PQ82430: WITH SINGLE DOMAIN, MULTIPLE MACHINE SETUPS THE ADMIN GUI ALWAYSBROWSES FIRST NODE'S DIRECTORIES WHEN LOOKING FOR SSL KEYFILES

 A fix is available

PQ82430; 4.0.7: Modify Admin. Console Security Center to browse file structure



APAR status
Closed as program error.

Error description
Customer is running WebSphere on Solaris 2.8 systems, with
multiple systems sharing a common database repository.  The
customer first noticed this problem when he went to browse for
SSL key files and trust files under "default SSL configuration"
in the Security Center.  When he started the Admin Gui on the
second machine in the cluster he noticed that when he went to
browse for the key and trust files that he was accessing the
first machines directory structure.  Customer actually has two
problems that need to get fixed:
1) Change Admin GUI to browse file structure of the machine that
   the Admin GUI was brought up for.
2) Change Admin GUI so that it does not hang if SSL
   configuration files are changed if one of the machines in the
   domain is unavailable.  When an SSL key or trust file is
   changed it checks to see if those files are available on the
   other machines in the domain.  If one of the other machines
   in the domain is unavailable (system crach, network problem)
   the admin GUI will hang.
To recreate the problem install WebSphere on two different
machines, but make sure that they are sharing the database
repository.  Start WebSphere on both machines.  Start the admin
GUI on the first machine.  Go into security center, enable
security, click on the button for "Default SSL Configuration".
Change the file name to remove and substitution variables like
${WAS_HOME} in the file name for the key and trust files.  You
need to specify the complete path to the file, including the
file name.  If you change these settings to point to key and
trust files that only exist on the first machine you will notice
that an error comes up saying that these files do not exist on
at least one other node in the domain.  If you were to pull the
network cable on the second machine the admin GUI would hang.
Note however that when I did my test I was actually on the
second machine in the domain and pulled the network cable on the
first node.  You may not even need to change the name of the key
and trust file as I believe just trying to save it again when
one of the machines is not available will cause this behavior as
well.
Local fix
There is no local fix.
Problem summary
****************************************************************
* USERS AFFECTED: Users having security enabled and on a       *
*                 multi-node configuration.                    *
****************************************************************
* PROBLEM DESCRIPTION: When a user connects to a node from     *
*                      an adminclient and searches for a       *
*                      trust file, he expects to begin his     *
*                      browsing from the node in which he is   *
*                      connected to.  Currently this was not   *
*                      happening and if a remote node was      *
*                      hung then the adminclient will remain   *
*                      suspended for a long time.              *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Admin client remains suspended for a ling time when browsing
for trust files in a non-responsive node.
Problem conclusion
Changed the behaviour so that the adminclient always browses
on the node to which it is connected.
Temporary fix
Fix has been uploaded to 
pq99999 web site.  L2 informed
vide PMR update to arrange for deployment at customers
environment, and get feedback.
Comments
APAR information
APAR number PQ82430
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-12-18
Closed date 2004-06-15
Last modified date 2004-06-15

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
Security          

SRLS

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ82430
IBM Group: Software Group
Modified date: Jun 15, 2004