Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

System Store access rights

637 views
Skip to first unread message

tfrerk

unread,
Sep 6, 2010, 10:24:36 AM9/6/10
to
Hi,

I have install TD! 7.1 including FP0001 and everything seems to
working OK except for when I try to connect to the system store. I
install TDI on a Windows 2008 64bit server (that is also runninf
Domino 8.5) with a local Admin account. Any help would be very
helpful.


2010-09-06 09:59:58,412 INFO [server] - CTGDIS232I Server is running
in standard mode.
2010-09-06 10:00:00,272 INFO [server] - CTGDIS236I The stash file has
been successfully read.
2010-09-06 10:00:00,272 INFO [server] - CTGDIS237I The key password
is not present in the stash file. The keystore password will be used.
2010-09-06 10:00:00,350 INFO [server] - CTGDIS238I Server security
has been successfully initialized.
2010-09-06 10:00:01,881 INFO [com.ibm.di.api] - CTGDKD445I Custom
method invocation is set to false.
2010-09-06 10:00:01,990 INFO [com.ibm.di.api] - CTGDKD012I RMI
Registry started on port: 1099.
2010-09-06 10:00:02,037 INFO [com.ibm.di.api] - CTGDKD008I Remote
Session Factory object bound to name 'SessionFactory'.
2010-09-06 10:00:02,037 INFO [com.ibm.di.api] - CTGDKD023I Remote API
Engine successfully initialized. SSL and Client Authentication are
enabled.
2010-09-06 10:00:02,084 INFO [server] - CTGDIS224I No autoload
directory is configured (com.ibm.di.server.autoload).
2010-09-06 10:00:02,084 INFO [server] - CTGDIS234I IDI Server is
entering daemon mode.
2010-09-06 10:00:03,115 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:00:06,678 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:01:06,303 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:01:30,491 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:01:30,678 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:01:34,007 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:01:34,288 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:03:34,726 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:04:14,304 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:04:14,414 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:04:14,492 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:05:35,024 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:06:14,555 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:06:14,680 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:06:14,930 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:06:44,087 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:07:35,118 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:09:08,587 INFO [com.ibm.di.api] - CTGDKD311I Remote
session created for user: CN=API Admin, OU=test, O=test, L=test,
ST=test, C=US.
2010-09-06 10:09:08,603 INFO [server] - CTGDIS229I Register server:
d0845831-8d8a-4d05-ab8e-d7cc8125548f.
2010-09-06 10:09:08,603 INFO [d0845831-8d8a-4d05-ab8e-d7cc8125548f] -
Version : 7.1 - 2010-07-17
2010-09-06 10:09:08,603 INFO [d0845831-8d8a-4d05-ab8e-d7cc8125548f] -
OS Name : Windows Server 2008
2010-09-06 10:09:08,603 INFO [d0845831-8d8a-4d05-ab8e-d7cc8125548f] -
Java Runtime : IBM Corporation, 2.4
2010-09-06 10:09:08,603 INFO [d0845831-8d8a-4d05-ab8e-d7cc8125548f] -
Java Library : C:\Program Files\IBM\TDI\V7.1\jvm\jre\bin\default;C:
\Program Files\IBM\TDI\V7.1\jvm\jre\bin
2010-09-06 10:09:08,603 INFO [d0845831-8d8a-4d05-ab8e-d7cc8125548f] -
Java Extensions : C:\Program Files\IBM\TDI\V7.1\jvm\jre\lib\ext
2010-09-06 10:09:08,603 INFO [d0845831-8d8a-4d05-ab8e-d7cc8125548f] -
Working directory : D:\TDI Solution Directory
2010-09-06 10:09:08,603 INFO [d0845831-8d8a-4d05-ab8e-d7cc8125548f] -
Configuration File: null
2010-09-06 10:09:08,603 INFO [d0845831-8d8a-4d05-ab8e-d7cc8125548f] -
CTGDIS785I ---
2010-09-06 10:09:08,634 INFO [d0845831-8d8a-4d05-ab8e-d7cc8125548f] -
CTGDIS896I Using configuration id 'd0845831-8d8a-4d05-ab8e-
d7cc8125548f' for a configuration instance loaded from file 'null'.
2010-09-06 10:09:10,009 ERROR [com.ibm.di.TDIProperties] - [System-
Properties] CTGDKE039E Error occurred when creating IBM Tivoli
Directory Integrator Property store. Property store: System-Properties
Exception: DERBY SQL error: SQLCODE: -1, SQLSTATE: XJ041, SQLERRMC:
Failed to create database 'C:\Program Files\IBM\TDI\V7.1/TDISysStore',
see the next exception for details.::SQLSTATE: XBM0HDirectory C:
\Program Files\IBM\TDI\V7.1\TDISysStore cannot be created.::SQLSTATE:
XJ001Java exception: 'Access denied (java.io.FilePermission C:\Program
Files\IBM\TDI\V7.1\TDISysStore write):
java.security.AccessControlException'.
java.sql.SQLException: DERBY SQL error: SQLCODE: -1, SQLSTATE: XJ041,
SQLERRMC: Failed to create database 'C:\Program Files\IBM\TDI\V7.1/
TDISysStore', see the next exception for details.::SQLSTATE:
XBM0HDirectory C:\Program Files\IBM\TDI\V7.1\TDISysStore cannot be
created.::SQLSTATE: XJ001Java exception: 'Access denied
(java.io.FilePermission C:\Program Files\IBM\TDI\V7.1\TDISysStore
write): java.security.AccessControlException'.
at
org.apache.derby.client.am.SQLExceptionFactory40.getSQLException(Unknown
Source)
at org.apache.derby.client.am.SqlException.getSQLException(Unknown
Source)
at org.apache.derby.jdbc.ClientDriver.connect(Unknown Source)
at java.sql.DriverManager.getConnection(DriverManager.java:317)
at java.sql.DriverManager.getConnection(DriverManager.java:354)
at com.ibm.di.store.StoreFactory.getConnection(StoreFactory.java:309)
at com.ibm.di.store.StoreFactory.getConnection(StoreFactory.java:235)
at com.ibm.di.store.StoreFactory.getConnection(StoreFactory.java:207)
at com.ibm.di.store.PropertyStore.<init>(PropertyStore.java:67)
at com.ibm.di.store.StoreFactory.getPropertyStore(StoreFactory.java:
143)
at
com.ibm.di.store.StoreFactory.getDefaultPropertyStore(StoreFactory.java:
126)
at
com.ibm.di.connector.PropertiesConnector.initialize(PropertiesConnector.java:
238)
at
com.ibm.di.config.interfaces.TDIPropertyStore.initialize(TDIPropertyStore.java:
161)
at
com.ibm.di.config.interfaces.TDIPropertyStore.<init>(TDIPropertyStore.java:
140)
at
com.ibm.di.config.interfaces.TDIProperties.createStdStore(TDIProperties.java:
546)
at
com.ibm.di.config.interfaces.TDIProperties.createStore(TDIProperties.java:
516)
at
com.ibm.di.config.interfaces.TDIProperties.addPropertyStore(TDIProperties.java:
436)
at
com.ibm.di.config.interfaces.TDIProperties.addAllStores(TDIProperties.java:
166)
at
com.ibm.di.config.interfaces.TDIProperties.initStores(TDIProperties.java:
142)
at
com.ibm.di.config.base.MetamergeConfigImpl.getTDIProperties(MetamergeConfigImpl.java:
1645)
at
com.ibm.di.api.local.impl.ConfigInstanceImpl.getTDIProperties(ConfigInstanceImpl.java:
889)
at
com.ibm.di.api.remote.impl.ConfigInstanceImpl.getTDIProperties(ConfigInstanceImpl.java:
571)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
48)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
37)
at java.lang.reflect.Method.invoke(Method.java:600)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:
310)
at sun.rmi.transport.Transport$1.run(Transport.java:171)
at java.security.AccessController.doPrivileged(AccessController.java:
284)
at sun.rmi.transport.Transport.serviceCall(Transport.java:167)
at
sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:
547)
at sun.rmi.transport.tcp.TCPTransport
$ConnectionHandler.run0(TCPTransport.java:802)
at sun.rmi.transport.tcp.TCPTransport
$ConnectionHandler.run(TCPTransport.java:661)
at java.util.concurrent.ThreadPoolExecutor
$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor
$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:736)
Caused by: org.apache.derby.client.am.SqlException: DERBY SQL error:
SQLCODE: -1, SQLSTATE: XJ041, SQLERRMC: Failed to create database 'C:
\Program Files\IBM\TDI\V7.1/TDISysStore', see the next exception for
details.::SQLSTATE: XBM0HDirectory C:\Program Files\IBM\TDI
\V7.1\TDISysStore cannot be created.::SQLSTATE: XJ001Java exception:
'Access denied (java.io.FilePermission C:\Program Files\IBM\TDI
\V7.1\TDISysStore write): java.security.AccessControlException'.
at org.apache.derby.client.am.Connection.completeSqlca(Unknown
Source)
at
org.apache.derby.client.net.NetConnectionReply.parseRdbAccessFailed(Unknown
Source)
at
org.apache.derby.client.net.NetConnectionReply.parseAccessRdbError(Unknown
Source)
at
org.apache.derby.client.net.NetConnectionReply.parseACCRDBreply(Unknown
Source)
at
org.apache.derby.client.net.NetConnectionReply.readAccessDatabase(Unknown
Source)
at
org.apache.derby.client.net.NetConnection.readSecurityCheckAndAccessRdb(Unknown
Source)
at
org.apache.derby.client.net.NetConnection.flowSecurityCheckAndAccessRdb(Unknown
Source)
at
org.apache.derby.client.net.NetConnection.flowUSRIDPWDconnect(Unknown
Source)
at org.apache.derby.client.net.NetConnection.flowConnect(Unknown
Source)
at org.apache.derby.client.net.NetConnection.<init>(Unknown Source)
at org.apache.derby.client.net.NetConnection40.<init>(Unknown Source)
at
org.apache.derby.client.net.ClientJDBCObjectFactoryImpl40.newNetConnection(Unknown
Source)
... 34 more
2010-09-06 10:09:10,447 INFO [d0845831-8d8a-4d05-ab8e-d7cc8125548f] -
CTGDIS038I System termination requested by external process.
2010-09-06 10:09:10,478 INFO [d0845831-8d8a-4d05-ab8e-d7cc8125548f] -
CTGDIS174I Config Instance d0845831-8d8a-4d05-ab8e-d7cc8125548f exited
with status 1.
2010-09-06 10:09:10,478 INFO [server] - CTGDIS228I Unregister server:
d0845831-8d8a-4d05-ab8e-d7cc8125548f.

Andrew Findlay

unread,
Sep 6, 2010, 2:09:34 PM9/6/10
to
On Sep 6, 3:24 pm, tfrerk <tfr...@csc.com> wrote:

> I have install TD! 7.1 including FP0001 and everything seems to
> working OK except for when I try to connect to the system store.  I
> install TDI on a Windows 2008 64bit server (that is also runninf
> Domino 8.5) with a local Admin account.  Any help would be very
> helpful.

This looks like the relevant part:

> Caused by: org.apache.derby.client.am.SqlException: DERBY SQL error:
> SQLCODE: -1, SQLSTATE: XJ041, SQLERRMC: Failed to create database 'C:
> \Program Files\IBM\TDI\V7.1/TDISysStore', see the next exception for
> details.::SQLSTATE: XBM0HDirectory C:\Program Files\IBM\TDI
> \V7.1\TDISysStore cannot be created.::SQLSTATE: XJ001Java exception:
> 'Access denied (java.io.FilePermission C:\Program Files\IBM\TDI
> \V7.1\TDISysStore write): java.security.AccessControlException'.

I have had similar problems with the Linux version. I suspect you have
installed using an Admin account and are now trying to run with a non-
Admin account: good practice, but like so much software, TDI needs
tweaking to run properly in such a set-up.

You have a few options:

1) Run Derby in Networked mode, starting it at boot time as an Admin
user. You probably want networked mode anyway, so this may well be the
easiest approach. The downside is that you are giving a database
process total power over your machine, and the database data is being
written into the software installation tree.

2) Change the property that defines the location of the database
files: com.ibm.di.store.database - set it to a place where your
runtime user has permission to create files. You probably still want
Derby in networked mode, but now it can (SHOULD) be started as a non-
Admin user.

3) Change the permissions on "C:\Program Files\IBM\TDI
\V7.1\TDISysStore" so that your runtime user can create files there.
Simple, but I don't like this one.

Andrew

0 new messages