The server instance fails to connect to the host-controller when the server instance's JVM is configured to run in FIPS mode. Here is the error/exception:

14:42:48,850 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-17) MSC000001: Failed to start service jboss.host.controller.client: org.jboss.msc.service.StartException in service jboss.host.controller.client: java.io.IOException: JBAS015847: Unable to initialise a basic SSLContext 'FIPS mode: only SunJSSE TrustManagers may be used'
at org.jboss.as.server.mgmt.domain.HostControllerConnectionService.start(HostControllerConnectionService.java:132) [jboss-as-server-7.5.4.Final-redhat-4.jar:7.5.4.Final-redhat-4]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_60]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_60]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_60]
Caused by: java.io.IOException: JBAS015847: Unable to initialise a basic SSLContext 'FIPS mode: only SunJSSE TrustManagers may be used'
at org.jboss.as.server.mgmt.domain.HostControllerConnectionService.getAcceptingSSLContext(HostControllerConnectionService.java:207) [jboss-as-server-7.5.4.Final-redhat-4.jar:7.5.4.Final-redhat-4]
at org.jboss.as.server.mgmt.domain.HostControllerConnectionService.start(HostControllerConnectionService.java:111) [jboss-as-server-7.5.4.Final-redhat-4.jar:7.5.4.Final-redhat-4]
... 5 more

This appears to be happening when the server-instance tries to connect back to the host-controller.

The interesting thing is that in this instance the host controller and instances are not setup to use SSL/TLS on the management connections, but the server instance still tries to initialize the SSLContext. Also, it looks like the server-instance is configuring a "trust all" trust manager.

Here is part of the org.jboss.as.server.mgmt.domain.HostControllerConnectionService.start() method:

public synchronized void start(final StartContext context) throws StartException {
final Endpoint endpoint = endpointInjector.getValue();
try {
final URI connectionURI = new URI("remote://" + NetworkUtils.formatPossibleIpv6Address(hostName) + ":" + port);
final OptionMap options = OptionMap.create(Options.SASL_DISALLOWED_MECHANISMS, Sequence.of(JBOSS_LOCAL_USER));
// Create the connection configuration
final ProtocolConnectionConfiguration configuration = ProtocolConnectionConfiguration.create(endpoint, connectionURI, options);
configuration.setCallbackHandler(HostControllerConnection.createClientCallbackHandler(userName, initialAuthKey));
configuration.setConnectionTimeout(SERVER_CONNECTION_TIMEOUT);
configuration.setSslContext(getAcceptingSSLContext());

...
...
...

private static SSLContext getAcceptingSSLContext() throws IOException {
/*

• This connection is only a connection back to the local host controller.
  *
• The HostController that started this process will have already provided the
• required information regarding the connection so quietly allow the SSL connection
• to be established.
  */
  try {
  SSLContext sslContext = SSLContext.getInstance("TLS");
  TrustManager[] trustManagers = new TrustManager[] { new X509TrustManager() {
  public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
  }

public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}

public X509Certificate[] getAcceptedIssuers()

{ return null; }

} };

sslContext.init(null, trustManagers, null);

return sslContext;
} catch (GeneralSecurityException e)

{ throw ServerMessages.MESSAGES.unableToInitialiseSSLContext(e.getMessage()); }

}