What kind of error are you seeing?
For general tips
on diagnosing and resolving security-related problems, see the topic Troubleshooting the security
component.
If you do not
see a problem that resembles yours, or if the information provided does not
solve your problem, contact
IBM support for further assistance.
"LTPA password not set. validation failed" message
displayed as error in the Administrative Console after saving global security
settings
This error can be caused if, when configuring WebSphere
Application Server security, "LTPA" is selected as the authentication mechanism,
and the LTPA password field is not set. To resolve this problem:
- Select Security Authentication Mechanism > LTPA in the console
left-hand navigation pane.
- Complete the password and confirm password fields.
- Click OK.
- Try setting Global Security again.
"Validation
failed for user userid. Please try again..." displayed in the Administrative
Console after saving global security settings
This typically indicates
that a setting in the User Registry configuration is not valid:
- If the user registry is LocalOS, it is likely that either the server user
ID and password are invalid or the server user ID does not have "Act As Part
of the Operating System" (for NT) or root authority (for UNIX). The server
user ID needs this authority for authentication using the LocalOS user registry.
- If the user registry is Lightweight Directory Access Protocol (LDAP):
- Any of the settings that enable WebSphere Application Server to communicate
with LDAP might be invalid, such as the LDAP server's user ID, password, host,
port, or LDAP filter. When you select Apply or OK on the Global
Security panel, a validation routine connects to the registry just as it would
during runtime when security is enabled. This is done in order to verify any
configuration problems immediately, instead of waiting until the server restarts.
- Verify whether your LDAP server requires the Bind Distinguished Name (DN)
to find the user in the LDAP directory. If the bind distinguished name is
required, you must specify a DN instead of a short name. You can specify the
bind distinguished name by clicking Security > User Registries > LDAP in
the administrative console. For example, you might add cn=root.
- Sometimes the LDAP server might be down during configuration. The best
way to check this is to issue a command line search using a utility such as
ldapsearch to search for the server ID. This way you can determine if the
server is running and if the server ID is a valid entry in the LDAP. The ldapsearch
utility is installed during an LDAP or Lotus Notes installation.
- If the user registry is Custom, double check that your implementation
is in the classpath. Also, check to see if your implementation is authenticating
properly.
- Regardless of registry type, check the User Registries configuration panels
to see if you can find a configuration error:
- Go back to the User Registries configuration panels and retype the password
for the server ID.
- See if there is an obvious configuration error. Double check the attributes
specified.
The setupClient.bat or setupClient.sh file is not
working correctly
The
setupClient.bat file on Windows platforms
and the
setupClient.sh file on UNIX platforms incorrectly specify
the location of the SOAP security properties file.
In the
setupClient.bat file,
the correct location should be:
set CLIENTSOAP=-Dcom.ibm.SOAP.ConfigURL=file:%WAS_HOME%/properties/soap.client.props
In
the
setupClient.sh file, the CLIENTSOAP variable should be:
CLIENTSOAP=-Dcom.ibm.SOAP.ConfigURL=file:$WAS_HOME/properties/soap.client.props
In the
setupClient.bat and
setupClient.sh files,
complete the following steps:
- Remove the leading / after file:.
- Change sas to soap.
Java HotSpot Server VM warning: Unexpected Signal
11 occurred under user-defined signal handler 0x7895710a message occurs in
the native_stdout.log file when enabling security on the HP-UX11i
platform
After you enable security on HP-UX 11i platforms, the following
error in the
native_stdout.log file occurs, along with a core dump
and WebSphere Application Server does not start:
Java HotSpot(TM) Server VM warning:
Unexpected Signal 11 occurred under user-defined signal handler 0x7895710a
To
work around this error, apply the fixes recommended by HP for Java at the
following URL:
http://www.hp.com/products1/unix/java/infolibrary/patches.html.
WebSphere Application Server Version 6 is not
working correctly with Enterprise Workload Manager (EWLM)
To use
WebSphere Application Server Version 6 with Enterprise Workload
Manager (EWLM), you must manually update the WebSphere Application Serve server.policy
files. For example:
grant codeBase "file:/<EWLM_Install_Home>/classes/ARM/arm4.jar" {
permission java.security.AllPermission;
};
Otherwise, you might encounter a Java 2 security exception for violating
the Java 2 security permission.
Refer to Configuring server.policy files for more information on configuring
server.policy files.
For current information available from IBM Support on known problems
and their resolution, see the IBM Support page.
IBM Support has documents
that can save you time gathering information needed to resolve this problem.
Before opening a PMR, see the IBM Support page.