PQ67926: CANNOT START THE ADMIN SERVER WITH A USER ASSIGNED TO ADMIN ROLE

 A fix is available

4.0.5: WebSphere Application Server Version 4.0 Fix Pack 5 (Version 4.0.5)



APAR status
Closed as program error.

Error description
Problem Reported:
Cannot start the admin server with a user assigned to Admin
Role:
.
 performed the following steps:
.
1.uninstalled WAS
2.dropped and recreated the admin database
3.deleted /usr/WebSphere/AppServer
4.installed WAS 4.0
5.installed PTF 2
6.started WAS
7.configured Security to use IBM bluepages as LDAP server
.
8.stopped WAS
9.started WAS
10.Added user cdsharp@us.ibm.com to admin role
11.stopped WAS
12.installed PTF 4
13.started WAS
14.Admin. Server failed to start. Generated secuirty related
errors in
  tracefile.
15.edited sas.server.props file. Set
com.ibm.CORBA.securityEnabled=false
16.connected to the admin repository database and set
securityenabled =0
17.(db2 "update ejsadmin.securitycfg_table set securityenabled
=0")
 restarted WAS
18.Admin. Server started
19.connected to server with admin client and used the security
center to
 remove the cdsharp entry from the admin role.
20.enabled security
21.stopped WAS
22.admin. server started with no errors
connected to server with admin. client (received logon prompt)
Local fix
Workaround:
.
Disable security in DB2
Start adminserver and admin console
Remove all users from admin role
Re-enable security
Shut down and restart WAS
Adminserver should come up.
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who   *
*                 have enabled security and have invalid       *
*                 users listed in the Administrative Role.     *
*                                                              *
****************************************************************
* PROBLEM DESCRIPTION: If an ID which is not valid in the      *
*                      user registry is referenced in the      *
*                      Administrative Role, the                *
*                      Administration Server will not          *
*                      initialize.                             *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
If an ID which is not valid in the user registry is referenced
in the Administrative Role, the Administration Server will not
initialize.  The problem stems from the user registry returning
a null instead of returning a valid access ID.  Errors similar
to the following will be encountered.

 11/18/02 15:12:24:621 CST  6097e07e Initializer   X SECJ0007E:
    Error during security initialization. Exception null at
    location: java.lang.NullPointerException
        at com.ibm.ejs.models.base.bindings.applicationbnd.
           impl.SubjectImpl.equals(SubjectImpl.java:30)
        at com.ibm.etools.emf.ref.impl.OwnedListImpl.
           indexOf(OwnedListImpl.java(Compiled Code))
        at com.ibm.etools.emf.ref.impl.OwnedListImpl.
           duplicate(OwnedListImpl.java(Compiled Code))
        at com.ibm.etools.emf.ref.impl.OwnedListImpl.
           duplicate(OwnedListImpl.java(Compiled Code))
        at com.ibm.etools.emf.ref.impl.OwnedListImpl.
           add(OwnedListImpl.java:48)
        at com.ibm.ejs.models.base.bindings.applicationbnd.gen.
           impl.UserGenImpl$User_List.add(UserGenImpl.java:31)
        at com.ibm.ejs.security.Initializer.
           bindServerIdToAdminApp(Initializer.java:503)
        at com.ibm.ejs.security.Initializer.
           initialize(Initializer.java:220)
        at com.ibm.ejs.security.Initializer.
           serverStarted(Initializer.java:136)
        at com.ibm.ws.runtime.Server.
           fireServerStarted(Server.java:2018)
        at com.ibm.ws.runtime.Server.
           fireServerStarted(Server.java:2011)
        at com.ibm.ejs.sm.server.AdminServer.
           initializeRuntime0(AdminServer.java:1144)
        at com.ibm.ws.runtime.Server.
           initializeRuntime(Server.java:884)
        at com.ibm.ejs.sm.server.AdminServer.
           main(AdminServer.java:392)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.ibm.ws.bootstrap.WSLauncher.
           main(WSLauncher.java:158)
.
 11/18/02 15:12:24:711 CST  6097e07e Initializer   X SECJ0007E:
    Error during security initialization. Exception null at
    location: java.lang.NullPointerException
        at com.ibm.ejs.models.base.bindings.applicationbnd.
           impl.SubjectImpl.equals(SubjectImpl.java:30)
        at com.ibm.etools.emf.ref.impl.OwnedListImpl.
           indexOf(OwnedListImpl.java(Compiled Code))
        at com.ibm.etools.emf.ref.impl.OwnedListImpl.
           duplicate(OwnedListImpl.java(Compiled Code))
        at com.ibm.etools.emf.ref.impl.OwnedListImpl.
           duplicate(OwnedListImpl.java(Compiled Code))
        at com.ibm.etools.emf.ref.impl.OwnedListImpl.
           add(OwnedListImpl.java:48)
        at com.ibm.ejs.models.base.bindings.applicationbnd.gen.
           impl.UserGenImpl$User_List.add(UserGenImpl.java:31)
        at com.ibm.ejs.security.Initializer.
           bindServerIdToAdminApp(Initializer.java:503)
        at com.ibm.ejs.security.Initializer.
           initialize(Initializer.java:220)
        at com.ibm.ejs.security.Initializer.
           serverStarted(Initializer.java:136)
        at com.ibm.ws.runtime.Server.
           fireServerStarted(Server.java:2018)
        at com.ibm.ws.runtime.Server.
           fireServerStarted(Server.java:2011)
        at com.ibm.ejs.sm.server.AdminServer.
           initializeRuntime0(AdminServer.java:1144)
        at com.ibm.ws.runtime.Server.
           initializeRuntime(Server.java:884)
        at com.ibm.ejs.sm.server.AdminServer.
           main(AdminServer.java:392)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.ibm.ws.bootstrap.WSLauncher.
           main(WSLauncher.java:158)
.
 11/18/02 15:12:24:751 CST  6097e07e AdminServer   X WSVR0009E:
    Error occurred during startup
    java.lang.RuntimeException
        at com.ibm.ejs.security.Initializer.
           serverStarted(Initializer.java:142)
        at com.ibm.ws.runtime.Server.
           fireServerStarted(Server.java:2018)
        at com.ibm.ws.runtime.Server.
           fireServerStarted(Server.java:2011)
        at com.ibm.ejs.sm.server.AdminServer.
           initializeRuntime0(AdminServer.java:1144)
        at com.ibm.ws.runtime.Server.
           initializeRuntime(Server.java:884)
        at com.ibm.ejs.sm.server.AdminServer.
           main(AdminServer.java:392)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.ibm.ws.bootstrap.WSLauncher.
           main(WSLauncher.java:158)
Problem conclusion
Null access IDs are now checked and ignored.
Temporary fix
provided testing eFix to customer.
Comments
APAR information
APAR number PQ67926
Reported component name WEBSPHERE AE AI
Reported component ID 5630A2200
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-11-05
Closed date 2002-11-18
Last modified date 2002-11-18

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
SECURITY          

SRLS

Fix information
Fixed component name WEBSPHERE AE AI
Fixed component ID 5630A2200

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ67926
IBM Group: Software Group
Modified date: Nov 18, 2002