Enabled Websphere security, now getting errors installing attempting to deploy C&DS packages.
Installed C&DS with Websphere (WAS) security disabled. After installing enabled WAS security or the password changed. When attempting to install Modeler Adapters or applying fix packages failed with failing in CrtCDSresources.py
Customer installed and then successfully ran configTool to create and deploy the necessary objects within the repository database using Application Server (WebSphere). Days after running configTool, they enabled WAS Security, or the WAS credentials changed.
Everything has been working properly. However, when they attempted to apply an Adapter Package (EX: Modeler Adapter), or apply a fix package (Using CliPackageManager.sh/bat) the deploy fails.
Reviewing, it appears the engineConfig.properties is not updated to indicate a valid WAS user and password, which results in a failed connection to WAS.
[exec] WASX7246E: Cannot establish "SOAP" connection to host "localhost" because of an authentication failure.
This has been identified as a product defect under ECM00183400 APAR PM74656. Documentation will be updated.
Diagnosing the problem
- From the engine.log or PackageManagerTool.log:
ERROR: The following error occurred while executing this line: /opt/IBM/SPSS/Deployment/5.0/Server/setup/deploy-websphere.xml:264: The following error occurred while executing this line: /opt/IBM/SPSS/Deployment/5.0/Server/setup/deploy-websphere.xml:292: ERROR - CrtCDSresources.py failed com.ibm.spss.setup.ConfigException:
INFO: Error: An unexpected failure occurred for install step: Deploy Deployables, error: The following error occurred while executing this line:
/spss/CDS8/setup/deploy-websphere.xml:298: The following error occurred while executing this line:
/spss/CDS8/setup/deploy-websphere.xml:326: ERROR - CrtCDSresources.py failed, Contact SPSS support
- From the Engine_ant.log or PackageManager_ant.log (if applying packages).
[exec] WASX7246E: Cannot establish "SOAP" connection to host "localhost" because of an authentication failure. Ensure that user and password are correct on the command line or in a properties file.
[exec] Exception message (if any): "ADMN0022E: Access is denied for the getProcessType operation on Server MBean because of insufficient or empty credentials."
[exec] WASX7213I: This scripting client is not connected to a server process; please refer to the log file /opt/IBM/V8.5.5/AppServer/profiles/Dmgr01/logs/wsadmin.traceout for additional information.
Review the <CDS_HOME>/platform/engineConfig.properties file. If the appserver_admin_user and appserver_admin_password fields are blank then Websphere authentication was enabled and these files will need to be populated. If values exist then the need to be update. Follow the instructions below.
Some background information from development:
WebSphere Single Server - the problem scenario is not really an issue in practice, because in a single server topology it is stated that the server should be stopped before applying any adapters or service updates. With the server stopped, there is no administrative connection information required.
WebSphere Network Deployment topology - In this scenario the WebSphere Deployment Manager process will always be running when C&DS Adapters or service is applied. However when WebSphere administrative security is enabled and actions such as running a script are attempted but credentials are not provided, then WebSphere will automatically provide a dialog or console window to enter the missing admin credentials. Thus, anyone running the C&DS operation interactively can simply enter the missing credential information and the task will complete successfully.
The proper solution (independent of application server) is to provide the missing credential information to C&DS (as noted above). That way there is no possible issue when application server configuration is performed.
Resolving the problem
To Add Application Server Administrator to existing C&DS
Edit <CDS_HOME>/platform/engineConfig.properties and add application server administrator credentials by providing values for the following two properties:
Save the file containing your changes and you are done.
The C&DS 'engineConfig.properties' file containing the application server admin credentials (userid and password) will also need to be updated whenever the WAS administrative password is changed.
So, the original scenario is not the only one where this knowledge is applicable. Anytime the application server administrator credentials (userid or password) are modified, C&DS should also be kept updated with the same change.
If you want the 'appserver_admin_password' value to be encrypted (rather than stored as clear text) , you can use the <CDS_HOME>/bin/cliEncrypt' tool along with the '-portable' option to encrypt your password.
Example: cliEncrypt.bat <admin_pwd> -portable
Copy the resulting output and paste into your 'engineConfig.properties' file.
In C&DS 5.0 GA the order of the arguments provided to the 'cliEncrypt' command is important.
The 'password' must be listed before the '-portable' option.
In C&DS 188.8.131.52 (and later) this requirement was lifted and the parameters can be specified in any order.
More support for:
SPSS Collaboration and Deployment Services
Software version: 5.0, 6.0, 7.0, 8.0, 8.1, 8.1.1
Operating system(s): Linux
Reference #: 1616029
Modified date: 11 January 2013
Translate this page: