Changing the user ID and password for the created authentication alias

If you are planning to enable WebSphere® Application Server global security after installing the Monitor Server, you must first update the authentication alias with a valid user ID and password.

On the Monitor Server machine

When you install the Monitor Server in an unsecured WebSphere Application Server environment, the Launchpad creates an authentication alias in the WebSphere Application Server: MonitorBusAlias. This alias contains a default user ID called messaging.

If you enable the WebSphere Application Server global security after installation without updating the MonitorBusAlias alias with a valid User ID and password (with authority to access the WebSphere Application Server), a ResourceAllocationException exception will be thrown when you restart the WebSphere Application Server after enabling global security. The Monitor Server application will not start.

To avoid this error:
  1. You must change the user ID and password of the MonitorBusAlias alias, the ActionManagerBusAuth alias, and the SCA alias before enabling the WebSphere Application Server global security. To update these aliases, complete the following steps:
    1. In the navigation tree of the WebSphere Application Server administrative console, select Security > Global Security.
    2. Select JAAS Configuration > J2C Authentication Data.
    3. From the table, select MonitorBusAlias.
    4. On the MonitorBusAlias information page, in the User ID and Password fields, type a valid user ID and password.
    5. Click OK.
    6. In the Message information box, click Save to apply your changes. The Save page appears.
    7. Click Save.
    8. Repeat the steps above to update ActionManagerBusAuth alias, and SCA alias
  2. Set the authentication alias property of the SIBus Link to the MonitorBusAlias.

    Refer to the topic named Security considerations for service integration buses in the WebSphere Application Server for details.

  3. Run the provided script files in order to configure the cross cell monitoring environment. Refer to the topic named Configuring CEI Bus on a remote WebSphere Application Server cell for details.
  4. Restart the WebSphere Application Server.

On WebSphere Process Server machine

  1. Set the privilege user ID before enable global security as follows:
    1. Click Start > Settings > Control Panel > Administrative Tools > Local Security Policy.
    2. In the Local Security Settings window, select Local Policies > User Rights Assignments
    3. Double click the Act as part of the operating system policy.
    4. In the Act as part of the operating system Properties dialog box, add the privileged user ID.
    5. Click OK.
  2. Run the provided script files in order to configure the cross cell monitoring environment on the WebSphere Process Server machine. Refer to the topic named Configuring CEI Bus on a remote WebSphere Application Server cell for details.
  3. Create a new authentication alias (e.g. MonitorBusAlias).

    Refer to the topic named Java™ 2 Connector authentication data entry settings in the WebSphere Application Server documentation for details.

  4. Set the authentication alias property on the WebSphere Business Monitor bus (e.g. to MonitorBusAlias).

    Refer to the topic named Security considerations for service integration buses in the WebSphere Application Server documentation for details.

  5. Set the authentication alias property on the Service Integration Bus link (e.g. to MonitorBusAlias).

    Refer to the topic named Default messaging provider settings in the WebSphere Application Server documentation for details.

  6. Set the authentication alias property on the MonitorQueueFactory JMS queue connection factory (e.g. to MonitorBusAlias).

    Refer to the topic named Adding a service integration bus link in the WebSphere Application Server documentation for details.

  7. Run the following commands using the wsadmin command window. You cannot run these commands using the WebSphere Application Server administrative console. You should replace the variable (${XXXX}) with the proper values:

    $AdminTask addUserToForeignBusRole { -bus ${PROCESS_SERVER_BUS_NAME} -foreignBus ${MONITOR_SERVER_BUS_NAME} -role Sender -user ${USER_NAME} }

    $AdminTask addUserToDestinationRole { -type foreignDestination -bus ${PROCESS_SERVER_BUS_NAME} -foreignBus ${MONITOR_SERVER_BUS_NAME} -destination Monitor_Bus_Queue_Destination -role Sender -user ${USER_NAME} }

    $AdminConfig save

  8. Restart the WebSphere Application Server.

Copyright IBM Corporation 2005. All Rights Reserved.