Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Newcomers » Newcomers » Unable to install 2021-09 behind internet and TLS firewall
Unable to install 2021-09 behind internet and TLS firewall [message #1844689] Tue, 21 September 2021 19:53 Go to next message
David M. Karr is currently offline David M. KarrFriend
Messages: 742
Registered: July 2009
Senior Member
I work behind a firewall that also requires an intermediate root certificate for TLS. When we install a new JDK, we have to install the cert into the cacerts file of the JDK.

Every time a new release comes out, I've been able to install it with minimal trouble. I always make sure that the JDK I'm trying to use to run Eclipse has the cert installed.

I'm now trying to install 2021-09. I went into advanced mode so I could set the proxy, but when it attempts the connection, it fails with the "unable to find valid certification ..." message.

I see that there is a "SSH2 Settings" page. Do I have to import our intermediate root certificate here?
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844698 is a reply to message #1844689] Wed, 22 September 2021 06:53 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 32110
Registered: July 2009
Senior Member
Is this problem happening trying to locate the catalog or when trying to install a specific product? The server was recently change to yield a 301 if accessed by http, i.e., permanently moved to https, so http access is no longer possible even using an http URL.

https://bugs.eclipse.org/bugs/show_bug.cgi?id=575731

Perhaps that's a cause of problems for you.

The installer from the download page contains an embedded JRE, so that makes it hard to add your certificate too it. Ones without a JRE are also available here:

https://download.eclipse.org/justj/?file=oomph/epp/2021-09/R

Installers (ones not restricted to install a specific version of Eclipse) are also available here, both with and without a JRE:

https://wiki.eclipse.org/Eclipse_Installer

Note that you do not need to download a new installer each release. The installer uses an online catalog and that catalog is updated regularly (for each milestone and each release). The installer is also self-updating so you can update it when desired. As such you can keep one around permanently and might choose one that doesn't have a JRE but rather uses the JRE on your system, the one with the certificate...


Ed Merks
Professional Support: https://www.macromodeling.com/
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844711 is a reply to message #1844698] Wed, 22 September 2021 16:33 Go to previous messageGo to next message
David M. Karr is currently offline David M. KarrFriend
Messages: 742
Registered: July 2009
Senior Member
Ok. I note that my first try at using the non-JRE installer (pointing it to my JDK that has the cert) failed with the following:

[2021-09-22 09:29:07] ERROR: org.eclipse.equinox.p2.transport.ecf code=1002 HTTP Server 'Service Unavailable': http://download.eclipse.org/oomph/updates/milestone/latest/compositeContent.xml
ERROR: org.eclipse.ecf.identity code=0 HttpComponents connection error response code 503.
at org.eclipse.ecf.provider.filetransfer.httpclient45.HttpClientFileSystemBrowser.runRequest(HttpClientFileSystemBrowser.java:278)
at org.eclipse.ecf.provider.filetransfer.browse.AbstractFileSystemBrowser$DirectoryJob.run(AbstractFileSystemBrowser.java:71)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844712 is a reply to message #1844711] Wed, 22 September 2021 16:43 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 32110
Registered: July 2009
Senior Member
And on each subsequent try?

Ed Merks
Professional Support: https://www.macromodeling.com/
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844714 is a reply to message #1844712] Wed, 22 September 2021 18:04 Go to previous messageGo to next message
David M. Karr is currently offline David M. KarrFriend
Messages: 742
Registered: July 2009
Senior Member
Yes, it's happening each time.
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844715 is a reply to message #1844714] Wed, 22 September 2021 18:24 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 32110
Registered: July 2009
Senior Member
Likely this is related to https redirection (assuming this is new behavior). But who can say? It's pretty much impossible to replicate an environment like the one you have and without the ability to replicate the environment, one can't debug the problems to fix them. Perhaps one day some organization will be motivated to help solve such problems by investing their time or their money in a solution. Last month I was at a customer site with the same type of problem making it pretty much impossible to install/update anything within the corporate firewall. It's super annoying and it costs time and hence money too...

Ed Merks
Professional Support: https://www.macromodeling.com/
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844747 is a reply to message #1844715] Thu, 23 September 2021 22:47 Go to previous messageGo to next message
David M. Karr is currently offline David M. KarrFriend
Messages: 742
Registered: July 2009
Senior Member
I have verified that simply disconnecting from our VPN and rerunning the installer works.

Also note that I was seeing this same error running the installer on Windows 10, and on an Ubuntu VM (running on the same Windows 10 box with VirtualBox). I haven't tried running the Ubuntu installer yet while off the VPN, but it seems likely I'll see the same result.

Also note that I work in an extremely large organization, where most of the developers use Eclipse. It's likely that anyone else on my side of the firewall is going to see the same problem. I think the majority of them don't try to stay that close to the latest release, but this could eventually be an annoyance for quite a few people.
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844753 is a reply to message #1844747] Fri, 24 September 2021 06:29 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 32110
Registered: July 2009
Senior Member
I would suggest (and kindly ask you) to try an experiment. Using Help -> Install New Software or the using the Repository Explorer view, check if an https: URL to anything at download.eclipse.org works and whether an http: URL does not work? I.e., try to determine if its the redirection (permanently moved part of the protocol not working), or just https in general...

I.e., please try both https://download.eclipse.org/releases/2021-09/202109151000 and http://download.eclipse.org/releases/2021-09/202109151000 in the IDE to see if either of them works from within the firewall.


Ed Merks
Professional Support: https://www.macromodeling.com/
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844781 is a reply to message #1844753] Fri, 24 September 2021 17:33 Go to previous messageGo to next message
David M. Karr is currently offline David M. KarrFriend
Messages: 742
Registered: July 2009
Senior Member
Acknowledged. I'm perfectly willing to help debug this, if there's something I can do. I'll test these later today.
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844782 is a reply to message #1844781] Fri, 24 September 2021 18:03 Go to previous messageGo to next message
David M. Karr is currently offline David M. KarrFriend
Messages: 742
Registered: July 2009
Senior Member
Ok, well, from within the 2021-09 IDE, I was able to install a feature (the same one) using both of those urls. It seems like there's something different in how in the installer works.
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844787 is a reply to message #1844782] Sat, 25 September 2021 05:42 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 32110
Registered: July 2009
Senior Member
That's even more weird because in the end, both the IDE and the installer are using p2 frameworks and the IDE itself also has the same Oomph extensions to p2's frameworks installed.. That's how the Repository Explorer is implemented. Also you can see that Help -> Performance Setup Tasks... is present and generally does the same thing as Check for Updates and uses exactly what the installer uses. Does Perform Setup Tasks.. also work without failure, showing a P2 Director task being executed? These behaving differently in the IDE versus the installer suggests something like your firewall blocking the application itself. Is this on Windows 10? But then again, you mentioned certificate problems and that seems purely an issue of which JRE is being used...

Note that yesterday I converted all URLs in the catalogs to be https, but given your observation that both forms win the IDE, that's not likely to help.


Ed Merks
Professional Support: https://www.macromodeling.com/
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844792 is a reply to message #1844787] Sat, 25 September 2021 15:00 Go to previous messageGo to next message
David M. Karr is currently offline David M. KarrFriend
Messages: 742
Registered: July 2009
Senior Member
I just tried running "Perform Setup Tasks" a few times. I did notice one occurrence where it said the repository didn't exist, but without changing anything, I reran it, and it worked fine. I reran it again multiple times, and it worked each time without failure. I then tried running the installer again, verifying that it was using the same JRE as I have running Eclipse, and the installer failed each time with PKIX errors.

Note that there was something else happening around this time that I didn't mention, but it may be unrelated. I had noticed that a website that I visit several times during the day was repeatedly getting a 504 error from within the firewall, but not from anywhere else. Our CSO makes it clear when sites are blocked, so it wasn't explicitly blocked. However, late yesterday and this morning, it's having no trouble getting there. It was probably unrelated.
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844799 is a reply to message #1844792] Sun, 26 September 2021 04:41 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 32110
Registered: July 2009
Senior Member
So the only differences left are 1) antivirus on Windows might specifically block one application but not another, 2) the network proxy settings could be different between the two (switch to advanced mode and look at the network proxy settings and compare them to those in the Eclipse IDE's preferences), 2) VM options from the *.ini or the config.ini (but I don't see any that look suspicious). If it's not proxy setting differences, my suspicion would lean towards the antivirus thing. The installer *.exe extracts an Eclipse application into a temp location and then launches a new process for that application. That might look suspicious to an antivirus agent to have an application running from the temp folder. As a test, one could switch to advanced model, save the installer somewhere when prompted, exit, and launch the installer directly from that saved location.

Ed Merks
Professional Support: https://www.macromodeling.com/
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844802 is a reply to message #1844799] Sun, 26 September 2021 05:40 Go to previous messageGo to next message
David M. Karr is currently offline David M. KarrFriend
Messages: 742
Registered: July 2009
Senior Member
I verified the proxy settings in the installer are identical to the proxy settings in the IDE.

Considering I can get the installer to work by disconnecting from the VPN, that makes it unlikely the antivirus could be causing this.
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844803 is a reply to message #1844802] Sun, 26 September 2021 06:49 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 32110
Registered: July 2009
Senior Member
That's a good point. It's also relevant that the catalog itself is fetched from the internet via https, though from www.eclipse.org rather than download.eclipse.org; if that didn't work, then you'd not have been able to see the product choices and the network settings dialog would come up automatically. That being said, it will use the cached version of that if one is available in ~/.eclipse/org.eclipse.oomph.setup/cache/ https___www.eclipse.org_setups_setups.zip. So you might try deleting everything in that cache folder and see if the installer is able to download the setups.zip freshly. If it can, then just the p2 access to the repositories is somehow different in the installer application versus the Eclipse application, even though the JVM is the same, the frameworks are the same, and the network settings are the same. I don't have a theory to explain that...

Ed Merks
Professional Support: https://www.macromodeling.com/
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844806 is a reply to message #1844803] Sun, 26 September 2021 15:04 Go to previous messageGo to next message
David M. Karr is currently offline David M. KarrFriend
Messages: 742
Registered: July 2009
Senior Member
I tarred off the cache folder, emptied it, and then reran the installer. It immediately says "The catalog could not be loaded. ..." I clicked on "Configure Network Proxy..." to confirm it's set the same way my IDE is, which is the case.
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844807 is a reply to message #1844806] Sun, 26 September 2021 16:36 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 32110
Registered: July 2009
Senior Member
At least it fails consistently. But that leaves me with no theory why one would work and not the other. Thanks for trying out various things... Did you ever try the "save to permanent location" thing and launching that directly?

Ed Merks
Professional Support: https://www.macromodeling.com/
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844808 is a reply to message #1844807] Sun, 26 September 2021 16:47 Go to previous messageGo to next message
David M. Karr is currently offline David M. KarrFriend
Messages: 742
Registered: July 2009
Senior Member
I have not tried that yet. I have also now discovered an odd problem with the interface related to this. Now that I'm getting this "catalog could not be loaded" error, I can't do anything at all with the installer. Retry just redisplays the error dialog, Edit Proxy gives me the proxy edit dialog, until I close that, at which point it returns to the error dialog, and then there is Exit.

After I restored the two files in the cache directory, I can explore more of the installer again, but I can't find this "Save to permanent location" option anywhere.
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844816 is a reply to message #1844808] Mon, 27 September 2021 05:12 Go to previous messageGo to next message
Ed Merks is currently offline Ed MerksFriend
Messages: 32110
Registered: July 2009
Senior Member
If you can't load the catalog you really can't do anything. But since that was implemented, actions on the menu, such as a web link for where to ask questions, were added, so now it's a little more questionable. So I'll look into allowing it to continue without a catalog...

Switching to advanced mode will prompt for saving to a permanent location...


Ed Merks
Professional Support: https://www.macromodeling.com/
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844835 is a reply to message #1844816] Mon, 27 September 2021 15:00 Go to previous messageGo to next message
David M. Karr is currently offline David M. KarrFriend
Messages: 742
Registered: July 2009
Senior Member
I seem to remember that the first time I ran the installer, it asked me if I wanted to save to a permanent location, and I declined at that time. It appears I don't get the choice again if I declined it the first time.
Re: Unable to install 2021-09 behind internet and TLS firewall [message #1844847 is a reply to message #1844835] Tue, 28 September 2021 04:00 Go to previous message
Ed Merks is currently offline Ed MerksFriend
Messages: 32110
Registered: July 2009
Senior Member
It's also available in *.zip format from here:

https://download.eclipse.org/justj/?file=oomph/products


Ed Merks
Professional Support: https://www.macromodeling.com/
Previous Topic:Exception in thread "main" java.lang.ExceptionInInitializerError
Next Topic:Expired Eclipse Foundation Inc Certificate
Goto Forum:
  


Current Time: Thu Dec 02 23:18:20 GMT 2021

Powered by FUDForum. Page generated in 0.02765 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top