PQ82430: WITH SINGLE DOMAIN, MULTIPLE MACHINE SETUPS THE ADMIN GUI ALWAYSBROWSES FIRST NODE'S DIRECTORIES WHEN LOOKING FOR SSL KEYFILES | |||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description Customer is running WebSphere on Solaris 2.8 systems, with multiple systems sharing a common database repository. The customer first noticed this problem when he went to browse for SSL key files and trust files under "default SSL configuration" in the Security Center. When he started the Admin Gui on the second machine in the cluster he noticed that when he went to browse for the key and trust files that he was accessing the first machines directory structure. Customer actually has two problems that need to get fixed: 1) Change Admin GUI to browse file structure of the machine that the Admin GUI was brought up for. 2) Change Admin GUI so that it does not hang if SSL configuration files are changed if one of the machines in the domain is unavailable. When an SSL key or trust file is changed it checks to see if those files are available on the other machines in the domain. If one of the other machines in the domain is unavailable (system crach, network problem) the admin GUI will hang. To recreate the problem install WebSphere on two different machines, but make sure that they are sharing the database repository. Start WebSphere on both machines. Start the admin GUI on the first machine. Go into security center, enable security, click on the button for "Default SSL Configuration". Change the file name to remove and substitution variables like ${WAS_HOME} in the file name for the key and trust files. You need to specify the complete path to the file, including the file name. If you change these settings to point to key and trust files that only exist on the first machine you will notice that an error comes up saying that these files do not exist on at least one other node in the domain. If you were to pull the network cable on the second machine the admin GUI would hang. Note however that when I did my test I was actually on the second machine in the domain and pulled the network cable on the first node. You may not even need to change the name of the key and trust file as I believe just trying to save it again when one of the machines is not available will cause this behavior as well.Local fix There is no local fix.Problem summary **************************************************************** * USERS AFFECTED: Users having security enabled and on a * * multi-node configuration. * **************************************************************** * PROBLEM DESCRIPTION: When a user connects to a node from * * an adminclient and searches for a * * trust file, he expects to begin his * * browsing from the node in which he is * * connected to. Currently this was not * * happening and if a remote node was * * hung then the adminclient will remain * * suspended for a long time. * **************************************************************** * RECOMMENDATION: * **************************************************************** Admin client remains suspended for a ling time when browsing for trust files in a non-responsive node.Problem conclusion Changed the behaviour so that the adminclient always browses on the node to which it is connected.Temporary fix Fix has been uploaded to pq99999 web site. L2 informed vide PMR update to arrange for deployment at customers environment, and get feedback.Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
SRLS
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ82430
IBM Group: Software Group
Modified date: Jun 15, 2004
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.