Caused by: java.lang.NoClassDefFoundError: Could not initialize class com.pega.pegarules.common.PREngineProvider

Hi ,

Last week we installed hotfix for A22 security vulnerability after which few of our integrations stopped with below error:

“Java code injection pattern identified in the java source code .Vulnerable code detected.”

Hence we tried to rollback the hotfix and perform a clean restart. However after restart the server is not coming up.

And in logs we could see the below error:

Caused by: java.lang.NoClassDefFoundError: Could not initialize class com.pega.pegarules.common.PREngineProvider

Kindly help with your thoughts.

Mail id: [email protected]

@LivyaJ02 I believe an advisory email was sent out to our clients advising them that users who have encountered issues with the testing and rollout of the hotfix should engage Global Client Support.

You may wish to log two separate tickets via the MSP:

• one ticket for the initial decision made to apply A22 and the subsequent testing efforts on custom rules created that utilize Java reflection or other Java Injection methods as described in Configuring Java Injection Check. It is possible that you may not need to install the hotfix and our support team can help evaluate if all that is needed is a modification to your SOAP connector code.

• one ticket for correcting the subsequent rollback problems you have encountered. We have seen instances where issues arise, if users have already committed the hotfix, look to either restore the system from backup or utilize the ‘patchdate’ parameter in the prbootstrap file to specify an engine code date earlier than when the A22 hotfix was applied.

Our Platform Service Engineering team dealing with the above support tickets will be able to advise your on your particular scenario.

Please could I ask that you log a support Incident, and provide the INC number in this thread so that we can help you track its progress?

Thank you for your response @MarijeSchillern

We have already created Sev2 incident (INC-221076) to Pega team.

After installing the hotfix we found integrations were not working, hence we decided to rollback and restart

Once restarted the node never came up.

@LivyaJ02 thanks for having provided the incident details.

I can see that our support team have contacted you today to discuss this rollback issue. They are discussing this also with our Engineering team.

They are suggesting a DB restore to a point before installation of the hotfix and are internally verifying the Jboss version used.

Please continue to work with GCS so that the server rollback issue can be resolved.

@MarijeSchillern We are so glad that we got work around from Pega team and with that we could bring up the servers.

Along with the error mentioned in this question we had one more error in logs:
Caused by: java.lang.NoClassDefFoundError: com/hazelcast/core/LifecycleListener

Providing the root cause and work around in this thread as it may help others.

Root cause could be same as mentioned in below link :

Workaround from Pega team:

We have received the below workaround from engineering. Could you please try this before making DB restore?
Can you try the below workaround:
Roll back all the Hotfixes. Bring up a single node with “identification/cluster/protocol” value=“standalone”. Install Hotfixes other than security ones. Bring up whole Cluster by removing setting “identification/cluster/protocol” value= “standalone”

We added the above configuration setting in prconfig.XML file under section and then restarted the server.