PQ71832: NULL SESSION HANDLE ERRORS IN APPLICATION SERVER STDOUT FILE.

 Fixes are available

4.0.7: WebSphere Application Server Version 4.0 Fix Pack 7
Security; V4.0.2-V4.0.7: Cumulative fix for security component



APAR status
Closed as program error.

Error description
(PQ71832 is included in 5-16-2003 security cumulative fix.)
1.These errors occur repeatedly in the app servers stdout file.
.
[VaultImpl.get_security_context]:
[12/13/02 9:11:12:905 EST]   1214b1 SystemOut     U
 JSAS0170E: Null session handle in session table.  Check to see
if a server process has
terminated just prior to receiving these errors.  If a process
has terminated, restart
the process and retry the operation.  Verify that the client
userid/password is valid.
 If the login fails, the session will be deleted on the client
side and the credentials
will be marked invalid.  If a retry occurs, you will likely see
this error.  Restart the
client program after verifying the login info.  If the errors
persist, contact support for assistance.
.
2.The errors happen on different application servers at
different times. The customer has
52 application servers running on 2 nodes (36:1 ratio).  The
error also occurs in his production
system which has 8 application servers to 1 node.
.
3. When customer enables tracing, the errors do not occur. He is
using seclogger40.jar for
tracing. He began by filtering for these three classes:
.
com.ibm.CORBA.securityTraceFilter=SecureAssociationInterceptorI
pl,VaultImpl,SecurityConnectionInterceptor
.
The problem did not occur during tracing. Once tracing was
disabled, the problem came back.
.
He has also tried tracing while filtering for just one class at
a time.
The problem still does not occur even with tracing only one
class.
.
4. The customer has increased the value of maxopenconnections to
1000, and the errors still
persists.  The Sun environment has a limit of 1024 threads per
process, so the most this value
can be set to is 1024.
.
5. The customer has tuned their system according to suggestions
from the ORB team
as follows.  While this has improved other problems, it has not
changed this problem.
.
6. Two previous suggestions have NOT been tried:
John suggested setting in sas.server.props file, the following
property:
com.ibm.CORBA.NotifyBrokenConnectionEnabled=false.  This has not
been
tried due to concern over side effects (memory leaks).
.
The other suggestion was to just enable ORB tracing. The
customer has
concerns about the performance impact of doing this, and he is
concerned
that the ORB tracing will also mask the problem.
.
If level 3 thinks that it is essential to attempt these last two
items, the
customer is willing to attempt them - if their concerns are
addressed.
.
This APAR is being created at the request of L3 security team:
Because the null session handle error is a fully recoverable
condition, the WebSphere administrator should not be informed of
this condition. This APAR will address removing the
message and making it a debug only message.
Local fix
Enabling security tracing on just one class causes
the errors to disappear.
Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who   *
*                 have enabled security.                       *
****************************************************************
* PROBLEM DESCRIPTION: JSAS0170E: Null session handle in       *
*                      session table reported in the           *
*                      tracefile and Administration console.   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
These errors occur repeatedly in the application servers stdout
file.

[VaultImpl.get_security_context]:

[12/13/02 9:11:12:905 EST]   1214b1 SystemOut     U
 JSAS0170E: Null session handle in session table.  Check to see
 if a server process has terminated just prior to receiving
 these errors.  If a process has terminated, restart the
 process and retry the operation.
 Verify that the client userid/password is valid. If the login
 fails, the session will be deleted on the client side and the
 credentials will be marked invalid.  If a retry occurs, you
 will likely see this error.  Restart the client program after
 verifying the login info. If the errors persist, contact
 support for assistance.
Problem conclusion
The message currently represents a fully recoverable condition
from respect of the code reporting it.  The message has been
converted into a message for debug tracing only.
Temporary fix Comments
APAR information
APAR number PQ71832
Reported component name WEBSPHERE AES S
Reported component ID 5630A2302
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2003-03-07
Closed date 2003-05-28
Last modified date 2003-05-29

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
Security          

SRLS

Fix information

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ71832
IBM Group: Software Group
Modified date: May 29, 2003