IBM Support

IT06380: RUNNING CHANGEPASSWORD TOOL RESULTS IN "THE DB2 PASSWORD IS INVALID"

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as documentation error.

Error description

  • This problem happens in environments that have LDAP enabled with
    a different domain userid to administer WAS and with that domain
    userid's password expired.
    After changing the DB2 password for db2admin at the OS level,
    the user runs the changepassword tool
    and specifies the correct DB2 userid password, but gets the
    output "The DB2 password is invalid" in a dialog box.
    The PWTool.log shows the following errors:
    """"""""""""""""""""
    Nov 25, 2014 2:38:10 PM
    com.tivoli.itsrm.tools.changepasswords.ChangePasswords
    getWASuser
    INFO: getWASuser - loginUserId from security.xml after replacing
    double backslashes = <domain>\<userid>
    Nov 25, 2014 2:38:10 PM
    com.tivoli.itsrm.tools.changepasswords.ChangePasswords
    getWASuser
    INFO: getWASuser - loginUserId = <domain>\<userid>
    WASX7246E: Cannot establish "SOAP" connection to host
    "localhost" because of an authentication failure. Ensure that
    user and password are correct on the command line or in a
    properties file.
    Exception message (if any): "ADMN0022E: Access is denied for the
    getProcessType operation on Server MBean because of insufficient
    or empty credentials."
    WASX7213I: This scripting client is not connected to a server
    process; please refer to the log file E:\Program
    Files\IBM\TPC\ewas\profiles\WebServerProfile\logs\wsadmin.traceo
    ut for additional information.
    WASX8011W: AdminTask object is not available.
    WASX7015E: Exception running command:
    "AdminTask.WIMCheckPassword('[-username ***** -password *****]')
    "; exception information:
     com.ibm.bsf.BSFException: exception from Jython:
    Traceback (innermost last):
      File "<input>", line 1, in ?
    NameError: AdminTask
    Nov 25, 2014 2:38:14 PM
    com.tivoli.itsrm.tools.changepasswords.be.ws.WsadminCmd
    doExecute
    SEVERE: Failed to run command with error: exit code(103) of
    executing WsadminCmd was not the expected zero
    java.lang.Exception: exit code(103) of executing WsadminCmd was
    not the expected zero
        [...]
    
    Nov 25, 2014 2:38:14 PM
    com.tivoli.itsrm.tools.changepasswords.ChangePasswords error
    SEVERE: The DB2 password is invalid
    """"""""""""""""""""
    Further, using the manual procedure to change the DB2 password
    in the TPC configuration files
    (http://www-01.ibm.com/support/knowledgecenter/SSNE44_5.2.3/com.
    ibm.tpc_V523.doc/fqz0_r_by_editing_configuration_files.html?lang
    =en)
    still results in failure.
    The root cause appears to be the domain ID utilized for WAS
    tasks has its password expired.
    

Local fix

  • Perform the following steps on the failing server:
    1- Check if the domain ID has expired and changed the password
    via eWAS if it is the case.
    2- Re-run the changepassword tool.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * TPC 5.2.x users with LDAP who are changing passwords         *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See ERROR DESCRIPTION.                                       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Refer to the information mentioned in this APAR text until   *
    * the updated Knowledge Center is available.                   *
    ****************************************************************
    

Problem conclusion

  • The following text has been added to the Knowledge Center for
    TPC 5.2.6 and later to clarify the procedure for changing
    passwords when LDAP is used.
    
    If you need to change the LDAP user password, see your LDAP
    server documentation. If your LDAP password for the domain
    userid that you use to administer WebSphere Application Services
    has expired, you will need to change that password before
    continuing. If you see the following error or a similar one
    after you run the passwords tool, you should make sure that the
    password for your WebSphere domain userid has not expired:
    com.tivoli.itsrm.tools.changepasswords.ChangePasswords error
    SEVERE: The DB2 password is invalid.
    Change the WebSphere domain password if necessary and run the
    password tool again.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT06380

  • Reported component name

    TPC

  • Reported component ID

    5608TPC00

  • Reported release

    522

  • Status

    CLOSED DOC

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-01-08

  • Closed date

    2015-03-30

  • Last modified date

    2015-03-30

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SS5R93","label":"IBM Spectrum Control"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"522","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
22 February 2022