I have been trying to create a JAVA PMI Client for remote monitoring of the IBM WebSphere Application server(v 6.0).
The points to condider prior to any discussions are:
1. Security has been enabled under global security.
2. I am using IBM java hopefully(downloaded the trail client from IBM).
3. Copied the certificates from remote server to my local PMI client location.
4. Ports connectivity checked.
The problem:
When trying to create the connection the error returned is:
java.lang.NoSuchMethodError: com/ibm/ws/management/AdminHelper.getPlatformHelper()Lcom/ibm/ws/util/PlatformHelper;
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.setupSslSetting(SOAPConnectorClient.java:1103)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.access$100(SOAPConnectorClient.java:94)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient$1.run(SOAPConnectorClient.java:249)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:63)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:247)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.(SOAPConnectorClient.java:188)
Any help would be appreciated.
Thanks and Regards,
Kunal Soni
The best way to connect to WebSphere is to use the WebSphere Application Client that comes with WebSphere itself as a separate download.
It's free to use when connecting to a remote WebSphere Application Server installation.
Also when starting your program make sure you add this parameter to the JVM arguments: -Dwas.install.root=WAS_APP_CLIENT_HOME (example: -Dwas.install.root=/opt/WebSphere6/AppClient)
I'm using WebSphere App Client version 6 for many years to connect to WebSphere 6, 7 and 8 without any issues.
Hope this helps !
Richard Levac
WasMonitor - WebSphere Data Collector and More !
Related
I am pretty new to Java and Tomcat but we have no one else that has any clue on either one so I get to try and remedy the issue.
We are recently upgrading from Tomcat 8 to Tomcat 9. I am trying to enable authentication due to a Qualys open vulnerability of JMX RMI accessible with common credentials. I have the following settings defined in the Java Options:
-Dcom.sun.management.jmxremote.port=8080
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.password.file=C:\Program Files\Java\jre1.8.0_291\lib\management\jmxremote.password
-Dcom.sun.management.jmxremote.access.file=C:\Program Files\Java\jre1.8.0_291\lib\management\jmxremote.access
I currently have both Tomcat 8 and Tomcat 9 installed. They are both using the same Java Options. However, when I start the Tomcat 9 service, I get a error 1067 about the process terminating unexpectedly.
Tomcat 8 with the same setting starts and runs fine. If I set the option to authenticate to false, Tomcat 9 has no problems starting and running. Is there any additional Java Options that I need to add with Tomcat 9 that I did not need with Tomcat 8?
This is only needed to close the Qualys vulnerability. The server does not actually need to connect using JMX remotely.
I'm connecting to the WebSphere instance from the stand-alone Java app which is quite trivial:
InitialContext initCtx = new InitialContext();
That code was working perfectly in WebSphere 7, but after updating to WebSphere 8.5 I got the following exception:
Caused by: org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmcid: IBM minor code: E07 completed: No
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1276)
at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1457)
at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1164)
at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1423)
at com.ibm.rmi.corba.ClientDelegate.request(ClientDelegate.java:1886)
at com.ibm.CORBA.iiop.ClientDelegate.request(ClientDelegate.java:1379)
at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:458)
at com.ibm.WsnBootstrap._WsnNameServiceStub.getProperties(_WsnNameServiceStub.java:38)
at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInitCtxFactory.java:1441)
... 43 more
After research, I've fout out that IBM support page, which said to go to CSIv2 inbound and outbound settings (by me, Admin Console->Security->GlobalSecurity->RMI/IIOP security) and set the transport to SSL-Supported.
However, it didn't change anything. I've tried to change the 'Cleint certificate authentication' to Never, and Transport to TCP/IP for both CSIv2 inbound and outbound, but still without success. The error persisted until I've turned off 'Enable administrative security', which is not an option, because I need to enable 'Application Security' (the application logic depends of that).
How can I make my code working again? Everything was OK on WebSphere 7.
My research on this issue may prove useful to others;
WebSphere 8 changed the default setting of RMI/IIOP SSL security from
'supported' to 'required'. If you want a secure connection you'll need
to get the certs from the server and set Java system properties to files that specify the location of the certs;
com.ibm.CORBA.ConfigURL=file:/opt/IBM/JazzSM/profile/properties/sas.client.props
com.ibm.SSL.ConfigURL=file:/opt/IBM/JazzSM/profile/properties/ssl.client.props
If this doesn't work, you'll need to start debugging by setting the following System properties;
com.ibm.CORBA.Debug=true
com.ibm.CORBA.CommTrace=true
com.ibm.CORBA.Debug.Output=/tmp/corba.log
By studying this log and orb trace logs in the working directory, I found that the client failed to establish an ephemeral TCP connection to the server at "port=0". No mention of SSL in the logs! I wrote a small app to test my code running as a java console app and found that the SSL connection was successful and it worked fine. By diff'ing the logs, I found that only in the good case, the JVM was finding a local file 'orb.properties'. I then found that in my problem case, my test app was using a different JVM and my real app was using a JVM that had no 'orb.properties'. I could resolve the problem in a number of ways .. e.g. by including an orb.properties in my application and injecting the contents as System properties.
In my case switching CSIV inbound to SSL-Supported from SSL-required and restarting the server helped.
The error description
org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmcid: IBM minor code: E07
is very vague and happens under many, not directly connected circumstances.
In my case it had nothing to do with RMI/IIOP security settings, but it was a classpath problem. I was still using old version of com.ibm.ws.webservices.thinclient.
Switching to thinclient 8.5.0, as well as setting the launch JRE to standard (Oracle) JVM has fixed the problem.
I have tried to install Java EE 7 with updatetool to be able to run Java EE Tutorial examples.
But the installation of updatetool fails. I have tried to start updatetool installation from the command line on my elementary os, then I saw the error when installing updatetool.
Here is an image: http://oi58.tinypic.com/x6iumx.jpg
Error text example 1:
Input/output error: Connection failed for URL http://pkg.oracle.com/javaeesdk/7/native/release/manifest/0/updatetool#2.3.5%2C0-56.2852%3A20111207T211721Z: 503: Service Temporarily Unavailable
Could not download application packages. This could be because:
- a proxy server is needed to access the internet. Please ensure that
the system proxy server settings are correct, or set the 'http_proxy'
environment variable to the full URL of the proxy server.
- the package server or network connection is slow.
If you are getting time out errors you can try setting the
PKG_CLIENT_CONNECT_TIMEOUT and PKG_CLIENT_READ_TIMEOUT
environment variables and try again. For example to increase
the timeouts to 300 seconds set them to 300
- the package server is down or otherwise inaccessible or it is
generating invalid data. Please contact the provider of the package
server.
Error text example 2:
File 138/564 Input/output error: Connection failed for URL http: //pkg.oracle.com/javaeesdk/7/native/release/file/0/217e83782a91f09fa7f35122412cd155263b107f: 502: Proxy Error
Could not download application packages. This could be because:
- a proxy server is needed to access the internet. Please ensure that
the system proxy server settings are correct, or set the 'http_proxy'
environment variable to the full URL of the proxy server.
- the package server or network connection is slow.
If you are getting time out errors you can try setting the
PKG_CLIENT_CONNECT_TIMEOUT and PKG_CLIENT_READ_TIMEOUT
environment variables and try again. For example to increase
the timeouts to 300 seconds set them to 300
- the package server is down or otherwise inaccessible or it is
generating invalid data. Please contact the provider of the package
server.
I don't use any proxy server. Help please!
I had the same - it's because their site is so unbelievably slow.
The output you showed tells you what to do, increase the timeout.
But sometimes it just needs to be run again, which worked in my case.
You can download the tutorial from Oracle Java EE 7 SDK download page.
Just download the latest Java EE 7 SDK, and unzip. The tutorial is inside the glassfish4/docs folder.
I have managed to install updatetool finally, after 3 days.
My advice for everyone who has the same problem:
Try installation several times in the morning, afternoon, evening and at night. And maybe once you will have successful attempt :)
The problem was not on my side.
I'am installing ArcGisServer for the Java plataform on Centos 5.5 x86_64, this is not a supported platform but I have overcome almost every problem preventing the success of the installation. It uses exhaustively Sun Directory Server. The last error i receive was:
ldap_simple_bind: Can't connect to the ldap server - No route to host
It happens in other applications which makes uses of it, so it seems to be an specific problem of Sun Directory Server on linux and solaris. There is no reported solution. Usually I search the problem as much as I can but this time I have reached my patience and I need it working as soon as posible. I recognize this as an excellent forum because of it's community and quality of answers, ¿can anybody help me with this?
The "No route to host" error suggests that the issue is one of network connectivity between your ArcGIS server (the Sun Directory Server component, as you mention) and the LDAP server. So, a few things to examine, in order:
Do you have an LDAP server set up and running?
Is your LDAP server reachable from your Centos machine outside of the ArcGis server?
Is your ArcGis configured with the correct address to the LDAP server - should be in the web.config file? Example below:
<connectionStrings>
<add name="ADConnectionString"
connectionString="LDAP://SERVER_LDAP:389/ou=Sigestredi,o=Sicondef,dc=aplicaciones,o=mdef,c= es" />
</connectionStrings>
Disclaimer: I don't know anything about the ArcGIS server per se - I'm just diagnosing the "no route to host error" with a few snippets I picked up from some quick searches of the ArcGis forums.
ArcGIS includes a Sun Directory Server on it, so arcgis server and ldap are on the same machine. The port is set to 62000. When I run the diagnostic tool the DG028 fails:
DG028 - check LDAP server: is listening
I made a prove using nmap as:
nmap localhost -p62000
And it says it is opened. I don't know how to verify if LDAP is up and running, the startup log doesn't show anything wrong. I have found a config file named ldap.conf:
url ldap://name.subdomain.domain:62000/dc=name,dc=arcgis
admnm agsadmin
And my /etc/hosts is:
127.0.0.1 localhost localhost
ip_direction name.subdomain.domain name.subdomain.domain
I don't have an alias for "name", so:
ping name.subdomain.domain
Works
But:
ping name
Doesn't work
I have never used ldap so I don't know what should be on "dc". Could my hosts file be malformed or is my ldap.conf?
Another information is that the computer I am using is part of a domain. When I installed Centos, /etc/hosts file had an alias for the loopback interface as localhost.localdomain but i removed it.
I would appreciate any help.
I have solved my problem, the problem was on my /etc/hosts file. I added an alias for my ip direction:
127.0.0.1 localhost localhost
ip_direction name.subdomain.domain name
Then I run the ServerConfig script. This is a successful installation of ArcGIS Server for the Java platform on Linux. Thanks Greg for your guide.
I've deployed some Managed Beans on WebSphere 6.1 and I've managed to invoke them through a standalone client, but when I try to use the application "jconsole" distributed with the standard JDK can can't make it works.
Has anyone achieved to connect the jconsole with WAS 6.1?
IBM WebSphere 6.1 it's supossed to support JSR 160 JavaTM Management Extensions (JMX) Remote API. Furthermore, it uses the MX4J implementation (http://mx4j.sourceforge.net). But I can't make it works with neither "jconsole" nor "MC4J".
I have the Classpath and the JAVA_HOME correctly setted, so the issue it's not there.
WebSphere's support for JMX is crap. Particularly, if you need to connect to any secured JMX beans. Here's an interesting tidbit, their own implementation of jConsole will not connect to their own JVM. I have had a PMR open with IBM for over a year to fix this issue, and have gotten nothing but the runaround. They clearly don't want to fix this issue.
The only way I have been able to invoke remote secured JMX beans hosted on WebSphere has been to implement a client using the "WebSphere application client". This is basically a stripped down app server used for stuff like this.
Open a PMR with IBM. Perhaps if more people report this issue, they will actually fix it.
Update: You can run your application as a WebSphere Application Client in RAD. Open the run menu, then choose "Run...". In the dialog that opens, towards the bottom on the left hand side, you will see "WebSphere v6.1 Application Client". I'm not sure how to start and Application Client outside of RAD.
IT WORKS !
http://issues.apache.org/jira/browse/GERONIMO-4534;jsessionid=FB20DD5973F01DD2D470FB9A1B45D209?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
1) Change the config.xml and start the server.
-see here how to change config.xml: http://publib.boulder.ibm.com/wasce/V2.1.0/en/working-with-jconsole.html
2) start the jconsole with : jconsole -J-Djavax.net.ssl.keyStore=%GERONIMO_HOME%\var\security\keystores\geronimo-default -J-Djavax.net.ssl.keyStorePassword=secret -J-Djavax.net.ssl.trustStore=%GERONIMO_HOME%\var\security\keystores\geronimo-default -J-Djavax.net.ssl.trustStorePassword=secret -J-Djava.class.path=%JAVA_HOME%\lib\jconsole.jar;%JAVA_HOME%\lib\tools.jar;%GERONIMO_HOME%\repository\org\apache\geronimo\framework\geronimo-kernel\2.1.4\geronimo-kernel-2.1.4.jar
[or your version of geronimo-kernel jar]
3) in the jconsole interface->advanced, input:
JMX URL: service:jmx:rmi:///jndi/rmi://localhost:1099/JMXSecureConnector
user name: system
password: manager
4) click the connect button.
If you want the WebSphere MBeans this one works for me:
The key is to configure the classpath and the security properly.
in one line:
jconsole -J-Dwas.install.root=C:/was61 -J-Djava.ext.dirs=C:/was61/plugins;C:/was61/plugins/com.ibm.ws.security.crypto_6.1.0;C:/was61/lib;C:/was61/java/jre/lib/ext -J-Dcom.ibm.SSL.ConfigURL="file:../../properties/ssl.client.props" -J-Dcom.ibm.CORBA.ConfigURL="file:../../properties/sas.client.props" service:jmx:iiop://host:port/jndi/JMXConnector
where port = bootstrap port ex: (2809)
Be careful when setting the sas and the ssl props.
Robert
I have successfully connected to ActiveMQ and ServiceMix using the JConsole. Does WAS 6.1 use Java Management Extension (JMX) technology? JMX is required for JConsole.
If your path is set correctly it should work fine. On windows you go to System Properties -> Advanced Tab -> Environment Variables. Have your JAVA_HOME System variable set to the path of your JDK or JRE and your Path variable with %JAVA_HOME%/bin added somewhere in there. Then all you need to do is go to Start->Run->JConsole. Select the correct Process Name and your done.
Where are you having problems at? I hope this helps.
Edit:
Here is the Java Doc's on JConsole.
Hmm... I know that WebSphere is kind of hard to configure. Thats part of the reason we used ServiceMix for our ESB. Maybe its not enabled by default in WebSphere and you would have to turn it on in the config somewhere.
Websphere 6.1 does not support the JConsole for some reason even though it fully implements the JMS specs. Seems to be a week area at the moment. Your best bet is to look at the Admin client to implement you own console.
You all seem to be incorrect. I am running Websphere 6.1.041 , using JDK 1.5 , and I just started up Jconsole and used the "simple connect" tab to connect to localhost with port=0 and without a username and password and it works fine.