2007

1/23/07   60115,49r – WAS 5.1 not installing MQ on 64 bit Linux

– Sal Salaimani/Austin – 64 bit not supported in 5.1

1/24/07   60277,49r – ITIM 4.6 fp33 uninstaller deletes all of /tmp

1/24/07   60316,49r – JMSserver not starting – Queue Manager Listener failed rc: 20

– Dave Brune

– Dave Kenner – wl1cet,30w queue

– Dave Tiler

– runmqlsr process was still running

– kill that, recreate the qmgr for jmsserver, start jmsserver, worked

1/24/07              60359,49r – createQueueConnection failed

J2CA0020E: The Connection Pool Manager could not allocate a Managed Connection:

createQueueConnection failed

MQException occurred: Completion Code 2, Reason 2195

MQJE018: Protocol error – unexpected segment type received

– Chenna Korvi

– Toan Nguyen/Raleigh

– Angel Rivera – MQ L2 –

export LD_ASSUME_KERNEL=2.4.19 is required for MQ 5.3 on 2.6 kernel

– after this the dspmq, etc cmds worked

– Clyde Zoch – Oracle 64 bit db & RHEL 4 support

– William (Al) Gilchrist – WASCET

– clearing tranlogs, killing vs. shutting down WAS

– William J. (Bill) Moss – MQ – is WAS using right ports to connect to MQ?

– Diane Shallo – MQ manager

– W. David Walker – L2 MQ 2nd shift

– VASU GAJENDRAN – MQ L3 India

– Root cause turned out to be 755 perms on /tmp caused by PMR 60277,49r

(ITIM 4.6 fp33 uninstaller deleting /tmp).  MQ needs 777

– Changed perms, killed mq listener, ipcrm on all mqm resources, started jmsserver,

started cluster/app, worked, closed – Devtrack # S16345 (ITIM uninstaller 60277,49R)

– APAR IZ13924

1/30/07   60916,49R – error in setupEnrole.stdout – sev1

IWAE0002E Could not reflect methods for com.ibm.tenant.TenantEntityHome

Charles – that’s no problem, expected error

– tried setting perms on Oracle db per release notes to resolve MQ issue

– closed with 60359

2/6/07    61748,49R – LDAP replication not working

– cannot use cn=root – undocumented?

– used cn=any, worked

Lance Clinton

– to clean up cn=ibmpolicies, needed to use cmd line:

http://www-1.ibm.com/support/docview.wss?rs=767&context=SSVJJU&q1=ibmpolicies&uid=swg21226577&loc=en_US&cs=utf-8&lang=en

– closed, asked for doc apar

2/7/07   61928,49R – getting XAException error –

WTRN0037W: The transaction service encountered an error on an xa_recover operation

2/12/07              62480,49R – after installing LDAP 4.6.3 adapter, cannot logon to ITIM               java.rmi.RemoteException: java.lang.NullPointerException

Chris Weber (714)438-5194

2/15/07  62926,49R – When submitting provisioning policy:

CTGIMO014E The following JNDI communication error occurred. Error: 139.99.207.9:389

com.ibm.itim.dataservices.ldap.SERVER_NOT_AVAILABLE

A communication failure occurred while attempting to obtain an initial context with the provider URL: “iiop://its-itimapp2-test:2809/cell/clusters/itim_cluster_test”. Make sure that any bootstrap address information in the URL is correct and that the target name server is running. A bootstrap address with no port specification defaults to port 2809. Possible causes other than an incorrect bootstrap address or unavailable name server include the network environment and workstation network configuration.

NMSV0602E: Naming Service unavailable. A communications error occurred

– started node agent, could logon

com.ibm.mqservices.MQInternalException: MQJE001: An MQException occurred: Completion Code 2, Reason 2059

MQJE011: Socket connection attempt refused

MQJMS2005: failed to create MQQueueManager for ‘its-itimapp2-test:WAS_its_itimapp2_test_jmsserver’

2/20 – server restarted when running a full HR load

– got “exception is java.net.SocketException: Too many open files” in trace.log

tried setting   ibm-slapdAllReapingThreshold: 1000

ibm-slapdAnonReapingThreshold: 1000

ibm-slapdBoundReapingThreshold: 1000

ibm-slapdIdleTimeOut: 60

tried             setting root and mqm nofiles=1024000 in /etc/security/limits.conf, rebooted

Lance Clinton

Found that IF 34 fixed the problem (IY93514), closed

2/22/07            63938 49R – Ran LDAP svc recon, got this in IDI log:

executeALSearchNext():2273 status=1, reason=100

ERROR [/opt/ITDI60/ITIM_RMI.xml] – [Iterator Error] Search Entry Unsuccessful [status:fail, connectorname:conLDAPUser, operation:get, exception:javax.naming.CommunicationException: connection closed [Root exception is java.io.IOException: connection closed], message:connection closed, class:javax.naming.CommunicationException]

– changed IDI setting of SearchResultSetSize=20000 in itim_listener.properties

– then got object class violations

– manager field was not using DN syntax

– excluded manager field, recon finished

– working on parsing manager field into DN syntax

2/25/07                        SRVE0120E: IO Error java.net.SocketException: Connection reset

2/28/07            64337 49R – Getting Remote exception Null Pointer when logging on – after LDAP recon, and after deleting LDAP profile object classes

– restarting enRole resolves for the moment

– had to restart IDS after deleting object classes to re-import LDAP profile

– APAR IY96120

4/25 – fixed in 4.6.0-TIV-TIM-IF0041

3/6/07  80116 49R      – Error when stopping WAS:

ExceptionUtil E CNTR0019E: Non-application exception occurred while processing method “dummyTest”. Exception data: com.ibm.websphere.csi.CSIException: Begin global tx failed; nested exception is:

org.omg.CORBA.NO_PERMISSION: Transaction service is unavailable  vmcid: 0x0  minor code: 0  completed: No

Helpers       W NMSV0610I: A NamingException is being thrown from a javax.naming.Context implementation. Details follow:

Context implementation: com.ibm.ws.naming.jndicos.CNContextImpl

Context method: lookupExt

Context name: its-itimapp2-testNetwork/nodes/its-itimapp2-test/servers/nodeagent/cell/clusters/itim_cluster_test

Target name: enroleejb.HomeHome

Other data:

Exception stack trace: javax.naming.NamingException: Error during resolve.  Root exception is org.omg.CORBA.NO_IMPLEMENT:

Trace from server: 298002686 at host its-itimapp1-test >>

– suggested applying a jdk to fix, closed b/c low priority

3/12/07            80989,49R      ACI not working – when submit new one:

[LDAP: error code 34 – Invalid DN Syntax]; remaining name                         ‘erglobalid=00000000000000000000,ou=cdns,dc=com’

3/14/07 81259 49R  – bogus error 1000 entries

3/14/07 81260 49R  – segmentation violation and ACE adapter crashes

– when creating acct thru auto prov policy

5/21/07             When adding an LDAP service “You are not authorized to perform this function”

– because removed object class in v3.modifiedschema

– added it back, allowed adding a service

5/22/07                        got RemoteException NullPointer when logging on

– after deleting LDAP profile from v3.modified schema

– CTGIMF007E The {0} object cannot be found in the directory server

– LDAP: error code 32 – No Such Object; remaining name

‘erobjectprofilename=OneSunProfile,ou=serviceProfile,ou=itim,ou=Company,dc=com’

– restarted enRole, allowed logons

– was to be fixed in IF41

5/23/07             getting error in IDI log when adding an LDAP account

Java method “addValue” cannot be assigned to.,

– problem was this was the advanced mapping for object class:

var oc = system.newAttribute(“objectclass”);

oc.addValue = (“posixAccount”);

oc.addValue = (“shadowAccount”);

oc.addValue = (“companyUnixAccount”);

ret.value = oc;

– should have been this

oc.addValue(“posixAccount”);

5/23/07                        getting error in IDI log when adding LDAP account

AttributeInUseException: [LDAP: error code 20 – Attribute Or Value Exists]

– problem was should not pass top, person, inetOrgPerson, and

organizationalPerson as object classes

– took them out, worked

5/31/07 03970,49R – getting “add_failed_no_req_attributes” statuscode: ‘2’ reasoncode: ‘100

when adding an ldap account w/ ldap rmi adapter

– problem was duplicated attributes in the schema for erLDAPUserAccount object class

and posixAccount.  They need to be in one or the other, not both

– removed from erLDAPUserAccount obj class

– then still got error (with error code 65 (?) in itim log)

– cannot convert null to an object

– redid the adapter using adt, worked

6/1/07             “cannot convert null to an object” in idi.log

– when trying to change an attrib in ldap service

6/6/07            04409,49R  getting “un-named object” entries in service list, cannot delete

Sam Kamela

– removed

6/7/07             LDAP error code 34 – Invalid DN when running recon on LDAP adapter

6/11/07                        NMSV0011E: Unable to start bootstrap server using port 2809

– stopped http srv, killed all java, restarted, worked

6/11/07            04789,49R – Group data not being brought back on LDAP recon, nothing in idi log

base dn was ou=group,dc=company,dc=com

should be   ou=group, dc=company,dc=com

– then object class searched was “groupofnames” should be “posixgroup”

– changed in service.def x4, rejarred, reimported profile, didn’t change

– deleted assembly line ou, reimported, didn’t import

– deleted all parts of profile except

error code 80 on deleting erldaprmiservice obj class

– rejarred profile properly, imported, ran recon, worked (pulled groups!)

6/12/07 04908,49R – Websphere being killed when terminal services time limit is reached

– dhanson owned the websphere java process

– started as a service, worked, websphere start icon should start as ‘system’

Ram Arika (ramarika@us) – will check w/ L3 on how it should work

– 6.0 works well, runs as system, no more coding on 5.1, closed

6/13/07 15075,49R – sev1 – manual all svcs prov policy hangs when submitted,

– nullpointerexception errors in trace.log

– mult errors in systemout.log PLGN0021E: Virtual Host/WebGroup Not Found

– appears to be referring to some password policy or workflow

– deleted extra provisioning policies, no more errors, closed

6/20/07 15636,49R – LDAP account add request hangs for 5+ min before sending to IDI

– sent logs, floyd sent to L3

– enrole.properties, remotesevices.remotepending.interval set to 10 min

– set to 1 min, and can monitor enrole.resources_providers table in itim db

– closed

6/20/07 15658,49R – – Error when stopping WAS:

ExceptionUtil E CNTR0019E: Non-application exception occurred while processing method “dummyTest”. Exception data: com.ibm.websphere.csi.CSIException: Begin global tx failed; nested exception is:

org.omg.CORBA.NO_PERMISSION: Transaction service is unavailable  vmcid: 0x0  minor code: 0  completed: No

– Charles Schultz – happens when the naming service stops before the enrole application, would not happen if stop enrole before stopping WAS

– will update documentation and pass to WAS queue for proper stopping order

– bad design of WAS – transaction service is unavailable when app is shutting down

– bad design of ITIM – dummyTest is an ITIM method of pinging the trans svc

6/26/07                        When running recon on LDAP adapter,

getting “LDAP: error code 21 – Invalid Attribute Syntax” in trace.log on 2 group adds

– groups and netgroups are added

– real problem is no users get added to LDAP as accounts or orphans

– getting “CTGIMS001E At least one required attribute is missing” on all users

– found that the LDAPSearch.xml AL was did not have gecos, gidNumber, homeDirectory,

uidNumber, or vUID in the input map, input schema, or ldapReturn parameter

– added those to the ADT project, imported jar, worked

6/26/07  16213,49R Getting nullpointerexception when adding new account w/ ldap adptr

– error occurs after account is created and added to group successfully

– was not using sufficient error reporting – use structure from basic adapter

– worked, closed

7/2/07  16686,49R debug logging not displayed in ibmdi.log

– set etc/log4j.properties to debug, no joy

– set log4j.properties in install root to debug, recycled, worked

7/3/07  16726,49R – ADT 2.1 giving error plug-in com.ibm.itim.tools.adapterfactory was

unable to load class com.ibm.itim.tools.adapterfactory.Application

7/3/07  16751,49R – IDI not connecting via SSL to 2nd server

Clyde Zoch –  c

– connect to https://<servername&gt;:636, display the cert

– download the .cer file from tools, internet options, certs, export

– open ikeyman, create new jks db, import it into the jks, repoint IDI global.props

– restarted IDI, worked

7/24/07  67767,499 – getting error when starting ITIM

XARecoveryDat E WTRN0040W: Object cannot be deserialized

– loaded cf 15 for 5.1.1 beforehand

– Dan Barto –  – stop was, delete tranlogs,

maybe be stuck if was stopped abnormally

– deleted, started w/ no errors

also cannot logon to itim after turning on global security

7/24/07  67829,499 – getting error when starting cluster

DSRA8200W: DataSource Configuration: DSRA8020E: Warning: The property ‘connRetriesDuringDBFailover’ does not exist on the DataSource class COM.ibm.db2.jdbc.DB2XADataSource.

– also errors on ‘connRetriesDuringDBFailover’ & ‘connRetryIntervalDuringDBFailover’

– nodes were at 5.1.1.3, upgraded to 5.1.1.15, worked, closed

– properties were available as of 5.1.1.4

7/24/07  67830,499 – getting error when starting cluster

TraceNLS      u No message text associated with key Unable.to.get.SSL.context:. in bundle com.ibm.ejs.resources.seriousMessages

SSLConfig     E Unable to get SSL context: @

TraceNLS      u No message text associated with key Unable.to.get.SSL.context:. in bundle com.ibm.ejs.resources.seriousMessages

SSLConfig     E Unable to get SSL context:

TraceNLS      u No message text associated with key Unable.to.create.server.socket in bundle com.ibm.ejs.resources.seriousMessages

SSLServerSock E Unable to create server socket

WebContainer  E SRVE0146E: Failed to Start Transport on host *, port 9443

– Ram Arika: change app servers, 02, web container, http transports,

9443 – change to 9453

– add new virtual host * for 9453

– system admin, nodes, select both nodes, full resync

– Application, msrvqa02 > Web Container > HTTP Transport >

uncheck enable ssl

– server started ok

** Application Servers > timsrvqa02 > Administration Services >

JMX Connectors > SOAPConnector, change to timsrvqa02/DefaultSSLSettings

** Application Servers > timsrvqa02 > Web Container > HTTP Transport >

ensure check enable ssl, and **change SSL settings to 02**, save

** system admin, nodes, select both nodes, full resync

– started server, worked great, changed back to 9443

– still getting validation failed – ram opening other pmr

7/25/07            67968,499 – getting “validation failed for was admin”

Vikram Thommandru – set logging, send collector jar

Ram – try cn=wasadmin,ou=WasSecurity,dc=com for serverid

Fred Fouche  – try editing security.xml for user params

– now node2 jms server and server won’t start

– Removed, and readded the node, readded to cluster, ran runConfig install

– started cluster, get error on 02 with port 9444

** Application Servers > timsrvqa02 > Administration Services >

JMX Connectors > SOAPConnector, change to timsrvqa02/DefaultSSLSettings

** Application Servers > timsrvqa02 > Web Container > HTTP Transport >

ensure check enable ssl, and **change SSL settings to 02**, save

– Ajit – remove the wstemp contents and config/temp

– started cluster fine

– for GS, changed User registry to cn= for filter and user ID map, enabled GS

– set SSL rep’s back to ${USER_INSTALL_ROOT}/etc/DummyServerKeyFile.jks

– changed Application Servers > timsrvqa02 > Web Container > HTTP Transport >

9080 and **change SSL settings to 02**, save

– needed to manually sync with syncNode.sh

– brought up node ok, jms and cluster, closed

– was still getting mq errors, needed to set wasadmin ID in j2c auth section

– server started w/ no errors

– tried to logon, got “CTGIMM091E Unsuccessful login to WebSphere application server”

– ran runConfig install and set wasadmin ID in security tab

– restarted cluster, logged on fine

8/1/07            68648,499 – Cannot configure ITIM to connect to LDAP via SSL

followed http://www-1.ibm.com/support/docview.wss?uid=swg21218521

– had to do it opposite of doc – create the self-signed cert in the kdb,

export it to der, then import it in the jks

12/12/07 19940,499 – adding roles add groups to posix aix adapter, but deleting roles does not delete groups

– chuser <all the groups> is being sent from the assembly line

– solution – changed provisioning policy to handle groups in an array

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s


%d bloggers like this: