This document contains the Release Notes for IBM WebSphere Application Server
Version 3.5 for Windows NT (Windows 2000 supported), Sun Solaris,
AIX and HP-UX, with Fix Packs 1 and 2 applied.
These Release Notes cover both the Advanced and Standard Editions.
Because the Standard Edition functions are a subset of the Advanced Edition
functions, note that some information in these Release Notes (for example, the mention
of enterprise beans) applies only to the Advanced Edition.
WebSphere Application Server Version with Fix Pack 2 (Version 3.5.2) introduces important
new functionality with support for the Servlet 2.2 and JSP 1.1 APIs.
WebSphere Application Server 3.5.2 provides support for all of the changes in the Servlet
2.2 API, with the exception of the J2EE extensions to the specification.
WebSphere Application Server 3.5.2 also provides support for JSP 1.1, through the Apache
Jasper JSP engine. This means that WebSphere Application Server fully supported all of the new
function of JSP 1.1, including Tag Library support. WebSphere Application Server also continues
to support JSP 0.91 and JSP 1.0 exactly as it did in versions prior
to 3.5.2. When creating a web application, you have the choice of
JSP Specification level that you want to use.
In addition, Fix Pack 2 adds the following functionality to the
IBM WebSphere Application Server Version 3.5 base:
The Release Notes contain information about known defects and the workarounds.
This document also includes some supplemental information for topics covered
in the Application Server documentation.
Problem |
Op System |
Workaround |
When you try to install WebSphere Application
Server from the CD-ROM, the operating system may create a directory <CD_volume_label>#2.
This results in the product not installing, and you receive the error message
Exception in thread "main" java.lang.NoClassDefFoundError: Installer . |
Solaris |
Delete the <CD_volume_label> directory
if it exists. Then, using the mv command, rename the <CD_volume_label>#2
directory to <CD_volume_label>. |
If you are using DB2 with WebSphere Application
Server, you will not be able to open DB2 connections unless your machine's
kernel parameters are set properly. |
Solaris |
Open an editor on your machine's /etc/system
file and add the following parameters:
set semsys:seminfo_semume = 200
set semsys:seminfo_semopm = 200
After you add the parameters, reboot your machine.
|
If you are using Oracle or Sybase as the repository,
you will get an exception when trying to use DB2 as the bean datasource.
If you are using DB2 as the repository, you can use all the databases as
the bean table. |
AIX, Solaris |
To avoid getting an exception, you must set up
the DB2 environment properly if you use non-DB2 databases as repositories
in startupServer.sh.
To modify startupServer.sh, find the following line in startupServer.sh
in a then clause:
export LD_LIBRARY_PATH
Next, add the following four lines BEFORE the export LD_LIBRARY_PATH
line :
. $DB2_INSTANCE_HOME/sqllib/db2profile
LD_LIBRARY_PATH=$DB2_INSTANCE_HOME/sqllib/java12:
$DB2_INSTANCE_HOME/sqllib/lib:$LD_LIBRARY_PATH
LIBPATH=$LD_LIBRARY_PATH
export LD_LIBRARY_PATH LIBPATH
For $DB2_INSTANCE_HOME, specify your DB2 instance home directory.
|
To install JDBC driver for your WebSphere Application
Server node, you must define the file that contains the necessary Java code
for your DB2 database. |
Windows NT/2000 |
To enable use of JDBC 2.0, you need to run the
c:\SQLLIB\java12\usejdbc2 program to define DB2 for using jdbc2.0.
To verify which program is in use, look at the "inuse" file in the same
directory. |
Whenever Hotjava Web browser is not properly
configured, and the check box to open the Readme file after installation
is checked, but the file does not open. |
Solaris |
Check to make sure you can start the Hotjava
browser. If not, manually start another browser, such as Netscape, and then
view the Readme file. |
Because of an AIX limitation, Java applications
will not run reliably where the LIBPATH length exceeds 1548 characters. |
AIX |
Reduce the LIBPATH length to less than 1548 characters. |
IBM HTTP Server fails to install or start. |
All |
Try the installation again. Enter a valid user
id and password (null password will not work) on the Security panel. Also,
choose the IBM HTTP Server plugin; this configures the HTTP Server to work
with WebSphere. |
If you are using Apache HTTP Server and install
WebSphere Application Server with the Apache plug-in, you may not be able
to start the Apache Web server again. The plug-in installation added the
line ose.mode=out to your Apache configuration file srm.conf
in the /<apache_home>/conf directory. |
All |
Open an editor on the srm.conf file, and remove
or comment out the ose.mode=out line. |
Under stress, some browser connections may be
refused (error 500) when attempting to access servlets and JSPs. The Web
server log may contain the errors:
Aug 30 14:52:53 1999 -
Error -
ws_open_domain_client_socket
connect return 146 error
Mon Aug 30 14:52:53 1999 -
Error -
Ws_open_domain_client_socket
socket return 146 error
|
Solaris |
The default communications configuration between
the Web server and the servlet engine is using TCP/IP sockets. Each socket
represents a file descriptor. If the file descriptor limit per process is
set too low, attempts to open socket connections may be refused (error 146).
To resolve this condition, increase the file descriptor limit for the user
from which the Administrative Server is started (normally root). Edit the
.profile for the user, and add the following:
ulimit -n 1024
Depending on the number of connections needed, this number may need to
be increased more. For this change to take effect, you do not have to
reboot. Just logoff and then logon again.
To change the hard upper limit of the number of file descriptors in the
kernel (which defaults to 1024 per CPU), you can, on Solaris, edit the
/etc/system config file to include a couple of entries:
set rlim_fd_max=4096
set rlim_FD_cur=1024
After you change this file, you must reboot for the changes to take effect.
|
Using Oracle, you get a TransactionRolledBackException
message when you try to create a model. |
All |
Increase values of Oracle database initialization
parameters open_cursors to 200. See the WebSphere Application Server
InfoCenter configuring databases section for details. |
You are installing the WebSphere Application
Server and the Administrative Server fails to start if the installation
path contains a space (for example, c:\Program Files\WebSphere\AppServer). |
Windows NT/2000 |
Install the product in a directory that does
not contain a space. |
Even though you are logged in as root, the installation
of WebSphere Application Server fails with an error statement that the user
does not have root authority. |
Solaris |
Make sure the "whoami" command or /usr/ucb
is in the path for the root logon. |
When doing a native (silent) installation of
WebSphere Application Server, you cannot select more than one plug-in. |
AIX, Solaris, HP-UX |
Use the Java (GUI) installation program. You
can select more than one plug-in to install. |
|
|
When doing a native install of WebSphere Application Server 3.5 GM version,
WAS 3.5 or IHS plugins does not install if any version of IHS other than
1.3.12.0 is installed. run ./WebSphereInstallAIX.sh script select to install
the IHS Plugin The following message is displayed "You have chosen to install
the plugin for the IBMHTTPServer but you have 1.3.12.1 version of IHS. The
recommended version is 1.3.12.0. Install the recommended version from the
./ihs directory and run this process again." After the message appears,
the script exits and does not install WebSphere Application Server 3.5 or the IHS Plugin. |
During the Japanese NT installation, the "Component
Description" is empty on the "Choose Application Server Components" panel.
This is a limitation of InstallShield. The component description will only
show up if the checkbox style listbox is used. However, that listbox does
not translate into Japanese because of a font problem. |
NT |
Use the standard list box, which does not show
the component description. |
The IBM HTTP Server not installed if there are
bad entries in the system file table: \etc\fstab. Reason: swinstall fails
in the analysis phase because the mount_all_file_systems option is true
by default. |
HP-UX |
- Remove the bad entries from the /etc/fstab file and reinstall.
- If number 1 is not an option edit the install_ihs_128.sh (or install_ihs_56.sh),
adding the -x mount_all_file_systems=false option to the swinstall command.
|
The installation prerequisite checker is checking different versions
of DB2 and Sybase. Specifically, the problem occurs when installing:
- DB2 7.1 Fixpack 1
- DB2 6.1 Fixpack 5 (not on AIX)
- Sybase 11.9.2 (Solaris only)
|
HP-UX, Solaris, AIX |
- Copy the prereq.properties file from /cdrom to /tmp
- Edit the /tmp/prereq.properties file, and change prereq_checker=1
to prereq_checker=0
- to install, use the following command line: install.sh /prereqfile
/tmp/prereq.properties
|
System hangs have been reported during quick
installations of HP WebSphere Application Server 56-bit Advanced from CD-ROM. |
HP-UX |
|
The WebSphere Application Server 3.5 Java install does not check the DB2
6.1 level. and continues to install on lower level of DB2 6.1.
This is caused by inconsistency in the way DB2 fix packs install on HP.
On some installs the version number is updated to 6.1.0.21 when fix pack
4 is installed, while on others it remains at 6.1.0.0. The WebSphere installation
process checks for either 6.1.0.0 or 6.1.0.21 as a prerequisite; thus, the
prerequisite fix pack levels can't be enforced until this is standardized.
|
HP-UX |
|
When running the command 'uninstall_ptf_1.sh' under the WebSphere Application
Server root directory, you may receive the following error:
cannot execute
|
HP-UX, AIX, Solaris |
Run the command 'chmod 777 uninstall_ptf_1' |
If you try to uninstall Fixpack 1, you may receive the following errors
due to a shared library lock:
Error 79 -- Unable to open destination file: (Cannot open or remove
a file containing a running program.)
Error 18 -- Extraction failed:
|
AIX |
- Run 'install.sh' to install Fixpack 1 again
- Run 'slibclean'
- Run 'uninstall_ptf_1.sh '
|
A migration tool for a native (silent) installation
of WebSphere Application Server is not provided. |
AIX, Solaris, HP-UX |
Use the Java (GUI) installation program and the
migration tool provided with it. Or, migrate your files independently of
a tool. |
Problem |
Op System |
Workaround |
The WebSphere Application Server, which is using
DB2, does not start and you receive the following /logs/tracefile error:
FATAL Failed to create a
data source:
{0} COM.ibm.db2
.jdbc.app.DB2Exception:
[IBM][CLI Driver] SQL1031N
The database directory cannot
be found on the indicated
file system. SQLSTATE=58031
|
All |
Create the WebSphere Application Server database. On Solaris and AIX,
run the shell file createdb2.sh.
On Windows NT, the script is started automatically after you reboot.
If the script file fails, start the database, then run the createdb2.bat
file. The results are logged in the wasdb2.log file.
|
If there is not a blank line at the end of the
admin.config file, the Administrative Server fails to start. The tracefile
is created, but it contains no message. On Windows NT/2000, the Services
panel reports The IBM WS AdminServer service returned service specific
error 10. |
All |
Add a newline character to the end of the admin.config
file in the \WebSphere\AppServer\bin directory. |
When running a servlet, you receive the message
Server internal error from the browser and get the following
message in your_server-stderr.log:
open_unix_domain_server_socket_listener
- bind/listen: The socket name is
already in use.
com.ibm.servlet.engine.oselistener
.outofproc.ServerQueueException:
Error: create_server 2
|
AIX |
If you choose to use an ID other than root to
run the WebSphere Application Server before starting the AppServer, you
need to enter the following from a command line:
su - root
cd /tmp
rm .asibm*
|
If you run as non-root on Solaris, you will see an error message of the
following,
$ ./startupServer.sh operation failed,
Not owner
|
Solaris |
You may ignore the error, adminServer will be
started as non-root user. |
When logged in other than as root, you
could not run the ServletRedirector. |
Solaris, AIX, HP-UX |
Log in as root and try running the ServletRedirector
again. |
You will have trouble starting a secured (that
is, security is enabled) administrative server or an application server
on a Windows machine, if this Windows machine is configured as a part of
a Windows domain and is not connected via the network to the domain server.
|
Windows NT/2000 |
Configure the Windows NT/2000 machine so that
it is not part of a Windows NT/2000 domain. |
If you are using the IBM HTTP Server Administration
Server with WebSphere Application Server installed and you attempt to add
a module using the Module Sequence form, the error message Invalid
command 'LoadModule' may be shown and the server may not restart.
Using the Module Sequence form added unwanted commands to the IHS httpd.conf
file. |
All |
Open an editor on the IHS configuration file
httpd.conf and remove the following commands:
ClearModuleList
LoadModule ibm_app_server_module<mod_ibm_app_server.dll path>
After the commands are removed from the httpd.conf file, the server should
restart.
|
Problem |
Op System |
Workaround |
The Tcl variable ErrorCode is set when command
line commands are executed. Previously, if a nonzero error occurred (and
the Tcl interpreter's result string was not set), the translation of the
error message was displayed. |
All |
Now, both interactive users and script writers
must check the errorCode variable to determine whether a command succeeded
or failed. |
If you do not select the Administrative Console
during installation, you can still run the adminclient.bat file, and an
Administrative Console will start. It will not contain the correct data.
The Topology view shows green 'objects' listed, but they are not valid objects.
They appear to be EJB-related methods. |
Windows NT/2000 |
Uninstall WebSphere Application Server and reinstall
it, including the Administrative Console. An alternative is to install the
Administrative Console on another machine and administer it from that machine. |
The HTTP Admininstrative Console is unavailable
if the default server is stopped. |
All |
The HTTP Admininstrative Console runs under the
default server. Stopping the default server makes the HTTP Admininstrative
Console unavailable. Start the default server and then try restarting the
HTTP Admininstrative Console. |
Screens may not repaint or resize properly when
the Administrative Console is run on a UNIX operating system with the Display
exported to a Windows NT/2000 system running a Hummingbird Exceed X Windows
server. Sometimes the window may appear to be empty or missing panes. When
you manually resize the window, the rest of the text/widgets appear. This
problem seems to appear when using the Administrative Console with Hummingbird
Exceed Version 6.0.1. |
Windows NT/2000 |
Do one of the following:
Note: Hummingbird Exceed Version 6.2.0.18 and higher will also
work. Follow the above instructions for configuring the window manager.
Exceed requires a patch to work. Without the patch, windows are incorrectly
sized. With the patch, some of the error and message dialog boxes still
have clipped edges, so you need to manually resize these windows. Contact
Robek Corporation for a patch to get to Exceed Version 6.2.0.18 or higher.
To determine the Exceed patch level you need:
- Open the Exceed Xconfig tool.
- Open Troubleshooting.
- In the Troubleshooting window, click the View button. The version
is listed at the top of the Exceed log. For example, after applying
the patch Exceed.exe 6.0.2.18, in the Exceed.log file, the version will
be listed as 6.2.0.18.
|
Left frame resizing. Sometimes, when resizing
the left panel, the panel gets squashed (smaller), and then becomes unable
to be resized. |
All |
This usually can be alleviated if you click the
Topology view, then resize the left panel. |
The addition to the Administrative Console (GUI)
for XML import did not include some features of the command-line utility.
This adversely affects security, which requires the variable substitution
feature of XML import to replace password variables in the XML file with
actual values. Instead, password variables are exported and are expected
to be replaced during import. This would limit password exposure to a single
time while invoking the import command.
Security configuration areas affected by this password limitation include
administrator access, LTPA, LDAP, and enterprise application identities.
|
All |
Use the XMLConfig command line utility for security
configurations that include passwords. |
When you invoke the WebSphere Control Program
(wscp), the .wscprc file does not load.
| All |
The Java property user.home is used to locate
the .wscprc file. Check the value for user.home and ensure that the .wscprc
file is located in the directory designated by user.home. Optionally, when
you invoke wscp, you can use the -p option to specify the user.home directory
and, thus, the location of the .wscprc file:
-p <user.home_directory>/.wscprc
Note that the user.home directory may differ among JDK version levels
and platforms. On Windows NT/2000, the JDK 1.2.2 sets the user.home property
based on the value of the USERPROFILE environment variable.
|
If a resource is deleted and re-created in the
WebSphere Application Server Advanced Edition Administrative Console, the
change is not immediately reflected in the WebSphere Control Program (wscp).
You must explicitly refresh all object references in the repository cache
by issuing a "wscp list" operation for the object type of the instance.
Alternatively, exiting and re-invoking the WebSphere Control Program (wscp)
also refreshes the cache. |
All |
To avoid problems due to inconsistent cached
information, avoid issuing concurrent operations on the same object from
within the WebSphere Control Program (wscp) and the console. |
Before working with the WebSphere Administrative
Console, wait until the message Console ready appears and the new
status icon changes from its In progress state to Ready. For
example, if you try to start the default server before seeing the Console
ready message, there may be some errors at the WebSphere Administrative
Console. |
All |
Do not start servers until the Console ready
message appears. |
Just after WebSphere Application Server is installed
on AIX, the fully-qualified domain name (FQDN) is not included in the Alias
Host field of Virtual Host:default_host. Access by httpd://<FQDN>/servlet/snoop
fails. |
All |
Input FQDN in the Alias Host field and restart
the server. |
Problem |
Op System |
Workaround |
The required attributes of an enterprise bean
include the DeploymentDescriptor and JarFile attributes. The DeploymentDescriptor
attribute has a new format. |
All |
The attribute value must be a string that includes the remote interface
name, a JAR file, and the node name, each separated by the @ symbol. The
syntax is as follows:
bean_remote_interface [ @jar_file ] @node_name ] ]
where bean_remote_interface is the name of the bean's remote home interface,
jar_file is the full pathname of the JAR file on the node for which the
enterprise bean is being defined, and node is the name of the node where
the enterprise bean is being created. The JAR file and the node name are
optional, and are automatically supplied if they are not specified. The
value for jar_file is taken from the value of the JarFile attribute. The
value for node name is extracted from the fully-qualified name of the
enterprise bean.
|
There is no BLOB or CLOB support for WebSphere
Application Server version 3.5 on HP using DB2 with Container Managed Persistence
(CMP). |
HP-UX |
Due to a problem with DB2 on the HP platform,
any CMP bean which is to be run on the HP platform with DB2 as its persistent
store CANNOT designate a Serializable object type as a CMP field. This is
an additional restriction over the restrictions already imposed by the EJB
spec with regard to the supported types for CMP fields. |
Some EJBs may request more database connections
on DB2 than are configured for the database, resulting in trap errors on
8-way NT systems |
All |
|
Enterprise Bean clients must have access to server-side
exception classes to interpret server-side exceptions in stack traces. |
All |
Examine the server-side trace logs for the complete
error information or make server-side classes available on the client. |
When trying to view a distributed transaction,
the transaction monitor will not display and, if you persist in trying to
access the transaction monitor, the console hangs. |
All |
To stop the console from hanging, restart the
administrative console. However, you still will not be able to access the
transaction monitor. |
The Jetace tool issues a java.lang.NoClassDefFoundError
message when loading a JAR file. |
All |
When using the Jetace tool, make sure all dependent
classes (and dependencies those classes have) are on the classpath. |
The documentation on writing enterprise beans
with bean managed persistence (BMP) needs correcting. |
All |
See "Chapter 9: More-advanced programming concepts
for enterprise beans" in the PDF file adswpg00.pdf and in the HTML file
atswpgad.htm. In Figure 64, the lines:
getEnvProps();
ds = initContext.lookup("jdbc/sample");
should be in the setEntityContext method (similar to Figure 61) rather than
in the constructor. This is because the getEnvProps method needs the context
to be set which is not yet set in the constructor. Since the container invokes
the setEntityContext method to set the context, the other two methods, getEnvProps
and lookup, can be safely done there. |
Because of application programming practices,
an application getting an enumeration of objects from an enterprise bean
gets fewer than the expected number of objects. |
All |
Whenever possible, invoke entity bean finders
and the iteration through a resulting enumeration within a single transaction.
Some benefits are:
- Iteration through the enumeration will be 2-4 times faster if done
within the the same transaction in which the find method was invoked.
- Consistency will be maintained; otherwise, iteration through an enumeration
obtained from a finder may return unexpected results if done with no
transaction. This is because concurrent access to the beans may have
changed their data between the time the enumeration was constructed
and the time at which it is consumed.
If an entity bean finder is invoked within one transaction (for example,
a transaction which a client started via UserTransaction or from a TX_REQUIRED
session bean method), the resulting enumeration must be consumed within
the same transaction. The result of a finder becomes invalid once the
transaction completes.
The following is an example of finder usage which does not meet the above
requirement:
UserTransaction tx = ...;
tx.begin();
Enumeration e = myEntityHome
.findGreaterThan(100);
tx.commit();
while (e.hasMoreElements()) {
....
}
The code should be rewritten as follows:
UserTransaction TX = ...;
tx.begin();
Enumeration e = myEntityHome
.findGreaterThan(100);
while (e.hasMoreElements()) {
...
}
tx.commit();
Though not recommended, the following works, but with no guarantee of
transactional consistency:
UserTransaction TX = ...;
tx.begin();
...
tx.commit();
Enumeration e = myEntityHome
.findGreaterThan(100);
while (e.hasMoreElements()) {
...
}
|
A ClassNotFoundException is thrown during deployment
of a bean that references another bean. |
All |
If a bean in one JAR file references a bean in
another JAR file, the WebSphere Administrative Server needs to know the
location of the first bean in order to deploy the second bean; otherwise,
a ClassNotFoundException will occur when you attempt to deploy the second
bean. For example, if bean B in one JAR file references bean A in another
JAR file, deploy bean A first, and add the full path for the deployed JAR
file to the node's Dependent Classpath before deploying bean B. |
Data in non-persisted fields of an entity bean
is not maintained across transactions. |
All |
Entity beans should not rely on data stored in
non-persisted fields (particularly, references to other beans) being maintained
across multiple transactions. Entity bean instances are stored in an object
pool between transactions. Each time a new transaction begins, it retrieves
one of the entity bean instances in the pool and loads persisted data for
the requested bean. Non-persisted fields may contain values set by a different
bean used previously. If necessary, you can reinitialize the data in the
non-persisted field in the bean's ejbLoad() method. |
After deploying an entity enterprise bean, starting
the bean or starting the server that it is installed under results in a
failure to create the bean's persistent table in the relational database.
|
All |
The names used for the persistent data within
the enterprise bean are used as the column names in the relational database.
Make sure that the column names are allowed in your particular relational
database. Also, make sure that the Java data types used by your enterprise
beans have a supported mapping to a data type within your relational database. |
In an inheritence hierarchy involving CMP beans,
using the results of an enumerated finder outside the transaction the finder
was run in may lead to results which violate the inheritence behavior. The
behavior may be described by the following scenario:
Consider an inheritence hierarchy involving the CMP beans Bean P (Parent)
and Bean C (child). Assume that there is one instance of P (P1) and one
instance of C (C1). An enumerated finder on P will return P1 and C1. However,
attempts to use C1 outside the transaction in which the finder was run
would result in its behaving like an instance of P (ie, the methods would
have P's behavior, not C's behavior).
|
All |
Clients should start a transaction before running
enumerated finders on CMP hierarchies, and should use the results of the
finder within the same transaction. If this is done, using the scenario
on the left, attempts to use C1 will demonstrate C's behavior, as expected,
instead of P's behavior. |
Problem |
Op System |
Workaround |
Customers want to protect individual JSP files based on the URI's
and do not want to protect all the JSP's in the system (*.jsp). The documentation to add a JSP
URI to a web application is to use the "Add JSP or web resource" task. This task adds the JSP
URI but does not add the JSP to the web app. Due to this defect, when customers follow the
configuration steps to protect the JSP URI's, the URI's are treated not to be a part of a web
application and hence treated as web server resources. Therefore, security doesn't work as
intended. |
All |
Do not use the "Add a JSP or web resource task" to introduce new
JSP URI's and to associate with web apps. If you have already done so, first remove all the
URI's and then follow these steps:
- Select the Topology View
- Expand Node->App Server->Servlet Engine and the desired web application
- Select the JSP processor servlet in that application
- In the configuration panel for that JSP, there is a list of Web paths; it should
contain /default_host/<:webapp-path>/*.jsp
- Click "Add" (to add to the web path list)
- Enter the URI you want to protect (e.g., /default_host/<:webap-path>/toBeProtected.jsp)
- Repeat (6) for all the JSP's you want to protect
- Apply and complete this task
- Follow security configuration steps to protect these newly added JSP's
- Restart the application server
|
If the user id that will be used to start the WebSphere server in Windows
NT or Windows 2000 platforms does not have Administrator rights, then
you will encounter the following error on the administration server:
com.ibm.ejs.security.registry.RegistryErrorException:
Windows NT: Access is denied
|
Windows NT/2000 |
Add the user (i.e. service ID) to the "Administrators"
group. |
Users of WebSphere Application Server with Domino
Versions 5.02, 5.02B, and Domino 5.03 LDAP directories have encountered
problems, such as intermittent server hanging, with security and LTPA as
the authentication method. The problems are due to a defect in these Domino
versions. |
All |
This is expected to be fixed in Domino Version
5.05. |
WebSphere Application Server does not currently
support TBSCertificate extensions for client authentication and authorization. |
All |
WebSphere Application Server does support certificate
mapping using Subject DN or Issuer DNs. |
When security is enabled, administrators must
specify two different Secure Sockets Layer (SSL) port numbers for use by
the administrative server. |
All |
On the server command line, define two port numbers
using the -D option:
For the listener port, specify:
com.ibm.CORBA.SSLPort
For Location Service Daemon (LSD) port, specify: com.ibm.CORBA.LSDSSLPort
The values of these two properties must be different.
|
You might not be able to run IKeyman in the WebSphere
environment. |
All |
If you installed both IBM HTTP Server and WebSphere
Application Server Advanced Edition on the same host:
- On Windows NT/2000, enter following commands to run the IKeyman keyring
management tool:
cd <WebSphere_installation_directory>\bin
setupCmdLine.bat
set PATH=%JAVA_HOME%\bin;
%JAVA_HOME%\jre\bin;
%JAVA_HOME%\jre\bin\classic;%PATH%
set CLASSPATH=%WAS_HOME%\lib\cfwk.zip;
%WAS_HOME%\lib\gsk4cls.jar;
%WAS_HOME%\lib\swingall.jar;
%CLASSPATH%
java -Dkeyman.javaOnly=true
com.ibm.gsk.ikeyman.Ikeyman
- On AIX, Solaris or HP-UX, enter the following commands to run the
IKeyman keyring management tool:
cd <WebSphere_installation_directory>/bin
setupCmdLine.sh
set LIBPATH=$JAVA_HOME/jre/bin:
$JAVA_HOME/jre/bin/classic:$LIBPATH
set PATH=$JAVA_HOME/bin;
$JAVA_HOME/jre/bin;$PATH
set CLASSPATH=$WAS_HOME/lib/cfwk.zip;
$WAS_HOME/lib/gsk4cls.jar;
%WAS_HOME%/lib/swingall.jar;
$CLASSPATH
java -Dkeyman.javaOnly=true
com.ibm.gsk.ikeyman.Ikeyman
or, instead of using the java command, run /usr/opt/ibm/gskit/bin/gsk4ikm
If you did not install IBM HTTP Server:
- On Windows NT/2000, enter the following commands to run the IKeyman
keyring management tool:
cd <WebSphere_installation_directory>\bin
setupCmdLine.bat
set PATH=%JAVA_HOME%\bin;
%JAVA_HOME%\jre\bin;
%JAVA_HOME%\jre\bin\classic;%PATH%
set CLASSPATH=%WAS_HOME%\lib\cfwk.zip;
%WAS_HOME%\lib\gsk4cls.jar;
%WAS_HOME%\lib\swingall.jar;
%CLASSPATH%
java -Dkeyman.javaOnly=true
com.ibm.gsk.ikeyman.Ikeyman
- On AIX, Solaris or HP-UX, enter the following commands to run the
IKeyman keyring management tool:
cd <WebSphere_installation_directory>/bin
setupCmdLine.sh
set LIBPATH=$JAVA_HOME/jre/bin:
$JAVA_HOME/jre/bin/classic:$LIBPATH
set PATH=$JAVA_HOME/bin;
$JAVA_HOME/jre/bin;$PATH
set CLASSPATH=$WAS_HOME/lib/cfwk.zip;
$WAS_HOME/lib/gsk4cls.jar;
%WAS_HOME%/lib/swingall.jar;
$CLASSPATH
java -Dkeyman.javaOnly=true
com.ibm.gsk.ikeyman.Ikeyman
- Then, follow the online documentation on using the IKeyman tool.
|
If you select the Lotus Domino plug-in during
WebSphere Application Server installation on UNIX platforms, the Lotus Domino
configuration file is updated to use the old DLL (GWAPI - libgo46.so). The
security of the Lotus Domino plug-in will not work.
[Note: the installation program for Windows NT uses the new DLL. The
first time you install WebSphere Application Server, select the Domino
plug-in. After completing the installation, run the install program again,
this time selecting only the Domino plug-in.
The Lotus Domino plug-in is not supported on Windows2000.]
|
HP-UX, AIX, Solaris |
Use the new DLL (DSAPI - libdomino5.so). Use the following steps to obtain
the new DLL instead of the old one (these steps assume Solaris is the
example operating system, but can be used on the others):
- Install WebSphere Application Server, and select the Lotus Domino
plug-in.
- After installation, comment out the following lines in the httpd.cnf
file:
Authorization *
/opt/WebSphere/AppServer/bin/libgo46.so:
authorization_exit
NameTrans *
/opt/WebSphere/AppServer/bin/libgo46.so:
nametrans_exit
Service IBMWebSphere
/opt/WebSphere/AppServer/bin/libgo46.so:
service_exit
ServerInit
/opt/WebSphere/AppServer/bin/libgo46.so:
init_exit
/opt/WebSphere/AppServer/properties/
bootstrap.properties
ServerTerm
/opt/WebSphere/AppServer/bin/libgo46.so:
term_exit
Pass
/IBMWebAS/samples/*
/opt/WebSphere/AppServer/samples/*
Pass /IBMWebAS/*
/opt/WebSphere/AppServer/web/*
- Run the Lotus Domino server.
- Bring up the Lotus Domino Administration display. Go to the Lotus
Domino configuration, and add the following line under DSAPI filter:
/opt/WebSphere/AppServer/bin/libdomino5.so
- Restart the Lotus Domino server. While it is starting, you will see
the line:
WebSphere DSAPI filter loaded.
This means the Lotus Domino plug-in will use the new DLL.
- Start WebSphere Application Server.
|
When security is enabled in WebSphere Application
Server, if you specify the ORB property com.ibm.CORBA.ListenerPort
to define the listener port for an application, it does not affect the ORB.
The ORB continues to generate a new port dynamically and uses it instead
of the one specified. This is encountered especially in the DMZ and servlet
redirector scenarios. |
All |
Specify instead com.ibm.CORBA.SSLPort
If you are are starting an application server as:
java -Dcom.ibm.CORBA.listenerPort=7777
<other parameters>
then, if security is enabled, start the server as:
java -Dcom.ibm.CORBA.SSLPort=7777
<other parameters>
|
As to security in a model/clone environment,
if a model (or one of the clones) is secured, then when WLM is enabled,
accessing a bean in the cloned environment results in a Authorization
failure on the server side or an ObjectNotFound
or an access exception on the client side, where the client is accessing
the cloned bean. |
All |
Apply a security configuration to each clone.
In a model/clone environment, security needs to be applied to each clone
that needs to be secured. If the model is secured, then the security configuration
will not automatically apply to all of the model's clones. All clones need
to be added to an appropriate enterprise application and a "Configure Resource
Security" task must be applied to all of those clones. |
If you changed the password of the userid in
the user registry, you might have problems starting WebSphere Application
Server since the userid and password are invalid. The password of the userid
referred to is associated with WebSphere and configured in the UserRegistry
task panel.
|
Windows NT/2000 |
The only way to change the userid and password
that would not affect other configuration information is to:
- Before changing the userid and password in the registry and while
the userid and password are still valid in the registry, start the WebSphere
Administrative Server and the WebSphere Administrative Console.
- Start the user management utility (LocalOS or LDAP tools), and then
change the password.
- Make the corresponding change tothe WebSphere Application Server user
registry configuration:
- Select Global Security Settings, then User registry,
then ServerID and password
- Apply the changes.
- Restart the WebSphere Application Server.
|