Discussion:
Problem to start the server after enabling global security
(too old to reply)
Ronaldo Queiroz
2004-02-18 21:59:31 UTC
Permalink
Hi,

I have 3 machines: 1 running the deployment manager and the 2 others running
1 was5 app server on each.
The 2 was5 machines are part of the same cell.
The operating system is Linux RH8 and all of the 3 machines are running
version 5.0.2.3

That's the scenario:
After enabling the global security I'm not able to start and stop servers
from the admin console.
I started the deployment manager using the command:
./startManager.sh -username user -password pw.
I started the 2 node agents using the command: ./startNode.sh -username
user -password pw.

If I try to start the servers from the admin console I get the error below.
If I start them from the command line passing user and password they start
with no problem.

I have already tried to sync them, using the command ./syncNode
dmhost -username user -password pw. I got a message showing the
synchronization was successfully done.

Does anybody know what could be the problem ?

Thanks a lot,

Ronaldo Queiroz.

[2/18/04 18:07:52:588 BRT] 1ad87670 RoleBasedAuth A SECJ0305I: Role based
authorization check failed for security name <null>, accessId
NO_CRED_NO_ACCESS_ID while invoking method getRepositoryEpoch on resource
ConfigRepository and module ConfigRepository.
[2/18/04 18:07:53:309 BRT] 1adb7670 LTPAServerObj E SECJ0375E: Mismatch of
realms during token validation.
[2/18/04 18:07:53:313 BRT] 1adb7670 LTPAServerObj E SECJ0373E: Cannot create
credential for the user <null> during the Validation of the token. The
exception is com.ibm.websphere.security.CustomRegistryException: The realm
in the token: labsrv6.lab.brq.com does not match the current realm:
labsrv7.lab.brq.com
Manglu
2004-02-19 03:03:14 UTC
Permalink
Ronaldo,

What's you User Registry?

Is it the local OS?

Regards,
Manglu
Bo Nilsson
2004-02-19 15:44:47 UTC
Permalink
Ronaldo,
I guess you are useing LocalOS as registry ?
LocalOS is not supported in a multi-node environment even if that is not
very clear stated in the doc's. See url (paste it together)
http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP&q1=localos
&uid=swg21139779&loc=en_US&cs=utf-8&lang=en+en

Regards
Bo Nilsson
Software Group
IBM Sweden
Post by Ronaldo Queiroz
Hi,
I have 3 machines: 1 running the deployment manager and the 2 others running
1 was5 app server on each.
The 2 was5 machines are part of the same cell.
The operating system is Linux RH8 and all of the 3 machines are running
version 5.0.2.3
After enabling the global security I'm not able to start and stop servers
from the admin console.
./startManager.sh -username user -password pw.
I started the 2 node agents using the command: ./startNode.sh -username
user -password pw.
If I try to start the servers from the admin console I get the error below.
If I start them from the command line passing user and password they start
with no problem.
I have already tried to sync them, using the command ./syncNode
dmhost -username user -password pw. I got a message showing the
synchronization was successfully done.
Does anybody know what could be the problem ?
Thanks a lot,
Ronaldo Queiroz.
[2/18/04 18:07:52:588 BRT] 1ad87670 RoleBasedAuth A SECJ0305I: Role based
authorization check failed for security name <null>, accessId
NO_CRED_NO_ACCESS_ID while invoking method getRepositoryEpoch on resource
ConfigRepository and module ConfigRepository.
[2/18/04 18:07:53:309 BRT] 1adb7670 LTPAServerObj E SECJ0375E: Mismatch of
realms during token validation.
[2/18/04 18:07:53:313 BRT] 1adb7670 LTPAServerObj E SECJ0373E: Cannot create
credential for the user <null> during the Validation of the token. The
exception is com.ibm.websphere.security.CustomRegistryException: The realm
labsrv7.lab.brq.com
Ram
2004-02-19 19:09:32 UTC
Permalink
I see the same error message in the systemOut.log file when I start
the node agent. I am using WAS5.0 on WIN XP PRo , but I am using LDAP
, not local OS security. Any clues ??

Thanks
Ram
Post by Manglu
Ronaldo,
I guess you are useing LocalOS as registry ?
LocalOS is not supported in a multi-node environment even if that is not
very clear stated in the doc's. See url (paste it together)
http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP&q1=localos
&uid=swg21139779&loc=en_US&cs=utf-8&lang=en+en
Regards
Bo Nilsson
Software Group
IBM Sweden
Post by Ronaldo Queiroz
Hi,
I have 3 machines: 1 running the deployment manager and the 2 others running
1 was5 app server on each.
The 2 was5 machines are part of the same cell.
The operating system is Linux RH8 and all of the 3 machines are running
version 5.0.2.3
After enabling the global security I'm not able to start and stop servers
from the admin console.
./startManager.sh -username user -password pw.
I started the 2 node agents using the command: ./startNode.sh -username
user -password pw.
If I try to start the servers from the admin console I get the error below.
If I start them from the command line passing user and password they start
with no problem.
I have already tried to sync them, using the command ./syncNode
dmhost -username user -password pw. I got a message showing the
synchronization was successfully done.
Does anybody know what could be the problem ?
Thanks a lot,
Ronaldo Queiroz.
[2/18/04 18:07:52:588 BRT] 1ad87670 RoleBasedAuth A SECJ0305I: Role based
authorization check failed for security name <null>, accessId
NO_CRED_NO_ACCESS_ID while invoking method getRepositoryEpoch on resource
ConfigRepository and module ConfigRepository.
[2/18/04 18:07:53:309 BRT] 1adb7670 LTPAServerObj E SECJ0375E: Mismatch of
realms during token validation.
[2/18/04 18:07:53:313 BRT] 1adb7670 LTPAServerObj E SECJ0373E: Cannot create
credential for the user <null> during the Validation of the token. The
exception is com.ibm.websphere.security.CustomRegistryException: The realm
labsrv7.lab.brq.com
CheKim Chhuor
2004-02-24 21:24:40 UTC
Permalink
Ronaldo,

You can try to update the <WAS_HOME>/properties/soap.client.props file with:
com.ibm.SOAP.securityEnabled=true
com.ibm.SOAP.loginUserid=yourID
com.ibm.SOAP.loginPassword=yourPW

I remember getting it to work before. But you'll have to encode the password
in soap.client.props using PropFilePasswordEncoder otherwise password will
stay in clear text.

CheKim Chhuor
IBM Poughkeepsie
Post by Manglu
Ronaldo,
I guess you are useing LocalOS as registry ?
LocalOS is not supported in a multi-node environment even if that is not
very clear stated in the doc's. See url (paste it together)
http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP&q1=localos
&uid=swg21139779&loc=en_US&cs=utf-8&lang=en+en
Regards
Bo Nilsson
Software Group
IBM Sweden
Post by Ronaldo Queiroz
Hi,
I have 3 machines: 1 running the deployment manager and the 2 others running
1 was5 app server on each.
The 2 was5 machines are part of the same cell.
The operating system is Linux RH8 and all of the 3 machines are running
version 5.0.2.3
After enabling the global security I'm not able to start and stop servers
from the admin console.
./startManager.sh -username user -password pw.
I started the 2 node agents using the command: ./startNode.sh -username
user -password pw.
If I try to start the servers from the admin console I get the error below.
If I start them from the command line passing user and password they start
with no problem.
I have already tried to sync them, using the command ./syncNode
dmhost -username user -password pw. I got a message showing the
synchronization was successfully done.
Does anybody know what could be the problem ?
Thanks a lot,
Ronaldo Queiroz.
[2/18/04 18:07:52:588 BRT] 1ad87670 RoleBasedAuth A SECJ0305I: Role based
authorization check failed for security name <null>, accessId
NO_CRED_NO_ACCESS_ID while invoking method getRepositoryEpoch on resource
ConfigRepository and module ConfigRepository.
[2/18/04 18:07:53:309 BRT] 1adb7670 LTPAServerObj E SECJ0375E: Mismatch of
realms during token validation.
[2/18/04 18:07:53:313 BRT] 1adb7670 LTPAServerObj E SECJ0373E: Cannot create
credential for the user <null> during the Validation of the token. The
exception is com.ibm.websphere.security.CustomRegistryException: The realm
labsrv7.lab.brq.com
Jonathan Kwok
2004-03-02 08:31:25 UTC
Permalink
I got the same problem.
Even I setup the soap.client.props as described.
BTW, should / should not use Local OS User registry ?

Many many thanks !
Post by Manglu
Ronaldo,
com.ibm.SOAP.securityEnabled=true
com.ibm.SOAP.loginUserid=yourID
com.ibm.SOAP.loginPassword=yourPW
I remember getting it to work before. But you'll have to encode the password
in soap.client.props using PropFilePasswordEncoder otherwise password will
stay in clear text.
CheKim Chhuor
IBM Poughkeepsie
Post by Manglu
Ronaldo,
I guess you are useing LocalOS as registry ?
LocalOS is not supported in a multi-node environment even if that is not
very clear stated in the doc's. See url (paste it together)
http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP&q1=localos
&uid=swg21139779&loc=en_US&cs=utf-8&lang=en+en
Regards
Bo Nilsson
Software Group
IBM Sweden
Post by Ronaldo Queiroz
Hi,
I have 3 machines: 1 running the deployment manager and the 2 others
running
Post by Manglu
Post by Ronaldo Queiroz
1 was5 app server on each.
The 2 was5 machines are part of the same cell.
The operating system is Linux RH8 and all of the 3 machines are running
version 5.0.2.3
After enabling the global security I'm not able to start and stop
servers
Post by Manglu
Post by Ronaldo Queiroz
from the admin console.
./startManager.sh -username user -password pw.
I started the 2 node agents using the command: ./startNode.sh -username
user -password pw.
If I try to start the servers from the admin console I get the error
below.
Post by Manglu
Post by Ronaldo Queiroz
If I start them from the command line passing user and password they
start
Post by Manglu
Post by Ronaldo Queiroz
with no problem.
I have already tried to sync them, using the command ./syncNode
dmhost -username user -password pw. I got a message showing the
synchronization was successfully done.
Does anybody know what could be the problem ?
Thanks a lot,
Ronaldo Queiroz.
[2/18/04 18:07:52:588 BRT] 1ad87670 RoleBasedAuth A SECJ0305I: Role
based
Post by Manglu
Post by Ronaldo Queiroz
authorization check failed for security name <null>, accessId
NO_CRED_NO_ACCESS_ID while invoking method getRepositoryEpoch on
resource
Post by Manglu
Post by Ronaldo Queiroz
ConfigRepository and module ConfigRepository.
[2/18/04 18:07:53:309 BRT] 1adb7670 LTPAServerObj E SECJ0375E: Mismatch
of
Post by Manglu
Post by Ronaldo Queiroz
realms during token validation.
[2/18/04 18:07:53:313 BRT] 1adb7670 LTPAServerObj E SECJ0373E: Cannot
create
Post by Manglu
Post by Ronaldo Queiroz
credential for the user <null> during the Validation of the token. The
exception is com.ibm.websphere.security.CustomRegistryException: The
realm
Post by Manglu
Post by Ronaldo Queiroz
labsrv7.lab.brq.com
Stefan T
2004-03-02 14:01:59 UTC
Permalink
I seem to remember to change the following file (if you use Network
Deployment the might exist in both app server and nd installation
directories)

$WAS_HOME/properties/sas.client.props

Change the value of the following property from "prompt" to "properties":

com.ibm.CORBA.loginSource=properties



$WAS_HOME/properties/soap.client.props


set the following properties:

com.ibm.SOAP.loginUserid=userid

com.ibm.SOAP.loginPassword=password


A good deal of this is described in the Redbook SG 24-6573 "WebSphere v5
Security" in appendix D and chapter 10.

Cheers

Stefan
Post by Jonathan Kwok
I got the same problem.
Even I setup the soap.client.props as described.
BTW, should / should not use Local OS User registry ?
Many many thanks !
Post by Manglu
Ronaldo,
com.ibm.SOAP.securityEnabled=true
com.ibm.SOAP.loginUserid=yourID
com.ibm.SOAP.loginPassword=yourPW
I remember getting it to work before. But you'll have to encode the password
in soap.client.props using PropFilePasswordEncoder otherwise password will
stay in clear text.
CheKim Chhuor
IBM Poughkeepsie
Post by Manglu
Ronaldo,
I guess you are useing LocalOS as registry ?
LocalOS is not supported in a multi-node environment even if that is not
very clear stated in the doc's. See url (paste it together)
http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP&q1=localos
Post by Jonathan Kwok
Post by Manglu
Post by Manglu
&uid=swg21139779&loc=en_US&cs=utf-8&lang=en+en
Regards
Bo Nilsson
Software Group
IBM Sweden
Post by Ronaldo Queiroz
Hi,
I have 3 machines: 1 running the deployment manager and the 2 others
running
Post by Manglu
Post by Ronaldo Queiroz
1 was5 app server on each.
The 2 was5 machines are part of the same cell.
The operating system is Linux RH8 and all of the 3 machines are running
version 5.0.2.3
After enabling the global security I'm not able to start and stop
servers
Post by Manglu
Post by Ronaldo Queiroz
from the admin console.
./startManager.sh -username user -password pw.
./startNode.sh -username
Post by Jonathan Kwok
Post by Manglu
Post by Manglu
Post by Ronaldo Queiroz
user -password pw.
If I try to start the servers from the admin console I get the error
below.
Post by Manglu
Post by Ronaldo Queiroz
If I start them from the command line passing user and password they
start
Post by Manglu
Post by Ronaldo Queiroz
with no problem.
I have already tried to sync them, using the command ./syncNode
dmhost -username user -password pw. I got a message showing the
synchronization was successfully done.
Does anybody know what could be the problem ?
Thanks a lot,
Ronaldo Queiroz.
[2/18/04 18:07:52:588 BRT] 1ad87670 RoleBasedAuth A SECJ0305I: Role
based
Post by Manglu
Post by Ronaldo Queiroz
authorization check failed for security name <null>, accessId
NO_CRED_NO_ACCESS_ID while invoking method getRepositoryEpoch on
resource
Post by Manglu
Post by Ronaldo Queiroz
ConfigRepository and module ConfigRepository.
[2/18/04 18:07:53:309 BRT] 1adb7670 LTPAServerObj E SECJ0375E: Mismatch
of
Post by Manglu
Post by Ronaldo Queiroz
realms during token validation.
[2/18/04 18:07:53:313 BRT] 1adb7670 LTPAServerObj E SECJ0373E: Cannot
create
Post by Manglu
Post by Ronaldo Queiroz
credential for the user <null> during the Validation of the token. The
exception is com.ibm.websphere.security.CustomRegistryException: The
realm
Post by Manglu
Post by Ronaldo Queiroz
labsrv7.lab.brq.com
Loading...