Friday, January 18

Websphere ND dmgr permission problems

Ran in to a really weird problem with one of our Websphere 6.1 Network deployment setups yesterday and as I couldn't find one single page about the problem in google I thought I'd blog it.
I'm not much of a Websphere admin but managed to fix it after a while.

The problem started when a datasource was updated and all of the sudden all node agents stopped trusting the deployment manager (dmgr). Syncing the nodes failed and hence pretty much everything failed to restart / deploy. Running servers where fine though.
We got this message in the logs:
[1/17/08 13:30:52:020 GMT] 00000028 RoleBasedAuth A   SECJ0305I: 
The role-based authorization check failed for admin-authz operation
SSLAdmin:temporarilyDisableCertificateAuthentication:java.lang.Long.
The user UNAUTHENTICATED (unique ID: unauthenticated) was not granted
any of the following required roles: administrator.
My best guess is that node agent configuration was corrupted in some way.
How do you fix the problem then?
Fairly easy actually.
# Stop all node-agents that seem broken (that would probably be all of them!).
# Go to the node agents bin directory on the node (usually something like $WAS_HOME/profiles//bin/).
# Manually sync the node with syncNode.sh, point to the SOAP connector (default is 8879) on the DMGR server. See example
./syncNode.sh dmgrhost 8879 -username websphere -password webfear
# Start the node agent and verify that the logs are happy. Kick off a cell sync from dmgr. You should see entries similar to this in the logs:
[17/01/08 16:14:59:872 GMT] 0000002f NodeSyncTask  A   ADMS0003I: 
The configuration synchronization completed successfully.

6 comments:

Anonymous said...

Thank you very much... this helped me a lot as I was quite lost with this same problem. Please write a post whenever you solve more problems!!!

silverworm said...

Thank you for the post. The manual sync worked for me as well. However, before doing the manual sync I assigned Administrator role to the LDAP user that I've so far been using as a admin without the addition of the role. It might or might not have been a factor but the manual sync was certainly needed.

Mannan said...
This comment has been removed by the author.
Anh Mai said...

Thank you for your post, I look for such article along time, today i find it finally. this post give me lots of advise it is very useful for me
Signature:
Versión en descargar facebook en español a los países hablan Español: facebook entrar agora , facebook en español para and facebook entrar direto

Olivia Princess said...

What a really awesome post this is. Truly, one of the best posts I've ever witnessed to see in my whole life. Wow, just keep it up
SM

Olivia Princess said...

It’s so remarkable that I can't Indianainvestmentwatch afford to not go through this valuable information whenever I surf the internet!