Errors when trying to configure or enable security

 

+

Search Tips   |   Advanced Search

 

Overview

  1. "LTPA password not set. validation failed" message displayed as error in the Administrative Console after saving global security settings

  2. "Validation failed for user userid. Please try again..." displayed in the Administrative Console after saving global security settings

  3. The setupClient.bat or setupClient.sh file is not working correctly

  4. Java HotSpot Server VM warning: Unexpected Signal 11 occurred under user-defined signal handler 0x7895710a message occurs in the native_stdout.log file when enabling security on the HP-UX11i platform

  5. WebSphere Application Server V6 is not working correctly with Enterprise Workload Manager (EWLM)

  6. If you have successfully configured security (made changes, saved the configuration, and enabled security with no errors), but are now having problems accessing Web resources or the administrative console, refer to Errors or access problems after enabling security.

For general tips on diagnosing and resolving security-related problems, see the topic Troubleshooting the security component.

If you do not see a problem that resembles yours, or if the information provided does not solve your problem, contact IBM support for further assistance.

 

"LTPA password not set. validation failed" message displayed as error in the Administrative Console after saving global security settings

This error can be caused if, when configuring WAS security, "LTPA" is selected as the authentication mechanism, and the LTPA password field is not set. To resolve this problem:

  • Select Security Authentication Mechanism > LTPA in the console left-hand navigation pane.

  • Complete the password and confirm password fields.

  • Click OK.

  • Try setting Global Security again.

 

"Validation failed for user userid. Please try again..." displayed in the Administrative Console after saving global security settings

This typically indicates that a setting in the User Registry configuration is not valid:

  • If the user registry is LocalOS, it is likely that either the server user ID and password are invalid or the server user ID does not have "Act As Part of the Operating System" (for NT) or root authority (for UNIX). The server user ID needs this authority for authentication using the LocalOS user registry.

  • If the user registry is Lightweight Directory Access Protocol (LDAP):

    • Any of the settings that enable WAS to communicate with LDAP might be invalid, such as the LDAP server's user ID, password, host, port, or LDAP filter. When you select Apply or OK on the Global Security panel, a validation routine connects to the registry just as it would during runtime when security is enabled. This is done in order to verify any configuration problems immediately, instead of waiting until the server restarts.

    • Verify whether your LDAP server requires the Bind Distinguished Name (DN) to find the user in the LDAP directory. If the bind distinguished name is required, specify a DN instead of a short name. We can specify the bind distinguished name by clicking...

      Security | User Registries | LDAP

      ...in the administrative console. For example, you might add cn=root.

    • Sometimes the LDAP server might be down during configuration. The best way to check this is to issue a command line search using a utility such as ldapsearch to search for the server ID. This way one can determine if the server is running and if the server ID is a valid entry in the LDAP. The ldapsearch utility is installed during an LDAP or Lotus Notes installation.

  • If the user registry is Custom, double check that your implementation is in the classpath. Also, check to see if your implementation is authenticating properly.

  • Regardless of registry type, check the User Registries configuration panels to see if one can find a configuration error:

    • Go back to the User Registries configuration panels and retype the password for the server ID.

  • See if there is an obvious configuration error. Double check the attributes specified.

 

The setupClient.bat or setupClient.sh file is not working correctly

The setupClient.bat file on Windows platforms and the setupClient.sh file on UNIX platforms incorrectly specify the location of the SOAP security properties file.

In the setupClient.bat file, the correct location should be

set CLIENTSOAP=-Dcom.ibm.SOAP.ConfigURL=file:%WAS_HOME%/properties/soap.client.props

In the setupClient.sh file, the CLIENTSOAP variable should be

CLIENTSOAP=-Dcom.ibm.SOAP.ConfigURL=file:$WAS_HOME/properties/soap.client.props

In the setupClient.bat and setupClient.sh files, complete the following steps:

  1. Remove the leading / after file:.

  2. Change sas to soap.

 

Java HotSpot Server VM warning: Unexpected Signal 11 occurred under user-defined signal handler 0x7895710a message occurs in the native_stdout.log file when enabling security on the HP-UX11i platform

After you enable security on HP-UX 11i platforms, the following error in the native_stdout.log file occurs, along with a core dump and WAS does not start

Java HotSpot Server VM warning: 
Unexpected Signal 11 occurred under user-defined signal handler 0x7895710a
To work around this error, apply the fixes recommended by HP for Java at the following URL: http://www.hp.com/products1/unix/java/infolibrary/patches.html.

 

WebSphere Application Server V6 is not working correctly with Enterprise Workload Manager (EWLM)

To use WebSphere Application Server V6 with Enterprise Workload Manager (EWLM), manually update the WebSphere Application Serve server.policy files. For example

grant codeBase "file:/<EWLM_Install_Home>/classes/ARM/arm4.jar" {
 permission java.security.AllPermission; 
};

Otherwise, you might encounter a Java 2 security exception for violating the Java 2 security permission.

Refer to Configuring server.policy files for more information on configuring server.policy files.

For current information available from IBM Support on known problems and their resolution, see the IBM Support page.

IBM Support has documents that can save you time gathering information needed to resolve this problem. Before opening a PMR, see the IBM Support page.


 

Related Tasks


Troubleshooting by task
Troubleshooting by component