PQ93531: Application install fails with error ADMN0022E when using wsadmin install syntax

 Fixes are available

5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for AIX
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for Windows
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for HP-UX
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for Solaris
5.1.1.6: WebSphere Application Server Version 5.1.1 Cumulative Fix 6
5.1.1.7: WebSphere Application Server Version 5.1.1 Cumulative Fix 7
5.1.1.4: WebSphere Application Server Version 5.1.1 Cumulative Fix 4
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for Linux



APAR status
Closed as program error.

Error description
Problem: Client enabled the global security and crated user
called "deployer" with configurator role defined which fails to
deploy an application using wsadmin install task.

Two nodes - one Cell - LDAP server, Global security enabled,
WebSphere version: WAS 5.1.1 - Build Number: a0426.01
Build Date: 06/27/2004

Client setup the LDAP server and created user called "deployer"
with configurator role defined. If client run the install from
wsadmin the wsadmin install fails with ADMN0022E Access denied
for the method getServerConfig in FileTransferServer MBean.

Caused by: javax.management.JMRuntimeException: ADMN0022E:
Access denied for the getServerConfig operation on
FileTransferServer MBean due to insufficient or empty
credentials.
at
com.ibm.ws.management.connector.soap.SOAPConnectorClient.handleA
dminFault(SOAPConnectorClient.java:610)

If he installs using the adminconsole then it works fine.

Following sample script run:

$AdminApp install
C:/WAS51/WebSphere/AppServer/installableApps/ivtApp.ear {-cell
waslinux21Network -server server1 -node waslinux21
-usedefaultbindings
-appname IVTApp}
$AdminConfig save


Output:
======
C:\WAS51\WebSphere\AppServer\bin>wsadmin.bat -f
c:\tmp\ivt-install.jacl
-user deployer -password deployer

WASX7209I: Connected to process "dmgr" on node waslinux21Manager
using
SOAP connector; The type of process is: DeploymentManager
ADMA0080W: A template policy file without any permission set is
included in the 1.2.x enterprise application. You can modify the
Java 2 Security policy for the enterprise application by editing
the was.policy file located in the
${user.install.root}/config/cells/(yourCellName)/applications/(y
ourAppN
ame).ear/deployments/(yourAppName)/META-INF directory after the
application is installed. For syntax of was.policy, please refer
to the
Dynamic Policy section of documentation in Info Center.
WASX7327I: Contents of was.policy file:
 //
// Template policy file for enterprise application.
// Extra permissions can be added if required by the enterprise
application.
//
// NOTE: Syntax errors in the policy files will cause the
enterprise application FAIL to start.
//       Extreme care should be taken when editing these policy
files. It is advised to use
//       the policytool provided by the JDK for editing the
policy files
//       (WAS_HOME/java/jre/bin/policytool).
//

grant codeBase "file:${application}" {
};

grant codeBase "file:${jars}" {
};

grant codeBase "file:${connectorComponent}" {
};

grant codeBase "file:${webComponent}" {
};

grant codeBase "file:${ejbComponent}" {
};


WASX7017E: Exception received while running file
"c:\tmp\ivt-install.jacl"; exception information:
com.ibm.websphere.management.filetransfer.client.TransferFailedE
xception
java.lang.NullPointerException: java.lang.NullPointerException
Local fix
Adminconsole works fine.
Problem summary
****************************************************************
* USERS AFFECTED: Websphere Application Server users who       *
*                 wish to install an application from          *
*                 wsadmin with configurator role in an         *
*                 environment where global security is         *
*                 enabled.                                     *
****************************************************************
* PROBLEM DESCRIPTION: When a user with configurator role      *
*                      deploys an application from wsadmin     *
*                      in a secured environment, the           *
*                      operation will fail with a security     *
*                      exception.                              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
When configurator role installs an application from wsadmin in
a secured environment, the operation will fail with the
following exception:
Caused by: javax.management.JMRuntimeException:   ADMN0022E:
Access denied for the getServerConfig operation on
FileTransferServer MBean due to insufficient or empty
credentials.
at
com.ibm.ws.management.connector.soap.SOAPConnectorClient.
handleAdminFault(SOAPConnectorClient.java:610)
Problem conclusion
Modified the code so as to make installation successful.
Temporary fix Comments
APAR information
APAR number PQ93531
Reported component name WAS NETWRK DEPL
Reported component ID 5630A3601
Reported release 10S
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-08-31
Closed date 2004-10-19
Last modified date 2004-10-19

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
ADMIN          

Publications Referenced

Fix information

Applicable component levels
R003 PSY    UP
R00A PSY    UP
R00H PSY    UP
R00I PSY    UP
R00P PSY    UP
R00S PSY    UP
R00W PSY    UP
R103 PSY    UP
R10A PSY    UP
R10H PSY    UP
R10I PSY    UP
R10P PSY    UP
R10S PSY    UP
R10W PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 10S
Software edition:
Reference #: PQ93531
IBM Group: Software Group
Modified date: Oct 19, 2004