Enabled Websphere security, now getting errors installing Modeler 14.2 Adapters
Installed C&DS 5.0 with Websphere (WAS) security disabled. After installing enabled WAS security. When attempting to install Modeler Adapters getting authentication errors.
Customer installed C&DS 5.0 and then successfully ran configTool to create and deploy the necessary objects within the repository database and the Application Server (WebSphere). Days after running configTool, they enabled WAS Security. Everything seemed to be working properly. However, when they attempted to apply the Modeler 15 Adapters, it failed with Authentication errors. In review, it appears the engineConfig.properties is not updated to indicate a valid WAS user and password, which results in a failed connection to WAS
This has been identified as a product defect under ECM00183400 APAR PM74656. Documentation will be updated.
Diagnosing the problem
from the engine.log:
Sep 07 2012 16:14:42 ERROR: The following error occurred while executing this line: /opt/IBM/SPSS/Deployment/5.0/Server/setup/deploy-websphere.xml:264: The following error occurred while executing this line: /opt/IBM/SPSS/Deployment/5.0/Server/setup/deploy-websphere.xml:292: ERROR - CrtCDSresources.py failed com.ibm.spss.setup.ConfigException:
Also review the engineConfig.properties file located in the <CDS_HOME>/platform directory. If the appserver_admin_user and appserver_admin_password fields are blank then follow the instructions below.
Some background information from development:
WebSphere Single Server - the problem scenario is not really an issue in practice, because in a single server topolgoy it is stated that the server should be stopped before applying any adapters or service updates. With the server stopped, there is no administrative connection information required.
WebSphere Network Deployment topology - In this scenario the WebSphere Deployment Manager process will always be running when C&DS Adapters or service is applied. However when WebSphere administrative security is enabled and actions such as running a script are attempted but credentials are not provided, then WebSphere will automatically provide a dialog or console window to enter the missing admin credentials. Thus, anyone running the C&DS operation interactively can simply enter the missing credential information and the task will complete successfully.
The proper solution (independent of application server) is to provide the missing credential information to C&DS (as noted above). That way there is no possible issue when application server configuration is performed.
Resolving the problem
To Add Application Server Administrator to existing C&DS
Edit <CDS_HOME>/platform/engineConfig.properties and add application server administrator credentials by providing values for the following two properties:
Save the file containing your changes and you are done.
The C&DS 'engineConfig.properties' file containing the application server admin credentials (userid and password) will also need to be updated whenever the WAS administrative password is changed.
So, the original scenario is not the only one where this knowledge is applicable. Anytime the application server administrator credentials (userid or password) are modified, C&DS should also be kept updated with the same change.
If you want the 'appserver_admin_password' value to be encrypted (rather than stored as clear text) , you can use the <CDS_HOME>/bin/cliEncrypt' tool along with the '-portable' option to encrypt your password.
Example: cliEncrypt.bat <admin_pwd> -portable
Copy the resulting output and paste into your 'engineConfig.properties' file.
In C&DS 5.0 GA the order of the arguments provided to the 'cliEncrypt' command is important.
The 'password' must be listed before the '-portable' option.
In C&DS 126.96.36.199 (and later) this requirement was lifted and the parameters can be specified in any order.