Discussion:
Starting/Stopping WAS With Batch Files
(too old to reply)
Les
2006-05-12 11:40:39 UTC
Permalink
I am trying to write some scripts that will stop WAS do a DB2 Backup
and then start WAS again. Right now I am using the stopserver server1
-username name -password word in my scripts and the same procedure for
starting WAS once the backup is done. This seems to work, but the only
problem I see is that once you stop the server in this manner, the WAS
service in the services panel doesn't update it's status. I was
thinking I could just use the NET STOP Service "Servicename" but it
comlains that it needs a userid/password.

Is there a way to use the NET STOP/START command and pass the UID/PWD
parameters?
Charly Oz
2006-05-12 13:21:12 UTC
Permalink
Les,

You could use the <WAS_HOME>\bin\wasservice utility to add "-username
user -password pass" to the start and stop options.

Make sure you use the encodeParams option as well so that these details
aren't stored in clear text in the registry.

Have a search through the InfoCenter (WebSphere Library Link:
http://www-306.ibm.com/software/webservers/appserv/was/library/) for
"wasservice" for more details.
Post by Les
I am trying to write some scripts that will stop WAS do a DB2 Backup
and then start WAS again. Right now I am using the stopserver server1
-username name -password word in my scripts and the same procedure for
starting WAS once the backup is done. This seems to work, but the only
problem I see is that once you stop the server in this manner, the WAS
service in the services panel doesn't update it's status. I was
thinking I could just use the NET STOP Service "Servicename" but it
comlains that it needs a userid/password.
Is there a way to use the NET STOP/START command and pass the UID/PWD
parameters?
Les
2006-05-12 13:41:49 UTC
Permalink
Post by Charly Oz
Les,
You could use the <WAS_HOME>\bin\wasservice utility to add "-username
user -password pass" to the start and stop options.
Make sure you use the encodeParams option as well so that these details
aren't stored in clear text in the registry.
http://www-306.ibm.com/software/webservers/appserv/was/library/) for
"wasservice" for more details.
OK I tried this from the command line:

wasservice.exe -stop "IBMWAS6Service - IBMWAS6Service -
RVCAT052881DNode01" and got the following error:

Could not open service 'IBMWAS6Service - IBMWAS6Service -
RVCAT052881DNode01'
reason: The specified service does not exist as an installed
service.

If I leave the -stop off the command it does say it is starting the
service. It seems that if I put any parameter between the wassservice
and the service name it doesn't work.
Charly Oz
2006-05-13 05:16:38 UTC
Permalink
Les,

Try: net stop "IBMWAS6Service - RVCAT052881DNode01" as opposed to
'IBMWAS6Service - IBMWAS6Service - RVCAT052881DNode01'

The wasservice utility is used to register the WebSphere server as a windows
service. Once it's registered, it can then be stopped and started using the
windows net stop/start.

Try running this:
wasservice -add RVCAT052881DNode01 -serverName
YOURWASSERVERNAME -profilePath YOURWASPROFILEPATH -startArgs "-user
YOURWASUSERNAME -password YOURWASPASSWORD" -stopArgs "-user
YOURWASUSERNAME -password YOURWASPASSWORD" -encodeParams

e.g.
D:\WebSphere6\AppServer\bin\wasservice.exe -add
RVCAT052881DNode01 -serverName server1 -profilePath
D:\WebSphere6\AppServer\profiles\default -startArgs "-user
wasadmin -password S0meD1ff1cultPa55w0rd" -stopArgs "-user
wasadmin -password S0meD1ff1cultPa55w0rd" -encodeParams

Then:
net stop "IBMWAS6Service - RVCAT052881DNode01"
and
net start "IBMWAS6Service - RVCAT052881DNode01"

Note: Make sure that the java process for this server is not already running
before running the net start.

The options for wasservice are below:
WASService.exe -add "service_name"
-serverName server
-profilePath server_profile_directory
[-wasHome app_server_root]
[-configRoot configuration_repository_directory]
[-startArgs additional_start_arguments]
[-stopArgs additional_stop_arguments]
[-userid user_id -password password]
[-logFile service_log_file]
[-logRoot server_log_directory]
[-restart true | -restart false]
[-startType automatic | manual | disabled]
Note the items in []'s are optional if the service has already been
registered.
Also, the -userid & -password listed as arguments for the wasservice utility
are for the Windows Service user account, not the WebSphere account.

Please see this link for more details.
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/topic/com.ibm.websphere.base.doc/info/aes/ae/rins_wasservice.html?resultof=%22%77%61%73%73%65%72%76%69%63%65%22%20%22%77%61%73%73%65%72%76%69%63%22%20

Hope this helps,

Charly.
Post by Les
Post by Charly Oz
Les,
You could use the <WAS_HOME>\bin\wasservice utility to add "-username
user -password pass" to the start and stop options.
Make sure you use the encodeParams option as well so that these details
aren't stored in clear text in the registry.
http://www-306.ibm.com/software/webservers/appserv/was/library/) for
"wasservice" for more details.
wasservice.exe -stop "IBMWAS6Service - IBMWAS6Service -
Could not open service 'IBMWAS6Service - IBMWAS6Service -
RVCAT052881DNode01'
reason: The specified service does not exist as an installed
service.
If I leave the -stop off the command it does say it is starting the
service. It seems that if I put any parameter between the wassservice
and the service name it doesn't work.
Dexthor
2006-05-12 13:49:28 UTC
Permalink
I think the Net Stop is running the stopServer.bat with arguments.
Dont know how you can verify that. Once you do, you can make these
commands to run without prompting password.

(Caution: when you do this, any one who can run this command manually
will also get a security bypass. So protect these stop batch files
with tighter security).

Procedure:
1. Make a copy of setupCmdLine.bat and call it setupCmdLine_bypass.bat.
2. Edit setupCmdLine_bypass.bat for the following:
2.a. add the following lines.(translate these to Windows format).
CLIENTSAS=-Dcom.ibm.CORBA.ConfigURL=file:"$SECPROFILEDIR"/bypass_sas.props
CLIENTSOAP=-Dcom.ibm.SOAP.ConfigURL=file:"$SECPROFILEDIR"/bypass_soap.props
3. Edit stopServer.sh (that is being used by the net stop) as follows.
3.a. update WAS_USER_SCRIPT={profilehome}/bin/setupCmdLine_bypass.bat
4. go to $PROFILEHOME/properties.
5. copy sas.client.props => bypass_sas.props
6. copy soap.client.props => bypass_soap.props
7. Edit bypass_sas.props and update:(plain text)
7.a: com.ibm.CORBA.loginPassword={adminuserpassword}
com.ibm.CORBA.loginUserid={wasadminuser}
com.ibm.CORBA.loginSource=properties
com.ibm.CORBA.securityEnabled=true
7.b. Run: $WAS_HOME/bin/PropFilePasswordEncoder.bat bypass_sas.props
-SAS
7.c. Open bypass_sas.props, take the encoded password
string(com.ibm.CORBA.loginPassword={adminuserpassword}) -- you will
need it in the bypass_soap.props
8. Edit bypass_soap.props.
8.a. com.ibm.SOAP.securityEnabled=true
com.ibm.SOAP.loginUserid={wasadminuser}
com.ibm.SOAP.loginPassword={previously encoded password string from sas
file)

9. Test the "stopServer.bat serer1" manually, and see if you get
prompted. If you do, then the setup didnt work properly, you have to go
back and troubleshoot.

10. Test the "net stop ..." and see if you get prompted.

HTH
Dexthor.
Les
2006-05-12 13:56:21 UTC
Permalink
Post by Dexthor
I think the Net Stop is running the stopServer.bat with arguments.
Dont know how you can verify that. Once you do, you can make these
commands to run without prompting password.
(Caution: when you do this, any one who can run this command manually
will also get a security bypass. So protect these stop batch files
with tighter security).
1. Make a copy of setupCmdLine.bat and call it setupCmdLine_bypass.bat.
2.a. add the following lines.(translate these to Windows format).
CLIENTSAS=-Dcom.ibm.CORBA.ConfigURL=file:"$SECPROFILEDIR"/bypass_sas.props
CLIENTSOAP=-Dcom.ibm.SOAP.ConfigURL=file:"$SECPROFILEDIR"/bypass_soap.props
3. Edit stopServer.sh (that is being used by the net stop) as follows.
3.a. update WAS_USER_SCRIPT={profilehome}/bin/setupCmdLine_bypass.bat
4. go to $PROFILEHOME/properties.
5. copy sas.client.props => bypass_sas.props
6. copy soap.client.props => bypass_soap.props
7. Edit bypass_sas.props and update:(plain text)
7.a: com.ibm.CORBA.loginPassword={adminuserpassword}
com.ibm.CORBA.loginUserid={wasadminuser}
com.ibm.CORBA.loginSource=properties
com.ibm.CORBA.securityEnabled=true
7.b. Run: $WAS_HOME/bin/PropFilePasswordEncoder.bat bypass_sas.props
-SAS
7.c. Open bypass_sas.props, take the encoded password
string(com.ibm.CORBA.loginPassword={adminuserpassword}) -- you will
need it in the bypass_soap.props
8. Edit bypass_soap.props.
8.a. com.ibm.SOAP.securityEnabled=true
com.ibm.SOAP.loginUserid={wasadminuser}
com.ibm.SOAP.loginPassword={previously encoded password string from sas
file)
9. Test the "stopServer.bat serer1" manually, and see if you get
prompted. If you do, then the setup didnt work properly, you have to go
back and troubleshoot.
10. Test the "net stop ..." and see if you get prompted.
HTH
Dexthor.
I think using this I will still have the problem with the services
panel not being updated with the current server status.
Dexthor
2006-05-12 13:59:25 UTC
Permalink
The stop and start command use sas.client.props and soap.client.props
file no matter which method you use .

So if you would like no prompting just update the default original
files using the procedure above. That will work perfectly.

On windows WASService.exe is a utility provided by WAS to make it
easy, but the underlying WAS security uses the above 2 files for all
Admin Clients.

HTH
Dexthor.
Les
2006-05-12 14:20:16 UTC
Permalink
Thanks for the information. I am not so worried about putting the
userid/password in the scripts, since this machine is behind enough
firewalls that someone hacking them is not an issue. I was just hoping
for a method that would keep the status in the services panel current.
Not so much for me, but when I am off, and have to rely on backups;
First thing they look at is the service in the services panel. Even
though you can learn them, they rely on old habits :)
Dexthor
2006-05-12 14:45:21 UTC
Permalink
As per infocenter, this is how you stop/start the service on windows:

WASService.exe -stop "service_name" [optional stopServer.bat
parameters]

So,

WASService.exe -stop "server1" -user admin -password blahblah

Is that what didnt work for you ?

May be you can delete the service and recreate it with the arguments
coded into it.

WASService.exe -add "service_name" -serverName server
-profilePath server_profile_directory -stopArgs "-user admin -password
blahblah"

-Dexthor.
Les
2006-05-12 15:38:22 UTC
Permalink
Post by Dexthor
WASService.exe -stop "service_name" [optional stopServer.bat
parameters]
So,
WASService.exe -stop "server1" -user admin -password blahblah
Is that what didnt work for you ?
Yes I could not put any parameters between the WASService.exe command
and the SERVICENAME. If I put a -stop or a -start between the two it
barffed up with the error I posted previously.
Post by Dexthor
May be you can delete the service and recreate it with the arguments
coded into it.
WASService.exe -add "service_name" -serverName server
-profilePath server_profile_directory -stopArgs "-user admin -password
blahblah"
-Dexthor.
The service is setup to start with a userid/password combo via the
service properties in the services panel. I have a WAS training class
next week so I am planning on asking the instructor for some insight
into this.
Dexthor
2006-05-12 15:48:01 UTC
Permalink
If I understand you correctly, when you register the Service you should
not say either "start" or "stop". You must set the "-stopArgs" and
"-startArgs" with values. These values are used when the Stop/start or
restart actions are carried out on the service.
WASservice.exe -stop/-start actions are applicable on a registered
service.

The UserID/password that you set on the Service is for the Process
security which is applicable at O/S. For WAS security, you will need to
still pass -user -password arguments on the command line.

For example, You can be Super User (root) on the box, when you run the
stopServer command, it will still challenge you to authenticate.


HTH
Dexthor.
Les
2006-05-12 15:53:30 UTC
Permalink
Post by Dexthor
If I understand you correctly, when you register the Service you should
not say either "start" or "stop". You must set the "-stopArgs" and
"-startArgs" with values. These values are used when the Stop/start or
restart actions are carried out on the service.
WASservice.exe -stop/-start actions are applicable on a registered
service.
The UserID/password that you set on the Service is for the Process
security which is applicable at O/S. For WAS security, you will need to
still pass -user -password arguments on the command line.
For example, You can be Super User (root) on the box, when you run the
stopServer command, it will still challenge you to authenticate.
HTH
Dexthor.
I am pretty sure it is registered, since I chose that option at
install. I have a test box where I can remove the service and then
reregister it with the above suggestions.
Continue reading on narkive:
Loading...