the private key keystore exists and is properly configured. Verify that a JDK keystore for the type specified is properly configured. After correcting the problem, reboot the server.

BEA-090147

Warning: Filename arg1 was not found in the CanonicalPathCache in the SupplementalPolicyObject.

Description	A file name that should have been in the Canonical Path cache was not there as expected.
Cause	An attempt was made to undeploy an application that was not properly deployed.
Action	Please report the error to BEA Systems, Inc.

BEA-090148

Warning: Failed to update security domain configuration

Description	Save domain operation failed with exception e
Cause	Files or file system may be write protected.
Action	Please report the error to BEA Systems, Inc.

BEA-090149

Info: The server security configuration has been loaded from path

Cause

There were no Realm MBeans

BEA-090150

Notice: Trusted certificate has expired: cert

Description	A trusted certificate has expired
Cause	A trusted CA certificate has expired. The cacerts keystore from the JDK may contain an expired certificate. When using the JDK trusted CA keystore, the following message appears @quot;OU=Class 4 Public Primary Certification Authority@quot; trusted certificate.
Action	If the application does not use the specified trusted CA certificate, ignore the log message. To stop displaying the log message, use the keytool utility to either update the certificate in the trusted CA keystore (keytool -import) with a version that has not expired or remove the trusted CA certificate (keytool -delete).

BEA-090151

Notice: Trusted certificate is not yet valid: cert

Description	A trusted CA certificate is not yet valid
Cause	A trusted CA certificate is not yet valid
Action	Update trusted CA keystore.

BEA-090152

Alert: Demo trusted CA certificate is being used in production mode: cert The system is vulnerable to security attacks, since it trusts certificates signed by the demo trusted CA.

Description	Demo trusted CA certificate is for development mode only. It should not be used in production mode as it presents a serious security vulnerability.
Cause	Trusted CA keystore contains a demo certificate.
Action	Remove the demo certificate from a trusted CA keystore.

BEA-090153

Alert: Demo identity certificate is used in production mode: cert The system is vulnerable to security attacks, since the server private key is available to the public.

Description	Demo certificate for the server is used in production mode. The system is vulnerable to security attacks since the private key of the server is available to the public.
Cause	The server is configured with Demo identity and is running in production mode.
Action</