I hit an interesting problem with my Lotus Connections 2.5 server today - the symptoms including my apparent inability to log in using the WAS administrator ID via the Integrated Solutions Console: -
https://lc25.uk.ibm.com:9043/ibm/console/logon.jsp
as well as these errors in the SystemOut log: -
[10/18/10 18:34:24:240 BST] 00000039 LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is <null>.
[10/18/10 18:36:32:799 BST] 0000003c FormLoginExte E SECJ0118E: Authentication error during authentication for user lcadmin
and this error: -
ADMU0002E: Exception attempting to process server dmgr: javax.management.JMRuntimeException: ADMN0022E: Access is denied for the getState operation on Server MBean because of insufficient or empty credentials.
when I tried to administer the server from the command line using the command: -
/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/serverStatus.sh -all -user lcadmin -password wpsadm1n
My first thought was that LDAP was down, so I checked the VM in which LDAP ( IBM Tivoli Directory Server 6.2 ) and DB2 are running, but all appeared to be well. I could PING the LDAP server from the Connections box, and also TELNET to it on port 389, indicating that LDAP was ready and willing to receive.
I even stopped and started LDAP, but to no avail.
However, when I looked further into the logs, by tailing the LDAP error log: -
/home/dsrdbm01/idsslapd-dsrdbm01/logs/ibmslapd.log
I found: -
10/18/2010 09:09:40 PM GLPSRV200I Initializing primary database and its connections.
10/18/2010 09:09:41 PM GLPRDB001E Error code -1 from function:" SQLConnect " ldapdb2b .
10/18/2010 09:09:41 PM GLPSRV064E Failed to initialize be_config.
10/18/2010 09:09:41 PM GLPSRV040E Server starting in configuration only mode due to errors.
10/18/2010 09:09:41 PM GLPCOM024I The extended Operation plugin is successfully loaded from libloga.so.
10/18/2010 09:09:41 PM GLPCOM024I The extended Operation plugin is successfully loaded from libidsfget.so.
10/18/2010 09:09:41 PM GLPSRV180I Pass-through authentication is disabled.
10/18/2010 09:09:41 PM GLPCOM003I Non-SSL port initialized to 389.
10/18/2010 09:09:41 PM GLPSRV009I 6.2.0.0 server started.
10/18/2010 09:09:41 PM GLPSRV036E Errors were encountered while starting the server; started in configuration only mode.
and, when I looked again at the logs generated by my custom start LDAP script -
su db2inst1 -c '/home/db2inst1/sqllib/adm/db2start'
export DB2INSTANCE=dsrdbm01
/opt/ibm/ldap/V6.2/sbin/ibmslapd start
I saw the same errors: -
GLPSRV200I Initializing primary database and its connections.
GLPRDB001E Error code -1 from function:" SQLConnect " ldapdb2b .
GLPSRV064E Failed to initialize be_config.
GLPSRV040E Server starting in configuration only mode due to errors.
Thinking that this was looking like a DB2 "problem", I decided to attempt a connection to the database to find out for sure: -
su - dsrdbm01
db2 connect to LDAPDB2B
which returned: -
SQL8001N An attempt to connect to the database failed due to a product licence problem. SQLSTATE=42968
which, according to: -
db2 ? SQL8001N
means: -
SQL8001N An attempt to connect to the database failed due to a product licence problem.
Explanation:
The connection attempt failed due to one of the following DB2 licensing issues:
o A license key is not present.
o A license key has not been correctly installed.
o A license key has expired.
o This DB2 product edition does not support a license key.
User Response:
Instruct your database administrator to verify that a valid license key for the DB2 product is installed correctly, and has not expired.
o Use the db2licm -l command or DB2 License Center to view licenses.
o Use the db2licm -a command or DB2 License Center to register a license.
o You can obtain a license key for the product by contacting your IBM representative or authorized dealer.
sqlcode : -8001
sqlstate : 42968
Following the recommendation, I checked the DB2 license key: -
db2licm -l
which returned: -
Product name: "DB2 Enterprise Server Edition"
Expiry date: "Expired"
Product identifier: "db2ese"
Version information: "9.1"
Thankfully, I had the DB2 Enterprise Server Edition 9.1 license key available, in a previously downloaded package on my USB drive.
I installed it using the command: -
db2licm -a ~/db2ese_t.lic
and re-ran the command: -
db2licm -l
which now returns: -
Product name: "DB2 Enterprise Server Edition"
License type: "Trial"
Expiry date: "01/15/2011"
Product identifier: "db2ese"
Version information: "9.1"
Annotation: "-5;(_t)"
and also re-tested the connection: -
db2 connect to LDAPDB2B
which now returns: -
Database Connection Information
Database server = DB2/LINUX 9.1.9
SQL authorization ID = DSRDBM01
Local database alias = LDAPDB2B
Finally, I stopped LDAP: -
export DB2INSTANCE=dsrdbm01
/opt/ibm/ldap/V6.2/sbin/ibmslapd -k
and started it again: -
su db2inst1 -c '/home/db2inst1/sqllib/adm/db2start'
export DB2INSTANCE=dsrdbm01
/opt/ibm/ldap/V6.2/sbin/ibmslapd start
Once I restarted my WAS instance ( sadly I had to force it to quit using the "nuclear" kill switch of killall java ), I was able to authenticate into WAS using the ISC, run commands such as serverStatus.sh etc.
The moral of the story - if you get an authentication problem with WAS, check that your DB2 license hasn't expired :-)
Geeking in technology since 1985, with IBM Development, focused upon Docker and Kubernetes on the IBM Z LinuxONE platform In the words of Dr Cathy Ryan, "If you don't write it down, it never happened". To paraphrase one of my clients, "Every day is a school day". I do, I learn, I share. The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies or opinions. Remember, YMMV https://infosec.exchange/@davehay
Subscribe to:
Post Comments (Atom)
Reminder - installing podman and skopeo on Ubuntu 22.04
This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman and skopeo on an Ubuntu box: - lsb_rel...
-
Why oh why do I forget this ? Running this command : - ldapsearch -h ad2012.uk.ibm.com -p 389 -D CN=bpmbind,CN=Users,DC=uk,DC=ibm,DC=com -w...
-
Error "ldap_sasl_interactive_bind_s: Unknown authentication method (-6)" on a LDAPSearch command ...Whilst building my mega Connections / Domino / Portal / Quickr / Sametime / WCM environment recently, I was using the LDAPSearch command tha...
-
Whilst building a new "vanilla" Kubernetes 1.25.4 cluster, I'd started the kubelet service via: - systemctl start kubelet.se...
No comments:
Post a Comment