Sunday, 26 March 2017

IBM BPM 8.5.7 - ADMN0022E seen when attempting to manage Deployment Environment

I saw this: -

Caused by: ADMN0022E: Access is
denied for the resolve operation on ConfigService MBean because of insufficient or empty credentials.

when attempting to stop a Deployment Environment using IBM BPM Advanced 8.5.7.

Specifically, I was logged into the WebSphere Application Server (WAS) Integrated Solutions Console, as an administrator with FULL WAS authority ( access to ALL roles ), and clicked Stop against a running Deployment Environment: -

This started occurring after I'd federated Active Directory (AD) via LDAP into my WAS cell.

The federation had exposed an issue whereby I had a duplicate account - wasadmin - one within the WAS file-based registry and one within AD.

Therefore, I'd created a new file-based account ( BPMAdmin ) and granted it all the required roles e.g. deployer, operator, configurator, monitor, administrator, adminsecuritymanager, auditor.

This was the ID with which I'd logged into the ISC.

After a quick spot of Googling, I found this: -

which made me realise that I'd NOT updated a specific Java2 Authentication (J2C) Alias - CellAdminAlias - via Security -> Global Security 

This is what I had: -

and I needed to updated the User ID to the new user - BPMAdmin - and password.

Once I did this, I was then able to manage the Deployment Environment as well as the overall WAS cell.

No comments: