|
| Problem | Various problems can occur when the normal steps for rebuilding the WebSphere Application Server repository database are taken when the Application Server global security is enabled | | | | Solution | The following steps must be taken to rebuild the WebSphere Application Server repository database when the Application Server global security is enabled. This applies to WebSphere Application Server versions 3.0.2.2 SE&AE, 3.0.2.3 SE&AE, 3.0.2.4 SE&AE, 3.5.x SE&AE (SE=Standard Edition, AE=Advanced Edition):
1. Perform an XMLConfig full export (with the Application Server security enabled). This only needs to be done from one node in a multi-node environment when multiple WebSphere Application Server boxes share the same repository database (See InfoCenter 3.5 section 6.6.0.2.1.1.1)
2. Stop the Application Server (on all nodes if multiple nodes share the same repository database)
3. Backup the repository database (in case it needs to be restored)
4. Make a backup of the <WSAS root>/properties/sas.server.props in case it gets corrupted
5. Delete the <WSAS root>/etc/secbootstrap (on all nodes if applicable)
6. Drop and recreate the repository database (DB2 terminology) or recreate the repository database
7. In the <WSAS root>/bin/admin.config, make sure the following parameters are set:
install.initial.config=false
com.ibm.ejs.sm.adminServer.dbInitialized=false (only in
WebSphere Application Server 3.5.x)
com.ibm.ejs.sm.adminServer.initializeDb=true (only in
WebSphere Application Server 4.0.x AE)
com.ibm.ejs.sm.adminServer.createTables=true (only in
WebSphere Application Server 4.0.x AE)
8. In the <WSAS root>/properties/sas.server.props (not the sas.client.props), make sure the following parameter is set:
com.ibm.CORBA.securityEnabled=false
9. Start the Application Server (on all nodes if applicable)
10. Import the XMLConfig export. For WebSphere Application Server 3.0.2.x and 3.5.x, use variable substitution (as described in section 6.6.0.2.1.3.1 in the WebSphere Application Server 3.5 InfoCenter) to substitute the $ltpa-password$, $server-password$ and $ldap-bindpwd$ with the actual passwords by using the following command syntax:
XMLConfig.sh -adminNodeName <node name> -import <file name> -substitute "server-password=<security server id's password>;ltpa-password=<ltpa keys password>; ldap-bindpwd=<LDAP bind password>"
11. Regenerate the LTPA keys, and resync the LTPA keys (applicable to WebSphere Application Server boxes using different repository databases but are sharing the same IP sprayer, such as, eNetwork Dispatcher)
12. Restart the Application Server (to enable global security) on all nodes if applicable | |
| |
| |
|
Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Security Operating system(s): Multi-Platform Software version: 3.0.2.2, 3.0.2.3, 3.0.2.4, 3.5 Software edition: Advanced, Standard Reference #: 1049062 IBM Group: Software Group Modified date: 2003-09-11
(C) Copyright IBM Corporation 2000, 2004. All Rights Reserved.
|