3262702 - NetWeaver Application Server Java could not be started after update of SAPJVM 8.1 to PL91
致敬老铁装了PO7.5,试错了不止5次。。。。
报错信息
如下图
过程分析
检查手段
使用老应的BASIS技师的十八般武艺
刀枪剑戟斧钺勾叉鞭锏锤抓镗槊棍棒拐子流星
检查结果
纷繁复杂中找到最闪亮的那个报错信息:
Caused by: com.sap.security.core.server.secstorefs.NoEncryptionException: Encryption or decryption is not possible because the full version of the SAP Java Crypto Toolkit was not found (iaik_jce.jar is required, iaik_jce_export.jar is not sufficient) or the JCE Jurisdiction Policy Files don't allow the use of the "PbeWithSHAAnd3_KeyTripleDES_CBC" algorithm.
解决办法
安装过程中可以临时办法:
- Navigate to folder “\\<hostName>\sapmnt\<SID>\SYS\exe\jvm\<Platform>\sapjvm_8.1.<PatchLevel>\sapjvm_8\jre\lib\security”
- Start editing file “java.security”
- Find the following property:
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, include jdk.disabled.namedCurves, \
SHA1 denyAfter 2019-01-01
4. Remove the last entry SHA1 denyAfter 2019-01-01 along with preceding “, \” character. Finally, it should look like:
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024, include jdk.disabled.namedCurves
5. Save the file and restart the system
后记
如果SAP Netweaver7.5下SPS08以上,就这个java的安全信息已经默认有了。请升级到SPS08以上并改回默认的安全policy。