Field Notice: FN - 70037 - Enterprise Chat & Email (ECE) 11.5(1) Installer Intermittently Fails with Error Message - Software Upgrade Recommended

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision	Publish Date	Comments
1.0	19-Dec-17	Initial Release

Products Affected

Affected OS Type	Affected Release	Affected Release Number	Comments
NON-IOS	11	11.5(1)

Defect Information

Defect ID	Headline
CSCve61410	ECE 11.5 install fails at Blueboard

Problem Description

Customers who upgrade from E-Mail Interaction Manager (EIM) / Web Interaction Manager (WIM) to Enterprise Chat & Email (ECE) or install ECE Release 11.5(1) might encounter Cisco bug ID CSCve61410 in the upgrade process.

Background

Java 8 uses Transport Layer Security (TLS) v1.2 (the highest level protocol available on the host machine) in order to negotiate with the database server. Since the Java Database Connectivity (JDBC) driver used in the 11.5(1) installer contains an older sqljdbc4 file, there is a 5-10% chance that customers might encounter this symptom. This file is ONLY used in the installation process and does not affect or impact operations of production systems.

Problem Symptom

In the installation process, the installer might intermittently fail to establish a connection to the Structured Query Language (SQL) server. The 11.5(1) installer (and installer ONLY, this is not applicable for post-install production) uses a slightly older JDBC driver in order to establish a secure connection to a SQL server that uses Secure Sockets Layer (SSL) encryption. ECE Release 11.5(1) installs Java 8 which uses TLSv1.2 in order to negotiate the connection to the database server and because the JDBC driver contains a slightly older sqljdbc4 file, there is a 5% - 10% chance that customers might encounter this symptom.

Detection

If you are impacted by this defect, one of these issues might occur:

• In most cases, the installer freezes at a particular panel/splash screen.
• The installer prompts a generic error message.

If you encounter either of those issues, investigate the upgrade_installer logs located in one of these locations and look for the trace message.

Locations of Installer Logs

If the file server is already installed:
Cisco_Home\eService\installation\logs\eg_log_Server_Name_eGainInstaller.log

If it is a new installation:
C:\Users\Your_Username\AppData\Local\Temp\egain_installer_Server_Name.log

Trace Message

The driver could not establish a secure connection to SQL Server by using SSL encryption. Error: "SQL Server returned an incomplete response. The connection has been closed.". <@>
com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed.".
at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:1352)
at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1533)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:1042)

Once you confirm the issue, follow the workaround steps in the next section in order to resolve the issue.

Workaround/Solution

In order to add a Java Virtual Machine (JVM) parameter (Djdk.tls.client.protocols=TLSv1) to manually force Java 8 to use TLSv1 in the install/upgrade process, complete these steps:

1. Do not proceed with the install, but simply keep the installer up and running until you proceed to step 7.

2. Open a Microsoft Windows temp folder. (Click Start. In the Search field, enter Run. In the Open field, enter %temp%.)
   When you run the installer again as instructed in step 1, a new folder is created in the Windows temp folder which is the extract of the installer. (The folder in the Windows temp folder is created dynamically with a name that starts with capital letter I. For example, I1483955861.)

3. Copy the temp folder (for example, I1483955861) from the Windows temp folder location to the Desktop and stop the installer.

4. From the folder copied to the Desktop, open the setup.lax file via any text editor such as Notepad or TextPad (for example, \Desktop\I1483955861\Windows\setup.lax).

5. In order to modify the property named lax.nl.java.option.additional, append the parameter -Djdk.tls.client.protocols=TLSv1 to it. For example, if the property is:
   
   lax.nl.java.option.additional=-XX:MaxPermSize=256M -Xss192K
   
   change it to
   
   lax.nl.java.option.additional=-XX:MaxPermSize=256M -Xss192K -Djdk.tls.client.protocols=TLSv1

6. Save the updated setup.lax file.

7. Cancel the installation.

8. Copy the updated folder from the Desktop location to the temp folder in the Windows location (replace the existing folder).

9. From the Windows temp folder, open the updated folder (per the example, I1483955861)\Windows. Right-click the setup.exe file and click Run as the administrator.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

• Open a service request on Cisco.com
• By email
• By telephone

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.