Troubleshooting
Problem
You notice HMGR0149E issued even with security disabled in ALL nodes.
Symptom
HMGR0149E: An attempt to open a connection to core group <Coregroup_Name> has been rejected. The sending process has a name of <Name or IP addr> and an IP address of <IP address>. Global security in the local process is Disabled. Global security in the sending process is Disabled. The received token starts with ab1c234:56abc7848e4:-8000. The exception is <null>
Cause
The HAManager component will authenticate LTPA tokens when configured over DCS_SECURE, regardless of whether security is enabled or not.
Environment
All WebSphere Application Server environments where DCS_SECURE is configured.
Diagnosing The Problem
If the log shows the above message, and both the sending and local process have global security disabled, you could be running into the issue described in this technote. If one of the processes has global security enabled and the other one disabled, you need to change one of them to match the other to exclude a security mismatch as the potential problem.
Resolving The Problem
Resolve LTPA token mismatch or remove DCS_SECURE setting, and run syncNode.sh from each of the node directories to synchronize the nodes with the Deployment Manager.
LTPA token mismatch
There are several reasons why LTPA tokens can get mismatched. One of the most common ones is that autogeneration of LTPA tokens is enabled, but automatic synchronization is disabled. For more information on how to check those settings see the Knowledge Center articles titled "Disabling automatic generation of Lightweight Third Party Authentication keys" and "File synchronization service settings" for the respective version you are running. Both settings have to either be disabled or enabled.
Another example for a mismatch could be that realms are not set up correctly, or other security related issues. Sometimes the ffdc logs can shed more light on the underlying problem.
DCS_SECURE setting
The DCS_SECURE setting can be removed by changing the Transport chain for the coregroup mentioned in the message.
1. In the administrative console, click Servers > Core groups > Core group settings and select the respective core group
2. Under Transport type > Channel Framework
change the transport chain from DCS_SECURE to DCS
If none of these suggestions resolve the situation, contact IBM support for assistance.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21596835