PQ91262: Stopping a server from the console fails with security enabled when using RMI as the transport.

 Fixes are available

5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for AIX
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for HP-UX
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for Linux
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for AIX
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for AIX
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for HP-UX
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for Solaris
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for Windows
5.1.1.18: WebSphere Application Server V5.1.1 Cumulative Fix 18 for Linux
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for Linux
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for Solaris
5.1.1.17: WebSphere Application Server V5.1.1 Cumulative Fix 17 for Windows
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Solaris
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Windows
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Solaris
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Windows
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for AIX
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for AIX
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Linux
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for AIX
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for Windows
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for Windows
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for HP-UX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Solaris
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for Solaris
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Windows
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Solaris
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for AIX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for AIX
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for Linux
5.0.2.12: WebSphere Application Server 5.0.2 Cumulative Fix 12
5.1.1.6: WebSphere Application Server Version 5.1.1 Cumulative Fix 6
5.1.1.7: WebSphere Application Server Version 5.1.1 Cumulative Fix 7
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for HP-UX
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for AIX
5.1.1.4: WebSphere Application Server Version 5.1.1 Cumulative Fix 4
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Windows
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for HP-UX
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for AIX
5.1.1.11: WebSphere Application Server V5.1.1 Cumulative Fix 11 for AIX
5.0.2.17: WebSphere Application Server 5.0.2 Cumulative Fix 17 for Linux
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for HP-UX
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Linux
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for HP-UX
5.1.1.9: WebSphere Application Server V5.1.1 Cumulative Fix 9 for Linux
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for HP-UX
5.1.1.12: WebSphere Application Server V5.1.1 Cumulative Fix 12 for Windows
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Solaris
5.0.2.8: WebSphere Application Server V5.0.2 Cumulative Fix 8
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Windows
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for AIX
5.1.1.11: WebSphere Application Server V5.1.1 Cumulative Fix 11 for Windows
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for Solaris
5.0.2.18: WebSphere Application Server 5.0.2 Cumulative Fix 18 for Solaris
5.1.1.11: WebSphere Application Server V5.1.1 Cumulative Fix 11 for Linux
5.0.2.18: WebSphere Application Server 5.0.2 Cumulative Fix 18 for Windows
5.0.2.18: WebSphere Application Server 5.0.2 Cumulative Fix 18 for HP-UX
5.0.2.18: WebSphere Application Server 5.0.2 Cumulative Fix 18 for AIX
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for Windows
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for Solaris
5.0.2.14: WebSphere Application Server 5.0.2 Cumulative Fix 14 for Windows
5.1.1.12: WebSphere Application Server V5.1.1 Cumulative Fix 12 for AIX
5.1.1.12: WebSphere Application Server V5.1.1 Cumulative Fix 12 for Linux
5.1.1.12: WebSphere Application Server V5.1.1 Cumulative Fix 12 for HP-UX
5.1.1.12: WebSphere Application Server V5.1.1 Cumulative Fix 12 for Solaris
5.1.1.11: WebSphere Application Server V5.1.1 Cumulative Fix 11 for Solaris
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for AIX
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for Windows
5.0.2.13: WebSphere Application Server 5.0.2 Cumulative Fix 13
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for HP-UX
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for Solaris
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for Solaris
5.1.1.13: WebSphere Application Server V5.1.1 Cumulative Fix 13 for Linux
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for AIX
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for Linux
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for Windows
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for Windows
5.0.2.18: WebSphere Application Server 5.0.2 Cumulative Fix 18 for Linux
5.1.1.11: WebSphere Application Server V5.1.1 Cumulative Fix 11 for HP-UX
5.1.1.14: WebSphere Application Server V5.1.1 Cumulative Fix 14 for HP-UX
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for Linux
5.0.2.15: WebSphere Application Server 5.0.2 Cumulative Fix 15 for HP-UX
5.0.2.16: WebSphere Application Server 5.0.2 Cumulative Fix 16 for Linux
5.1.1.10: WebSphere Application Server V5.1.1 Cumulative Fix 10 for Solaris
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for AIX
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for HP-UX
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for HP-UX
5.1.1.16: WebSphere Application Server V5.1.1 Cumulative Fix 16 for Linux
5.1.1.15: WebSphere Application Server V5.1.1 Cumulative Fix 15 for Linux
5.1.1.19: WebSphere Application Server V5.1.1 Cumulative Fix 19 for HP-UX



APAR status
Closed as program error.

Error description
Stopping a server from the console fails with security enabled
when using RMI as the transport.

The following error is received when trying to stop the server
from the Admin Console - the server fails to stop,

ADMN0022E: Access denied for the stop operation on Server MBean
due to insufficient or empty credentials.
at
com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServic
eImpl.java:1354)
at
com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceIm
pl.java:657)
at
com.ibm.ws.management.connector.AdminServiceDelegator.invoke&#40
;AdminServiceDelegator.java:130)
at
com.ibm.ws.management.connector.rmi.RMIConnectorService.invoke&#
40;RMIConnectorService.java:175)
at
com.ibm.ws.management.connector.rmi._RMIConnectorService_Tie.inv
oke(Unknown Source)
at
com.ibm.ws.management.connector.rmi._RMIConnectorService_Tie._in
voke(Unknown Source)
at
com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(Serv
erDelegate.java:608)
at
com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.ja
va:461)
at com.ibm.rmi.iiop.ORB.process(ORB.java:432)
at com.ibm.CORBA.iiop.ORB.process(ORB.java:1728)
at
com.ibm.rmi.iiop.Connection.doWork(Connection.java:2227)
at
com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:65&#4
1;
at
com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:95)
at
com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:912&#4
1;&lt;&lt; END server: 1198777258 at host <host>
at
com.ibm.CORBA.iiop.UtilDelegateImpl.mapSystemException&#40;UtilD
elegateImpl.java:166&#41;
at javax.rmi.CORBA.Util.mapSystemException&#40;Util.java:65&#41;
at
com.ibm.ws.management.connector.rmi._RMIConnector_Stub.invoke&#4
0;Unknown Source&#41;
at
com.ibm.ws.management.connector.rmi.RMIConnectorClient.invoke&#4
0;RMIConnectorClient.java:488&#41;
at
com.ibm.ws.management.AdminClientImpl.invoke&#40;AdminClientImpl
.java:162&#41;
at
com.ibm.ws.management.AdminServiceImpl.invoke&#40;AdminServiceIm
pl.java:663&#41;
at
com.ibm.ws.management.connector.AdminServiceDelegator.invoke&#40
;AdminServiceDelegator.java:130&#41;
at
com.ibm.ws.management.connector.rmi.RMIConnectorService.invoke&#
40;RMIConnectorService.java:175&#41;
at
com.ibm.ws.management.connector.rmi._RMIConnectorService_Tie.inv
oke&#40;Unknown Source&#41;
at
com.ibm.ws.management.connector.rmi._RMIConnectorService_Tie._in
voke&#40;Unknown Source&#41;
at
com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler&#40;Serv
erDelegate.java:608&#41;
at
com.ibm.CORBA.iiop.ServerDelegate.dispatch&#40;ServerDelegate.ja
va:461&#41;
at com.ibm.rmi.iiop.ORB.process&#40;ORB.java:432&#41;
at com.ibm.CORBA.iiop.ORB.process&#40;ORB.java:1728&#41;
at com.rmi.iiop.Connection.doWork&#40;Connection.java:2227&#41;
at
com.ibm.rmi.iiop.WorkUnitImpl.doWork&#40;WorkUnitImpl.java:65&#4
1;
at
com.ibm.ejs.oa.pool.PooledThread.run&#40;ThreadPool.java:95&#41;
at
com.ibm.ws.util.ThreadPool$Worker.run&#40;ThreadPool.java:912&#4
1;&lt;&lt; END server: 298002686 at host <host>
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server v5.x users who  *
*                 use RMI connector with security enabled      *
****************************************************************
* PROBLEM DESCRIPTION: When RMI connector is used with         *
*                      global security turned on, JMX          *
*                      operations may fail with ADMN0022E      *
*                      (Access denied due to insufficient or   *
*                      empty credentials), for example,        *
*                      stopping a server from the              *
*                      administrative console.                 *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The RMI connector code needs to ensure proper credentials are
set for JMX calls issued from server to server (ie. dmgr to
node agent, or vice versa), such that a JMX call origniated
from dmgr (console) will be able to pass access checks in node
agent.
Problem conclusion
Updated the RMI connector client code to properly handle the
credentials setup for server-to-server JMX requests.
Temporary fix Comments
APAR information
APAR number PQ91262
Reported component name WAS NETWRK DEPL
Reported component ID 5630A3601
Reported release 10S
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-07-12
Closed date 2004-08-23
Last modified date 2004-08-23

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PK11343

Modules/Macros
ADMIN JMX        

Publications Referenced

Fix information

Applicable component levels
R00A PSY    UP
R00H PSY    UP
R00I PSY    UP
R00P PSY    UP
R00S PSY    UP
R00W PSY    UP
R10A PSY    UP
R10H PSY    UP
R10I PSY    UP
R10P PSY    UP
R10S PSY    UP
R10W PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 10S
Software edition:
Reference #: PQ91262
IBM Group: Software Group
Modified date: Aug 23, 2004