After upgrading to Spectrum 10.3 various CORBA errors present in control panel

Document ID : KB000112340
Last Modified Date : 11/01/2019
Show Technical Document Details
Issue:
After upgrading to 10.3 from 10.2.x the following messages in the VNM.OUT/Spectrum Control Panel:

ERROR TRACE at CsCorbaMgr.cc(1254): Failed to connect to CORBA Naming Service on corbaloc::SERVERNAME:14006/NameService, will retry in 5 seconds.

You may also see:

ERROR TRACE at CsCorbaMgr.cc(1260): Could not create a root naming context. Maximum number of retries exceeded.
CORBA exception: Exception: CORBA::NO_PERMISSION
    Minor: 1447174771 
    Completion Status: NO
Cause:
This is caused by improperly configured CORBA files or a policy that blocks anonymous ciphers.  Spectrum 10.2.0 and above ships with the ability to enable secure corba but uses anonymous ciphers.  If anonymous ciphers are blocked, you cannot start the Naming Service because the ciphers are not allowed.
Resolution:

1.  Check the following line in the $SPECROOT/.jcorbarc file which must be false:

vbroker.security.alwaysSecure=false

Also in the .corbarc in the same location, the line must also be false:

vbroker.security.alwaysSecure=false

2.  Review the $SPECROOT/bin/VBNS/NAMINGSERVICE.OUT.  If you see this message in regards to "Anonymous ciphers" then you have a policy that blocks them:

org.omg.CORBA.INITIALIZE: Couldn't not resolve ServerManager:
org.omg.CORBA.ORBPackage.InvalidName: org.omg.CORBA.COMM_FAILURE:
org.omg.CORBA.BAD_PARAM: Anonymous Ciphers must be enabledif No certificates are present 

You will need to either update your policy to allow anonymous ciphers or disable the ability to use secure corba. If you must use secure CORBA then you must update your policy to allow for anonymous ciphers. 

To disable the ability to use secure CORBA, please do the following:

a.  Edit both the $SPECROOT/.corbarc and the $SPECROOT/.jcorbarc and change this to true:
vbroker.security.disable=false 
to true:
vbroker.security.disable=true

Also verify this is false.  If it is true, change it to false:
vbroker.security.alwaysSecure=true
to false:
vbroker.security.alwaysSecure=false


After changes are made the SpectroSERVER must be shutdown, and processd restarted.

For details on restarting Processd, please see this link:

https://docops.ca.com/ca-spectrum/10-3-0/en/administrating/distributed-spectroserver-administration/setting-up-a-distributed-spectroserver-environment#SettingUpaDistributedSpectroSERVEREnvironment-StopandRestartProcessd

Additional Information:
Enhanced Functionality to utilize secure ciphers is tentatively planned for a future release of Spectrum.  As of the time of this writing (Jan 2019), that tentative release is Spectrum 10.4.  Please note this could change.