Problem with tivoli performance viewer (security?)
mic...@wd21.co.uk
I am working with a WAS ND 6.1.0.9 installation on Linux. The performance viewer is not working properly, and I can't work out why.
Sometimes when I try to enable monitoring on an app server I get a vague error in the console "An error occurred while starting monitoring for server blah". Sometimes the monitoring gets enabled.
When it doesn't work I get the following in the app server SystemOut.log:
0000041f RoleBasedAuth E SECJ0306E: No received or invocation credential exist on the thread. The Role based authorization che
ck will not have an accessId of the caller to check. The parameters are: access check method getStatsArray:[Lcom.ibm.websphere.pmi.stat.StatDescriptor;:java
lang.Boolean on resource Perf and module Perf. The stack trace is java.lang.Exception: Invocation and received credentials are both null
at com.ibm.ws.security.role.RoleBasedAuthorizerImpl.checkAccess(RoleBasedAuthorizerImpl.java:285)
at com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServiceImpl.java:1967)
at com.ibm.ws.management.AdminServiceImpl.access$400(AdminServiceImpl.java:113)
at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1057)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:973)
at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:139)
at sun.reflect.GeneratedMethodAccessor503.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:615)
at com.ibm.ws.management.connector.soap.SOAPConnector.invoke(SOAPConnector.java:338)
at com.ibm.ws.management.connector.soap.SOAPConnector.service(SOAPConnector.java:204)
at com.ibm.ws.management.connector.soap.SOAPConnection.handleRequest(SOAPConnection.java:55)
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:680)
at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:484)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1469)
.
[25/09/07 11:24:53:365 BST] 0000041f RoleBasedAuth A SECJ0305I: The role-based authorization check failed for admin-authz operation Perf:getStatsArray:[Lc
om.ibm.websphere.pmi.stat.StatDescriptor;:java.lang.Boolean. The user UNAUTHENTICATED (unique ID: unauthenticated) was not granted any of the following req
uired roles: adminsecuritymanager, operator, deployer, administrator, configurator, monitor.
I am logged in as the server account, i.e. WAS runs as was, I am logged into the console as was.
I have another installation which uses the same administrative topology and I have no problems there.
Any ideas?
jtpape
Please check the following.
Role based authorization check exceptions are thrown in the log files ,
if the Performance Monitoring Infrastructure (PMI) is enabled with secu
1.Stop the server.
2.Set com.ibm.SOAP.securityEnabled to True in the soap.client.props file
for the SOAP connector.
3.The soap.client.props property file is located in the
WAS_ROOT/properties directory.
4.Set com.ibm.SOAP.loginUserid and com.ibm.SOAP.loginPassword as the
user ID and password for login.
5.Set the sas.client.props file or type the user ID and password in the
window, if you do not put them in the property file for Remote Method
Invocation (RMI) connector
6.Set com.ibm.CORBA.loginUserid and com.ibm.CORBA.loginPassword as the
user ID and password for login.
5.Save the changes and start the server.
Note : A common mistake is to leave extra spaces at the end of the lines
in the property file. Do not leave extra spaces at the end of the lines,
especially for the user ID and password lines.
If that does not work, open a PMR.
John Pape
WebSphere Advisory Software Engineer