Errors when trying to configure or enable security
What kind of error are you seeing?
- "LTPA password not set validation failed" message displayed as error in the Administrative Console after enabling global security.
- "Validation failed for user [userid]. Please try again..." displayed in the Administrative Console when enabling global security.
- The setupClient.bat or setupClient.sh file is not working correctly
- "Java HotSpot(TM) Server VM warning: Unexpected Signal 11 occurred under user-defined signal handler 0x7895710a" message occurs in the native_stdout.log file when enabling security on the HP-UX11i platform
- If you have successfully configured security (made changes, saved the configuration, and enabled security with no errors), but are now having problems accessing Web resources or the administrative console, refer to Errors or access problems after enabling security.
For general tips on diagnosing and resolving security-related problems, see the topic Troubleshooting the security component.
If you do not see a problem that resembles yours, or if the information provided does not solve your problem, contact IBM support for further assistance.
"LTPA password not set. validation failed" message displayed as error in the Administrative Console after saving global security settings
This error can be caused if, when configuring Server security, "LTPA" is selected as the authentication mechanism, and the LTPA password field is not set. To resolve this problem:
- Select Security Authentication Mechanism > LTPA in the console left-hand navigation pane.
- Complete the password and confirm password fields.
- Click OK.
- Try setting Global Security again.
"Validation failed for user userid. Please try again..." displayed in the Administrative Console after saving global security settings
This typically indicates that a setting in the User Registry configuration is not valid:
- If the user registry is LocalOS, it is likely that either the server user
ID and password are invalid or the server user ID does not have "Act As Part
of the Operating System" (for NT) or root authority (for UNIX). The server
user ID needs this authority for authentication using the LocalOS user registry.
- If the user registry is LDAP:
- Any of the settings that enable WAS to communicate with LDAP might be invalid, such as the LDAP server's user ID, password, host, port, or LDAP filter. When you select Apply or OK on the Global Security panel, a validation routine connects to the registry just as it would during runtime when security is enabled. This is done in order to verify any configuration problems immediately, instead of waiting until the server restarts.
- Verify whether your LDAP server requires the Bind Distinguished Name (DN) to find the user in the LDAP directory. If the bind distinguished name is required, specify a DN instead of a short name. You can specify the bind distinguished name by clicking...
Security | User Registries | LDAP
...in the administrative console. For example, you might add cn=root.
- Sometimes the LDAP server might be down during configuration. The best way to check this is to issue a command line search using a utility such as ldapsearch to search for the server ID. This way you can determine if the server is running and if the server ID is a valid entry in the LDAP. The ldapsearch utility is installed during an LDAP or Lotus Notes installation.
- If the user registry is Custom, double check that your implementation
is in the classpath. Also, check to see if your implementation is authenticating
properly.
- Regardless of registry type, check the User Registries configuration panels
to see if you can find a configuration error:
- Go back to the User Registries configuration panels and retype the password for the server ID.
- See if there is an obvious configuration error. Double check the attributes specified.
The setupClient.bat or setupClient.sh file is not working correctly
The setupClient.bat file on Windows platforms and the setupClient.sh file on UNIX platforms incorrectly specify the location of the SOAP security properties file.
In the setupClient.bat file, the correct location should be:
set CLIENTSOAP=-Dcom.ibm.SOAP.ConfigURL=file:%WAS_HOME%/properties/soap.client.props
In the setupClient.sh file, the CLIENTSOAP variable should be:
CLIENTSOAP=-Dcom.ibm.SOAP.ConfigURL=file:$WAS_HOME/properties/soap.client.props
In the setupClient.bat and setupClient.sh files, complete the following steps:
- Remove the leading / after file:.
- Change sas to soap.
Java HotSpot(TM) Server VM warning: Unexpected Signal 11 occurred under user-defined signal handler 0x7895710a message occurs in the native_stdout.log file when enabling security on the HP-UX11i platform
After you enable security on HP-UX 11i platforms, the following error in the native_stdout.log file occurs, along with a core dump and WAS does not start:
Java HotSpot(TM) Server VM warning: Unexpected Signal 11 occurred under user-defined signal handler 0x7895710a
To work around this error, apply the fixes recommended by HP for Java at the following URL: http://www.hp.com/products1/unix/java/infolibrary/patches.html
For current information available from IBM Support on known problems and their resolution, see the IBM Support page.
IBM Support has documents that can save you time gathering information needed to resolve this problem. Before opening a PMR, see the IBM Support page.
Troubleshooting by task: What are you trying to do?
Troubleshooting by component: What is not working?