Error: A child container failed during start /chs /authapp on SPS
search cancel

Error: A child container failed during start /chs /authapp on SPS

book

Article ID: 241553

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

 

When starting CA Access Gateway (SPS), this one doesn't start completely
and report error:

    [05/May/2022:03:29:22-707] [ERROR] - org.apache.catalina.LifecycleException: 
    A child container failed during start

    [05/May/2022:03:29:22-707] [ERROR] -  
    at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:938)

    [05/May/2022:03:29:22-710] [ERROR] - 
    Caused by: java.util.concurrent.ExecutionException: 
    org.apache.catalina.LifecycleException: A child container failed during start

    [05/May/2022:03:29:22-715] [ERROR] - Caused by: org.apache.tomcat.util.MultiThrowable: 
    2 wrapped Throwables: [org.apache.catalina.LifecycleException: Failed to start component 
    [StandardEngine[SPS].StandardHost[localhost].StandardContext[/authapp]]]
    [org.apache.catalina.LifecycleException: Failed to start component 
    [StandardEngine[SPS].StandardHost[localhost].StandardContext[/chs]]]

CA Access Gateway (SPS) has been upgraded from 12.8SP3 to 12.8SP6;

 

Environment

 

  CA Access Gateway (SPS) 12.8SP6 on Linux;

 

Cause

 

The CA Access Gateway (SPS) installation files show 2 different
versions of log4j installed:

ls.txt:

  /opt/CA/secure-proxy/Tomcat/webapps/chs/WEB-INF/lib:
  total 3.5M
  -rwxrwxr-x 1 nobody root  33K Jan 31  2021 log4j-web-2.14.0.jar
  -rw-r--r-- 1 nobody root  36K Mar 22 08:29 log4j-web-2.17.1.jar

  /opt/CA/secure-proxy/Tomcat/webapps/CA_AuthAZ/WEB-INF/lib:

  -rwxrwxr-x 1 nobody root   33K Jan 31  2021 log4j-web-2.14.0.jar
  -rwxrwxr-x 1 nobody root   24K Jan 31  2021 log4j-slf4j-impl-2.14.0.jar
  -rwxrwxr-x 1 nobody root  1.7M Jan 31  2021 log4j-core-2.14.0.jar
  -rwxrwxr-x 1 nobody root  295K Jan 31  2021 log4j-api-2.14.0.jar
  -rw-r--r-- 1 nobody root   24K Mar 22 08:29 log4j-slf4j-impl-2.17.1.jar
  -rw-r--r-- 1 nobody root  1.8M Mar 22 08:29 log4j-core-2.17.1.jar
  -rw-r--r-- 1 nobody root  295K Mar 22 08:29 log4j-api-2.17.1.jar

  /opt/CA/secure-proxy/Tomcat/webapps/proxyui/WEB-INF/lib:
  -rwxrwxr-x 1 nobody root  33K Feb  1  2021 log4j-web-2.14.0.jar
  -rw-r--r-- 1 nobody root  36K Mar 22 08:29 log4j-web-2.17.1.jar

  /opt/CA/secure-proxy/Tomcat/webapps/sessionassuranceapp/WEB-INF/lib:
  -rwxrwxr-x 1 nobody root  33K Sep 22  2021 log4j-web-2.14.0.jar
  -rw-r--r-- 1 nobody root  36K Mar 22 08:29 log4j-web-2.17.1.jar

  /opt/CA/secure-proxy/Tomcat/thirdparty:
  -rwxrwxr-x  1 nobody root  24K Sep 22  2021 log4j-slf4j-impl-2.14.0.jar
  -rwxrwxr-x  1 nobody root 1.7M Sep 22  2021 log4j-core-2.14.0.jar
  -rwxrwxr-x  1 nobody root 295K Sep 22  2021 log4j-api-2.14.0.jar
  -rw-r--r--  1 nobody root  24K Mar 22 08:29 log4j-slf4j-impl-2.17.1.jar
  -rw-r--r--  1 nobody root 1.8M Mar 22 08:29 log4j-core-2.17.1.jar
  -rw-r--r--  1 nobody root 295K Mar 22 08:29 log4j-api-2.17.1.jar

 

Resolution

 

- From the CA Access Gateway (SPS) installation, make sure that log4j
  files have only the 2.17.1 version, and no other ones (1).

 

Additional Information

 

(1)

    CVE-2021-44228: SiteMinder Resolution to the Log4j Vulnerability