Sunday, 27 April 2014

Admin console does not open

My dmgr successfully running  but I cannot open admin console  So i follow the below procedure then i resolve it .

 [kumar@websphe bin]$ ./startManager.sh
ADMU0116I: Tool information is being logged in file
           /u02/local/opt/was/was80/profiles/dmgr/logs/dmgr/startServer.log
ADMU0128I: Starting tool with the dmgr profile
ADMU3100I: Reading configuration for server: dmgr
ADMU3200I: Server launched. Waiting for initialization status.

ADMU3000I: Server dmgr open for e-business; process id is 7639










I Got above error 

1. First I take backup of dmgr

[kumar@websphe bin]$ ./backupConfig.sh
ADMU0116I: Tool information is being logged in file
           /u02/local/opt/was/was80/profiles/dmgr/logs/backupConfig.log
ADMU0128I: Starting tool with the dmgr profile
ADMU5001I: Backing up config directory
           /u02/local/opt/was/was80/profiles/dmgr/config to file
           /u02/local/opt/was/was80/profiles/dmgr/bin/WebSphereConfig_2014-04-27.zip
ADMU0505I: Servers found in configuration:
ADMU0506I: Server name: dmgr
ADMU2010I: Stopping all server processes for node Manager01
ADMU0510I: Server dmgr is now STOPPED
.........................................................
ADMU5002I: 1,255 files successfully backed up
[kumar@websphe bin]$

Backup also successfully done then

2. I remove admin console application using below command

[kumar@websphe bin]$ ./wsadmin.sh -f deployConsole.py remove
WASX7023E: Error creating "SOAP" connection to host "localhost"; exception information: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Protocol; msg=; targetException=java.net.MalformedURLException]
WASX7213I: This scripting client is not connected to a server process; please refer to the log file /u02/local/opt/was/was80/profiles/dmgr/logs/wsadmin.traceout for additional information.
WASX8011W: AdminTask object is not available.
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[remove]"
Removing Admin Console...
WASX7017E: Exception received while running file "deployConsole.py"; exception information: com.ibm.ws.scripting.ScriptingException: WASX7206W: The application management service is not running. Application management commands will not run.

I got error because of DMGR has Down .  So i start the DMGR.

[kumar@websphe bin]$ ./startManager.sh
ADMU0116I: Tool information is being logged in file
           /u02/local/opt/was/was80/profiles/dmgr/logs/dmgr/startServer.log
ADMU0128I: Starting tool with the dmgr profile
ADMU3100I: Reading configuration for server: dmgr
ADMU3200I: Server launched. Waiting for initialization status.
ADMU3000I: Server dmgr open for e-business; process id is 8149

Then Again i run below command .

[kumar@websphe bin]$ ./wsadmin.sh -f deployConsole.py remove

WASX7209I: Connected to process "dmgr" on node Manager01 using SOAP connector;  The type of process is: DeploymentManager
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[remove]"
Removing Admin Console...
ADMA5017I: Uninstallation of isclite started.
ADMA5104I: The server index entry for WebSphere:cell=localhostCell01,node=Manager01 is updated successfully.
ADMA5103E: The deletion of the configuration data for isclite from the configuration repository failed.
ADMA5011I: The cleanup of the temp directory for application isclite is complete.
ADMA5106I: Application isclite uninstalled successfully.
WASX7017E: Exception received while running file "deployConsole.py"; exception information: com.ibm.websphere.management.exception.ConfigServiceException
com.ibm.ws.sm.workspace.WorkSpaceException
com.ibm.websphere.management.exception.DocumentIOException: cells/localhostCell01/cus/isclite/cver/BASE/controlOpDefs.xml

WASX7341W: No "save" was performed before the interactive scripting session exited; configuration changes will not be saved.

Its successfully removed admin console application.

3. I install DMGR admin console application using below command

[kumar@websphe bin]$ ./wsadmin.sh -f deployConsole.py install

WASX7209I: Connected to process "dmgr" on node Manager01 using SOAP connector;  The type of process is: DeploymentManager
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[install]"
Installing Admin Console...
Deploying isclite.ear
ADMA5016I: Installation of isclite started.
ADMA5058I: Application and module versions are validated with versions of deployment targets.
ADMA5005I: The application isclite is configured in the WebSphere Application Server repository.
ADMA5005I: The application isclite is configured in the WebSphere Application Server repository.
ADMA5081I: The bootstrap address for client module is configured in the WebSphere Application Server repository.
ADMA5053I: The library references for the installed optional package are created.
ADMA5005I: The application isclite is configured in the WebSphere Application Server repository.
ADMA5110I: The application isclite is installed as a hidden application and will not be exposed via administrative interfaces such as GUI client, wsadmin or MBean Java API.  In order to perform management operations on this application, the application name must be known.
ADMA5005I: The application isclite is configured in the WebSphere Application Server repository.
EJPPC0011I: Validation of the portlet.xml file is completed.
SECJ0400I: Successfully updated the application isclite with the appContextIDForSecurity information.
CWLAA1007I: The help plug-in of the Integrated Solutions Console module was deployed successfully.
CWLAA1001I: The Integrated Solutions Console module was deployed successfully.
ADMA5005I: The application isclite is configured in the WebSphere Application Server repository.
ADMA5005I: The application isclite is configured in the WebSphere Application Server repository.
ADMA5113I: Activation plan created successfully.
ADMA5011I: The cleanup of the temp directory for application isclite is complete.
ADMA5013I: Application isclite installed successfully.
Mapping isclite to admin_host
ADMA5075I: Editing of application isclite started.
ADMA5058I: Application and module versions are validated with versions of deployment targets.
ADMA5005I: The application isclite is configured in the WebSphere Application Server repository.
ADMA5005I: The application isclite is configured in the WebSphere Application Server repository.
ADMA5005I: The application isclite is configured in the WebSphere Application Server repository.
ADMA5113I: Activation plan created successfully.
ADMA5011I: The cleanup of the temp directory for application isclite is complete.
ADMA5076I: Application isclite edited successfully. The application or its web modules may require a restart when a save is performed.
Updating deployment.xml
Setting IEHS classloader to PARENT_LAST

Its Successfully installed and  I Bounce the DMGR.

[kumar@websphe bin]$ ./stopManager.sh
ADMU0116I: Tool information is being logged in file
           /u02/local/opt/was/was80/profiles/dmgr/logs/dmgr/stopServer.log
ADMU0128I: Starting tool with the dmgr profile
ADMU3100I: Reading configuration for server: dmgr
ADMU3201I: Server stop request issued. Waiting for stop status.
ADMU4000I: Server dmgr stop completed.

[kumar@websphe bin]$ ps -ef|grep java
kumar     7536  7133  0 22:21 pts/1    00:00:00 grep java

[kumar@websphe bin]$ ./startManager.sh
ADMU0116I: Tool information is being logged in file
           /u02/local/opt/was/was80/profiles/dmgr/logs/dmgr/startServer.log
ADMU0128I: Starting tool with the dmgr profile
ADMU3100I: Reading configuration for server: dmgr
ADMU3200I: Server launched. Waiting for initialization status.
ADMU3000I: Server dmgr open for e-business; process id is 7639

Now open the admin console.



Now Dmgr admin console working fine and i added all tasks 

Unable to start DMGR

 When I start DMGR I got below error

[oracle@websphe bin]$ ./startManager.sh
runConfigActions script execution failed. Exit code: 1
Exception caught while waiting for runConfigActions script to complete: /u02/local/opt/was/was80/profiles/dmgr/bin/runConfigActions.sh

Then I execute  runConfigActions.sh

 [oracle@websphe bin]$ ./runConfigActions.sh

Apr 27, 2014 9:40:32 PM com.ibm.ws.postinstall.runConfigActions.RunConfigActions setLogFile
SEVERE: IOException java.io.FileNotFoundException: /u02/local/opt/was/was80/profiles/dmgr/properties/service/productDir/logs/runConfigActions.log.lck (Permission denied)
java.io.FileNotFoundException: /u02/local/opt/was/was80/profiles/dmgr/properties/service/productDir/logs/runConfigActions.log.lck (Permission denied)
java.io.FileNotFoundException: 
        at java.io.FileOutputStream.open(Native Method)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:190)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:81)
        at java.util.logging.FileHandler.initOutputFiles(FileHandler.java:220)
        at java.util.logging.FileHandler.init(FileHandler.java:190)
        at java.util.logging.FileHandler.<init>(FileHandler.java:440)
        at com.ibm.ws.postinstall.runConfigActions.RunConfigActions.setLogFile(RunConfigActions.java:290)
        at com.ibm.ws.postinstall.runConfigActions.RunConfigActions.main(RunConfigActions.java:64)
Exception in thread "main" java.lang.NullPointerException: The 'handler' parameter is null.
        at java.util.logging.Logger.addHandler(Logger.java:398)
        at com.ibm.ws.postinstall.runConfigActions.RunConfigActions.main(RunConfigActions.java:64)


Again I got Error as a lack of permission.  So I change the permissions

[root@websphe dmgr]# chmod -R 777 *
[root@websphe dmgr]# exit
exit
[oracle@websphe bin]$ pwd
/u02/local/opt/was/was80/profiles/dmgr/bin

Now permission are changed and I  run the runConfigActions.sh.

[oracle@websphe bin]$ ./runConfigActions.sh

runConfigActions.sh successfully run . So I try to start dmgr

[oracle@websphe bin]$ ./startManager.sh
ADMU0116I: Tool information is being logged in file
           /u02/local/opt/was/was80/profiles/dmgr/logs/dmgr/startServer.log
ADMU0128I: Starting tool with the dmgr profile
ADMU3100I: Reading configuration for server: dmgr
ADMU3200I: Server launched. Waiting for initialization status.
ADMU3000I: Server dmgr open for e-business; process id is 5892

Now dmgr working fine





Wednesday, 16 April 2014

Configuring SSL between Browser and IBM Http Server with self-signed certificate

1. Create new self signed certificates

Use ikeyman utility in the bin folder from command prompt to generate  a Self signed certificates.


[kumar@websphe bin]$ pwd
/u02/local/opt/ihs/ihs80/bin

[kumar@websphe bin]$ ./ikeyman 


a. Create a Certificate KeyData Base
b. create a self signed certificates






 Create a Self signed Certificate 



























 Now self signed certificate created
check the key database location some files will be created






 Configure the SSL in web server configuration file [http.conf]































 Verify the SSL configuration has successfully done or not 



























So SSL configuration has done


Propagate the signer certificate(s) to plug-in(s).

Go to Servers > Web servers. Click webserver_name, then under Additional Properties click Plug-in properties.












click Plug-in properties.
 























Click Manage Keys and Certificates
 























Click Signer Certificates
 
















Then Click Add Button
 



















Enter a unique Alias Name and then specify the File Name of a Certificates.
















Click Ok and save the configuration

Repeat this for each of the new certificates making sure you have done this for the cell signer and all of the node signers.

Manually copy the plugin-key.kdb from the local configuration to the Web server
 [ default locations: profile_root\Dmgr\config\cells\cell-name\nodes\node-name\servers\web-server-name\plugin-key.kdb to Web-server-root\Plugins\config\web-server-name\plugin-key.kdb]











Restart The webserver. 

If you have multiple web servers … you need to do the above steps for each web server separately.

Configuration SSL WebSphere [between Nodes] With self-signed certificate

when you install and create profile, default certificates are created and you can use them. These certificates can be found under security  SSL certificate and key management > Key stores and certificates. These certificates are used for communication between nodes and between dmgr and browser when use https.

If you want to change these certificates or replace them, you can follow the below steps. The steps shown below are using self-signed certificates. If you like to use certificates from a Certificate Authority [CA], then you need to create the Certificate Signing Request [CSR], get it signed a CA and then you can install them.

1.Replacing DMGR Certificates

a. Run backupConfig on the Deployment Manager.
b. Stop all of the nodeagents and application servers in the cell. Stop the Web server(s). Start the Deployment Manager
c. In the Administrative Console, go to Security > SSL certificate and key management > Key stores and certificates > CellDefaultKeyStore > Personal certificates > Create a self-signed certificate






















































 






















Enter the required attributes.
Alias : cell_default Common name : <hostname> Validity period : <number of days> <-- this can be set greater than 365 Organization : <company> Click OK and Save the changes.

















Select the old certificate and click Replace.

Security > SSL certificate and key management > Key stores and certificates > CellDefaultKeyStore > Personal certificates


















On the next screen, you are able to choose which certificate will replace the old certificate. Accept your new certificate. Do not select either Delete old certificate after replacement or Delete old signers. Accept your new certificate and any browser prompts.
























select the old certificate and click Delete.
 


















Click OK and Save the changes.















At this point the Deployment Manager has its certificate replaced.
The certs need to be exchanged for establishing secure communication. So add the DMGR cert to DefaultCellTrustStore
Go to SSL certificate and key management > Key stores and certificates.
Select CellDefaultKeyStore and CellDefaultTrustStore and click Exchange signers.


Select the certificate in CellDefaultKeyStore personal certificates created in previous step and click Add. Click OK and Save the changes.





















Replace Node Certificates
Go to Security > SSL certificate and key management > Manage endpoint security configurations.





















Under Inbound, click the link for the node, node_name(NodeDefaultSSLSettings,null).























Click the Manage certificates button.


















Security > SSL certificate and key management > Manage endpoint security configurations, click node_name(NodeDefaultSSLSettings,null), click Manage certificates.
Select the old certificate and click Replace.

you are able to choose which certificate will replace the old certificate. Accept your new certificate. Do not select either Delete old certificate after replacement or Delete old signers

select the old certificate and click Delete.




































Now Exchange the Node Signer cert with DefaultCellTrustStore
Go to Security > SSL certificate and key management > Manage endpoint security configurations.
Under Inbound, click the link for the node, node_name(NodeDefaultSSLSettings,null) and select Key stores and certificates.
 






















Select NodeDefaultKeyStore and CellDefaultTrustStore and then Click Exchange signers.
















Select the certificate in NodeDefaultKeyStore personal certificates created in previous step and click Add.



















Click OK and Save the changes.
Delete the old signer certificates and extract the new ones.
Go to SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates

Select all of the old signer certificates and click Delete. If you are not sure, you can compare the Fingerprint and/or the Expiration dates with the personal certificate in the keystores.




 






















Select one of the new certificates. Click Extract.
 























Enter a File Name that corresponds to the certificate.






















For each of the new certificates making sure you have done this for the cell signer and all of the node signers. These files are saved to the profile_root/Dmgr/etc directory

Manually copy the trust store to each of the /etc directories.
Backup the trust.p12 in profile_root\Dmgr\etc

Copy the profile_root\Dmgr\config\cells\cell-name\trust.p12 to profile_root\Dmgr\etc











Backup the trust.p12 on each of the nodes profile_root\Appsrv\etc directories.
Copy the profile_root\Dmgr\config\cells\cell-name\trust.p12 to profile_root\Appsrv\etc








Repeat the previous step for each node in the cell.

Sync and Start the node(s).

ü  Restart the Deployment Manager.
ü  Run a command line syncNode from each of the nodes.

ü  Start the nodeagents and application servers. They should now be fully synchronized with the new certificates in place.

    Verification  for new certification are updates or not 
open admin console and check certifications views