Thursday, 11 February 2010

JDBC weirdness with WebSphere Application Server 6.1 ...

Whilst installing and configuring Lotus Connections 2.5, I hit a weird problem with the Blogs service, which refused to start properly.

The SystemOut.log showed a series of database-related SQL errors, which indicated that WAS was not able to correctly authenticate against the back-end DB2 database.

I did the normal thing of logging into the DB2 server and running the commands: -

db2cmd
db2 connect to blogs user lcuser using passw0rd

which validated that the password was correct.

I then logged into the WAS admin console and navigated to Resources -> JDBC -> Data sources, selected the blogs JDBC datasource and clicked 'Test Connection'.

This failed with

java.sql.SQLException: ... Connection authorization failure occurred. Reason: Security mechanism not supported. ERRORCODE=-4214, SQLSTATE=28000DSRA0010E: SQL State = 28000, Error Code = -4214

I then navigated into Security -> Secure administration, applications, and infrastructure -> Java Authentication and Authorization -> J2C authentication data and re-keyed the password for the blogsJAASAuth alias, using the SAME password that I'd used earlier.

Having done this, the 'Test Connection' continued to fail.

Before actually tearing ALL my hair out, I followed the advice of my mentor and yogi, Mr Stephen Hardison Esquire, and restarted the entire WAS infrastructure - clusters ( 3x ), node agent and deployment manager. However, ps auxw still showed that WebSphere JVMs were running, so I killed them with kill -9.

Having then restarted the deployment manager and node agent, I was able to SUCCESSFULLY test the JDBC connection and, when I restarted the clusters, Blogs came back up nicely.

The moral of the story - there's a possibility that WAS ( at least 6.1.0.23 ) somehow "caches" JDBC/JAAS passwords. If in doubt, bounce things, and see what happens ...

Remember, kids, YOUR MILEAGE MAY VARY

1 comment:

Sharon Bellamy James said...

I have seen that .. good bloggy post .. :)

Note to self - use kubectl to query images in a pod or deployment

In both cases, we use JSON ... For a deployment, we can do this: - kubectl get deployment foobar --namespace snafu --output jsonpath="{...