APAR status |
Closed as program error.
| Error description
Customer reports seeing the following messages in AppServer's
stdout logs:
.
[01.10.08 19:09:01:583 CDT] 79edc55f IExtendedSecu A 2001.10.08
19:09:01.583 CredentialsImpl refresh IBM WebSphere Security
Credentials are invalid.
[01.10.08 19:09:01:586 CDT] 79edc55f IExtendedSecu A 2001.10.08
19:09:01.586 CredentialsImpl refreshServerCred IBM WebSphere
Security Unable to refresh the servers credentials, reset to
minimum expiration time.
[01.10.08 19:09:07:101 CDT] 4850455c IExtendedSecu A 2001.10.08
19:09:07.101 SecurityConnectionInterceptor
establishSecurityContext IBM WebSphere Security Unable to
initialize security context.
.
Problem: CU is using WAS 3.5.4 running on aix 433, configured to
authenicate to Domino 5.0 LDAP server, but not to use ssl. It
appears that when credentials timeout, websphere is unable to
renew them. At this point customer must restart WebSphere to
regain access. Restarting AppServer or WebApp makes no
difference. stdout logs:.[01.10.08 19:09:01:583 CDT], 79edc55f IExtendedSecu A 2001.10.0819:09:01.583 CredentialsImpl refresh IBM WebSphere SecurityCredentials are invalid.[01.10.08 19:09:01:586 CDT], 79edc55f IExtendedSecu A 2001.10.0819:09:01.586 CredentialsImpl refreshServerCred IBM WebSphereSecurity Unable to refresh the servers credentials, reset tominimum expiration time.[01.10.08 19:09:07:101 CDT], 4850455c IExtendedSecu A 2001.10.0819:09:07.101 SecurityConnectionInterceptorestablishSecurityContext IBM WebSphere Security Unable toinitialize security context..Problem: CU is using WAS 3.5.4 running on aix 433, configured toauthenicate to Domino 5.0 LDAP server, but not to use ssl. Itappears that when credentials timeout, websphere is unable torenew them. At this point customer must restart WebSphere toregain access. Restarting AppServer or WebApp makes nodifference. Local fix
Provided test efix which resolved problem. Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users *
****************************************************************
* PROBLEM DESCRIPTION: Refresh the invalidated server *
* credential *
****************************************************************
* RECOMMENDATION: *
****************************************************************
When server credential becomes invalidated for any reason,
the system will not be able to refresh the server credential
since the credential is invalid. The "Credentials are
invalid" and "Unable to refresh the servers credentials,
reset to minimum expiration time" exception will keep
repeating. Problem conclusion
Refresh the server credential even if it's invalidated Temporary fix
Available Comments
APAR information | APAR number | PQ54406 | Reported component name | WAS ADVANCED AI | Reported component ID | 5648C8400 | Reported release | 350 | Status | CLOSED PER | PE | NoPE | HIPER | NoHIPER | Submitted date | 2001-11-06 | Closed date | 2001-11-13 | Last modified date | 2001-12-17 |
APAR is sysrouted FROM one or more of the following:
SM01053
APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:SM01053
Modules/Macros APAR is sysrouted TO one or more of the following:Modules/Macros
|
Fix information |
Fixed component name | WAS ADVANCED AI | Fixed component ID | 5648C8400 |
Applicable component levels | R300 PSY | UP | R350 PSY | UP |
|