Error:

WASX8011W: AdminTask object is not available.
WASX7015E: Exception running command: "AdminTask.help('createCluster');"; exception information:
com.ibm.bsf.BSFException: exception from Jython:
Traceback (innermost last):
File "<input>", line 1, in ?
NameError: AdminTask

Exit status= 103

Solution:

Start the application server or Deployment manager or node as wsadmin.sh cannot manage using AdminTask unless the server is running. below is the script I was running for example a command-line help command (getHelp.sh) which interrogates help for a specific AdminTask command.

/var/apps/was7/profiles/WASND7_01_dmgrProf/bin/wsadmin.sh -username wasadmin -password wasadmin -lang jython -c "print AdminTask.help('createCluster');"
echo "Exit status=" $?

Result now that Deployment Manager has started.

[root@localhostcell01 manageCluster]# ./getHelp.sh
WASX7209I: Connected to process "dmgr" on node WASND7_01_dmgrMnode using SOAP connector; The type of process is: DeploymentManager
WASX8006I: Detailed help for command: createCluster
Description: Creates a new application server cluster.
Target object: None
Arguments:
None
Steps:
clusterConfig - Specifies the configuration of the new server cluster.
replicationDomain - Specifies the configuration of a replication domain for this cluster. Used for HTTP session data replication.
convertServer - Specifies an existing server will be converted to be the first member of cluster.
eventServiceConfig - Specifies the event service configuration of the new server cluster.
promoteProxyServer - If a proxy server was specified for convertServer, apply the proxy settings for the contentServer to the cluster.

Exit status= 0

You are getting a Jython error in your complex WAS Jython script, is contains exceptions.AttributeError instance at

22:54:31,452 ERROR [main]  def createMember Error. <exceptions.AttributeError instance at 1205028819>

The reason is usually that you have not declared a variable that is required in your function/class

For example:

if( self.__firstMember=="true" ) :
logger.debug( "Member is the First Member")
logger.debug ("[-clusterName " + self.__clusterName + " -memberConfig " + self.getAttributes() + " -firstMember " + self.getFirstMemeberAttributes()+ "]")
else :
logger.debug( "Member is not the First Member")
logger.debug ("[-clusterName " + self.__clusterName + " -memberConfig " + self.getAttributes() + "]")
#endIf

Solution was to declare an instance variable, which had not been declared, yet we were testing it in an if statement.

 __firstMember = "false"                #If true then add extra attributes ie template settings for frist server in cluster

Error when running an imcl command to apply an iFix to WAS 8.5.5.x

For example, we are using the imcl command as follows:

/opt/IBM/InstallationManager/eclipse/tools/imcl install 8.5.5.4-WS-WAS-IFPI31339 -installationDirectory /var/apps/was8.5.5 -repositories /var/apps/installs/WAS_ND_8.5.5.4_IF_PI31339

 Error:

ERROR: The following errors were generated while installing.
  CRIMA1086E ERROR: Fix 8.5.5.4-WS-WAS-IFPI31339 is not applicable: at least one of the following applicable packages must be installed.
    ERROR: Offering id com.ibm.websphere.BASE.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.BASE.k1.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.EXPRESS.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.ND.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.ND.k1.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.zOS.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.BASETRIAL.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.EXPRESSTRIAL.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.NDTRIAL.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.WEBENAB.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.DEVELOPERS.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.DEVELOPERSILAN.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.BASE.le.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.EXPRESS.le.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.ND.le.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.BASETRIAL.le.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.EXPRESSTRIAL.le.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.NDTRIAL.le.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.DEVELOPERS.le.v85 with internal version range [8.5.5004,8.5.5005)
    ERROR: Offering id com.ibm.websphere.DEVELOPERSILAN.le.v85 with internal version range [8.5.5004,8.5.5005

 Solution: 

Install an appropriate Fix Pack level. In this case, the Interim Fix required Fix Pack 8.5.5.2 to 8.5.5.4 to be applied before this iFix can be applied.

Steve is a seasoned passionate technology professional, strategist and leader.

An expert in technical communications, and adept in almost all forms of Internet and mobile related technology, Steve has time and time again proven his tenacity to improve systems around him and deliver.

Steve has worn many hats during his career such as Chief Technical Officer, Founding Member of several business ventures, Programmer, Systems Administrator, Architect, Blogger and Published Author to name a few.

Due to 20 years Industry experience in Middleware, Programming, Networks and Internet Technologies, He combines systems knowledge with efficient working methods and inter personal skills required to build effective relationship with clients and colleagues alike. Exceeding typical expectations in any role undertaken, Steve is certain to become a valuable asset within any organisation He joins.

Key Skills
• Leadership (Team, Project, Business, People).
• Architecture (Solutions, Information, Technical, Applications).

Simply, I help you deal with CANETI:Constant And Never Ending Technological Innovation

Specific IBM WebSphere skills:

WebSphere Application Server Network Deployment (WAS ND)

• Automation
• Security
• Dev Ops
• Architecture
• Performance Tuning

Middleware Integration Skills:

• .NET programming, and Architecture
• Java Programming, and Architecture
• SOA, SOAP and XML messaging
• JBoss Fuse, WMQ, IIB, Mule

Airport Integration Skills:

• SOA
• Process Improvement
• ICD’s
• Messaging Architecture
• Governance

General Digital Architecture & Governance

• Lightweight Architectures
• Digital Strategy, platform stacks, IAAS, PAAS, SAAS
• PCI DSS

Industry Qualifications & Recognition

• TOGAF 9.1
• IBM Champion 2013

Hi, I am Steve Robinson, an independent IBM WAS (WebSphere Application Server) migration expert.

IBM WebSphere Application Server version 8..x.x.x (WAS 8, WAS 8.5, WAS 8.5.5, WAS 8.5.5.x) versions have been available for a while now, and so organizations are now evaluating whether to migrate their WAS 7 application servers and applications to the newest version. IBM supplies tools to help with migration of a WAS profile from WAS 7 to WAS 8.x, which are simple if used correctly, however application design can thwart the process and be an area of concern.

If you have need of services such as:

• Migration Automation
• Migration Approach
• J2EE, JEE Application Migration

Then please feel free to have a chat. My contact details are ob my contact page.

Regards,

Steve Robinson – IBM Champion 2013

PS, have a look at my FREE WebSphere 7 to WebSphere 8 article

If you or your organisation require support in architecture, performance tuning, automation or simply advice, then please contact me via my support site and request a conversation, where we can discuss your requirement.

About Steve

Steve is a seasoned passionate technology professional, strategist and leader.

An expert in technical communications, and adept in almost all forms of Internet and mobile related technology, Steve has time and time again proven his tenacity to improve systems around him and deliver.

Steve has worn many hats during his career such as Chief Technical Officer, Founding Member of several business ventures, Programmer, Systems Administrator, Architect, Blogger and Published Author to name a few.

Due to 20 years Industry experience in Middleware, Programming, Networks and Internet Technologies, He combines systems knowledge with efficient working methods and inter personal skills required to build effective relationship with clients and colleagues alike. Exceeding typical expectations in any role undertaken, Steve is certain to become a valuable asset within any organisation He joins.

Books by Steve

IBM WebSphere Application Server 8.0 Administration Guide http://www.packtpub.com/ibm-websphere-application-server-8-0-administration-guide/book

WebSphere Application Server 7.0 Administration Guide http://www.packtpub.com/webSphere-application-server-7-0-administration-guide/book

If you have found this page, you are likely to be looking for some WebSphere, advice and or support.

An expert in technical communications, and adept in almost all forms of Internet and mobile related technology, Steve has time and time again proven his tenacity to improve systems around him and deliver.

Steve has worn many hats during his career such as Chief Technical Officer, Founding Member of several business ventures, Programmer, Systems Administrator, Architect, Blogger and Published Author to name a few.

Due to 20 years Industry experience in Middleware, Programming, Networks and Internet Technologies, He combines systems knowledge with efficient working methods and inter personal skills required to build effective relationship with clients and colleagues alike. Exceeding typical expectations in any role undertaken, Steve is certain to become a valuable asset within any organisation He joins.

So, if you are looking for a professional to help with WAS Migration, WAS Architecture, and or WAS Automation, then please do contact me.

Books by Steve

IBM WebSphere Application Server 8.0 Administration Guide http://www.packtpub.com/ibm-websphere-application-server-8-0-administration-guide/book

WebSphere Application Server 7.0 Administration Guide http://www.packtpub.com/webSphere-application-server-7-0-administration-guide/book

In this article we learn how to download an install the IBM Packaging Utility so we can use it to download WAS source files to create a local file repository. We will use an existing IBM Installation Manager in this example.

Launch the IIM (IBM Installation Manager)

File-Preferences, then click Repositories

Click Add Repository and entre the following URL

http://www.ibm.com/software/repositorymanager/com.ibm.cic.packagingUtility

Enter you IBM username/password. If you do not have one, you can register for one.

Now click OK and then once back to the workbench click Install

Select the IBM Packaging Utility

Click Next until the installation begins. Be sure to choose a sensible location got the packaging utility

For example: /opt/IBM/PackagingUtility

Once installed we can navigate to /opt/IBM/PackagingUtility and type

./IBMPU

Click Copy Packages on the work bench, then you will be prompted to open a repository

For example: http://www.ibm.com/software/repositorymanager/V8WASNDTrial

To get a list of more repositories consult: http://www.learnersinternational.com/2012/08/websphere-respositories/

Select the appropriate source packages

In my case all I want is the WAS 8 ND Trial

Click Next

Read and Accept License, fill out the survey form. Click Next

Select a location where you would like the repository to be created

Click Next and confirm then click Copy. The IBM PU will then download the source files.

For WebSphere Application Server Network Deployment you are normally looking to download about 2.8 Gig of source files into your repository

Once downloaded you can use the IBM Installation Manager to install WebSphere ND trial using your local repository.

A list of Repositories to install WebSphere Application Server 8.5.5.5

This article discusses the PROS and CONS of downloading the latest WAS 8.5.5.x Network Deployment Product.

We are looking to install the IBM WebSphere Application Server Network Deployment 8.5 60 day product download for Windows.

Doing a google search we can see that there are two entry points on IBM’s site.

http://www.ibm.com/developerworks/websphere/downloads/

Which leads to:

http://www.ibm.com/developerworks/downloads/ws/wasnetwork/index.html

OR

http://www14.software.ibm.com/webapp/download/brand.jsp?b=Websphere

It doesn’t matter how you get to find the download, the point to realise is that when you use an Evaluation/Demo, the product is often bundled.

If we use the http://www14.software.ibm.com/webapp/download/brand.jsp?b=Websphere

Link we get to download the trial which is designed to be installed via IBM Installation Manager using a hosted repository.

I chose to download

I always use the IBM HTTP Download Director whenever possible

Once the file has been downloaded and expanded on disk we see the following file-structure

If we have a look at install.xml we see

We can see that there is a master URL and a set of Offering IDs. Now we can’t access these directly, but they can be used by a local IBM Installation Manager (IM)

If we run IM Installation Manager using i.e. run install.exe, we will see the IM workbench

You are likely to be presented with a user/name password, this will be your global IBM User ID. If you don’t have one, you will need to register one. I guess it is for IBM to track your evaluation downloads.

This can be an issue if your country is in an Embargo list, as you may not be able to register.

Once you have entered your IBM username/password and click OK, the IM will check the availability of the online Repo. Obviously this can take time and requires an internet connection.

Once done we are presented with a list of available installs, the default install that this packed IM knows about is pre-selected.

OK. So here we are, we have the ability to install WAS ND, but you will not be able to control the instsallation as opposed to when you use a commercial product. If you click OK, then IM will download the required repository into the installtion locaton, but you will be limited with what you can so. There is another way! We will stop here and take another approach!

Since my courses cover how to install IBM WebSphere products the commercial way, then we need to learn how to get around this issue.

Option 1.

It is possible to download IM’s from IBM which are pre-configured with the appropriate repository for the version of WAS 8 you are evaluating.

There can sometimes be issues with Firewalls and proxies, and thought IIM has settings sometime I find that the version of IIM downloaded for trials might not actually work correctly.

The best way is to download the IM separately. You can get IM from http://www-01.ibm.com/support/docview.wss?uid=swg27025142

You will be able to browse for the latest IM installer. At the time of writing it is version 1.8.2.

Download and install an independent version of IBM Installation Manage. You will be directed to Fix Central

Click Continue

The IBM HTTP Download Director is used again

Expand the download

Run install.exe

As shown above, you will be prompted to install IM

Click Next

Read and Accept the License

Decide on the location. I choose to use default for now.

Remember the location for example

C:\Program Files\IBM\Installation Manager\eclipse

It can be useful later.

Click Next, Confirm and let it install

Once it is complete locate the install folder and launch IBM Installation Manager, or simply click restart button.

Here is the location if you’re interested?

Once the IM workbench/workspace had been loaded

We can now set the location of the trial that we wich to download, using the intlligence cleaned from the XML file we looked at in the pre-packaged eval download.

Follow these steps to install an evaluation product. But be aware it requires an internet connection and can take time!

You can manually set the following repositories to use with in IIM to download you required evaluation version of WAS 8, there are also later WAS 8.5.x.x ones, see further below

http://www.ibm.com/software/repositorymanager/V8WASNDTrial

http://www.ibm.com/software/repositorymanager/V8WASDeveloperILAN

http://www.ibm.com/software/repositorymanager/V8WASBASE

The snippet below is out of date as far as screen captures go, but shows the essential steps.

Example: Configuring IM to download WAS 8 ND Trial

1. To configure repositories select File | Preferences

1. Within the Repositories panel, look for the Add Repository button. Click Add Repository and type in the appropriate URL to the required IBM WAS 8 repository.

1. Type http://www.ibm.com/software/repositorymanager/V8WASNDTrial in the Repository: field and click OK.
   1. It is possible to browse a local repository. Local repositories are configured within a common locating in your organisation. Once you have purchased the full version of WAS 8, then you will be given access to download repository artefacts using your Passport advantage account.

1. You can also click Test connections to verify a connection.

1. Note: If you have connection issues it could be your local Firewall settings, corporate firewall settings and or your corporate proxy server. To set the HTTP proxy settings, choose File | Preferences from the main menu and then select Internet form the Preferences explorer as seen below.

1. Once you have configured IIM and the appropriate repositories, Click OK to close the preferences. You will now be returned to the main workbench.
2. To being the installation click Install.

1. IIM will verify connection to the repository

1. On the Install Packages screen, select the IBM WebSphere Application Server Network Deployment Trial package.

1. Click Next to move onto the next screen
2. IIM will once again op up a progress dialog as it prepares the components for installation. It this stage IIM will also scan for fixes and give you the optional choice of installing a Fix pack (If one is available)

1. In this example there were some fixes available:

1. Click Next to move on. IIM will then present the License screen. Read and accept the license and click Next again.

1. You will then be presented with a survey. Complete as required and click Next.

1. After completing the survey you will be prompted to decide on a location for the shred resources directory. This allows multiple IBM products to share a common location for shared components.
   1. The default location on Windows will be: C:\Program Files\IBM\IMShared

1. Click Next to move onto he Web Sphere Application Server binary installation location screen.
   In this screen we will define the location where the binaries will be installed. You can choose any suitable location. As required.
   1. Make sure you have enough space for the chosen location.
   2. It is recommended that you use the IBM default locations unless you have a good reason to change. This approach helps with reference materials from IBM.
   3. Note: I personally often just use something along the lines of d:\was8. This way when I am using command line tools, I do not have to type/use the complex Windows paths. Also when you have “C:\Program Files\” in the path, it makes creating bat/cmd files more difficult due to the space in the folder path name.

1. Click Next and select your appropriate language in the Translations to install screen.
2. Click Next to review the available features available during this install.
   1. Optionally you can choose to install the sample applications and the EJB tool for pre EJB 3.0 modules.

1. Click Next to review the installation summary

1. Click Install to begin the actual installation.
   1. A Progress bar will be displayed as the instillation is preformed.
   2. Note: This process is downloading the appropriate required artefacts for the installation. The WAS ND 8 trial is 32 bit, and so you do not get an option during the installation wizard to choose a specific architecture i.e. 32 or 64bit.
2. When the installation is complete, IM will present you with a final page

   1. On the final page you can optionally launch the Profile Management Tool or not.
   2. Note: In this example we are not going to run the PMT as we will lean how to do this manually via the command line in another module.
3. Select, none from the Which programs do you want to start options, and then Click Finish to complete the WAS 8 ND installation
   
4. You will be returned to the IIM workbench. Click File | Exit to close IIM.
5. It is good practice to verify the installation. We can so this by using a command line tool called verisonInfo.bat (Windows) and versionInfo.sh (Linux)
   1. Locate the <was_root>/bin folder. <was_root> is the folder where you installed WAS 8 as specified in the installation steps above.
   2. Type: versionInfo.bat

The result of running this command file will be something similar to the following:

Now this is all fine and dandy, but we still have no ability to learn how to automate the product as if we did have the commercial product. You see my courses teach you how to do WAS unstill/upgrades etc. properly. If you wish to learn a batter method that will support installing WAS using a more commercial approach just like you would do in an organisation then you can use option 2.

Option 2. Using the IBM Packaging tool

We can download the IBM Packaging Utility from IBM from the same location as the latest IM

http://www-01.ibm.com/support/docview.wss?uid=swg24039013

Download the IBM Packaging Utility as directed using the similar approach we use above to locate and install IM

Be aware it is a 32 bit application

Expand and click install.exe

You may have to uninstall IM using control-panel, or you can consult this guide how install the IBM Packing Utility into an existing IM.

http://www.themiddlewareshop.com/2015/04/06/configuring-the-ibm-packaging-utility-to-be-able-to-download-and-prepare-repositories-using-an-existing-ibm-installation-manager/

Uninstall IM using Windows Programs and Features

Install the IBM Packing Utility with a new IM

Sorry, I know this is annoying, but there is more than one way to skin a cat here and after all we are learning to get around the confusing ways to install IBM trials, so tat your learning becomes aligned to commercial installs.

You could also just use the exiting IBM Installation Manager and point it to the IBM Packaging Utility Repo that is contained in the download, but this was confusing, so I opted to just install IM with Packing Utility in one go.

Once the IBM Packaging Utility is running, click next

Read and accept license, then confirm install location and then click next, next, next and install.

Close and restart IBM Packaging Utility. You may have to use an application Launcher, for example:

One the IBM Packaging Utility workbench has loaded, click “Copy Packages”

Click Open Repository

Paste/Type in the name of the repo, as determined from my earlier comments for example:

http://www.ibm.com/software/repositorymanager/V85WASNDTrial

You will be required to type in your IBM ID

Confirm and select the repo location and the IPU will list the available package IDs

There may be other WAS base options selected as they may be part of WAS ND for example, so click Next to be presented with License Agreements

Choose a suitable repository location

For example:

As we can see from the image below, there are many fragments, i.e. Fix Packs and iFixes, and it can take a very long time to download, but rest assured. You will now have a local repository and you can now use my course notes to install IBM WAS ND using the same process as you would the commercial product.

You can get my training courses from http://www.themiddlewareshop.com/products

For information consult:

http://www-01.ibm.com/support/knowledgecenter/SSDV2W_1.8.2/com.ibm.cic.auth.ui.doc/topics/r_pu_wm.html

Hi, I am Steve Robinson, an independent WebSphere Application Server migration expert Living in the United Kingdom

IBM WebSphere Application Server (WAS) version 8..x.x.x (WAS 8, WAS 8.5, WAS 8.5.5, WAS 8.5.5.x) versions have been available for a while now, and so organizations are now evaluating migration of existing WAS 7 application server environments along with applications to the newer stable and updated version of IBM WebSphere Application Server. IBM supplies tools to help with the migration of a WAS profile from WAS 7 to WAS 8.x, which are simple if used correctly, however, application design can thwart the process and be an area of concern. I can help with planning, architecture and automation of much of the process.

If you have need of services such as:

• Migration Automation
• Migration Approach & Strategy
• J2EE, JEE Application Migration support
• General WebSphere thought leadership

Then please feel free to have a chat. My contact details are on my contact page.

Regards,

Steve Robinson – IBM Champion 2013

PS, have a look at my FREE WebSphere 7 to WebSphere 8 article

WASX7209I: Connected to process “server01″ on node node01 using SOAP connector; The type of process is: UnManagedProcess
WASX7017E: Exception received while running file “/root/scripts/was/disableMQ.py”; exception information: com.ibm.websphere.management.cmdframework.CommandValidationException: ADMF0007E: target object is required.

Problem:

ADMF0007E: target object is required.

You are trying to run a commnand that requires an object to assign the property change to:

AdminTask.manageWMQ(“-disableWMQ true”)

Solution:

Change the code above to be:

AdminTask.manageWMQ(‘”WebSphere MQ Resource Adapter(cells/s15418557Node01Cell/nodes/node01/servers/server01|resources.xml#J2CResourceAdapter_1299445909935)”‘, ‘[-nativePath -disableWMQ true ]’)

You can see above there is a resource being specified that is a target resource.

Error found while running in Java WebSphere MQ client application

Explanation:
An MQCONN call was issued from a client to connect to a queue manager but the attempt to establish communication failed because the queue manager did not recognise the channel name.

Example:
A client channel was created

DEFINE CHANNEL(‘CLIENT.TO.TEST.QUEUE’) +
CHLTYPE( CLNTCONN ) +
CONNAME(192.168.0.171) +
DESCR(‘WebSphere MQ client connection to server’) +
TRPTYPE( TCP ) +
QMNAME(TEST.QUEUE) +
REPLACE

Solution:
Needed to add a channel from the server to the client e.g.

DEFINE CHANNEL(‘CLIENT.TO.TEST.QUEUE’) +
CHLTYPE(SVRCONN) +
TRPTYPE(TCP) +
DESCR(‘Server connection to WebSphere MQ client’)

This guide is a quick overview of how to use MySQL with WAS.
Before we begin, we first download the MySQL JDBC connector
http://dev.mysql.com/downloads/connector/j/

Create the JDBC Provider definition for MySQL

Log in to the WebSphere 8 Administrative Console select JDBC providers from the JDBC group in the Resources section.

Choose you scope and then click New

As seen in the actual JAR you can use this path inside the expanded JAR file (use 7zip to explore JAR).

mysql-connector-java-5.1.18-bin.jar\com\mysql\jdbc\jdbc2\optional\

This allows me to deduce that we can Enter com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource in the Implementation class name field.

Click Next to define the location of the JAR file.

I have downloaded to [/var/apps/mysql_jdbc/mysql-connector-java-5.1.18/ mysql-connector-java-5.1.18-bin.jar]

Click Next

Click Finish and Save.

Create a JDBCdatasource

Using the MySQl provider we added we are gong to crate and test a data source

Select Data sources, then choose your scope ie Cell scope and click New

Type in an appropriate JNDI name and actual data source name.

I used MYSQL_DataSource as my name and jdbc/mysql_datasource as my jndi name.

Click Next

On the select JDBC provider page, choose the MYSQL Provider we created above.

Use the defaults…

Click Next again

Click Next to continue, then review summary and click Finish and Save.

Now we need to crate a J2C authentication alias. In the Data sources list screen, click the new Data source.

Locate the Related item section and click on JAAS – J2C Authentication data

Click New

Add an Alias, Usr Id and password .

Click Apply and on the Data sources list page we can test using the Test Connection button.

Result of successful test in SystemOut.log and message on screen

[2/2/12 22:46:25:999 GMT] 0000014c DSConfigHelpe W DSRA0174W: Warning: GenericDataStoreHelper is being used.
[2/2/12 22:46:26:009 GMT] 0000014c DSConfigurati I DSRA8203I: Database product name : MySQL
[2/2/12 22:46:26:010 GMT] 0000014c DSConfigurati I DSRA8204I: Database product version : 5.0.77
[2/2/12 22:46:26:011 GMT] 0000014c DSConfigurati I DSRA8205I: JDBC driver name : MySQL-AB JDBC Driver
[2/2/12 22:46:26:012 GMT] 0000014c DSConfigurati I DSRA8206I: JDBC driver version : mysql-connector-java-5.1.18 ( Revision: tonci.grgin@oracle.com-20110930151701-jfj14ddfq48ifkfq )
[2/2/12 22:46:26:012 GMT] 0000014c DSConfigurati I DSRA8030I: Successfully connected to DataSource, with 1 warnings.

What we need to do now is add additional JDBC Data source options. We need to specify some additional properties for WAS to connect to the MySQL database.

This document contains the additional information on how to set Custom Properties required to configure a MySQL data source. Use this document in conjunction with my Original MySQL document.

Navigate to the Data Sources view by clicking on Resources | JDBC | JDBC Providers

Click to open the settings page for the appropriate Data source

Select you appropriate Data Source an click to open.

Locate the Additional properties section and click on Custom properties link

We need to add three properties to ensure our MySQL data source is used correctly.

Values for the three custom properties you need to ensure WAS knows how to connect to MySQL.

You need to do this for all Data Sources to ensure each Data Source has the correct Database specified.

This article is an overview of the general concepts of inbound and outbound SSL configurations for WebSphere Application Server. It applies to the recommended approach by IBM to use IHS for inbound SSL and to configure the appropriate scopes key and trust stores.

Read it through, it reads great, but there is a more to it than meets the eye. After reading the Inbound communications and Outbound communications please read through my comments after to get an idea of the type of level my training material covers on the topic of WebSphere SSL..

BEGIN: Excerpt from IBM Information Centre

Inbound communications

Most Web applications transmit sensitive data, for example, a user name and password during login or personal data during the interaction with the application. To make this data safe during transfer, we use SSL. In the WebSphere environment, we recommend that you access application

servers through a Web server, for example, IBM HTTP Server (IHS). If client certificate authentication is not required, perform the following steps to configure SSL communication:

1. Configure the Web server for SSL
   
   1. Create the key database file and certificates required for the Web server to participate in an SSL connection. The certificate must be signed by a well known CA.
      
   2. Enable the directives in the Web server configuration for SSL, pointing to the new key database. This step allows SSL connections to be established between Web browsers and the Web server.
      
2. Configure the HTTP Plug-in for SSL
   
   1. Add the Web server definition to WebSphere (which is usually done as a part of the HTTP plug-in configuration process).When a Web server definition is created, it is associated with a keystore that contains all of the signers for the cell and the chained certificate for the Web server node.
      
   2. Copy the Web server keystore and stash files for the plug-in to the Web server plug-in location.
      

If client certificate authentication is required, configuration is more complex. In addition to the previous steps, you have to configure the Web server to require client certificates and configure mutual trust between the plug-in and the application server.

Outbound communications

Applications might need to communicate with external services. These external services usually require encryption and often certificate authentication also. We recommend that you create separate SSL configurations for each external service to provide flexibility and isolation. Depending on your requirements, the number of external services, and the topology, you can select a specific SSL configuration selection method.

The following steps describe how to prepare SSL configuration for external

service:

1. Create a keystore at the appropriate scope. Choose a scope that will allow access to the keystore for all servers that have to connect to the external service.
   
2. Obtain the certificate from the external service server.
   
3. Import the certificate into the keystore as a signer certificate.
   
4. If client certificate authentication is required:
   
   1. If the service provider provides you with a client certificate, import it as a personal certificate into the keystore.
      
   2. Otherwise:
      
      1. Generate a new self-signed personal certificate or chained certificate.
         
      2. Extract the public part of the certificate or root signer certificate.
         
      3. Send the extracted certificate to the service provider where it must be
         

            added as a trusted certificate to allow a connection to be established.

1. Create a new SSL configuration at the same scope. Select the new keystore as both the keystore and the truststore.
   
2. Ensure that the SSL configuration will be used.
   

END: Excerpt from IBM Information Centre

How to implement the above??

Nice description above, but how do we do all this?

• What about the scenario when you do not want IBM HTTP Server for inbound SSL and you want to access WAS directly via SSL?
• Maybe you want WAS to communicate to a service hosted in another technology and you need WAS to be the client?
• Maybe you do not want WAS to present the default self –signed certificate in this type of conversation. Instead present singed certs from one of your company’s root certificates?

IHS (IBM HTTP Server) SSL configuration is covered in my SSL module [Part 1].
You can purchase this module from me, contact me for details.
My SSL module [Part 2] will discuss the ability to allow a client service to connect to WebSphere Application Server directly using SSL.
You can purchase this module from me, please contact me for details.

The error below is experienced during a signed CSR being imported back in to the WebSphere SSL certificate and key management repository.

Error:

Unable to initialize, java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.

Reason:

This is a result of copying an pasting a Base64-encoded ASCII signed cert as text into a Unix file using VI or similar editor, but an extra line has been added. This can often happen when copying from Windows to Unix.

I was trying to create a profile, using the syntsx seen later and I go the following error located in

/opt/IBM/WebSphere/AppServer/logs/manageprofiles/WASND7_01_node02Prof_create.log

Error:

This was the overall status of the WASND7_01_node02Prof_create.log when I tried to run the command below

Error:

The error was found deeper in to the file of the <was_root>/logs/manageprofiles/<profile_name>.log of the profile I was trying to create

Command Line executed was:

So what’s the issues?

I have previously created a Deployment Manager and thus I had already used this name. It is confusing, as because the parameter is –cellName, it must be a unique cell name. Each node, must have a unique call name ie each profile including the DMgr and all nodes.

-cellName = set a unique name even though you plan to federate the custom profile or standalone profile into a deployment manager cell. Federation requires unique cell names before it can make the node part of the deployment manager cell. A cell name must be unique in any circumstance in which the product is running on the same physical machine or cluster of machines, such as a sysplex. Additionally, a cell name must be unique in any circumstance in which network connectivity between entities is required either between the cells or from a client that must communicate with each of the cells. Cell names must also be unique if their namespaces are federated. Otherwise, you might encounter symptoms such as a javax.naming.NameNotFoundException error, in which case, create uniquely named cells.

If you have found this page, you are likely to be looking for an IBM WebSphere expert to help with WebSphere Architecture, Support, Migration, Automation or Thought Leadership.

An expert in technical communications, and adept in almost all forms of Internet and mobile related technology, Steve has time and time again proven his tenacity to improve systems around him and deliver.

Steve has worn many hats during his career such as Chief Technical Officer, Founding Member of several business ventures, Programmer, Systems Administrator, Architect, Blogger and Published Author to name a few.

Due to 20 years Industry experience in Middleware, Programming, Networks and Internet Technologies, He combines systems knowledge with efficient working methods and inter personal skills required to build effective relationship with clients and colleagues alike. Exceeding typical expectations in any role undertaken, Steve is certain to become a valuable asset within any organisation He joins.

So, if you are looking for a professional to help with WAS Migration, WAS Architecture, and or WAS Automation (Shell, Jython, Java) and/or Middleware Integration, then please do contact me.

WebSphere Books by Steve Robinson

IBM Awards:

IBM Champion 2013

Error:

Validation failed: SECJ7716E: Primary administrative user Id does not exist in the registry.

Reason: You have set a primary administration user for example wasadmin, when you were using the internal fileREgistry.xml repository, then you switched to use a standalone LDAP, and that LDAP directory does not have the use wasadmin

Another error

CWWIM5020E Could not connect to the ldap repository using

properties: [port=10389],[bindDN=uid=wasadmin,ou=system],[certificateMapMode=exactdn],[sslConfiguration=],[securityDomainName=admin],[sslEnabled=false],[connectTimeout=20],[connectionPool=false],[id=APCHEDS_LDAP],[ldapServerType=CUSTOM],[host=localhostcell01],[referal=ignore],[derefAliases=always],[certificateFilter=],[authentication=simple],[bindPassword=****]. Exception occurred: javax.naming.AuthenticationException.

Reason:

You have used an incorrect bind distinguished name to authenticate with your LDAP server. Check the name and the password that you are using for LDAP Bind.

When setting an LDAP repository in WebSphere Application WE get the following error:

Validation failed: SECJ7716E: Primary administrative user Id does not exist in the registry.

When I click Set as current, I get the following error as seen in SystemError.log

Error

These are the setting used

Cause

AS we can see above Bind distrinquished name (DN) field contains

Note the spelling error, there is an extra ‘a’ in the word ldap!

It should contain

Note: This error can also happen when you are using an invalid password, best to log into LDAP Administration console of your LDAP server and re-validate the password. Most LDAP Servers have some sort of Administrative GUI that often provides a validate existing password function. Alternatively, just change the password.

To learn more about the courses available from The Middleware Shop, please go to http://www.themiddlewareshop.com/products to see a full list of the current courses available.

Consulting

If you or your organization require support in architecture, performance tuning, automation or simply advice, then please contact me via my support site and request a conversation, where we can discuss your requirement.

About Steve

Steve is a seasoned passionate technology professional, strategist and leader.

An expert in technical communications, and adept in almost all forms of Internet and mobile related technology, Steve has time and time again proven his tenacity to improve systems around him and deliver.

Steve has worn many hats during his career such as Chief Technical Officer, Founding Member of several business ventures, Programmer, Systems Administrator, Architect, Blogger and Published Author to name a few.

Due to 20 years Industry experience in Middleware, Programming, Networks and Internet Technologies, He combines systems knowledge with efficient working methods and inter personal skills required to build effective relationship with clients and colleagues alike. Exceeding typical expectations in any role undertaken, Steve is certain to become a valuable asset within any organisation He joins.

 Key Skills

• Leadership (Team, Project, Business, People).
• Architecture (Solutions, Information, Technical, Applications).

Simply, I help you deal with CANETI: Constant And Never Ending Technological Innovation

Specific IBM WebSphere skills:

WebSphere Application Server (WAS Base, WAS ND & Liberty Profile & Liberty Runtime)

• Automation
• Security, SSL
• Dev Ops
• Architecture
• Performance Tuning

Middleware Integration Skills:

• .NET programming, and Architecture
• Java Programming, and Architecture
• SOA, SOAP and XML messaging
• JBoss Fuse, WMQ, IIB, Mule

Integration Skills:

• SOA
• Process Improvement
• ICD’s
• Messaging Architecture
• Governance

General Digital Architecture & Governance

• Lightweight Architectures
• Digital Strategy, platform stacks for example IAAS, PAAS, SAAS
• PCI DSS

 Industry Qualifications & Recognition

TOGAF 9.1

• IBM Champion 2013

ApacheDS

ApacheDS is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Since ApacheDS is a Java based solution, you will find it easy to administer and configure, and it works well with WebSphere with minimal configuration out of the box.

Installing ApacheDS

You can acquire the Apache DS download and installation instructions from http://directory.apache.org/. There are versions available or all major platforms and the documentation is very good. For my installation I have used version 2.0.0-M19 for Linux, which is the latest version available at the time of writing.

Once you have downloaded and installed ApacheDS we will need to make some configuration changes for use in our example. To do so, we now need to download and install an LDAP client so we can administer our ApacheDS LDAP sever. To do this, we will use the ApacheDS Eclipse-based admin tool called Apache Directory Studio (ADS), which can be downloaded here: http://directory.apache.org/studio.

I will be using ADS for Windows installed on my Windows desktop. Once you have downloaded and installed ADS, start the application.

I uploaded the installation to /var/apps/installs/ApacheDS

I then ran the following RPM command to install the software

Result:

When we issue a find command to locate apacheds we can see the location of the install

Result:

The structure of the folder is as follows:

Consult the documentation on the site for more information about the ApacheDS file-structure: https://directory.apache.org/apacheds/advanced-ug/5.1-layout.html

You need to ensure that you have JRE available I installed Open JDK by using yum install java

We then need to do a little work to figure out how to run apacheds. Firstly we need to ensure that ApacheDS knows where java is located. I have used OpenJDK, using a yum install.

This command will install OpenJDK, which is sufficient for our needs.

We now need to edit the wrapper.conf file which defines where the JRE is located.

The wrapper.conf is located in /var/lib/apacheds-2.0.0_M19/default/conf/

We need to add a line that defines the location of java. I have used the command which java

And it reports that java is found in the location: /usr/bin/java

• Edit the wrapper.conf file as follows:
  

Note: Use which java to determine path to java

The default configuration loaded is located here, but we will not be looking into this ldif file as we will create our own directory partition using Apache Directory Studio.

• We also need to open up the firewall on our Linux Server (CentOS 7) for the LDAP protocol
  

• Restart the firewall
  

• Using the following command in CentOS 7 we can start ApacheDS
  

Note: To stop change start to stop

• We can then issue a netstat command to verify that ApacheDS is listening
  

Result:

We can now install Apache Directory Studio and connect to your new LDAP Directory.

http://directory.apache.org/studio/download/download-windows.html

• Download and install Apache Directory Studio (ADS) on to a Windows Desktop (this mimics how you would administer in the real world. We will connect remotely to the LDAP server and then configure our directory to suit our needs.
  

Once loaded, ADS will present a welcome page.

Close the welcome screen and create a new connection to our new ApacheDS LDAP server which will allow us to administer the LDAP directory.

• From the main menu choose File-New
  

• Select LDAP Connection
  

Click Next

On the New LDAP Connection screen, fill in the Connection name, Hostname and Port as shown below.

• Click on the Check Network Parameter button to test the network connection to the LDAP server.
  
• Once you have a successful connection, then click Next
  

On the next screen, we will enter uid=admin,ou=system into the Bind DN or user field, and enter secret into the Bind password field. These are the default values for the default instance that we are connecting to.

Note: By default Apache DS provides a default instance, and that instance has a default partition of data ie an LDAP directory which we are connecting to.

Open the connection to the running LDAP server

Once connected we will see the default partition in the LDAP browser as sown below

The default partition is called dc=example, dc-system as shown above. We can see the admin user which we used to log into the LDAP server ie uid=admin, ou=system,dc=example,dc=com. Now we will create a new partition, then restart the serve to take effect

Adding a new partition

We do not want to sue the default example partition, instead we will create our own. We do this for two reasons.

1. At the time of writing, there are no succinct articles on the internet that show how to do this using the level of detail we are covering here in this guide. Especially how to use Apache DS as an LDAP sever for WAS.
   
2. It is more akin to a production setup, when we use our own directory.
   

It is not recommended that you do not use the default tree starting at dc=example,dc=com. The reason is that with this tree, is the uid=admin,ou=system user is a special admin user user created in the default instance, and though can be used as an LDAP Bind user by WebSphere, Application Server it is not a good idea to use the directory’s admin user. By creating a new tree, we can understand more about how our tree design affects LDAP configurations in WAS. So, with this in mind we are going to create a new partition called dc=themiddlewareshop,dc=com as shown in the screen capture below. It will have one LDAP Bind account called uid=wasldapbind, a group called wasadmins, a group called wasdeployers, a group called applogin and four users. Three users are people and one user will be wasadmin, which is a special account for WAS to use as the Primary Administrator ID for Global Security/LDAP configurations.

Below is a table of the data we are creating on our directory i.e. our users, and groups.

Table of Group membership we wish to create.

Creating the partition

Follw these steps to create the new partition

• Right-click on the LDAP Server Connection
  

Click the Partitions tab, or click the Advanced Partitions configuration link

• In the partitions page, fill in the ID with “The Middleware Shop” and the Suffix field to be “dc=themiddlewareshop,dc=com“, then click then close the page, by clicking the close “X” on the left-hand-side top corner, tab as shown in the image below.
  

• Save the changes
  

• Close the connection, so that we can restart the LDAP server.
  

The LDAP server must be restarted for partition changes to take effect.

• Issue the stop command
  

• Then, once stopped, issue the start command
  

Now we can log back in to the LDAP server using ADS. We will see a new partition in the LDAP Browser.

In LDAP, an object class defines the collection of attributes that can be used to define an entry. The LDAP standard provides these basic types of object classes:

• Groups in the directory, including unordered lists of individual objects
  or groups of objects
  
• Locations, such as the country name and description
  
• Organizations in the directory
  
• People in the directory
  

For instance, the commonName, or cn, attribute is used to store a person’s name. For example, a person named Bob Jackson might be represented in a directory as:

cn=Bob Jackson or cn=Bob, sn=Jackson or commonname

We are now going to manually populate the contents of this directory. First we will add the OUs. Then progress with adding users, then group and populating groups.

Creating OUs

• Right-click on the new partition and select New->New Entry
  

On the Entry Creation Method screen, choose Create entry from scratch, and then click Next to continue.

On the New Entry Screen, type “o” to drill down to objects with names starting with “o” and select organizationalUnit, then click Add.

Result

Click Next, then type ou in the RDN (Relative Distinguished Name) field. Then type system in the corresponding value field

Click Next

We can see that the objectClass is organizationalUnit. We can now add entries beneath this RDN to create further hierarchical RDNs. Hence the term LDAP tree.

Click Finish

The result will be a new ou (ou=system) added to the partition tree, as seen below

Now add two other ou’s called Groups and Users underneath system. Follow the same process as above.

Result

Directly under the System OU, we will add a user called wasldapbind, this user is explained in the table of names we looked at earlier.

Adding Users

• We use the same right-click to create a new entry
  

In the Object Classes screen you will need to select two object classes from the left-hand-side list of object classes. Scroll or search for inetOrgPerson and click the Add button to populate the right-hand Selected object classes list as show below. Essentially we are defining a schema of required attributes needed to define users.

Click Next to progress to the Distinguished Name screen. In this screen you will fill in attribute details required to populate a new user entry. In the RDN section, we can now add entries for fields such the cn, sn and uid attributes as defined by the assigned objectClass, then populate these attributes accordingly.

Enter uid in th RDN field and wasldapbind in the value field as shown above, then click next.

In this example, I did not want to provide a cn, and sn entry, but since they are mandatory objectClass attributes, we can add “” for null.

If you fill out the cn and sn fields, then you will need to specify them in the LDAP Bind in WAS. To make it simpler, I shorten the DN (Distinguished Name) a bit by adding nulls.

Now we wish to create the three people, to do this we select the users OU and add the following new entries that use the inetOrgPerson objectClass.

Below is a view of the process followed for each user

• Create a new entry
  
• Apply the inetOrgPerson objectclass
  
• Fill out the uid, cn, and sn attributes
  

In the example image above, we have just done is create a user (person object) called Bob Jackson with a uid attribute with the value of bobjackson which we will use as a Bob’s username in WebSphere.

Click Finish to Save

Once the new entry has been added, we edit the entry to add a password.

Right-mouse click on a new grid row

Type user in the Attribute type field to search for attributes matching user as seen below

Click Next, then Finish, and you will be presented with the following Password Editor screen:

Type bobjackson as the password and click OK.

Repeat this action for the other two users.

The result being:

We have essentially created three new users (people). Before we finish, we need to add a special user known as an account user. This is asecurity ID that will be used by WAS as the Primary Administrative ID when we set up LDAP in WAS.

• Add a new entry, but this time select the account, and simpleSecurityObject objectClasses as shown below
  

Fill in the uid attribute with the value wasadmin

Click Next, to automatically prompted to add a password. Set the password to wasadmin.

Click OK, then Finish

The resulting LDAP tree should now look like the following image

We have completed adding users, now we need to look at how to create groups and assign users to these groups.

Creating a Group

Groups are simple to create, all we do is add a new entry to the appropriate OU, assign an appropriate objectClass for example groupOfNames then we assign the group a CN.

Create a new entry in the Groups OU, and assign the groupOfNames objectClass.

Click Next and fill out the cn attribute for example wasadmins

Click Next and Browse to add members

Click Finish, and the result should look something like below

Repeat this process until you have completed this table of groups and memberships

The resulting tree will look like the image below

We have now completed setting up our partition for use with WAS LDAP configurations learning how to use role-bases mappings in the console and also later applications.

LDIF Contents

It is possible to import and export LDIF files (.ldif) from Apache Directory Studio. This is very convenient for you to import existing trees. You could in fact create the above partition by creating a file using the contents from the file below.

Note: I have provided this file for download as part of the packaged guides.

For informational purposes, the exported LDIF file of the dc=themiddlewareshop,dc=com tree is as follows:

To learn more about the courses available from The Middleware Shop, please go to http://www.themiddlewareshop.com/products to see a full list of the current courses available.

Consulting

If you or your organization require support in architecture, performance tuning, automation or simply advice, then please contact me via my support site and request a conversation, where we can discuss your requirement.

About Steve

Steve is a seasoned passionate technology professional, strategist and leader.

An expert in technical communications, and adept in almost all forms of Internet and mobile related technology, Steve has time and time again proven his tenacity to improve systems around him and deliver.

Steve has worn many hats during his career such as Chief Technical Officer, Founding Member of several business ventures, Programmer, Systems Administrator, Architect, Blogger and Published Author to name a few.

Due to 20 years Industry experience in Middleware, Programming, Networks and Internet Technologies, He combines systems knowledge with efficient working methods and inter personal skills required to build effective relationship with clients and colleagues alike. Exceeding typical expectations in any role undertaken, Steve is certain to become a valuable asset within any organisation He joins.

Key Skills

• Leadership (Team, Project, Business, People).

• Architecture (Solutions, Information, Technical, Applications).

Simply, I help you deal with CANETI: Constant And Never Ending Technological Innovation

Specific IBM WebSphere skills:

WebSphere Application Server (WAS Base, WAS ND & Liberty Profile & Liberty Runtime)

Automation

Security, SSL

Dev Ops

Architecture

Performance Tuning

Middleware Integration Skills:

.NET programming, and Architecture

Java Programming, and Architecture

SOA, SOAP and XML messaging

JBoss Fuse, WMQ, IIB, Mule

Integration Skills:

SOA

Process Improvement

ICD’s

Messaging Architecture

Governance

General Digital Architecture & Governance

Lightweight Architectures

Digital Strategy, platform stacks for example IAAS, PAAS, SAAS

PCI DSS

Industry Qualifications & Recognition

TOGAF 9.1

IBM Champion 2013