IBM WebSphere

From wiki.vincentkong.com
Jump to: navigation, search

Contents

Websphere Commands

Paper icon.png Main article: WebSphere Command-line Utilties


IBM WebSphere Fix Pack

Paper icon.png Main article: IBM WebSphere Fix Pack


Adding JVM arguments using WAS administration console

  1. Open WAS administration console
  2. Go to Servers » Application servers
  3. Click on the server name link
  4. Go to Java and Process Management » Process Definition under Server Infrastructure
  5. Go to Java Virtual Machine under Additional Properties
  6. Edit field Generic JVM arguments
  7. Restart the application server

Enabling verbose garbage collection

  1. In the Administrative Console, expand Servers and then click on Application Servers.
  2. Click on the server that you would like to work with, for example, server1.
  3. On the Configuration tab, under Server Infrastructure, expand Java and Process Management, and click Process Definition.
  4. Under the Additional Properties section, click Java Virtual Machine.
  5. Check the Verbose Garbage Collection check box.
  6. Restart the Application Server for the changes to take effect.

The information will be generated in the native_stdout.log.

Additional Steps for Solaris

Add the following parameters to the Generic JVM arguments: 

-XX:+PrintGCDetails
-XX:+PrintGCTimeStamps
-XX:+PrintHeapAtGC

Paper icon.png Related: Enable verbose garbage collection in Java


Getting Heapdumps on Solaris

Produce heapdump on Ctrl+Break

Add -XX:+HeapDumpOnCtrlBreak to JVM arguments

To force a heapdump by sending the JVM a SIGQUIT 

$ kill -3 [JVM PID]

Produce a heapdump in the event of an OutOfMemoryError

Add -XX:+HeapDumpOnOutOfMemoryError to JVM arguments

Paper icon.png Reference: http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21242314#12


Detecting session data crossover

The DebugSessionCrossover custom property enables code to perform additional checks to verify that only the session associated with the request is accessed or referenced.

  1. In the administrative console click Servers > Application Servers > server_name > Web Container settings > Web Container
  2. Under Additional Properties select Custom Properties.
  3. On the Custom Properties page, click New.
  4. On the settings page, enter the custom property DebugSessionCrossover=true.
  5. Click Apply or OK.
  6. Click Save on the console task bar to save your configuration changes.
  7. Restart the server.

To find session crossover search "crossover" in SystemOut.log.

Example: 

SessionContex E   SESN0121E: Session crossover detected in Web application default_host/.  Session
ANCYT0TrZ2CtpvIeCSr5xJ6 was retrieved when session I5y4vEMsXPx1Ap3Wm6c4t05 was expected -
com.ibm.ws.webcontainer.httpsession.SessionCrossoverStackTrace

Lightweight Third Party Authentication (LTPA)

Disabling automatic generation of Lightweight Third Party Authentication (LTPA) keys

Automatic generation creates new keys on a schedule that you specify when you configure a key set group, which manages one or more key sets. WebSphere Application Server uses key set groups to automatically generate cryptographic keys or multiple synchronized key sets.

The default key set group is CellLTPAKeySetGroup. In the administrative console.

  1. Click Security > SSL certificate and key management > Manage endpoint security configurations.
  2. Expand the tree to the inbound or outbound management scope that contains the key set group, and then click the scope link.
  3. Under Related Items, click Key Set Groups.
  4. Click the key set group that you want to disable.
  5. Clear the Automatically generate keys option.
  6. Click OK and Save to save the changes to the master configuration.
  7. Start the server again for the changes to become active.

Paper icon.png Reference: http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/tsec_altpagen.html

Generate LTPA keys manually

  1. In the administrative console, verify that all the WebSphere Application Server processes are running, including the cell, nodes, and application servers. If any of the servers are down at the time of key generation and then restarted later, these servers might contain old keys.
  2. Click Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration.
  3. Click Generate keys to generate a new set of LTPA keys.
  4. Restart the server.

Verify LTPA keys have same date and size

Verify that all LTPA under ./profiles/Dmgr01/config/cells and ./profiles/AppSrv01/config/cells have same date and size. 

$ cd /opt/IBM/WebSphere/AppServer
$ find . -name ltpa.jceks -exec ls -l '{}' \;

If results show inconsistency copy ltpa.jceks from Deployment Manager to other cells and nodes.

Example: 

$ cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/<cell_name>
$ cp ltpa.jceks ../../../../AppSrv01/config/cells/<cell_name>

Re-sync the nodes in each server. 

$ cd /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin
$ ./syncNode.sh <ip address> 8879

where 8879 is the default SOAP port for Deployment Manager

Paper icon.png Reference: http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/tsec_altpagen.html


WebSphere MQ Java or JMS fails to connect to queue manager

Partial exception: 

java.lang.UnsatisfiedLinkError: no mqjbnd05 in java.library.path
	at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1684)
	at java.lang.Runtime.loadLibrary0(Runtime.java:822)
	at java.lang.System.loadLibrary(System.java:993)
	at com.ibm.mq.MQSESSION.loadLib(MQSESSION.java:1028)
	at com.ibm.mq.server.MQSESSION$1.run(MQSESSION.java:246)

or 

java.lang.NoClassDefFoundError
	at com.ibm.mq.MQSESSIONServer.getMQSESSION(MQSESSIONServer.java:68)
	at com.ibm.mq.MQSESSION.getSession(MQSESSION.java:508)
	at com.ibm.mq.MQManagedConnectionJ11.<init>(MQManagedConnectionJ11.java:213)
	at com.ibm.mq.MQBindingsManagedConnectionFactoryJ11._createManagedConnection(MQBindingsManagedConnectionFactoryJ11.java:186)
	at com.ibm.mq.MQBindingsManagedConnectionFactoryJ11.createManagedConnection(MQBindingsManagedConnectionFactoryJ11.java:225)

Solution:

In order to establish a bindings connection, the WebSphere MQ Java and JMS classes must load a native library.

  1. In the Administration Console, go to Servers » Application Servers » server_name
  2. Under Server Infrastructure go to Java and Process Management » Process Definition » Java Virtual Machine
  3. Under the Generic JVM arguments add -Djava.library.path=/opt/mqm/java/lib where /opt/mqm/java/lib is the location of the WebSphere MQ Java libraries

Paper icon.png Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21248900


Solutions 2:

  1. Go to JMS providers > WebSphere MQ messaging provider > Queue connection factories > MyConnectionFactory
  2. Change Transport type from BINDINGS to CLIENT

Reset Administration Console password

Disable Administration Console password

All Java processes related to WebSphere should be stopped before beginning. E.g. servers, nodes, deployment manager.

Edit /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/<cell_name>/security.xml. In the 2nd line <security:Security xmi:version="2.0" ... enabled="true" ...>, change enabled="true" to enabled="false"

Example: 

<security:Security xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" 
xmlns:orb.securityprotocol="http://www.ibm.com/websphere/appserver/schemas/5.0/orb.securityprotocol.xmi" xmlns:security="http://www.ibm.com/websphere
/appserver/schemas/5.0/security.xmi" xmi:id="Security_1" 
useLocalSecurityServer="true" useDomainQualifiedUserNames="false" enabled="false"
cacheTimeout="600" issuePermissionWarning="false" activeProtocol="BOTH" 
enforceJava2Security="false" enforceFineGrainedJCASecurity="false" 
appEnabled="true" dynamicallyUpdateSSLConfig="true" activeAuthMechanism="LTPA_1" 
activeUserRegistry="CustomUserRegistry_1" defaultSSLSettings="SSLConfig_1">

Start deployment manager.

Change Administration Console password

In the Administration Console:

  1. Go to Security » Secure administration, applications, and infrastructure.
  2. Click on Security Configuration Wizard button.
  3. Check Enable application security, and click Next
  4. Select user repository. E.g. Standalone custom registry, and click Next
  5. Enter the information in Primary administrative user name, Custom registry class name, etc. and click Next
  6. Click the Finish button
  7. Save directly to the master configuration
  8. Restart Deployment Manager

Adding SSL Certificate to trust store

Add SSL certificate of www.entrust.net to trust store in WebSphere Application Server

  1. Export SSL certificate of entrust.net
    1. Goto www.entrust.net from the web browser
    2. Export certificate as DER encoded binary X.509 (.CER)
    3. Save the exported certifcate e.g. entrust.cer
  2. Add the certificate to the trust store of WAS
    1. Copy certificate to C:\Program Files\IBM\SDP70\runtimes\base_v61\profiles\AppSrv01\etc
    2. Open Admin console under Security go to SSL certificate and key management
    3. Go to Key stores and certificates > NodeDefaultTrustStore > Signer certificates
    4. On signer certificates page click Add button and provide Alias and File name (full path) and for Data type select Binary DER data and click on OK button
    5. Save changes directly to master configuration
    6. Restart WAS

Troubleshooting

Admin console throws error

Problem

Message: WKSP0011E Unable to create existing session id file .workspace_3UpivHN7T7LIzTrBqTQ6Niw --java.io.IOException: No such file or directory

Solution

Delete all the files in /opt/ibm/WebSphere/AppServer/profiles/Dmgr01/wstemp.

Retrieved from "/wiki/IBM_WebSphere"
Personal tools
MY WEBSITES