Posted: December 14th, 2009 | Author: Graham | Filed under: Uncategorized, tip | Tags: portal, WebSphere Application Server, WebSphere Portal, WMM | No Comments »
Any problem where WMM (WebSphere Member Manager) doesn’t start properly is a deal breaker for Portal. Once WMM fails, every other component will fail, and you’ll be faced with a nasty 404 message.
After installing 6.0.1.4-WP-IFPK83731.zip and 6.0.1.4-WP-IFPK70263.zip on a machine here I got this error message, and a 404 when I tried to hit portal. These fixes update the version of WMM to the (current) latest version. Here’s what was in my SystemOut.log
[12/14/09 17:31:09:618 EST] 0000002a SystemOut O WMM Implementation Version: WMM5.6_PK83731 (April 1 2009)
[12/14/09 17:31:09:618 EST] 0000002a WSMM Message E com.ibm.ws.wmm.MemberRepositoryManager init() Initialization failed due to invalid property “supportedMemberTypes”.
[12/14/09 17:31:09:653 EST] 0000002a WSMM Message E com.ibm.ws.wmm.objectimpl.MemberServiceBeanBase ejbCreate() com.ibm.websphere.wmm.exception.InitializationException: Initialization failed due to invalid property “supportedMemberTypes”.
[12/14/09 17:31:09:655 EST] 0000002a ExceptionUtil E CNTR0019E: EJB threw an unexpected (non-declared) exception during invocation of method “getConfigurationData”. Exception data: com.ibm.ejs.container.CreateFailureException: ; nested exception is:
java.lang.reflect.InvocationTargetException
at com.ibm.ejs.container.StatelessBeanO.(StatelessBeanO.java:172)
at com.ibm.ejs.container.CMStatelessBeanO.(CMStatelessBeanO.java:58)
at com.ibm.ejs.container.CMStatelessBeanOFactory.create(CMStatelessBeanOFactory.java:40)
at com.ibm.ejs.container.EJSHome.createBeanO(EJSHome.java:913)
at com.ibm.ejs.container.EJSHome.createBeanO(EJSHome.java:1016)
at com.ibm.ejs.container.activator.UncachedActivationStrategy.atActivate(UncachedActivationStrategy.java:83)
at com.ibm.ejs.container.activator.Activator.activateBean(Activator.java:595)
at com.ibm.ejs.container.EJSContainer.preInvokeActivate(EJSContainer.java:3439)
at com.ibm.ejs.container.EJSContainer.preInvoke(EJSContainer.java:2836)
at com.ibm.ejs.container.EJSContainer.preInvoke(EJSContainer.java:2745)
at com.ibm.websphere.wmm.objects.EJSRemoteStatelessMemberService_14d751a3.getConfigurationData(Unknown Source)
at com.ibm.websphere.wmm.objects._MemberService_Stub.getConfigurationData(_MemberService_Stub.java:2292)
at com.ibm.wps.services.puma.SystemWMMAccessBean$39.run(SystemWMMAccessBean.java:906)
at com.ibm.ws.security.auth.distContextManagerImpl.runAs(distContextManagerImpl.java:2771)
at com.ibm.ws.security.auth.distContextManagerImpl.runAsSystem(distContextManagerImpl.java:2651)
at com.ibm.wps.services.puma.SystemWMMAccessBean.getConfigurationData(SystemWMMAccessBean.java:912)
at com.ibm.wps.services.puma.RealmAwareURManager.initRealms(RealmAwareURManager.java:117)
at com.ibm.wps.services.puma.RealmAwareURManager.(RealmAwareURManager.java:103)
at com.ibm.wps.services.puma.PumaServiceImpl.init(PumaServiceImpl.java:215)
at com.ibm.wps.services.Service.init(Service.java:107)
at com.ibm.wps.services.Service.init(Service.java:83)
at com.ibm.wps.services.ServiceManager.createService(ServiceManager.java:400)
at com.ibm.wps.services.ServiceManager.getService(ServiceManager.java:527)
at com.ibm.wps.services.ServiceManager.getService(ServiceManager.java:553)
at com.ibm.wps.services.puma.Puma.(Puma.java:52)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.initializeDomainConfig(AccessControlDataManagementServiceImpl.java:885)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.reinit(AccessControlDataManagementServiceImpl.java:792)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.init(AccessControlDataManagementServiceImpl.java:439)
at com.ibm.wps.services.ServiceManager.createService(ServiceManager.java:400)
at com.ibm.wps.services.ServiceManager.getService(ServiceManager.java:527)
at com.ibm.wps.ac.impl.AccessControlDataManagement.(AccessControlDataManagement.java:41)
at com.ibm.wps.ac.impl.AccessControlServiceImpl.initializeServices(AccessControlServiceImpl.java:138)
at com.ibm.wps.ac.impl.AccessControlServiceImpl.init(AccessControlServiceImpl.java:114)
at com.ibm.wps.services.ServiceManager.createService(ServiceManager.java:400)
at com.ibm.wps.services.ServiceManager.getService(ServiceManager.java:527)
at com.ibm.wps.ac.internal.AccessControlLookupManager.getAccessControlLookup(AccessControlLookupManager.java:37)
at com.ibm.wps.ac.ACManager.getAccessControl(ACManager.java:132)
at com.ibm.hrl.siapi.search.admin.utils.PortletUtils.getPortalAdminUserID(PortletUtils.java:321)
at com.ibm.hrl.siapi.search.admin.portlets.manage.SearchAdminPortletManager.(SearchAdminPortletManager.java:64)
at com.ibm.hrl.siapi.search.admin.portlets.SiapiSearchAdminPortlet.init(SiapiSearchAdminPortlet.java:532)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:320)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.initialize(ServletWrapper.java:1821)
at com.ibm.wsspi.webcontainer.extension.WebExtensionProcessor.createServletWrapper(WebExtensionProcessor.java:141)
at com.ibm.ws.webcontainer.webapp.WebApp.getServletWrapper(WebApp.java:885)
at com.ibm.ws.webcontainer.webapp.WebApp.initializeTargetMappings(WebApp.java:612)
at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:479)
at com.ibm.ws.webcontainer.webapp.WebGroup.addWebApplication(WebGroup.java:123)
at com.ibm.ws.webcontainer.VirtualHost.addWebApplication(VirtualHost.java:146)
at com.ibm.ws.webcontainer.WebContainer.addWebApp(WebContainer.java:940)
at com.ibm.ws.webcontainer.WebContainer.addWebApplication(WebContainer.java:893)
I’m not sure what was updated in WMM for this one, but the solution is simple: install WAS 6.0.2.37 to fix it.
Posted: September 3rd, 2009 | Author: Graham | Filed under: Uncategorized | Tags: oracle, portal, WebSphere Portal | No Comments »
Use this to generate a runstats script for your Oracle system. Only works for 6.1 . Also very ugly 
#!/bin/bash
export PROFILE_PATH=/opt/WebSphere/wp_profile
cat ${PROFILE_PATH}/ConfigEngine/properties/wkplc_comp.properties | grep DbUser | grep -v source | grep -v '#' | grep -v DBA | awk -F = '{print "execute dbms_stats.gather_schema_stats(ownname=>'"'"'" $2 "'\'', cascade=> TRUE);"}' > reorg.sql
Now copy this file to your oracle system and run this:
sqlplus / as sysdba @reorg.sql
Pow! All done.
Posted: June 28th, 2009 | Author: Graham | Filed under: Uncategorized | Tags: db2, portal, security, websphere | No Comments »
I try to post really random solutions here, and this one’s a doozy ! I was updating a production machine from Portal 6.1.0 to 6.1.0.2. I always run the ConfigEngine tasks validate-standalone-ldap and validate-database-connection before I run any Portal update to make sure that the update won’t fail from something silly like a missing password. I’d highly recommend this practice on your Portal systems.
This time when running validate-database-connection, I ran into this error:
action-validate-database:
[echo] domain 'jcr'
[echo] DbtDbDriver 'com.ibm.db2.jcc.DB2Driver'
[echo] DbtDbLibrary '/home/db2inst1/sqllib/java/db2jcc.jar:/home/db2inst1/sqllib/java/db2jcc_license_cu.jar'
[echo] DbtDbUser 'db2inst1'
[echo] DbtDbUrl 'jdbc:db2://localhost:50000/WPS6TCP'
[echo] DbtDbName 'WPS6TCP'
[java] [06/28/09 13:47:09.620 EST] Attempting to make connection using: jdbc:db2://localhost:50000/WPS6TCP :: db2inst1 :: PASSWORD_REMOVED
[java] [06/28/09 13:47:09.875 EST] ERROR: Error obtaining connecting for jdbc:db2://localhost:50000/WPS6TCP
[java] com.ibm.db2.jcc.b.SqlException: [ibm][db2][jcc][t4][201][11237] Connection authorization failure occurred. Reason: Security mechanism not supported.
[java] at com.ibm.db2.jcc.a.b.m(b.java:1981)
[java] at com.ibm.db2.jcc.a.b.a(b.java:1565)
[java] at com.ibm.db2.jcc.a.bb.b(bb.java:3386)
[java] at com.ibm.db2.jcc.a.bb.a(bb.java:332)
[java] at com.ibm.db2.jcc.a.bb.a(bb.java:112)
[java] at com.ibm.db2.jcc.a.b.j(b.java:1259)
[java] at com.ibm.db2.jcc.a.b.b(b.java:1132)
[java] at com.ibm.db2.jcc.a.b.b(b.java:715)
[java] at com.ibm.db2.jcc.a.b.a(b.java:701)
[java] at com.ibm.db2.jcc.a.b.a(b.java:378)
[java] at com.ibm.db2.jcc.a.b.<init>(b.java:316)
[java] at com.ibm.db2.jcc.DB2Driver.connect(DB2Driver.java:166)
[java] at java.sql.DriverManager.getConnection(DriverManager.java:572)
[java] at java.sql.DriverManager.getConnection(DriverManager.java:165)
[java] at com.ibm.wps.config.db.Database.init(Database.java:139)
[java] at com.ibm.wps.config.db.validation.ValidationDriver.main(ValidationDriver.java:209)
It looked like the problem I’d seen on Ubuntu, where the database password was hashed with an unsupported scheme, but it couldn’t be, because this was on a plain old RHEL system. The difference was that I’d recently changed DB2’s database manager settings from AUTHENTICATION = SERVER to AUTHENTICATION = DATA_ENCRYPT . DATA_ENCRYPT is good because it will send your sql data and your authentication details encrypted across the wire.
Anyway, to make the validation work on a system where you have enabled the DATA_ENCRYPT parameter, just add securityMechanism=13; to the end of the database url. So mine becomes:
jcr.DbUrl=jdbc:db2://localhost:50000/WP6TCP:securityMechanism=13;
So how would the system work in any case, if the database url was wrong?!? The answer is clear after delving into the WebSphere admin console a little bit. I’d configured the custom properties of each Portal datasource post database transfer to work with DATA_ENCRYPT, but not the database urls in wkplc_comp.properties. Here’s where you would set it.
It is important to emphasize that the wkplc*.properties file in ConfigEngine are templates only, and don’t affect the running of the system, until you run a ConfigEngine task against them. Only then do their values get copied to the actual Portal server.
Posted: May 27th, 2009 | Author: Graham | Filed under: howto | Tags: ibm, ldap, portal, Portal 6.1 | No Comments »
You may have seen this error if you tried the steps in “Configuring WCM email actions with a local SMTP server”.
When you edit the user’s properties this nasty error can appear if your Portal server is connected to an LDAP.
Error entering mail address into Self Care Portlet
Btw, this is a 6.1 or Portal.Next beta specific error, it should work fine on 6.0.
Here’s the full text of the error:
com.ibm.wps.util.DataBackendException: EJPSG0015E: Data Backend Problem
com.ibm.websphere.wim.exception.WIMSystemException:
CWWIM4520E The 'javax.naming.directory.SchemaViolationException:
[LDAP: error code 65 - Object Class Violation];
remaining name 'uid=xyzadmin,ou=People,dc=test';
resolved object com.sun.jndi.ldap.LdapCtx@65aa65aa'
naming exception occurred during processing.
The reason this happens is that the portlet ( the self care portlet in this case) is wired up to write the email address you entered in the form to a VMM attribute called ibm-primaryEmail . If your ldap schema doesn’t have a user attribute in it called ibm-primaryEmail , then you’re going to get an error when you try and write something to it.
Just to check it out, let’s look at the LDAP schema on this server (which is IBM Tivoli Directory Server 6.0) . I’m using the awesome and free Apache Directory Studio to investigate the LDAP schema here. Once the connection to the ldap is defined, go LDAP -> Open Schema Browser , and select the tab attribute types.
TDS ldap schema
Ok, so we have an attribute type ‘drink, favouriteDrink’ ;o) , but no ibm-primaryEmail . No matter, there is a ‘mail’ attribute there. We can make Portal use that to save email related attributes.
Open up wkplc.properties and find the section entitled LDAP Attribute Configuration (it’s near the bottom) . Here’s my completed one:
# Use the following properties to add an attribute mapping between the
# Portal attribute name and the ldap attribute name
# the name of the attribute in LDAP
standalone.ldap.attributes.mapping.ldapName=mail
# the name of the attribute in portal
standalone.ldap.attributes.mapping.portalName=ibm-primaryEmail
# list of entityTypes the mapping should be applied to
standalone.ldap.attributes.mapping.entityTypes=PersonAccount
Cool, now run the task :
ConfigEngine.sh wp-update-standalone-ldap-attribute-config
If you are using a federated ldap setup, edit the corresponding federated properties instead, and then run the following task:
ConfigEngine.sh wp-update-federated-ldap-attribute-config
. Restart the server and try the form again. It should correctly save the email attribute for the user and you can get on with sending email through Portal. Just for kicks, lets look at what that task did. It just edits the wimconfig file, which defines how VMM interacts . Open wimconfig.xml (wp_profile/config/cells/<cellname>/wim/config/wimconfig.xml) and search for ibm-primaryEmail.
Here is the part that does the mapping:
<config:attributes name="mail" propertyName="ibm-primaryEmail">
<config:entityTypes>PersonAccount</config:entityTypes>
</config:attributes>
So the task is really just a (welcome) convenience, all it does it edit the xml file for you. Anyone who has tried to set up multirealms on 6.0 would be grateful for that!
Posted: May 4th, 2009 | Author: Graham | Filed under: howto | Tags: db2, ibm, portal, ubuntu | 2 Comments »
Two posts in one day, wow. It’s all part of our special series: how to install and configure WebSphere Portal 6.1 on Ubuntu. This isn’t a Portal only issue, rather it’s a DB2+Ubuntu issue.
After getting Portal installed on this Ubuntu machine, you’re probably going to want to transfer the default Derby database to something more robust like DB2. So you edit wkplc_comp.properties and wkplc_dbtype.properties, and start to run:
./ConfigEngine.sh create-database
And you get this in the ConfigTrace.log
[sqlproc] action: execute-sql-scripts
[sqlproc] _________________________________________________________
[sqlproc] Database autocommit parameter true
[sqlproc] No delimiter has been specified, using [;] to separate the SQL statements.
[sqlproc] Reading file /opt/WebSphere/wp_profile/ConfigEngine/config/database/work/db2/createBufferpools.run
[sqlproc] Could not connect to database
[sqlproc] com.ibm.db2.jcc.b.ao: [jcc][t4][2010][11246][3.53.70] Connection authorization failure occurred. Reason: Local security service non-retryable error. ERRORCODE=-4214, SQLSTATE=28000
BUILD FAILED
Hmm, ok, I thought db2 was working. A good habit when debugging these things is to take the piece that ConfigEngine is trying run and run it independently. So right now I want ConfigEngine to create an empty db2 database that I can run database-transfer against. Try this:
su - db2inst1
db2 create db WP610 using codeset UTF8 territory au pagesize 8192
And that comes back successfully. However, that command sequence is not an accurate representation of what ConfigEngine is actually doing. We’re running ConfigEngine as root. But the ConfigEngine script is using the “user db2inst1 using
” modifiers on the end of the database create command. So how about this?
db2 create db WP610 using codeset UTF8 territory au pagesize 8192 user db2inst1 using password
SQL30082N Security processing failed with reason "15" ("PROCESSING FAILURE").
SQLSTATE=08001
Ah ha, a failure. In the first example, DB2 already trusts the user that we’re logged is as (db2inst1), so it doesn’t need to go back to the operating system and authenticate it. In the second example, we are logged in as root, so db2 needs to go to the operating system and authenticate the user. Ubuntu uses the tried and true passwd + shadow file combo to store usernames and their associated passwords. The trouble is since Ubuntu 8.10, it uses the newer and more secure SHA512 hashing function to store the passwords, and DB2 doesn’t understand SHA512. So the workaround is to change the hashing function in use on the machine, reset the password and then we should be able to use the “user db2inst1 using
” type commands again.
Open /etc/pam.d/common-password in a text editor and change this line:
password [success=1 default=ignore] pam_unix.so obscure<strong> sha512</strong>
to
password [success=1 default=ignore] pam_unix.so obscure <strong>md5</strong>
Then run passwd db2inst1 and put the same or a new password. If you look at the shadow file , the hash will change from something like this:
SHA512
db2inst1:$6$IKe6x6Zq$bSajPzHNIy7jQrPXbI8CrPRlpDYUVm8.A2BhNCxes5cY6LWoh7hQr14XW4agBWbW1ywKkSSDSLFV.NXCr2/1z0:14368:0:99999:7:::
MD5
db2inst1:$1$FF0YDtZn$gemqCKt4Ml375mhiBXk2U/:14368:0:99999:7:::
(The unencrypted password here is ‘password’ – don’t get too excited!) .
Now try running ConfigEngine.sh create-database again. It should work. Make sure you change the system /etc/pam.d/common-password back to sha512, as you want the rest of your users to use this hashing function as it is more secure than md5sum . Hopefully DB2 should address this in a fixpack.
Posted: March 20th, 2009 | Author: Graham | Filed under: howto | Tags: jdbc, oracle, portal, websphere | No Comments »
I’m working on a problem now where we need to use the Oracle 10g driver against a 9i database. There’s a note in the infocenter about it .But how to do you check which version of the driver you are using ? The filename of the driver is the same between each version of Oracle (ojdbc14.jar), so that’s not going to do it.
To check it out, unzip the driver and read the META-INF/MANIFEST.MF file. Here’s mine:
Manifest-Version: 1.0
Specification-Title: Oracle JDBC driver classes for use with JDK14
Sealed: true
Created-By: 1.4.2_08 (Sun Microsystems Inc.)
Implementation-Title: ojdbc14.jar
Specification-Vendor: Oracle Corporation
Specification-Version: Oracle JDBC Driver version - "10.2.0.3.0"
Implementation-Version: Oracle JDBC Driver version - "10.2.0.3.0"
Implementation-Vendor: Oracle Corporation
Implementation-Time: Fri Sep 29 09:43:24 2006
Also Portal (and regular ol’ Appserver) will tell you as they initialize in the SystemOut.log, just try this trusty command :
cat SystemOut.log | grep -A 2 “Oracle JDBC”
and you get back something like :
[3/20/09 2:44:21:570 EDT] 0000001f InternalOracl I DSRA8205I: JDBC driver name : Oracle JDBC driver
[3/20/09 2:44:21:572 EDT] 0000001f InternalOracl I DSRA8206I: JDBC driver version : 9.2.0.8.0
[3/20/09 2:44:21:575 EDT] 0000001f InternalOracl I DSRA8212I: DataStoreHelper name is: com.ibm.websphere.rsadapter.OracleDataStoreHelper@39136937.
What! 9.2.0.8! Looks like I’ve got the wrong one on there.
