Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

AEM 6.1 to 6.3 in place upgrade issue

Avatar

Level 3

Hi All,

I am upgrading AEM 6.1 to 6.3 and encountered some issue along the way.

Content migration process:

java -Xmx4096m -jar cq-publish-p4503.jar -v -x crx2oak -xargs -- --load-profile segment-no-ds

Upgrade command:

java -Xmx4096m -XX:MaxPermSize=2048m -jar aem6-author-p4502.jar -Dsling.run.modes=author,crx3,crx3tar

Below is the log error:

15.07.2018 10:11:59.948 *INFO*  [com.adobe.granite.quickstart.base.impl.upgrade.UpgradeUtil] UpgradeUtil.java:769  Writing installer state

15.07.2018 10:17:43.711 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator OSGI installer finished and the upgrade task condition was not satisfied. Executing installed upgrade tasks but most likely one of the mandatory upgrade tasks was not executed. Please check the log file.

15.07.2018 10:18:47.272 *ERROR* [FelixStartLevel] com.day.cq.compat.codeupgrade.impl.cq62.Cq62FormsContentUpgrade Exception in updating ACL

javax.jcr.AccessDeniedException: Access denied.

at org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager.checkPermissions(AbstractAccessControlManager.java:200)

at org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager.getTree(AbstractAccessControlManager.java:167)

at org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugAccessControlManager.getCugPolicy(CugAccessControlManager.java:239)

at org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugAccessControlManager.getApplicablePolicies(CugAccessControlManager.java:137)

at org.apache.jackrabbit.oak.security.authorization.composite.CompositeAccessControlManager.getApplicablePolicies(CompositeAccessControlManager.java:99)

at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$7.perform(AccessControlManagerDelegator.java:121)

at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$7.perform(AccessControlManagerDelegator.java:117)

at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:208)

at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator.getApplicablePolicies(AccessControlManagerDelegator.java:117)

at org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator.getApplicablePolicies(JackrabbitAccessControlManagerDelegator.java:147)

at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.getAccessControlList(AccessControlUtils.java:128)

at com.day.cq.compat.codeupgrade.impl.cq62.Cq62FormsContentUpgrade.reorderACLs(Cq62FormsContentUpgrade.java:118)

at com.day.cq.compat.codeupgrade.impl.cq62.Cq62FormsContentUpgrade.doUpgrade(Cq62FormsContentUpgrade.java:102)

at com.day.cq.compat.codeupgrade.impl.AbstractCodeUpgradeTask.run(AbstractCodeUpgradeTask.java:64)

at com.adobe.cq.upgradesexecutor.Activator.runUpgradeTasks(Activator.java:350)

at com.adobe.cq.upgradesexecutor.Activator.finishUpgradeExecution(Activator.java:220)

at com.adobe.cq.upgradesexecutor.Activator.start(Activator.java:170)

at org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:697)

at org.apache.felix.framework.Felix.activateBundle(Felix.java:2227)

at org.apache.felix.framework.Felix.startBundle(Felix.java:2145)

at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1372)

at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)

at java.lang.Thread.run(Thread.java:748)

15.07.2018 10:18:47.272 *ERROR* [FelixStartLevel] com.day.cq.compat.codeupgrade.impl.cq62.Cq62FormsContentUpgrade Exception in Cq62FormsContentUpgrade.run()

javax.jcr.AccessDeniedException: Access denied.

at org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager.checkPermissions(AbstractAccessControlManager.java:200)

at org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager.getTree(AbstractAccessControlManager.java:167)

at org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugAccessControlManager.getCugPolicy(CugAccessControlManager.java:239)

at org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugAccessControlManager.getApplicablePolicies(CugAccessControlManager.java:137)

at org.apache.jackrabbit.oak.security.authorization.composite.CompositeAccessControlManager.getApplicablePolicies(CompositeAccessControlManager.java:99)

at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$7.perform(AccessControlManagerDelegator.java:121)

at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator$7.perform(AccessControlManagerDelegator.java:117)

at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.perform(SessionDelegate.java:208)

at org.apache.jackrabbit.oak.jcr.delegate.AccessControlManagerDelegator.getApplicablePolicies(AccessControlManagerDelegator.java:117)

at org.apache.jackrabbit.oak.jcr.delegate.JackrabbitAccessControlManagerDelegator.getApplicablePolicies(JackrabbitAccessControlManagerDelegator.java:147)

at org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils.getAccessControlList(AccessControlUtils.java:128)

at com.day.cq.compat.codeupgrade.impl.cq62.Cq62FormsContentUpgrade.reorderACLs(Cq62FormsContentUpgrade.java:118)

at com.day.cq.compat.codeupgrade.impl.cq62.Cq62FormsContentUpgrade.doUpgrade(Cq62FormsContentUpgrade.java:102)

at com.day.cq.compat.codeupgrade.impl.AbstractCodeUpgradeTask.run(AbstractCodeUpgradeTask.java:64)

at com.adobe.cq.upgradesexecutor.Activator.runUpgradeTasks(Activator.java:350)

at com.adobe.cq.upgradesexecutor.Activator.finishUpgradeExecution(Activator.java:220)

at com.adobe.cq.upgradesexecutor.Activator.start(Activator.java:170)

at org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:697)

at org.apache.felix.framework.Felix.activateBundle(Felix.java:2227)

at org.apache.felix.framework.Felix.startBundle(Felix.java:2145)

at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1372)

at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)

at java.lang.Thread.run(Thread.java:748)

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator Missing pacakges health check failed:

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator Bundle com.ebmpapst.ebmpapst-bundle:1.0.0.SNAPSHOT is in the following state: Installed

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator Bundle com.adobe.acs.acs-aem-commons-bundle:2.12.0 is in the following state: Installed

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator The following imported required packages are unsatisfied:

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.dam.commons.process)(version>=1.1.0)(!(version>=2.0.0))) from bundle com.day.cq.dam.cq-dam-commons. The exported package exists and exported by com.day.cq.dam.cq-dam-commons but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.workflow.exec)(version>=0.0.0)(!(version>=1.0.0))) from bundle com.day.cq.workflow.cq-workflow-api. The exported package exists and exported by com.day.cq.workflow.cq-workflow-api but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.widget)(version>=5.5.0)(!(version>=6.0.0))) from bundle com.day.cq.cq-widgets. The exported package exists and exported by com.day.cq.cq-widgets but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.mailer)(version>=5.8.0)(!(version>=6.0.0))) from bundle com.day.cq.cq-mailer. The exported package exists and exported by com.day.cq.cq-mailer but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.workflow)(version>=0.0.0)(!(version>=1.0.0))) from bundle com.day.cq.workflow.cq-workflow-api. The exported package exists and exported by com.day.cq.workflow.cq-workflow-api but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.jcr.vault.fs.config)(version>=2.4.0)(!(version>=3.0.0)))

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.security)(version>=0.0.0)(!(version>=1.0.0))) from bundle com.day.cq.cq-security-api. The exported package exists and exported by com.day.cq.cq-security-api but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.commons)(version>=5.7.0)(!(version>=6.0.0))) from bundle com.day.cq.cq-commons. The exported package exists and exported by com.day.cq.cq-commons but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.commons.jcr)(version>=5.7.0)(!(version>=6.0.0))) from bundle com.day.cq.cq-commons. The exported package exists and exported by com.day.cq.cq-commons but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.workflow.collection)(version>=0.0.0)(!(version>=1.0.0))) from bundle com.day.cq.workflow.cq-workflow-api. The exported package exists and exported by com.day.cq.workflow.cq-workflow-api but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.workflow.model)(version>=0.0.0)(!(version>=1.0.0))) from bundle com.day.cq.workflow.cq-workflow-api. The exported package exists and exported by com.day.cq.workflow.cq-workflow-api but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=org.apache.jackrabbit.oak.commons)(version>=1.0.0)(!(version>=2.0.0))) from bundle org.apache.jackrabbit.oak-commons. The exported package exists and exported by org.apache.jackrabbit.oak-commons but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=io.sightly.java.api)(version>=3.0.0)(!(version>=4.0.0)))

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=org.apache.sling.event.jobs)(version>=1.4.0)(!(version>=2.0.0))) from bundle org.apache.sling.event. The exported package exists and exported by org.apache.sling.event but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.wcm.workflow.process)(version>=5.7.0)(!(version>=6.0.0))) from bundle com.day.cq.wcm.cq-wcm-workflow. The exported package exists and exported by com.day.cq.wcm.cq-wcm-workflow but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.workflow.exec.filter)(version>=0.0.0)(!(version>=1.0.0))) from bundle com.day.cq.workflow.cq-workflow-api. The exported package exists and exported by com.day.cq.workflow.cq-workflow-api but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.replication)(version>=5.15.0)(!(version>=6.0.0))) from bundle com.day.cq.cq-replication. The exported package exists and exported by com.day.cq.cq-replication but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=org.apache.sling.event)(version>=2.4.0)(!(version>=3.0.0)))

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.replication)(version>=5.18.0)(!(version>=6.0.0))) from bundle com.day.cq.cq-replication. The exported package exists and exported by com.day.cq.cq-replication but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.jcr.vault.fs.filter)(version>=2.4.0)(!(version>=3.0.0)))

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.jcr.vault.packaging)(version>=2.4.0)(!(version>=3.0.0)))

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.workflow.metadata)(version>=0.0.0)(!(version>=1.0.0))) from bundle com.day.cq.workflow.cq-workflow-api. The exported package exists and exported by com.day.cq.workflow.cq-workflow-api but it's out of the importing range.

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.jcr.vault.fs.api)(version>=2.4.0)(!(version>=3.0.0)))

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.jcr.vault.util)(version>=2.4.0)(!(version>=3.0.0)))

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.jcr.vault.fs.io)(version>=2.4.0)(!(version>=3.0.0)))

15.07.2018 10:18:48.340 *ERROR* [FelixStartLevel] com.adobe.cq.upgradesexecutor.Activator (&(osgi.wiring.package=com.day.cq.workflow.collection.util)(version>=0.0.0)(!(version>=1.0.0))) from bundle com.day.cq.workflow.cq-workflow-api. The exported package exists and exported by com.day.cq.workflow.cq-workflow-api but it's out of the importing range.

Any pointers to resolve the above failed task?

Thanks!

Dinesh kumar L.

1 Accepted Solution

Avatar

Correct answer by
Level 3

Hi All,

Thanks for all your pointers. By raising a daycare support ticket, we got this issue resolved.

By giving jcr:all access rights to the path /content for everyone group the issue got resolved.

PS: Add the permissions only via crx/de in case of AEM6.1 under the "Access control" tab as highlighted below. If we give full access via the useradmin console, the access permissions are not applying properly.

1541169_pastedImage_0.png

Post upgrade, we can remove the full access given to the everyone group.

Thanks,

Dinesh kumar L

View solution in original post

5 Replies

Avatar

Level 10

AFter talking to our team on this - they suggested this:

Might be OS level permissions to …/crx-quickstart/launchpad foler

Can you please check the permissions.

Avatar

Employee

DNashKL​ Check the path '/content/forms/af' and check the rep:policy nodes under it as one of the users or permissions might be missing here. Compare it with OOTB AEM instance and make adjustments

Avatar

Level 3

Hi Smacdonald,

Thanks for the pointers. Please find the below OS level permissions:

1529680_pastedImage_0.png

Regards,

Dinesh kumar L.

Avatar

Level 3

Hi Kunwar,

Thanks for the check points. I am not seeing any abnormal differences in the rep:policy. Below are the snaps for your reference:

In AEM 6.1 + SP2 + CFP16 Vanilla instance:

1529696_pastedImage_0.png

1529697_pastedImage_1.png

In our AEM instance - Which is again AEM 61 + SP2 + CFP16 + few hot fixes:

1529698_pastedImage_4.png

1529699_pastedImage_6.png

1529700_pastedImage_7.png

There are no deny rep:policies.

Thanks,

Dinesh kumar L. 

Avatar

Correct answer by
Level 3

Hi All,

Thanks for all your pointers. By raising a daycare support ticket, we got this issue resolved.

By giving jcr:all access rights to the path /content for everyone group the issue got resolved.

PS: Add the permissions only via crx/de in case of AEM6.1 under the "Access control" tab as highlighted below. If we give full access via the useradmin console, the access permissions are not applying properly.

1541169_pastedImage_0.png

Post upgrade, we can remove the full access given to the everyone group.

Thanks,

Dinesh kumar L