IBM Support

PM88346: MIGRATING FROM V7.0.0.17, ADDITIONAL TRUSTMANAGER IS ADDED TO THE TRUSTMANAGER IN SECURITY.XML

Fixes are available

8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
8.5.5.1: WebSphere Application Server V8.5.5 Fix Pack 1
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
8.5.5.2: WebSphere Application Server V8.5.5 Fix Pack 2
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
8.5.5.3: WebSphere Application Server V8.5.5 Fix Pack 3
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
8.5.5.4: WebSphere Application Server V8.5.5 Fix Pack 4
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.5.5.5: WebSphere Application Server V8.5.5 Fix Pack 5
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • After migrating WebSphere Application Server V7.0.0.17 DMGR to
    WebSphere Application Server v8.5.0.1,
    The node agents (still at v7.0.17) are now unable to make a SOAP
    connection to the deployment manager (V8.5.0.1).
    exception is
    BBOO0220E: ADMS0012E: The system is unable to create an
    administrative client connection:
     com.ibm.websphere.management.exception.AdminException: Admin
     client connection to deployment manager is unavailable
     ; nodeagent has not discovered the dmgr
    at com.ibm.ws.management.sync.NodeSync.getAdminClient
    at com.ibm.ws.management.sync.NodeSync.getCellRepositoryEpoch
    at com.ibm.ws.management.sync.NodeSyncTask.doSync
    at com.ibm.ws.management.sync.NodeSyncTask.run
    at java.lang.Thread.run(Thread.java:736)
     . com.ibm.ws.management.sync.NodeSync
    
    FFDC
    Exception:com.ibm.websphere.management.exception.AdminException
    SourceId:com.ibm.ws.management.sync.NodeSync.getCellRepositoryEp
    och
    ProbeId:320
    Reporter:com.ibm.ws.management.sync.NodeSync@38343834
    com.ibm.websphere.management.exception.AdminException:
    Admin client connection to deployment manager is unavailable;
    nodeagent has not discovered the dmgr
     at com.ibm.ws.management.sync.NodeSync.getAdminClient
     (NodeSync.java:503)
     at com.ibm.ws.management.sync.NodeSync.getCellRepositoryEpoch
     (NodeSync.java:378)
     at com.ibm.ws.management.sync.NodeSyncTask.doSync
     (NodeSyncTask.java:240)
     at com.ibm.ws.management.sync.NodeSyncTask.run
     (NodeSyncTask.java:157)
     at java.lang.Thread.run(Thread.java:736)
    
    syncNode.sh script is unable to complete.
    
     Found two entries in security.xml file for trustManager
     trustManager="TrustManager_2 TrustManager_1"
    

Local fix

  • Once migration completes then in security.xml for v8.5 for
    the Deployment Manager change the
    trustManager="TrustManager_2 TrustManager_1" to
    to trustManager="TrustManager_1"
    Complete syncNode.sh with the security off
    So that Nodes and Servers security.xml will be updated.
    ...
    The trustManager will be different based on your server
    configuration. So the names may not match exactly. However you
    will see two names with the space seperating them.
    ...
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server V8.0 and V8.5 Migration Tooling      *
    ****************************************************************
    * PROBLEM DESCRIPTION: Default TrustManager is preventing      *
    *                      the Dmgr and Nodes to communicate       *
    *                      properly after migration.               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The Default Trust Manager is being added to the SSLConfig
    object's TrustManager list. Later when sorted it is in the
    wrong order.
    

Problem conclusion

  • Insertion of the Default TrustManager was a valid action back
    when the security model first changes and the TrustManagers
    were first added.  Later versions of the migration code did not
    take into account that multiple TrustManagers could be
    configured.  Therefore, inserting the Default TrustManager
    should not be done.  In addition the runtime security now
    handles SSLConfig objects which do not specify a TrustManager.
    So there is no need to insert the default TrustManager.  This
    adjustment has been made.
    
    APAR PM88346 is currently targeted for inclusion in WebSphere
    Application Server Fix Packs 8.0.0.7, and 8.5.5.1.
    
    Sysrouted APAR PM89439 will provide the fix for this APAR in
    WebSphere Application Server V7.0 Fix Pack 7.0.0.31.
    
    Please refer to the Recommended Updates page for delivery
    information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    
    In addition, please refer to URL:
    http://www.ibm.com/support/docview.wss?rs=404&uid=swg27006970
    for Fix Pack PTF information.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM88346

  • Reported component name

    WEBSPHERE FOR Z

  • Reported component ID

    5655I3500

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-05-02

  • Closed date

    2013-05-21

  • Last modified date

    2013-05-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    PM89439

Fix information

  • Fixed component name

    WEBSPHERE FOR Z

  • Fixed component ID

    5655I3500

Applicable component levels

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server for z/OS
General

Software version: 850

Reference #: PM88346

Modified date: 22 May 2013