PQ83598: IN CERTAIN CASES, WEBSPHERE CREATES NEW CONNECTIONS WHEN THERE ARE AVAILABLE POOLED CONNECTIONS (DB2, MQ, IMS, CICS, ETC)

 A fix is available

Obtain the fix for this APAR



APAR status
Closed as program error.

Error description
Customer was monitoring Websphere's connection pooling by
displaying the number of physical DB2 threads that are created.
At times when all the pooled connections to DB2 are essentially
available, an application attempts to get a new connection with
with the same authentication information (ie: userid) as the
authentication information used to get connections currently
in the free pool.  A new connection was created to DB2 instead
of getting a connection from the free pool.
.
Additional Symptoms:
--------------------
WebSphere using MQ Connections.
JAVA OutOfMemory reported in the WebSphere Servant region
address space.  Review of the address space shows that there
are MANY, (in one case more than 900 TCB;s that have the
following Stack Trace:
.
Function
--------
CEEOPCT    (pthread_cond_timedwait)
pthread_cond_timedwait
condTimedWait
sysMonitorWait
xmThreadSleep
JVM_Sleep
java/lang/Thread.sleep(J)V
com/ibm/ejs/j2c/poolmanager/TaskTimer.run
INVOKDMY
com/ibm/ejs/j2c/poolmanager/TaskTimer.run
mmipExecuteJava
xeRunDynamicMethod
threadRT0
xmExecuteThread
threadStart
ThreadUtils_Shell
@@GETFN
CEEOPCMM
(unknown)
CEEOPCMM
(unknown)
.
Note that these are NOT WebSphere worker threads, but they are
WebSphere started threads.
.
Additional search words:
poolscavenger
.
.
LOCAL FIX for the Java OutOfMemoryError reported when using MQ
           Connections within a server region:
1) For MQ connections:
    There is a 'ReapTime' value associated with the 'Connection
    Pool' and the 'Session Pool' settings of the 'Queue
    Connection Factory' that is defined in the Admin Console.
.
  The 'ReapTime' can be set to '0' (zero) as a workaround.
.
 To set the ReapTime value,
.
 The 'path' in in the Admin Console would be:
a) Go to the server
b) set the 'scope' to be where the resource was defined under
.
If using Full MQ provider, the path is:
-> WebSphere MQ JMS Provider
  -> WebSphere MQ Queue Connection Factories
   -> <my QCF>
      -> Connection Pool
.
-> WebSphere MQ JMS Provider
  -> WebSphere MQ Queue Connection Factories
    -> <my QCF>
      -> Session Pool
.
If using the IJP (the MQ-Lite that ships with WebSphere) the
path is:
.
-> WebSphere JMS Provider
  -> WebSphere Queue Connection Factories
    -> <my QCF>
      -> Connection Pool
.
-> WebSphere JMS Provider
  -> WebSphere Queue Connection Factories
    -> <my QCF>
      -> Connection Pool
.
  In all of the above <my QCF> is the 'connection factory' that
is defined.
.
  In this panel, you can set the 'ReapTime' value to '0' to
circumvent the problem.
.
-------------------------------------------
Another separate symptom fixed by this apar
-------------------------------------------
BBOO0223I security.auth.j2c.invalidSubject message from
function com.ibm.ws.security.auth.j2c.WSLocalzOSExtensionImpl
and from function com.ibm.ejs.j2c.ThreadIdentitySecurityHelper
the following at the top of the callback stack:
J2CA0079E: Method ThreadIdentitySecurityHelper.finalizeSubject()
has detected an internal illegal state and is throwing an
IllegalStateException. The exception is:
java.lang.IllegalStateException:
Unable to build valid j2c Subject
com.ibm.ws.security.auth.j2c.WSLocalzOSExtensionImpl.
   getLocalOSInvocationSubject(WSLocalzOSExtensionImpl.java:138)
com.ibm.ejs.j2c.ThreadIdentitySecurityHelper.finalizeSubject
                         (ThreadIdentitySecurityHelper.java:370)
com.ibm.ejs.j2c.ConnectionManager.allocateConnection
                                    (ConnectionManager.java:494)
com.ibm.ejs.jms.JMSQueueConnectionFactoryHandle.
  createQueueConnection(JMSQueueConnectionFactoryHandle.java:80)
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All users of WebSphere Application Server    *
*                 V5.0 for z/OS                                *
****************************************************************
* PROBLEM DESCRIPTION: WebSphere creates new DB2 Connections   *
*                      there are already pooled connections    *
*                      for the same MVS identity.              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The WebSphere security runtime created new J2c Subjects each
time a DB2 connection was attempted for a given user. This
caused a new Subject, with a new Principal object and
and usually a new WSCredential Object to be returned to the
connection management layer.

Ultimately, the connection manager layer did not find a match
between this new subject and the one it had cached to represent
it pooled connection, and would then create a new pooled
onnection.
Problem conclusion
The WebSphere security runtime was modified to return the
identical Subject to the connection management subsystem on
requests by the same authenticated user, until the
authentication cache timeout value has been reached.  At this
point a new Subject will be created for use by connection
management.

APAR PQ83598 is associated with SERVICE LEVEL W502005 of
WebSphere Application Server V5.0 for z/OS.
Temporary fix Comments
APAR information
APAR number PQ83598
Reported component name WEBSPHERE FOR Z
Reported component ID 5655I3500
Reported release 500
Status CLOSED PER
PE NoPE
HIPER YesHIPER
Special Attention NoSpecatt
Submitted date 2004-01-22
Closed date 2004-03-26
Last modified date 2004-04-28

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
BBOUBINF          

Publications Referenced

Fix information
Fixed component name WEBSPHERE FOR Z
Fixed component ID 5655I3500

Applicable component levels
R500 PSY UQ86666    UP04/03/31 P F403

  Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.


Document Information


Current web document: swg1PQ83598.html
Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PQ83598
IBM Group: Software Group
Modified date: Apr 28, 2004