How to disable Secure CORBA on the SS after seeing ports in a vulnerability scan
search cancel

How to disable Secure CORBA on the SS after seeing ports in a vulnerability scan


Article ID: 112340


Updated On:


CA Spectrum DX NetOps


The following messages are seen in the VNM.OUT/Spectrum Control Panel:

ERROR TRACE at Failed to connect to CORBA Naming Service on corbaloc::SERVERNAME:14006/NameService, will retry in 5 seconds.

You may also see:

ERROR TRACE at Could not create a root naming context. Maximum number of retries exceeded.
CORBA exception: Exception: CORBA::NO_PERMISSION
    Minor: 1447174771 
    Completion Status: NO


Release: MSPSPD99000-10.3-Spectrum-Device Based Suite-MSP


This is caused by improperly configured CORBA files or a policy that blocks anonymous ciphers.  Spectrum 10.2.0 and above ships with the ability to enable secure corba but uses anonymous ciphers.  If anonymous ciphers are blocked, you cannot start the Naming Service because the ciphers are not allowed.


1.  Check the following line in the $SPECROOT/.jcorbarc file which must be false:

Also in the .corbarc in the same location, the line must also be false:

2.  Review the $SPECROOT/bin/VBNS/NAMINGSERVICE.OUT.  If you see this message in regards to "Anonymous ciphers" then you have a policy that blocks them:

org.omg.CORBA.INITIALIZE: Couldn't not resolve ServerManager:
org.omg.CORBA.ORBPackage.InvalidName: org.omg.CORBA.COMM_FAILURE:
org.omg.CORBA.BAD_PARAM: Anonymous Ciphers must be enabledif No certificates are present 

You will need to either update your policy to allow anonymous ciphers or disable the ability to use secure corba. If you must use secure CORBA then you must update your policy to allow for anonymous ciphers. 

To disable the ability to use secure CORBA, please do the following:

a.  Edit BOTH the $SPECROOT/.corbarc and the $SPECROOT/.jcorbarc and change this to true: 
to true:

Also verify this is false.  If it is true, change it to false:
to false:

After changes are made the SpectroSERVER must be shutdown, and processd restarted.

For details on restarting processd, please reference the "Setting Up a Distributed SpectroSERVER Environment" section of the documentation.

Additional Information

Enhanced Functionality to utilize secure ciphers is in DX NetOps Spectrum 21.2.1 onwards - Secure CORBA Enhancements.  See here:


How to ENABLE secure CORBA: