on 09-30-2014 2:06 PM
Hello. I have run into a connection issue with Syclo that I was hoping one of you may have seen before. When attempting to connect the Agentry Server to WebSphere either through the ATE or using the connectTest.bat function, I get the errors listed below. We are using Syclo WorkManager 7.5 and connecting to WebSphere 8.5.0.3 using LDAP authentication and the WebSphere 7 Client is installed on the Syclo WM Server. Everything works fine when using native mode via RMI connection. I found an article from IBM outlining an issue with WebSphere 8.5 and running a WAS client which recommended changing the server side CSIv2 Transport Layer to SSL-Supported. The link is below. We changed these settings, restarted, but the error is still there. IBM Link: http://www-01.ibm.com/support/docview.wss?uid=swg21614221 I have confirmed the javaBE.ini and sas.client.props settings from the install guide for Websphere authentication (listed below). Any assistance/ideas would be greatly appreciated. Thanks, Pete javaBE.ini: appServerType=websphere security.auth.login.config=D:/syclo/WorkManager/ServerDev/jaas_client.conf naming.provider.url=corbaloc:iiop::naming.factory.initial=com.ibm.websphere.naming.WsnInitialContextFactory maximo.jndi.rootContext=cell/clusters/mxdev_syclo_cluster maximo.jndi.ejb.accesstoken=ejb/maximo/remote/accesstokenprovider com.ibm.CORBA.ConfigURL=file:D:/IBM/WebSphere/AppClient/properties/sas.client.props jdbc.connectionURL=jdbc:oracle:thin:@: From the sas.client.props file in D:\IBM\WebSphere\AppClient\properties : com.ibm.CORBA.validateBasicAuth=false com.ibm.CSI.performClientAuthenticationRequired=true com.ibm.CSI.performTransportAssocSSLTLSSupported=false Error: D:\syclo\WorkManager\ServerDev>connectTest.bat username password 'serverClass' is not recognized as an internal or external command, operable program or batch file. com.syclo.maximomobile.Server::::log level = 5 com.syclo.maximomobile.Server::::com.syclo.maximomobile.Server:: beg in TestServer::readAgentryINIProperties::log level = 5 TestServer::readAgentryINIProperties::TestServer::readAgentryINIProperties begin TestServer::setComponentManagers::log level = 5 TestServer::setComponentManagers::TestServer::setComponentManagers begin TestServer::setComponentManagers::TestServer::setComponentManagers end TestServer::createTestUser TestUser::TestUser() 1 TestServer::login::log level = 5 TestServer::login::TestServer::login begin TestServer::login:: loginid = username TestUser::initMxSession::log level = 5 TestUser::initMxSession::TestUser::initMxSession begin Sep 30, 2014 8:37:16 AM com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnecti onInterceptor AUDIT: security.LoadSCI Sep 30, 2014 8:37:17 AM com.ibm.ISecurityUtilityImpl.ServiceInit AUDIT: security.GettingConfig Sep 30, 2014 8:37:17 AM com.ibm.ws.ssl.config.SSLConfigManager INFO: ssl.disable.url.hostname.verification.CWPKI0027I Sep 30, 2014 8:37:17 AM com.ibm.ISecurityUtilityImpl.ServiceInit AUDIT: security.AuthTarget Sep 30, 2014 8:37:17 AM com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI AUDIT: security.ClientCSI Sep 30, 2014 8:37:17 AM com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2Effect ivePerformPolicy WARNING: JSAS1477W: SECURITY CLIENT/SERVER CONFIG MISMATCH: The client security configur ation (sas.client.props or outbound settings in GUI) does not support the server security configuration for the following reasons: ERROR 1: JSAS0809E: The current OID is RSA but this is not an Admin reques t. ERROR 2: JSAS0608E: The server requires SSL Confidentiality but the client does not support it. ERROR 3: JSAS0606E: The server requires SSL client certificate authenticati on but the client does not support it. Sep 30, 2014 8:37:17 AM com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2Effect ivePerformPolicy WARNING: JSAS1477W: SECURITY CLIENT/SERVER CONFIG MISMATCH: The client security configur ation (sas.client.props or outbound settings in GUI) does not support the server security configuration for the following reasons: ERROR 1: JSAS0809E: The current OID is RSA but this is not an Admin reques t. ERROR 2: JSAS0608E: The server requires SSL Confidentiality but the client does not support it. ERROR 3: JSAS0606E: The server requires SSL client certificate authenticati on but the client does not support it. Sep 30, 2014 8:37:17 AM com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2Effect ivePerformPolicy WARNING: JSAS1477W: SECURITY CLIENT/SERVER CONFIG MISMATCH: The client security configur ation (sas.client.props or outbound settings in GUI) does not support the server security configuration for the following reasons: ERROR 1: JSAS0809E: The current OID is RSA but this is not an Admin reques t. ERROR 2: JSAS0608E: The server requires SSL Confidentiality but the client does not support it. ERROR 3: JSAS0606E: The server requires SSL client certificate authenticati on but the client does not support it. Sep 30, 2014 8:37:17 AM com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2Effect ivePerformPolicy WARNING: JSAS1477W: SECURITY CLIENT/SERVER CONFIG MISMATCH: The client security configur ation (sas.client.props or outbound settings in GUI) does not support the server security configuration for the following reasons: ERROR 1: JSAS0809E: The current OID is RSA but this is not an Admin reques t. ERROR 2: JSAS0608E: The server requires SSL Confidentiality but the client does not support it. ERROR 3: JSAS0606E: The server requires SSL client certificate authenticati on but the client does not support it. Sep 30, 2014 8:37:17 AM com.ibm.ws.naming.util.WsnInitCtxFactory WARNING: jndiUnavailCommErr javax.naming.NamingException: Error getting WsnNameService properties [Root exce ption is org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmcid: IBM minor code: E07 completed: No] at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInit CtxFactory.java:1439) at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootContextFromServer(Wsn InitCtxFactory.java:946) at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootJndiContext(WsnInitCt xFactory.java:865) at com.ibm.ws.naming.util.WsnInitCtxFactory.getInitialContextInternal(Ws nInitCtxFactory.java:545) at com.ibm.ws.naming.util.WsnInitCtx.getContext(WsnInitCtx.java:123) at com.ibm.ws.naming.util.WsnInitCtx.getContextIfNull(WsnInitCtx.java:79 😎 at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:164) at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:179) at javax.naming.InitialContext.lookup(Unknown Source) at com.ibm.tivoli.maximo.thinclient.MXThinClientSession.getRemoteAccessT oken(MXThinClientSession.java:129) at com.ibm.tivoli.maximo.thinclient.MXAbstractClientSession.getMXServer( MXAbstractClientSession.java:64) at psdi.util.RMISession.connect(RMISession.java:56) at com.syclo.maximomobile.ldap.WebSphereThinClient.launch(WebSphereThinC lient.java:84) at com.syclo.maximomobile.MXSessionFactory.getMXSession(MXSessionFactory .java:48) at com.syclo.maximomobile.User.doAppServerAuthentication(User.java:336) at com.syclo.maximomobile.User.initMxSession(User.java:275) at com.syclo.maximomobile.Server.login(Server.java:144) at com.syclo.maximomobile.ConnectTest.main(ConnectTest.java:35) Caused by: org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmci d: IBM minor code: E07 completed: No at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:12 50) at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1 321) at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:11 46) at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1 287) at com.ibm.rmi.corba.ClientDelegate.request(ClientDelegate.java:1853) at com.ibm.CORBA.iiop.ClientDelegate.request(ClientDelegate.java:1243) at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:458) at com.ibm.WsnBootstrap._WsnNameServiceStub.getProperties(_WsnNameServic eStub.java:38) at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInit CtxFactory.java:1436) ... 17 more TestUser::initMxSession::system#notboundexception TestServer::login:: for pfrost caught AgentryException logging in user username- system#notboundexception TestServer::logStackTrace::log level = 5 TestServer::logStackTrace::TestServer::logStackTrace begin TestServer::logStackTrace::psdi.util.MXSystemException: system#notboundexception at com.ibm.tivoli.maximo.thinclient.MXThinClientSession.getRemoteAccessT oken(MXThinClientSession.java:198) at com.ibm.tivoli.maximo.thinclient.MXAbstractClientSession.getMXServer( MXAbstractClientSession.java:64) at psdi.util.RMISession.connect(RMISession.java:56) at com.syclo.maximomobile.ldap.WebSphereThinClient.launch(WebSphereThinC lient.java:84) at com.syclo.maximomobile.MXSessionFactory.getMXSession(MXSessionFactory .java:48) at com.syclo.maximomobile.User.doAppServerAuthentication(User.java:336) at com.syclo.maximomobile.User.initMxSession(User.java:275) at com.syclo.maximomobile.Server.login(Server.java:144) at com.syclo.maximomobile.ConnectTest.main(ConnectTest.java:35) Caused by: javax.naming.NamingException: Error getting WsnNameService properties [Root exception is org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessi ble vmcid: IBM minor code: E07 completed: No] at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInit CtxFactory.java:1439) at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootContextFromServer(Wsn InitCtxFactory.java:946) at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootJndiContext(WsnInitCt xFactory.java:865) at com.ibm.ws.naming.util.WsnInitCtxFactory.getInitialContextInternal(Ws nInitCtxFactory.java:545) at com.ibm.ws.naming.util.WsnInitCtx.getContext(WsnInitCtx.java:123) at com.ibm.ws.naming.util.WsnInitCtx.getContextIfNull(WsnInitCtx.java:79 😎 at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:164) at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:179) at javax.naming.InitialContext.lookup(Unknown Source) at com.ibm.tivoli.maximo.thinclient.MXThinClientSession.getRemoteAccessT oken(MXThinClientSession.java:129) ... 8 more Caused by: org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmci d: IBM minor code: E07 completed: No at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:12 50) at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1 321) at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:11 46) at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1 287) at com.ibm.rmi.corba.ClientDelegate.request(ClientDelegate.java:1853) at com.ibm.CORBA.iiop.ClientDelegate.request(ClientDelegate.java:1243) at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:458) at com.ibm.WsnBootstrap._WsnNameServiceStub.getProperties(_WsnNameServic eStub.java:38) at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInit CtxFactory.java:1436) ... 17 more *********************************************************************** Connection failed - com.syclo.agentry.PasswordInvalidException: system#notbounde xception *********************************************************************** com.syclo.agentry.PasswordInvalidException: system#notboundexception at com.syclo.maximomobile.Server.login(Server.java:161) at com.syclo.maximomobile.ConnectTest.main(ConnectTest.java:35) TestUser::disconnect::log level = 5 TestUser::disconnect::TestUser::disconnect begin TestUser::disconnect::did not call _mxSession.disconnect()! TestUser::disconnect::TestUser::disconnect end
Tags edited by: Michael Appleby
Hi,
We are also struggling with WAS8.5 and Work manager with ldap auth. Any updates, solution? *kinda desperate here
G
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Gergo,
Please create a Discussion marked as a Question. Not only so others may benefit from your solution once it is found, but also because you will have more folks looking to provide a solution when your issue has the greater visibility of a Discussion. Also suggest that you visit the Getting Started link at the top right of each SCN page for help with creating a good Discussion.
Thanks,
--Bill
Hello Peter,
Have you also configured the Agentry.ini file to include the required changes to the classPath and to the non-standard Java options? Please refer to the WM implementation guide under the security features and specifications (Websphere section):. Can you post those entries?
Nancy Burke
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I don't believe Websphere 8.5 has been tested with Work Manager 7.5.2. I do know Websphere 8.0 was.
I would recommend opening a ticket with support under MOB-SYC-IBM to have then check with development if there are any other changes that would be needed to support Websphere 8.5 with LDAP.
Stephen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.