It's all about the answers!

Ask a question

Unable to finalizew setup wizard for JTS 4.04

Claus Buch (5836) | asked Nov 18 '13, 10:16 a.m.

I've installed RTC 4.04 on WebSphere/aix and DB2. Directory server on AD.

When running the jts/setup wizard it works alright until the where it starts to configure the Dataware house.

Here I check the box indicating that I don't want to configure the datawarehouse, and the click Next.

Then it tells me "The userid you logged in with is not recognizable", allthough it just has been verified on the login-screen.

In the jts.log it throws this execption :

2013-11-18 16:08:14,312 [WebContainer : 6 @@ 16:08 RTC_infoman /jts/service/] ERROR ce.jts.internal.userregistry.ldap.LDAPUserRegistry  - CRJAZ0740E Information for the following user could not be retrieved from the external user directory: RTC_infoman
javax.naming.CommunicationException: Connection reset [Root exception is Connection reset]; Remaining name: 'dc=d101p,dc=bdpnet,dc=dk'
        at com.sun.jndi.ldap.LdapCtx.doSearch(
        at com.sun.jndi.ldap.LdapCtx.searchAux(
        at com.sun.jndi.ldap.LdapCtx.c_search(
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(                                                                    

Any hits to solve this issue will be much appriciated.

/Claus Buch

Manoj Panda commented Nov 18 '13, 10:22 a.m.

Hi Claus,
 I am not sure about AIX, but i can tell you on windows. Just check the WAS Configuration.
can you please double check the following configuration.
The Java™ 2 Security option must be turned off. If this option is turned on in WebSphere Application Server, the web application will not start.

  1. In WebSphere Integrated Solutions Console, click Security > Global security.
  2. Under Java 2 security, clear the check box for Use Java 2 security to restrict application access to local resources.
  3. Ensure that the Enable administrative security and Enable application security check boxes are selected.

Claus Buch commented Nov 18 '13, 1:24 p.m.

No sorry, the java2 security has been turned off from the beginning

3 answers

permanent link
Claus Buch (5836) | answered Nov 21 '13, 4:41 a.m.

I have found the error and I am terrible sorry to have wasted your time, since the error is all due to myself.

The reason is that I haven't done the mapping of the various groups to the ccm application in the WebSphere setting, so that's why the user is refused when trying to connect. After having done the prober mapping, the setup worked as it should.

Thank you very much for your help, and once again - sorry to have wasted your time.


Karl Weinert commented Nov 21 '13, 10:07 a.m.

Definitely not a waste of time. I'm sure you are not the first one that has run into this issue and this post will should help the next person that does.

permanent link
Karl Weinert (2.0k52736) | answered Nov 18 '13, 11:48 a.m.
It looks like you might be using Tomcat as the application server. Is that correct?
Did you save the Tomcat config files on the configure LDAP step, stop JTS, and copy the newly created config files to the correct location.
If so maybe you missed one?  There is one for each installed application (jtc, ccm etc) admin, and server.xml for Tomcat.
It sounds like you may have missed the jts one but that is just a guess.
Here's the documentation for 4.0.2. It should be the same for 4.0.4.

Claus Buch commented Nov 18 '13, 1:26 p.m.

No, I'm not using Tomcat. Instead I'm using the imbedded http-server in the WebSphere, so I guess there's  nothing to copy.


Karl Weinert commented Nov 18 '13, 5:23 p.m.

Hi Claus,

I'm thinking it might be a mismatch between the LDAP settings in the file and the LDAP settings in WebSphere.
If you want to paste them in you can find the websphere LDAP settings in the security.xml file under the jts profile

Claus Buch commented Nov 20 '13, 6:34 a.m.

I've made an answer on my own behalf, in order to have the settings pasted in

permanent link
Claus Buch (5836) | answered Nov 20 '13, 6:33 a.m.

Hi Karl.

I'm making an answer on my own, to be able to paste in the settings you asked for. Here they are :

Security.xml :
<userRegistries xmi:type="security:LocalOSUserRegistry" xmi:id="LocalOSUserRegistry" serverId="" serverPassword="{xor}" realm="" useRegistryServerId="false" primaryAdminId=""/>
  <userRegistries xmi:type="security:CustomUserRegistry" xmi:id="CustomUserRegistry_1" useRegistryServerId="false" primaryAdminId="" customRegistryClassName=""/>
  <userRegistries xmi:type="security:LDAPUserRegistry" xmi:id="LDAPUserRegistry_1" serverId="" serverPassword="{xor}" realm="" ignoreCase="true" useRegistryServerId="false" primaryAdminId="
BD-RTCwasadm" useRegistryRealm="true" type="CUSTOM" sslEnabled="false" sslConfig="" baseDN="DC=d101p,DC=bdpnet,DC=dk" bindDN="CN=BD-RTCDomainAcc,OU=Users,OU=BDServiceAccounts,OU=MgmtResources,DC=d101p,DC=bdpn
et,DC=dk" bindPassword="??????" searchTimeout="120" reuseConnection="true">
    <searchFilter xmi:id="LDAPSearchFilter_1" userFilter="(&amp;(sAMAccountName=%v)(objectclass=person))" krbUserFilter="(&amp;(krbPrincipalName=%v)(objectclass=ePerson))" groupFilter="(&amp;(name=%v)(|(objec
tclass=group)))" userIdMap="*:sAMAccountName" groupIdMap="*:name" groupMemberIdMap="memberof:member" certificateMapMode="EXACT_DN" certificateFilter=""/>
    <hosts xmi:id="EndPoint_1384500757518" host="" port="389"/>
  <userRegistries xmi:type="security:WIMUserRegistry" xmi:id="WIMUserRegistry_1" serverId="" serverPassword="{xor}" realm="" ignoreCase="true" useRegistryServerId="false" primaryAdminId="" registryClassName=""/>
  <authConfig xmi:id="AuthorizationConfig_1" useJACCProvider="false">
    <authorizationProviders xmi:id="AuthorizationProvider_1" j2eePolicyImplClassName="" name="Tivoli Access Manager" policyConfigurationFactoryImplClassName="
cc.TAMPolicyConfigurationFactory" roleConfigurationFactoryImplClassName="" initializeJACCProviderClassName="" requ
iresEJBArgumentsPolicyContextHandler="false" supportsDynamicModuleUpdates="true"/>
 . :
root@aix167:/usr/IBM/WebSphere/AppServer1/profiles/rtc-> more /usr/IBM/WebSphere/Jazz404/server/conf/jts/
#This configuration update was requested by "RTC_infoman".  The old contents of this file were copied to "/usr/IBM/WebSphere/Jazz404/server/conf/jts/".
#Wed Nov 20 10:08:52 CET 2013\:50000/jts\:user\=db2inst1;password\={password};\=BD-JazzAdmins,JazzUsers\=BD-JazzUsers,JazzDWAdmins\=BD-JazzDWAdmins,JazzProjectAdmins\=BD-JazzProjectAdmins,JazzGuests\=BD-JazzGuests\:259200\=d101p,dc\=bdpnet,dc\=dk\=sAMAccountName,name\=displayName,emailAddress\=mail\://\:389\=d101p,dc\=bdpnet,dc\=dk\=?1*\=BD-RTCDomainAcc,OU\=Users,OU\=BDServiceAccounts,OU\=MgmtResources,DC\=d101p,DC\=bdpnet,DC\=dk{""\: [""]}\={USER-DN}\://\:15010/jts\=?1| (displayName\=* ?1*) (displayName\=*_?1*))

Karl Weinert commented Nov 20 '13, 9:57 a.m. | edited Nov 20 '13, 10:00 a.m.

I'm still looking this over and so far it looks ok but I notice in the security.xml there are a couple of odd entries
primaryAdminId value, bindDN value and groupFilter value all have special html encoding characters in them.
This is most likely just the way it was pasted in into the answer, but probably worth checking your LDAP settings in WAS just to make sure.
For example see DC=bdpn in the data above.

The special characters are: &lt;br&gt;

Lets see if they will show up correctly

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.