sumit mathur

Ranch Hand
+ Follow
since Sep 01, 2009
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by sumit mathur

No Reply...its 1 week old post???
14 years ago
Deepak and All,

I also am facing the issue while starting the admin server ( weblogic 9.2MP3) . I am giving clear text password and user name in boot.properties .

The server was running fine for almost 2 months . However i restarted it ( because of power down) and it start showing me the error.

<Server subsystem failed. Reason: weblogic.security.SecurityInitializationExc
eption: Authentication denied:



at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.do
BootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:941)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.in
itialize(CommonSecurityServiceManagerDelegateImpl.java:1029)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:849

)

I have seen that many of us gets the same error at many time. What could be the possible scenario for this. ? any clue???

I then tried to change the admin user itself ( offline commands) and then admin server started fine . However managed server start up shows me the same error . Then i deleted the managed server directory so that it will get the copy of ldap from admin server. But error remain same.

@Deepak

Do you have any idea about this. How could server sub system failed.

14 years ago
Hi,

Does anyone come across with this issue?

<Apr 9, 2010 10:15:02 AM IST> <Info> <Configuration Management> <BEA-150018> <This server is being started in managed server independence
mode in the absence of the admin server.>
<Apr 9, 2010 10:15:02 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Apr 9, 2010 10:15:02 AM IST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Apr 9, 2010 10:15:04 AM IST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: java.lang.AssertionError: java.l
ang.reflect.InvocationTargetException
java.lang.AssertionError: java.lang.reflect.InvocationTargetException
at weblogic.descriptor.internal.AbstractDescriptorBean$SecurityService._invokeServiceMethod(AbstractDescriptorBean.java:1011)
at weblogic.descriptor.internal.AbstractDescriptorBean$SecurityService.decrypt(AbstractDescriptorBean.java:1039)
at weblogic.descriptor.internal.AbstractDescriptorBean$SecurityService.access$200(AbstractDescriptorBean.java:963)
at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:960)
at weblogic.management.configuration.SecurityConfigurationMBeanImpl.getCredential(SecurityConfigurationMBeanImpl.java:739)
Truncated. see log file for complete stacktrace
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at weblogic.descriptor.internal.AbstractDescriptorBean$SecurityService._invokeServiceMethod(AbstractDescriptorBean.java:1009)
Truncated. see log file for complete stacktrace
weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: inva
lid pad byte.
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:78)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:94)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:87)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
Truncated. see log file for complete stacktrace
com.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid pad byte.
at com.rsa.jsafe.JA_PKCS5Padding.a(Unknown Source)
at com.rsa.jsafe.JG_BlockCipher.decryptFinal(Unknown Source)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:68)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:94)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:87)
Truncated. see log file for complete stacktrace
>
<Apr 9, 2010 10:15:05 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Apr 9, 2010 10:15:05 AM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Apr 9, 2010 10:15:05 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
<Apr 9, 2010 10:15:05 AM> <Info> <NodeManager> <Server failed during startup so will not be restarted>



14 years ago
we need node manager so as to start the remote managed server from admin console.
Any way i got the solution. I forgot to configure one parameter for SSL and beacuse of that i was getting access denied error.
14 years ago
I wondering do i need to configue SSL for node manager also???
14 years ago
ya it is started successfully..
See i am using plain socket for nodemanager. But my admin and managed server are SSL configure.
14 years ago
Hi

My setup goes like this

Machine1 : Admin + Managed 1
Machine 2: Manged 2

Node manager is configured . Both admin and Managed server are SSL configured and in production mode.
KeyStores=CustomIdentityAndCustomTrust

Node manager uses plain socket.

when i am trying to start the managed server 2 from Admin console. I am getting an error that Node manager is not rechable.

and in the Monitoring tab of Machine the problem description is Access to domain "Mydomain" for user 3Hutju is denied.
Though i am creating the domain with username weblogic but it is showing some encrypted name

Any Clue???

@Deepak

I need your help in this regard.

sumit
14 years ago
Hi

I am using storeUserConfig() API to encrypt the username and password as

storeUserConfig('/opt/fsm/domains/mydomains/myuserconfigfile.secure','/opt/fsm/domains/mydomains/myuserkeyfile.secure')

As soon as i run this command it prompt for user confirmation as

Creating the key file can reduce the security of your system if it is not
kept in a secured location after it is created. Do you want to create the
key file? y or n



Is there any way to suppress this message and by default allow "y" as input???

I am more concern abt it because i am using .PY script to execute this API and i dont want user interaction while running this script.


sumit



15 years ago
so how will i test this???
15 years ago
Deepak

What is clustered address. Is it same as multicast address???
15 years ago

Is your JMS resource supposed to be distributed across all managed servers ? Any request to the cluster should target the request to your JMS resource automatically based on where it exists



No
Each managed server instance will have there own resources (Queues , connection factory ,JDBC etc).These resource targeted to JMS server and each JMS server is targeted to Managed server.


Is there any specific reason you want a clustered environment but want only one JMS server targeted to one managed server instead of the cluster ?


Yes

We have 4 Managed server instances with one Managed server + admin on Machine 1 and rest 3 are on 3 different Machine.All 4 Managed server are in Cluster and each Managed server have there own JMS server and jms resources.

My issue is the target of JMS module. In spite of assigning JMS module(JMSSystem resurce) to managed server ,it get assigned to Cluster.

Here is config.xml portion

<jms-server>
<name>JMS-8001</name>
<target>Server1</target>
</jms-server>

<jms-system-resource>
<name>JMS-System-8001</name>
<target>myCluster</target>
<sub-deployment>
<name>ConnectionFactory-8001</name>
<target>JMS-8001</target>
</sub-deployment>
<sub-deployment>
<name>CMQueue-8001</name>
<target>JMS-8001</target>
</sub-deployment>
<sub-deployment>
<name>OSSQueue-8001</name>
<target>JMS-8001</target>
</sub-deployment>
</jms-system-resource>

If you see

<jms-system-resource>
<name>JMS-System-8001</name>
<target>myCluster</target>



Here target is Cluster rather than Managed server1

Though my command is

assign('JMSSystemResource','JMS-System-8001'Target','Managed server1')


15 years ago

Deepak

DO you have any idea regarding this ???
15 years ago
And I observed one more thing ,that if i have not assigned my managed server to cluster then , in config.xml shows JMSSystem resource is targeted to Managed server.

I am using weblogic 9.2MP3

All my subdeployments are correctly targeted to Managed servers.
15 years ago
I have created the domain using offline WLST and have set the mode to production mode .

readTemplate('wls.jar')
loadProperties('domain.py.properties')


cd('Servers/AdminServer')
set('Name', adminServerName)
set('ListenAddress',listenAddress)
set('ListenPort',int(adminServerPort))
set('TunnelingEnabled', 1)

create(adminServerName,'SSL')
cd('SSL/'+adminServerName)
set('Enabled', 'True')
set('ListenPort', 7002)


setOption('DomainName', 'MyDomain')
setOption('OverwriteDomain', 'true')
setOption('ServerStartMode', 'prod')
setOption('AutoAdjustSubDeploymentTarget', 'false')

writeDomain(DomainDir)

After creation of domain, I tries to start the weblogic using startWeblogic.sh . On running on this script, it prompts me for username and password.

However if i remove this line setOption('ServerStartMode', 'prod') , then it works fine.

I am thinking in production mode , script is not able to find boot.properties.

Help me out on this issue.
15 years ago
Pat

Then how the things worked in corporate world...regarding security of password and security key??

15 years ago