PQ95235: DURING RIPPLESTART OF SERVERS IN A CLUSTER THE DMGR SERVER CR IDIS USED INSTEAD OF ADMIN ID CAUSING ERRORS AND MAY RESULT IN 0C4 | |||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description With Global Security enabled the ripplestart operation causes various security errors which may eventually cause an 0C4 abend causing the start of the servers to fail. . The problem is that the deployment management controller ID is used to start the servers instead of the admin ID. Some of the errors observed are, . BBOO0222I SECJ0305I: Role based authorization check failed for security name <null>, accessId NO_CRED_NO_ACCESS_ID while invoking method getProcessType on resource Server and module Server. . ICH408I USER(DMGRCR1 ) GROUP(CBFCNG1) NAME(WAS G#STEUSER - TEST) administrator CL(EJBROLE ) INSUFFICIENT ACCESS AUTHORITY ACCESS INTENT(READ ) ACCESS ALLOWED(NONE ) . BBOS0008E RACAUTH of class, EJBROLE, failed with SAF Return Code=00000008, RACF Return Code=00000008, RACF Reaode=00000000. . The ripplestart may also result in an OC4 abend in some cases where the start of the servers will fail. The abend is in security module BBOSSMEP with traceback: . BBOSSMEP EJBROLES::checkingRolesPermission EJBROLES::isCallerInRole Java_com_ibm_ws_security_core_SAFAuthorizationTableImpl_native_1 SAFisGrantedAnyRole com/ibm/ws/security/core/SAFAuthorizationTableImpl. callerAndUserInRole com/ibm/ws/security/core/SAFAuthorizationTableImpl. isGrantedAnyRole com/ibm/ws/security/role/RoleBasedAuthorizerImpl.checkAccess com/ibm/ws/management/AdminServiceImpl.preInvoke com/ibm/ws/management/AdminServiceImpl.invoke com/ibm/ws/management/wlm/ClusterMgr.invokeMBean com/ibm/ws/management/wlm/ClusterMgr.getAttributes com/ibm/ws/management/wlm/ClusterMgr.loadClusterConfig com/ibm/ws/management/wlm/ClusterMgr.loadRefreshClusters com/ibm/ws/management/wlm/ClusterMgr.retrieveCluster com/ibm/ws/management/AdminServiceImpl.invoke com/ibm/ws/management/wlm/Cluster.refresh com/ibm/ws/management/wlm/ClusterAdminマRippleStarter.rippleStart com/ibm/ws/management/wlm/ClusterAdminマRippleStarter.run .Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: Various symptoms occur when a ripple * * start is attempted. One symptom: * * ICH408I USER(WRONGID) GROUP(WRONGGR) * * NAME(USER) administrator CL(EJBROLE ) * * INSUFFICIENT ACCESS AUTHORITY * * ACCESS INTENT(READ ) ACCESS * * ALLOWED(NONE ) * * Some customers receive * * ABENDSOC4/ABENDOC4 in the Deployment * * Manager controller which is traced to * * BBOSSMEP. * **************************************************************** * RECOMMENDATION: * **************************************************************** The problem is one of re-using released storage. Ripple start processing spawns a new thread to do the work, passing security credentials including a control block managed by C++. The original thread completes end of transaction processing, and the storage is released. The spawned thread continues OK until the freed storage is re-allocated, at which time the resulting storage overlay can cause various problems.Problem conclusion Processing in the security code is modified to clone the control block in Java storage and use the clone in the security credentials. APAR PQ95235 is associated with SERVICE LEVEL W502019 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: PQ96886 Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PQ95235.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ95235
IBM Group: Software Group
Modified date: Jan 5, 2005
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.