Whilst installing and configuring Lotus Connections 2.5, I hit a weird problem with the Blogs service, which refused to start properly.
The SystemOut.log showed a series of database-related SQL errors, which indicated that WAS was not able to correctly authenticate against the back-end DB2 database.
I did the normal thing of logging into the DB2 server and running the commands: -
db2cmd
db2 connect to blogs user lcuser using passw0rd
which validated that the password was correct.
I then logged into the WAS admin console and navigated to Resources -> JDBC -> Data sources, selected the blogs JDBC datasource and clicked 'Test Connection'.
This failed with
java.sql.SQLException: ... Connection authorization failure occurred. Reason: Security mechanism not supported. ERRORCODE=-4214, SQLSTATE=28000DSRA0010E: SQL State = 28000, Error Code = -4214
I then navigated into Security -> Secure administration, applications, and infrastructure -> Java Authentication and Authorization -> J2C authentication data and re-keyed the password for the blogsJAASAuth alias, using the SAME password that I'd used earlier.
Having done this, the 'Test Connection' continued to fail.
Before actually tearing ALL my hair out, I followed the advice of my mentor and yogi, Mr Stephen Hardison Esquire, and restarted the entire WAS infrastructure - clusters ( 3x ), node agent and deployment manager. However, ps auxw still showed that WebSphere JVMs were running, so I killed them with kill -9.
Having then restarted the deployment manager and node agent, I was able to SUCCESSFULLY test the JDBC connection and, when I restarted the clusters, Blogs came back up nicely.
The moral of the story - there's a possibility that WAS ( at least 6.1.0.23 ) somehow "caches" JDBC/JAAS passwords. If in doubt, bounce things, and see what happens ...
Remember, kids, YOUR MILEAGE MAY VARY
Geeking in technology since 1985, with IBM Development, focused upon Docker and Kubernetes on the IBM Z LinuxONE platform In the words of Dr Cathy Ryan, "If you don't write it down, it never happened". To paraphrase one of my clients, "Every day is a school day". I do, I learn, I share. The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies or opinions. Remember, YMMV https://infosec.exchange/@davehay
Subscribe to:
Post Comments (Atom)
Reminder - installing podman and skopeo on Ubuntu 22.04
This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman and skopeo on an Ubuntu box: - lsb_rel...
-
Why oh why do I forget this ? Running this command : - ldapsearch -h ad2012.uk.ibm.com -p 389 -D CN=bpmbind,CN=Users,DC=uk,DC=ibm,DC=com -w...
-
Error "ldap_sasl_interactive_bind_s: Unknown authentication method (-6)" on a LDAPSearch command ...Whilst building my mega Connections / Domino / Portal / Quickr / Sametime / WCM environment recently, I was using the LDAPSearch command tha...
-
Whilst building a new "vanilla" Kubernetes 1.25.4 cluster, I'd started the kubelet service via: - systemctl start kubelet.se...
1 comment:
I have seen that .. good bloggy post .. :)
Post a Comment