Resetting the security for the server profile of the Report Server for redeployment

Technote (FAQ)


Question

How can you reset the security for the IBM Rational ClearQuest Report Server (Reportal), so that you can redeploy the server configuration?

Cause

You are experiencing one of these problems:

  1. After setting up the Report Server for ClearQuest, you cannot log into the Report Server home page.
  2. You cannot stop the Reportal profile service using the stopServer command. You receive an "Invalid credentials" error.
  3. You cannot stop the associated Windows Service without receiving an "Invalid credentials" error.

When deploying Reportal, if the user name or password are incorrectly deployed or forgotten, you will not be able to stop the server in the standard fashion. You will also not be able to login or receive the proper login prompts.


Answer

This technote will review the steps necessary to disable IBM WebSphere Application Server security to permit the redeployment of your Reportal profile.









Verifying the service is running



  1. Before resetting the security settings verify the service is active. Browse to this URL on the Change Management (CM) Server host:

    http://<server>:12080/TeamWeb/services/Team

    You should see the following message:

    {http://<server>/ws/teamservice} Team

    Hi there, this is a Web Service!


  2. If the message does not load, CM Server might not be running. You need to start the process before proceeding.

    Windows

    Run net start in a command prompt. Look for IBM WebSphere Application Server V6.1 - cmprofile in the output to verify that it is running.

    If it is not running, start it using one of these methods:
    • From a command prompt run this command:

      net start  "IBM WebSphere Application Server V6.1 - cmprofile"
    • From the Windows Service console start IBM WebSphere Application Server V6.1 - cmprofile
      .
    • Start it manually by running this command:

      startServer server1 -profileName cmprofile

      Run this command from the <drive>:\install_dir\common\CM\profiles\cmprofile\bin

    UNIX and Linux

    Check if the CM Server process is already running or hung:

    use ps -ef |grep cmprofile

    If it is not running, start it with this command:

    startServer server1 -profileName cmprofile

    Run the command from <install directory>/common/CM/profiles/cmprofile/bin





Disabling Security



You will likely need to disable security for troubleshooting purposes and for redeploying the Reportal profile. Review these steps:

  1. Verify you can log into the ClearQuest database using the expected credentials that you are using or plan to use with Reportal.

    Note: Reportal verifies the supplied credentials against the ClearQuest connection that was used to configure the service.

  2. If you have made changes or added reports to Reportal in the past, you should backup the entire profile should you need to revert to it in the future.

    To help backing up your Reportal profile, run this command:

    Windows

    C:\Program Files\IBM\RationalSDLC\common\CM\profiles\reportalprofile\bin>manageprofiles.bat -backupProfile -help


    UNIX and Linux

    /opt/ibm/RationalSDLC/common/CM/profiles/reportalprofile/bin/ $ manageprofiles.bat -backupProfile -help

  3. Navigate to the bin directory for Reportal. This assumes a default installation directory:

    Windows

    cd C:\Program Files\IBM\RationalSDLC\common\CM\profiles\reportalprofile\bin\


    UNIX and Linux

    cd /opt/ibm/RationalSDLC/common/CM/profiles/reportalprofile/bin/

  4. Run this command:

    wsadmin -conntype NONE


    This output should appear:

    WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
    WASX7029I: For help, enter: "$Help help"
    wsadmin>


  5. At the wsadmin prompt, run this command:

    securityoff


    This output should appear:

    LOCAL OS security is off now but you need to restart server1 to make it affected.

  6. At the wsadmin prompt, run this command:

    $AdminConfig save


    Then run this command:

    exit

  7. Stop the server by killing the WebSphere Application Server process. You will need to determine the PID of the server process.

    Note: Normally you would use the stopServer command. However, because you do not know the password, you will not be able to stop it using the standard technique.

    Windows

    cd C:\Program Files\IBM\RationalSDLC\common\CM\profiles\reportalprofile\logs\server1\
    type server1.pid



    UNIX and Linux

    cd /opt/ibm/RationalSDLC/common/CM/profiles/reportalprofile/logs/server1/
    cat server1.pid


  8. Kill process ID from the previous step:

    UNIX and Linux

    $ kill <PID from server1.pid file>


    Verify the process is not running:

    $ ps -ef | grep reportal


    Windows
    1. Open Windows Task Manager.
    2. Click the Process tab. Access the menu option View > Select Columns.
    3. Check the box for PID (process identifier). Click OK.
    4. Find the java.exe process with the PID value listed in the server1.pid file. The columns can be sorted by PID or by process name to make the information easier to find.
    5. Right-click the process. Choose End Process Tree.

  9. Once the service is stopped, restart it for the security configuration changes to take affect. Go back to the bin directory.

    Windows

    cd C:\Program Files\IBM\RationalSDLC\common\CM\profiles\reportalprofile\bin


    UNIX and Linux

    cd /opt/ibm/RationalSDLC/common/CM/profiles/reportalprofile/logs/server1/bin/


    Run:

    startServer server1




Purging old profile variables



Next you must purge the old profile variables originally configured from the Deploy_RCQR_eWAS.python script. This will be done from the WebSphere Application Server console of the Report Server.

  1. Log into the WebSphere Integrated Solutions Console of the Report Server. The default URL is:

    https://<server>:15043/ibm/console

  2. You should see the login screen.



    Leave the user ID field blank. There should not be a field for password. Click login.

  3. Expand Security from the menu column on the left side of the screen.

  4. Click Secure administration, applications, and infrastructure.

    Image of description above.

  5. In the resulting page click the configure button located under the heading "user account repository".

    Image of description above.

  6. Click Custom properties, located in the Additional Properties section.

    Image of description above.

    The location at the top of the screen should be:

    Secure administration, applications, and infrastructure > Standalone custom registry > Custom properties


  7. You should see a number of values similar to the ones provided in the Deploy_RCQR _eWAS.py script. Select all of the properties by checking them off, or using the Select all items button.

    Image of description above.

  8. Click Delete.

    Image of description above.

  9. Click Save in the message box that appears at the top of the screen.
    Image of description above.

  10. Stop and start the server again.

    Note: The stopServer operation should no longer require a password.

  11. Exit the console by clicking Logout.

    Image of description above.
  12. You should now be ready to reconfigure security as instructed in the Deploying the Report Server for ClearQuest on WebSphere Application Server topic of the ClearQuest Information Center.




Best practices when redeploying



A problem might have occurred during the initial configuration and deployment of your Report Server. If that problem has lead you to this white paper, here are some best practices that can aid in avoiding potential problems with future deployments.

  • Password cannot be null (blank password).
  • Encrypt the password, even though it is not required. If you encrypt the password, mark TRUE for the encrypted variable. If you do not encrypt the password, mark FALSE for the encrypted variable.
  • Be consistent. Make sure that attributes maintain similar values in all files 3 files.


For the %CQHOME%/RCQR/server/reportserver.properties file:
  • These values must match your ClearQuest Schema Repository and a working User Database:

    user.registry.cq.dbSet=ProductionDB
    user.registry.cq.userDb=DEFCT

  • This URL must work from the Report Server host. Otherwise, you must specify a fully qualified path to a working CM Server:

    user.registry.cq.connectionUrl=http://<server>:12080/TeamWeb/services/Team

  • Only specify a serverPath to a Crystal Reports Server URL if you plan to use this feature with Reportal. Otherwise, leave the value blank.


    # Crystal Reports adapter properties
    report.service.crystal.serverPath=
    https://<server>:12043/cqwebreport/CRInvoker

  • If you are using an encrypted password, it should look something like this:
    user.registry.cq.connectionPassword=dfce3c5374d10c3506d158b5ce7c7039 user.registry.cq.connectionPassword.encrypted=true

  • If you are not using an encrypted password, it should look something like this:

    user.registry.cq.connectionPassword=testPassword
    user.registry.cq.connectionPassword.encrypted=false

For the %CQHOME%\RCQR\server\teamserver.properties file:

  • This value should specify the actual location of your Reportal repository directory:

    com.ibm.team.repository.db.jdbc.location=C:/Program Files/IBM/RationalSDLC/ClearQuest/RCQR/server/repositoryDB

  • You should specify your SMTP server host that you use with ClearQuest. It is not necessary to specify a user name and password unless you specifically use one with your SMTP server host. Note: ClearQuest itself does no't permit authenticated SMTP protocol:

    com.ibm.rational.report.smtp.server=<your.mailserver.name.domain>


For the %RATIONAL_COMMON%/CM/Scripts/Deploy_RCQR _eWAS.py file:

  • All values in this file must match what you have specified in the reportserver.properties and teamserver.properties files. For example:


    'jazzAdmins':'admin',
    'jazzProjectLeads':'lead',
    'cqDbSetName':'ProductionDB',
    'cqUserDbName':'DEFCT',
    'cqConnectionURL':'
    http://<server>:12080/TeamWeb/services/Team',
    'cqConnectionUsername':'
    admin',
    'cqConnectionPassword':'
    admin',
    'cqConnectionPasswordEncrypted':'
    false',
    com.ibm.team.repository.db.jdbc.location  = C:/Program Files/IBM/RationalSDLC/ClearQuest/RCQR/server/repositoryDB

  • When running this command, the user name and password must match your ClearQuest user name and password specified in the above configuration:

    "%RATIONAL_COMMON%/eWAS/bin/wasservice" -add reportalprofile -serverName server1 -profilePath "%RATIONAL_COMMON%/CM/profiles/reportalprofile" -stopArgs "-username <cq_username> -password <cq_password>"

  • To verify your deployment, you must first stop Reportal, then restart it for the deployment changes to take affect.
  • Once the reportal is restarted you should be able to access it here:

    https://<server>:15443/jazz/reportal/projects/Vega/

Cross Reference information
Segment Product Component Platform Version Edition
Software Development Rational ClearQuest CM Server
Software Development Rational ClearQuest Web Server (7.1)

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Rational ClearQuest
Reporting

Software version:

7.1

Operating system(s):

AIX, HP-UX, Linux, Solaris, Windows

Reference #:

1395365

Modified date:

2009-08-07

Translate my page

Machine Translation

Content navigation