PQ84695: BBOO0222I SECJ0305I: ROLE BASED AUTHORIZATION CHECK FAILED FOR SECURITY NAME (NULL), ACCESSID NO_CRED_NO_ACCESS_ID WHILE

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Customer receives the following error message in the
Node agent when trying to start an application server from the
admin console.
.
BBOO0222I SECJ0305I: Role based authorization check failed for
security name (null), accessId NO_CRED_NO_ACCESS_ID while
invoking
method query:com.ibm.ws.management.discovery.ServerInfo on
resource  Discovery and module Discovery.
.
The problem occurs when multicast fails, and the node agent
and application server attempt to use mbean discovery instead.
.
To verify the symptoms.  In the node agent multicast has failed.
You should see a message in the node agent output.
.
BBOO0221W ADMC0051W: Failed to do a multicast-based process
discovery, trying discovery mbean
.
After starting the application server from the admin console
a error message indicating multicast has failed will appear in
the application server controller.
.
and the following error message will appear in the node agent.
.
BBOO0222I SECJ0305I: Role based authorization check failed for
security name (null), accessId NO_CRED_NO_ACCESS_ID while
invoking
method query:com.ibm.ws.management.discovery.ServerInfo on
resource  Discovery and module Discovery.
.
Another symptom of this error message is that started
applications in the admin console may appear as stopped.
Local fix
The error above only occurs for mbean discovery.  Customers
who are using multicast discovery do not experience this
error.  In order for multicast to work on Websphere V5, TCP/IP
apar 
PQ78874 along with Java SR21 (UQ82210) are minimally
required. In addition, the multicast address must be in the
range of 224.0.0.0 to 239.255.255.255 inclusive, which can
be found in the admin console at:
.
System Administration -> nodeagent -> End Points ->
Node Multicast Discover Address
.
JAVA APAR 
PQ85543 (SR23) may also be needed if symptoms
from this apar are experienced.
Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: Discovery between the Node Agent and    *
*                      the Application Server fails when       *
*                      the Discovery MBean is used with        *
*                      security enabled.                       *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Node Agent-Application Server discovery fails when multicast
fails and the Discovery MBean is used instead with security
enabled. The following messages can be seen in the logs.

BBOO0221W ADMC0051W: Failed to do a multicast-based process
discovery, trying discovery mbean

BBOO0222I SECJ0305I: Role based authorization check failed for
security name <null>, accessId NO_CRED_NO_ACCESS_ID while
invoking method query:
com.ibm.ws.management.discovery.ServerInfo on
resource  Discovery and module Discovery.
Problem conclusion
The proper credentials are now used when invoking methods on
the Discovery MBean.
 NOTE: In order for multicast to work on Websphere V5, TCP/IP
      apar 
PQ78874 along with Java SR21 (UQ82210) are
      minimally required.
      These are available for z/OS systems.
      Unfortunately, TCPIP does not offer a fix for 
PQ78874 at
      the level of TCPIP that runs on OS/390 R210.
      Consequently multicast does not work on an
      OS/390 2.10 system.

APAR PQ84695 is associated with SERVICE LEVEL W502004 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ84695
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-02-13
Closed date 2004-03-10
Last modified date 2004-04-06

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ86037    UP04/03/17 P F403

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ84695.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ84695
IBM Group: Software Group
Modified date: Apr 6, 2004