APAR status
Closed as program error.
Error description
When specifying a clientSecurity properties file in the WebSphere eXtreme Scale monitoring console, client security might not be enabled, or it might erroneously do authentication when it should not. The following error might be displayed when you attempt to connect to the domain from the monitoring console logs: 5/6/13 21:13:25:012 EDT] 00000030 WXSAdminCatal 3 com.ibm.websphere.objectgrid.ObjectGridRuntimeException: CWOBJ1325E: There was a Client security configuration error. The catalog server at endpoint host.domain:2,000 is configured with SSL. However, the Client does not have a security configuration. The Client security configuration is null. com.ibm.websphere.objectgrid.ObjectGridRuntimeException: CWOBJ1325E: There was a Client security configuration error. The catalog server at endpoint host.domain:2,000 is configured with SSL. However, the Client does not have a security configuration. The Client security configuration is null. at com.ibm.ws.objectgrid.naming.LocationServiceFactory.bootstrap(Lo cationSe rviceFactory.java:330) at com.ibm.ws.objectgrid.naming.LocationServiceFactory.bootstrap(Lo cationSe rviceFactory.java:154) atPage 31 of 32 com.ibm.ws.xs.admin.util.WXSAdminCatalogConnection$1.call(WXSAdm inCatalo gConnection.java:278) at com.ibm.ws.xs.admin.util.WXSAdminCatalogConnection$1.call(WXSAdm inCatalo gConnection.java:271) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:34 5) at java.util.concurrent.FutureTask.run(FutureTask.java:177) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExec utor.jav a:1121) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExe cutor.ja va:614) at java.lang.Thread.run(Thread.java:779) ... Additionally, the "clientCertificateAuthencation" setting in the client.properties file might not be read properly by the runtime environment, causing the following exception: [5/22/13 9:11:17:327 EDT] 00000022 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/ibm/wxs/ObjectGrid/console/logs/ffdc/WXSStatsMonitorSer ver_124c 1bf2_13.05.22_09.11.17.3206624022641281381056.txt com.ibm.ws.objectgrid.catalog.wrapper.LocationServiceWrapper.res etRemote 215 [5/22/13 9:11:17:328 EDT] 00000022 StatsRetrieve W The connection attempt to the catalog service domain failed. Verify that the catalog service is running. The following exception caused this error to occur: [com.ibm.websphere.objectgrid.ConnectException: com.ibm.ws.xsspi.xio.exception.ObjectGridXIOException [originating=10.96.70.21:0;exid=0]: cluster security is enabled but CredentialGenerator is not found in ClientSecurityConfiguration at com.ibm.ws.objectgrid.ObjectGridManagerImpl.connect(ObjectGridMa nagerImp l.java:1258) at com.ibm.ws.xs.stats.client.routing.StatsRetrieverRouter.resetCon text(Sta tsRetrieverRouter.java:196) at com.ibm.ws.xs.stats.client.routing.StatsRetrieverRouter.getInsta nce(Stat sRetrieverRouter.java:172) at com.ibm.ws.xs.app.CatalogListener.updateGridInfo(CatalogListener .java:13 7) at com.ibm.ws.xs.app.DomainConnectionUpdater.setConnectionInfo(Doma inConnec tionUpdater.java:112) .... .... Caused by: com.ibm.websphere.objectgrid.ObjectGridRuntimeException: com.ibm.ws.xsspi.xio.exception.ObjectGridXIOException [originating=10.96.70.21:0;exid=0]: cluster security is enabled but CredentialGenerator is not found in ClientSecurityConfiguration at com.ibm.ws.objectgrid.catalog.wrapper.xio.XIOServiceMessageHandl er.<init >(XIOServiceMessageHandler.java:99) at com.ibm.ws.objectgrid.catalog.wrapper.LocationServiceWrapperXIO. buildILo cationServiceClient(LocationServiceWrapperXIO.java:111) .... ..... ... 54 more Caused by: com.ibm.ws.xsspi.xio.exception.ObjectGridXIOException [originating=10.96.70.21:0;exid=0]: cluster security is enabled but CredentialGenerator is not found in ClientSecurityConfiguration at com.ibm.ws.objectgrid.catalog.wrapper.xio.XIOServiceMessageHandl er.<init >(XIOServiceMessageHandler.java:71) ... 62 more
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: Administrators of WebSphere eXtreme Scale * * V7.1.1, V8.5, and V8.6 monitoring console * * who use client security properties. * **************************************************************** * PROBLEM DESCRIPTION: Certain client security properties are * * not properly read by the runtime * * environment. * **************************************************************** * RECOMMENDATION: * **************************************************************** The monitoring console did not correctly process the securityEnabled and clientCertificateAuthentication properties from the client security properties file. As a result, using transport layer security without using credential security never allows securityEnabled to be set to "true". Also, the clientCertificateAuthentication property is not properly read, which causes the exceptions mentioned in the Error Description.
Problem conclusion
The runtime environment was corrected to properly read and interpret securityEnabled and clientCertificateAuthentication properties. This APAR has been included in the latest cumulative fixes for the following releases: 7.1.1.1, 8.5.0.3, 8.6.0.1, and 8.6.0.2. For information about downloading these release, see the following web page: http://www-01.ibm.com/support/docview.wss?uid=swg27018991
Temporary fix
Comments
APAR Information
APAR number
PM88959
Reported component name
WS EXTREME SCAL
Reported component ID
5724X6702
Reported release
860
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-05-13
Closed date
2013-06-18
Last modified date
2013-06-18
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WS EXTREME SCAL
Fixed component ID
5724X6702
Applicable component levels
R711 PSY
UP
R850 PSY
UP
R860 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSTVLU","label":"WebSphere eXtreme Scale"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"860","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
18 June 2013