mac check in GCM failed Errors
Ullfig, Roberto Alfredo
rullfig at uic.edu
Mon Mar 12 08:48:39 EDT 2018
We run in an active/standby mode where we have two servers identically configured except for IP address/mac address/hostname and a CNAME pointing to one of them. We did a CNAME switch on Friday and started getting these errors:
2018-03-12 00:00:31,541 - ERROR [net.shibboleth.utilities.java.support.security.DataSealer:214] - [9DD6049BF306DE2D9C1DA41E4700327D] - [128.248.4.122] - Exception unwrapping data
org.bouncycastle.crypto.InvalidCipherTextException: mac check in GCM failed
It appears related to the two sealer files in credentials and I believe I should have just copied these two files over to the standby server before doing the CNAME switch. I expected the errors to go away over the weekend but I still see them. Are the IDP sessions supposed to last that long? Copying over the files would probably make the matter worse now. Any ideas on how to proceed? Thanks!
---
Roberto Ullfig - rullfig at uic.edu
IT Technical Associate
Enterprise Architecture and Development | ACCC
University of Illinois - Chicago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180312/031e881d/attachment.html>
More information about the users
mailing list