Friday, January 18

Websphere ND dmgr permission problems

Ran in to a really weird problem with one of our Websphere 6.1 Network deployment setups yesterday and as I couldn't find one single page about the problem in google I thought I'd blog it.
I'm not much of a Websphere admin but managed to fix it after a while.

The problem started when a datasource was updated and all of the sudden all node agents stopped trusting the deployment manager (dmgr). Syncing the nodes failed and hence pretty much everything failed to restart / deploy. Running servers where fine though.
We got this message in the logs:
[1/17/08 13:30:52:020 GMT] 00000028 RoleBasedAuth A   SECJ0305I: 
The role-based authorization check failed for admin-authz operation
SSLAdmin:temporarilyDisableCertificateAuthentication:java.lang.Long.
The user UNAUTHENTICATED (unique ID: unauthenticated) was not granted
any of the following required roles: administrator.
My best guess is that node agent configuration was corrupted in some way.
How do you fix the problem then?
Fairly easy actually.
# Stop all node-agents that seem broken (that would probably be all of them!).
# Go to the node agents bin directory on the node (usually something like $WAS_HOME/profiles//bin/).
# Manually sync the node with syncNode.sh, point to the SOAP connector (default is 8879) on the DMGR server. See example
./syncNode.sh dmgrhost 8879 -username websphere -password webfear
# Start the node agent and verify that the logs are happy. Kick off a cell sync from dmgr. You should see entries similar to this in the logs:
[17/01/08 16:14:59:872 GMT] 0000002f NodeSyncTask  A   ADMS0003I: 
The configuration synchronization completed successfully.

7 comments:

Anonymous said...

Thank you very much... this helped me a lot as I was quite lost with this same problem. Please write a post whenever you solve more problems!!!

Unknown said...

Thank you for the post. The manual sync worked for me as well. However, before doing the manual sync I assigned Administrator role to the LDAP user that I've so far been using as a admin without the addition of the role. It might or might not have been a factor but the manual sync was certainly needed.

mannan said...
This comment has been removed by the author.
Unknown said...

What a really awesome post this is. Truly, one of the best posts I've ever witnessed to see in my whole life. Wow, just keep it up
SM

Unknown said...

It’s so remarkable that I can't Indianainvestmentwatch afford to not go through this valuable information whenever I surf the internet!

Emma Watson said...

This is one of the best article and it is very useful for me Graff City Discount Code

Matt Damon said...

AOW offers a to some degree long degree of association with the Managed Service elective. Overseen Service gives you extra help and an individual record executive when you need us to deal with your undertakings for you. Find more here.
Visit:
Article Of The Week
S4She
Article
Latest Entertainments
Voucher Codes Go