APAR status
Closed as documentation error.
Error description
This problem happens in environments that have LDAP enabled with a different domain userid to administer WAS and with that domain userid's password expired. After changing the DB2 password for db2admin at the OS level, the user runs the changepassword tool and specifies the correct DB2 userid password, but gets the output "The DB2 password is invalid" in a dialog box. The PWTool.log shows the following errors: """""""""""""""""""" Nov 25, 2014 2:38:10 PM com.tivoli.itsrm.tools.changepasswords.ChangePasswords getWASuser INFO: getWASuser - loginUserId from security.xml after replacing double backslashes = <domain>\<userid> Nov 25, 2014 2:38:10 PM com.tivoli.itsrm.tools.changepasswords.ChangePasswords getWASuser INFO: getWASuser - loginUserId = <domain>\<userid> WASX7246E: Cannot establish "SOAP" connection to host "localhost" because of an authentication failure. Ensure that user and password are correct on the command line or in a properties file. Exception message (if any): "ADMN0022E: Access is denied for the getProcessType operation on Server MBean because of insufficient or empty credentials." WASX7213I: This scripting client is not connected to a server process; please refer to the log file E:\Program Files\IBM\TPC\ewas\profiles\WebServerProfile\logs\wsadmin.traceo ut for additional information. WASX8011W: AdminTask object is not available. WASX7015E: Exception running command: "AdminTask.WIMCheckPassword('[-username ***** -password *****]') "; exception information: com.ibm.bsf.BSFException: exception from Jython: Traceback (innermost last): File "<input>", line 1, in ? NameError: AdminTask Nov 25, 2014 2:38:14 PM com.tivoli.itsrm.tools.changepasswords.be.ws.WsadminCmd doExecute SEVERE: Failed to run command with error: exit code(103) of executing WsadminCmd was not the expected zero java.lang.Exception: exit code(103) of executing WsadminCmd was not the expected zero [...] Nov 25, 2014 2:38:14 PM com.tivoli.itsrm.tools.changepasswords.ChangePasswords error SEVERE: The DB2 password is invalid """""""""""""""""""" Further, using the manual procedure to change the DB2 password in the TPC configuration files (http://www-01.ibm.com/support/knowledgecenter/SSNE44_5.2.3/com. ibm.tpc_V523.doc/fqz0_r_by_editing_configuration_files.html?lang =en) still results in failure. The root cause appears to be the domain ID utilized for WAS tasks has its password expired.
Local fix
Perform the following steps on the failing server: 1- Check if the domain ID has expired and changed the password via eWAS if it is the case. 2- Re-run the changepassword tool.
Problem summary
**************************************************************** * USERS AFFECTED: * * TPC 5.2.x users with LDAP who are changing passwords * **************************************************************** * PROBLEM DESCRIPTION: * * See ERROR DESCRIPTION. * **************************************************************** * RECOMMENDATION: * * Refer to the information mentioned in this APAR text until * * the updated Knowledge Center is available. * ****************************************************************
Problem conclusion
The following text has been added to the Knowledge Center for TPC 5.2.6 and later to clarify the procedure for changing passwords when LDAP is used. If you need to change the LDAP user password, see your LDAP server documentation. If your LDAP password for the domain userid that you use to administer WebSphere Application Services has expired, you will need to change that password before continuing. If you see the following error or a similar one after you run the passwords tool, you should make sure that the password for your WebSphere domain userid has not expired: com.tivoli.itsrm.tools.changepasswords.ChangePasswords error SEVERE: The DB2 password is invalid. Change the WebSphere domain password if necessary and run the password tool again.
Temporary fix
Comments
APAR Information
APAR number
IT06380
Reported component name
TPC
Reported component ID
5608TPC00
Reported release
522
Status
CLOSED DOC
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-01-08
Closed date
2015-03-30
Last modified date
2015-03-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SS5R93","label":"IBM Spectrum Control"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"522","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
22 February 2022