Fixes are available
8.0.0.3: WebSphere Application Server V8.0 Fix Pack 3
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
8.0.0.4: WebSphere Application Server V8.0 Fix Pack 4
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
8.0.0.5: WebSphere Application Server V8.0 Fix Pack 5
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
8.0.0.6: WebSphere Application Server V8.0 Fix Pack 6
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
EJB client with TX REQUIRED did not send a request for the COMMIT operation to the EJB server (TX REQUIRED) and thus the EJB server rolled back due to a transaction timeout. As part of the transaction processing, we see a remote request for a 'create' operation sent to server - the transaction is exported on the request (this is now a distributed transaction): The ORB request is seen being sent, with target, operation and context data - the context data has been added by the transaction and security interceptors. The ORB response to the request is seen as incoming message. The request has returned with a CORBA.NO_PERMISSION exception. However, it is important to note that the context data returned with the system exception contains transaction context data related to the transaction processing that has taken place on the remote server. Reply Status: SYSTEM_EXCEPTION Exception ID: omg.org/CORBA/NO_PERMISSION:1.0 ? [6/8/11 17:28:18:752] 00000075 ORBRas [com.ibm.rmi.iiop.ReplyMessage _getSystemException:212 ORB.thread.pool : 2 Entry] org.omg.CORBA.NO_PERMISSION ? [6/8/11 17:28:18:753] 00000075 ORBRas [com.ibm.rmi.iiop.ReplyMessage _getSystemException:285 ORB.thread.pool : 2 Exit] org.omg.CORBA.NO_PERMISSION: >> SERVER (id=xxxxxxx, host=hostname) TRACE START: >> org.omg.CORBA.NO_PERMISSION: Session state: SESSION_DOES_NOT_EXIST. Throwing NO_PERMISSION exception. vmcid:0x49424000 minor code: 308 completed: No >> at com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRIBase.handleSt atefulContext(CSIServerRIBase.java:2395) >> at com.ibm.ISecurityLocalObjectBaseL13Impl.CSIServerRI.receive_requ est(CSIServerRI.java:484) >> at com.ibm.rmi.pi.InterceptorManager.invokeInterceptor(InterceptorM anager.java:624) >> at com.ibm.rmi.pi.InterceptorManager.iterateServerInterceptors(Inte rceptorManager.java:524) >> at com.ibm.rmi.pi.InterceptorManager.iterateReceiveRequest(Intercep torManager.java:770) >> at com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDe legate.java:611) >> at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:4 75) >> at com.ibm.rmi.iiop.ORB.process(ORB.java:513) >> at com.ibm.CORBA.iiop.ORB.process(ORB.java:1574) >> at com.ibm.rmi.iiop.Connection.respondTo(Connection.java:2841) >> at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2714) >> at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:63) >> at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:118) >> at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1563) >> SERVER (id=xxxxxxx, host=hostname) TRACE END. vmcid: 0x49424000 minor code: 308 completed: No The interceptor manager starts the client interceptors that will process the return message (the SYSTEM_EXCEPTION). The first client interceptor that we see in the trace is a security interceptor. The security interceptor makes a decision to retry the failing request it does this by throwing a ForwardRequestException : ORBRas [com.ibm.rmi.pi.InterceptorManageriterateClientInterceptors:419 ORB.thread.pool : 2 The following exception was logged] org.omg.PortableInterceptor.ForwardRequest: IDL:omg.org/PortableInterceptor/ForwardRequest:1.0 at com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionManager.retr y(SessionManager.java:1129) This causes the interceptor manager to run the transaction receive_other() client interceptor (effectively a transaction interceptor no-op, it simply resumes the original exported transaction association with this server) - it appears that this loses all of the transaction context information that was part of the original response : The original request is re-sent as part of the security client retry processing. The response returns without any exception : The transaction client interceptor processes the response. However, the subordinate coordinator (the reference to the remote server) is returned as a null. We suspect that this is due to the remote server having already 'seen' this request (the original 'create' request), and so does not include this information on the response.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * **************************************************************** * PROBLEM DESCRIPTION: A client that has previously * * distributed a transaction to a remote * * server does not subsequently call * * completion on the remote transaction, * * eventually causing the remote server * * to rollback the transaction due to a * * client inactivity timeout. However, * * the client transaction has already * * completed. * **************************************************************** * RECOMMENDATION: * **************************************************************** As part of transaction processing, a request for a 'create' operation is sent to a remote server and the transaction is exported on the request (this is now a distributed transaction). The request returns with a CORBA.NO_PERMISSION exception. The minor codes associated with the exception indicates that the security credentials have timed out but allows the security interceptor to retry the original request after re-establishing these credentials. However, transaction context data that is returned with the original response is lost on the response to the retried request. The lost context data includes the subordinate coordinator - the missing subordinate coordinator prevents the remote server being enlisted with the client transaction, which in turn means that the remote server does not participate in the transaction completion processing.
Problem conclusion
Ensure that any remote responses that include transaction context are always processed, irrespective of whether the request is then subsequently retried. This functionality is controlled by the following transaction service custom property : Name : WSCOORD_ON_SECURITY_TIMEOUT Value : TRUE The fix for this APAR is currently targeted for inclusion in fix pack 7.0.0.23 and 8.0.0.3. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM47065
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2011-09-02
Closed date
2011-12-12
Last modified date
2011-12-12
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R700 PSY
UP
R800 PSY
UP
Document Information
Modified date:
28 October 2021