Configuration instances will not start after applying Fix Pack 2 due to missing ws-security files
 Technote (troubleshooting)
 
Problem(Abstract)
After applying Fix Pack 2 to WebSphere® Application Server V5.0, existing configuration instances no longer start. This is due to a defect in Fix Pack 2 that neglects to copy certain files to configuration instances of the Application Server. Instances created after Fix Pack 2 is applied will not have this problem.
 
Cause
During the Fix Pack 2 installation process, the security.wssecurity component updates the main application server instance with several files. It also updates the template from which new Application Server instances are built. However, due to a defect in the Fix Pack 2 installation process, configuration instances of the application server are not updated with these files:

etc/ws-security/samples/dsig-receiver.ks
etc/ws-security/samples/dsig-sender.ks
etc/ws-security/samples/enc-receiver.jceks
etc/ws-security/samples/enc-sender.jceks
etc/ws-security/samples/intca2.cer
properties/ws-security.xml

Fix Pack 2 also updates the template from which new Application Server instances are created with this similar set of files:

bin/wsinstance/etcdefaults/ws-security/samples/dsig-receiver.ks
bin/wsinstance/etcdefaults/ws-security/samples/dsig-sender.ks
bin/wsinstance/etcdefaults/ws-security/samples/enc-receiver.jceks
bin/wsinstance/etcdefaults/ws-security/samples/enc-sender.jceks
bin/wsinstance/etcdefaults/ws-security/samples/intca2.cer
bin/wsinstance/propdefaults/ws-security.xml

Instances of the Application Server other than the main instance are not updated with these files. This can cause problems that prevent the Application Server from starting up for those instances.

The exception thrown by the instance during startup is similar to this:

5b0e2c WSSecurityCom E WSEC0019E: Failed to load KeyLocator SampleClientSignerKey.
The exception is com.ibm.wsspi.wssecurity.SoapSecurityException:
WSEC5002E: Unable to open the keystore file:
/dvl/msv/was/msv01/etc/ws-security/samples/dsig-sender.ks at
com.ibm.wsspi.wssecurity.SoapSecurityException.format(SoapSecurityException.java:69) at com.ibm.wsspi.wssecurity.SoapSecurityException.format(SoapSecurityException.java:57) at com.ibm.xml.soapsec.util.ConfigUtil.createKeyStore(ConfigUtil.java:115) at com.ibm.xml.soapsec.util.ConfigUtil.getKeyStore(ConfigUtil.java:98) at com.ibm.wsspi.wssecurity.config.KeyStoreKeyLocator.init(KeyStoreKeyLocator.java:167) at com.ibm.xml.soapsec.util.ConfigUtil.instantiate(ConfigUtil.java:245)
 
Resolving the problem
These instructions explain how to repair a configuration instance of the Application Server. Repeat these instructions for each of the instances that need repair.

$WAS_HOME refers to the product installation directory. $INST_HOME refers to the root of the configuration instance being repaired.

  1. Copy all files from $WAS_HOME/bin/wsinstance/etcdefaults/ws-security/samples to $INST_HOME/etc/ws-security/samples.

    Note: If the destination directory does not exist, create it.
  2. Copy the file $WAS_HOME/bin/wsinstance/propdefaults/ws-security.xml to the $INST_HOME/properties directory.
  3. Start the instance. The startup problem is resolved because the security files are present.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
Historical Number
22072.379.000
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Install
Operating system(s): Windows
Software version: 5.0.2
Software edition:
Reference #: 1152802
IBM Group: Software Group
Modified date: May 11, 2004