ORC 2.5.0 Unable to retrieve controller identity

mspitz · June 8, 2016, 5:59pm

I’ve just installed ORC 2.5.0 and keep getting the message “INFO <date, time> : Unable to retrieve controller identity, retrying in 1,000 milliseconds”

I looked through the old forums and found several threads with the same issue on pro version 1.1.0 and 1.2.0

http://www.openremote.org/display/forums/Unable+to+retrieve+controller+identity

http://www.openremote.org/display/forums/Pro+1.1.0+release

http://www.openremote.org/display/forums/Controller+Issues+Unable+to+retrieve+identity

I tried running through the solutions recommended on those posts but no success. I have installed the java cryptographic unlimited strength jurisdiction policy as well.

Is there a way to stop these messages from outputting to console? It doesn’t seem to impeded usage of the controller in any way but is there an explanation of what this means?

Stuart_Hanlon1 · June 8, 2016, 7:44pm

It's not the right thing to do...

But I set the keystore to plain text

mspitz · June 9, 2016, 4:55pm

I enforced https only connections which seems to have stopped the messages. Not sure if there is another underlying issue but I’ll mark as complete for now

Eric_Bariaux · June 10, 2016, 3:41pm

In this specific scenario, using a keystore is not more secure than using a plain text file.
In order for your openremote controller to automatically restart and be able to access the information in the keystore without a manual intervention, it needs to know the password to the keystore. There are multiple ways the password can be retrieved (from a configuration file, hardcoded in source code, from an environment variable, …) but with any of those solutions, the password is still somehow in clear on your box. So you should protect the password e.g. by appropriate permissions on your filesystem.
You would need to use some other way to provide the password in order to be really secure (e.g. hardware device, manual entry, …).

So with the keystore, you have the false belief that you data is safe. With storing the password in clear text in a file, you know this is sensitive data and you must protect this file with appropriate permissions, just like you would the keystore password.

Eric_Bariaux · June 13, 2016, 9:24am

I will elaborate a bit more on the background of this in the future, but for now, to get rid of those messages, update your config.properties and change as follows:

beehiveAccountService.REST.Root.Url=::loopback,-1::

remote.command.request.interval = 86400s