PQ54406: UNABLE TO REFRESH THE SERVERS CREDENTIALS. CREDENTIALS FROM LDAP SERVER NOT BEING RENEWED/REFRESHED.

A fix is available
WebSphere Application Server Version 3.5 Fix Pack 7 (3.5.7)

APAR

APAR status
Closed as program error.

Error description
Customer reports seeing the following messages in AppServer's
stdout logs:
.
[01.10.08 19:09:01:583 CDT] 79edc55f IExtendedSecu A 2001.10.08
19:09:01.583 CredentialsImpl refresh IBM WebSphere Security
Credentials are invalid.
[01.10.08 19:09:01:586 CDT] 79edc55f IExtendedSecu A 2001.10.08
19:09:01.586 CredentialsImpl refreshServerCred IBM WebSphere
Security Unable to refresh the servers credentials, reset to
minimum expiration time.
[01.10.08 19:09:07:101 CDT] 4850455c IExtendedSecu A 2001.10.08
19:09:07.101 SecurityConnectionInterceptor
establishSecurityContext IBM WebSphere Security   Unable to
initialize security context.
.
Problem: CU is using WAS 3.5.4 running on aix 433, configured to
authenicate to Domino 5.0 LDAP server, but not to use ssl. It
appears that when credentials timeout, websphere is unable to
renew them. At this point customer must restart WebSphere to
regain access.  Restarting AppServer or WebApp makes no
difference.
stdout logs:.[01.10.08 19:09:01:583 CDT], 79edc55f IExtendedSecu A 2001.10.0819:09:01.583 CredentialsImpl refresh IBM WebSphere SecurityCredentials are invalid.[01.10.08 19:09:01:586 CDT], 79edc55f IExtendedSecu A 2001.10.0819:09:01.586 CredentialsImpl refreshServerCred IBM WebSphereSecurity Unable to refresh the servers credentials, reset tominimum expiration time.[01.10.08 19:09:07:101 CDT], 4850455c IExtendedSecu A 2001.10.0819:09:07.101 SecurityConnectionInterceptorestablishSecurityContext IBM WebSphere Security Unable toinitialize security context..Problem: CU is using WAS 3.5.4 running on aix 433, configured toauthenicate to Domino 5.0 LDAP server, but not to use ssl. Itappears that when credentials timeout, websphere is unable torenew them. At this point customer must restart WebSphere toregain access. Restarting AppServer or WebApp makes nodifference.
Local fix
Provided test efix which resolved problem.
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users       *
****************************************************************
* PROBLEM DESCRIPTION: Refresh the invalidated server          *
*                      credential                              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When server credential becomes invalidated for any reason,
the system will not be able to refresh the server credential
since the credential is invalid.  The "Credentials are
invalid" and "Unable to refresh the servers credentials,
reset to minimum expiration time" exception will keep
repeating.
Problem conclusion
Refresh the server credential even if it's invalidated
Temporary fix
Available
Comments
APAR information
APAR numberPQ54406
Reported component nameWAS ADVANCED AI
Reported component ID5648C8400
Reported release350
StatusCLOSED PER
PENoPE
HIPERNoHIPER
Submitted date2001-11-06
Closed date2001-11-13
Last modified date2001-12-17

APAR is sysrouted FROM one or more of the following:
SM01053

APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:SM01053


Modules/Macros
SECURITY
APAR is sysrouted TO one or more of the following:Modules/Macros

Fix information
Fixed component nameWAS ADVANCED AI
Fixed component ID5648C8400

Applicable component levels
R300 PSYUP
R350 PSYUP











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, General
Software version: 350
Reference #: PQ54406
IBM Group: Software Group
Modified date: 2001-12-17