urgency :stopserver /login(bluepages)
The server work well one month,
but now I can't log in rational team concert by web UI (beta2) and can't stopserver SystemOut.LOG 00000029 LdapRegistryI E SECJ0352E: Could not get the users matching the pattern xxxxxx@cn.ibm.com because of the following exception javax.naming.CommunicationException: anonymous bind failed: xxxxx.xxx.com:636 at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:191) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:298) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:208) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:81) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:679) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:259) at javax.naming.InitialContext.init(InitialContext.java:235) at javax.naming.InitialContext.<init>(InitialContext.java:209) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getDirContext(LdapRegistryImpl.java:2450) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.search(LdapRegistryImpl.java:1868) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.search(LdapRegistryImpl.java:1797) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.search(LdapRegistryImpl.java:1792) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getUsers(LdapRegistryImpl.java:1210) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.checkPassword(LdapRegistryImpl.java:297) at com.ibm.ws.security.registry.UserRegistryImpl.checkPassword(UserRegistryImpl.java:303) at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPAServerObject.java:759) at com.ibm.ws.security.server.lm.ltpaLoginModule.login(ltpaLoginModule.java:451) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:618) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709) at java.security.AccessController.doPrivileged(AccessController.java:246) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706) at javax.security.auth.login.LoginContext.login(LoginContext.java:603) at com.ibm.ws.security.auth.JaasLoginHelper.jaas_login(JaasLoginHelper.java:475) at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3171) at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3007) at com.ibm.ws.security.web.FormLoginExtensionProcessor$1.run(FormLoginExtensionProcessor.java:272) at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118) at com.ibm.ws.security.web.FormLoginExtensionProcessor.formLogin(FormLoginExtensionProcessor.java:292) at com.ibm.ws.security.web.FormLoginExtensionProcessor.handleRequest(FormLoginExtensionProcessor.java:166) at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3076) at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:238) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811) at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1425) at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:92) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:394) at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102) at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1812) at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152) at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213) at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195) at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136) at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:193) at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:725) at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:847) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1498) Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found at com.ibm.jsse2.n.a(n.java:37) at com.ibm.jsse2.jc.a(jc.java:388) at com.ibm.jsse2.db.a(db.java:390) at com.ibm.jsse2.db.a(db.java:161) at com.ibm.jsse2.eb.a(eb.java:20) at com.ibm.jsse2.eb.a(eb.java:152) at com.ibm.jsse2.db.m(db.java:303) at com.ibm.jsse2.db.a(db.java:230) at com.ibm.jsse2.jc.a(jc.java:446) at com.ibm.jsse2.jc.g(jc.java:433) at com.ibm.jsse2.jc.a(jc.java:384) at com.ibm.jsse2.j.write(j.java:6) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:88) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:146) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:418) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:349) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:185) ... 53 more Caused by: com.ibm.jsse2.util.h: No trusted certificate found at com.ibm.jsse2.util.g.a(g.java:54) at com.ibm.jsse2.util.g.b(g.java:143) at com.ibm.jsse2.util.e.a(e.java:4) at com.ibm.jsse2.yb.checkServerTrusted(yb.java:20) at com.ibm.ws.ssl.core.WSX509TrustManager.checkServerTrusted(WSX509TrustManager.java:164) at com.ibm.jsse2.hb.checkServerTrusted(hb.java:11) at com.ibm.jsse2.eb.a(eb.java:240) ... 65 more . 00000029 LdapRegistryI E SECJ0336E: Authentication failed for user xxxxxx@cn.ibm.com because of the following exception com.ibm.websphere.security.CustomRegistryException: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found 00000029 LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is javax.naming.CommunicationException: anonymous bind failed: xxxxxxx.xxxxx.com:636 . 00000029 FormLoginExte E SECJ0118E: Authentication error during authentication for user xxxxxx@cn.ibm.com 0000002a LdapRegistryI A SECJ0418I: Cannot connect to the LDAP server ldap://xxxxxxx.xxxxx.com:636. 0000002a LdapRegistryI A SECJ0418I: Cannot connect to the LDAP server ldap://xxxxxxx.xxxxx.com:636. 0000002a LdapRegistryI A SECJ0418I: Cannot connect to the LDAP server ldap://xxxxxxx.xxxxx.com:636. 0000002a LdapRegistryI E SECJ0352E: Could not get the users matching the pattern xxxxxx@cn.ibm.com because of the following exception javax.naming.CommunicationException: anonymous bind failed: xxxxxxx.xxxxx.com:636 at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:191) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:298) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:208) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:81) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:679) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:259) at javax.naming.InitialContext.init(InitialContext.java:235) at javax.naming.InitialContext.<init>(InitialContext.java:209) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getDirContext(LdapRegistryImpl.java:2450) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.search(LdapRegistryImpl.java:1868) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.search(LdapRegistryImpl.java:1797) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.search(LdapRegistryImpl.java:1792) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.getUsers(LdapRegistryImpl.java:1210) at com.ibm.ws.security.registry.ldap.LdapRegistryImpl.checkPassword(LdapRegistryImpl.java:297) at com.ibm.ws.security.registry.UserRegistryImpl.checkPassword(UserRegistryImpl.java:303) at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPAServerObject.java:759) at com.ibm.ws.security.server.lm.ltpaLoginModule.login(ltpaLoginModule.java:451) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:618) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709) at java.security.AccessController.doPrivileged(AccessController.java:246) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706) at javax.security.auth.login.LoginContext.login(LoginContext.java:603) at com.ibm.ws.security.auth.JaasLoginHelper.jaas_login(JaasLoginHelper.java:475) at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3171) at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3007) at com.ibm.ws.security.web.FormLoginExtensionProcessor$1.run(FormLoginExtensionProcessor.java:272) at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118) at com.ibm.ws.security.web.FormLoginExtensionProcessor.formLogin(FormLoginExtensionProcessor.java:292) at com.ibm.ws.security.web.FormLoginExtensionProcessor.handleRequest(FormLoginExtensionProcessor.java:166) at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3076) at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:238) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:811) at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1425) at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:92) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:394) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:274) at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:984) at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInboundPostHandshake(SSLConnectionLink.java:678) at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyHandshakeCompletedCallback.complete(SSLConnectionLink.java:380) at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:801) at com.ibm.ws.ssl.channel.impl.SSLHandshakeIOCallback.complete(SSLHandshakeIOCallback.java:70) at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152) at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213) at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195) at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136) at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:193) at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:725) at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:847) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1498) Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found at com.ibm.jsse2.n.a(n.java:37) at com.ibm.jsse2.jc.a(jc.java:388) at com.ibm.jsse2.db.a(db.java:390) at com.ibm.jsse2.db.a(db.java:161) at com.ibm.jsse2.eb.a(eb.java:20) at com.ibm.jsse2.eb.a(eb.java:152) at com.ibm.jsse2.db.m(db.java:303) at com.ibm.jsse2.db.a(db.java:230) at com.ibm.jsse2.jc.a(jc.java:446) at com.ibm.jsse2.jc.g(jc.java:433) at com.ibm.jsse2.jc.a(jc.java:384) at com.ibm.jsse2.j.write(j.java:6) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:88) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:146) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:418) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:349) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:185) ... 57 more Caused by: com.ibm.jsse2.util.h: No trusted certificate found at com.ibm.jsse2.util.g.a(g.java:54) at com.ibm.jsse2.util.g.b(g.java:143) at com.ibm.jsse2.util.e.a(e.java:4) at com.ibm.jsse2.yb.checkServerTrusted(yb.java:20) at com.ibm.ws.ssl.core.WSX509TrustManager.checkServerTrusted(WSX509TrustManager.java:164) at com.ibm.jsse2.hb.checkServerTrusted(hb.java:11) at com.ibm.jsse2.eb.a(eb.java:240) ... 69 more . 0000002a LdapRegistryI E SECJ0336E: Authentication failed for user xxxxxx@cn.ibm.com because of the following exception com.ibm.websphere.security.CustomRegistryException: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found 0000002a LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is javax.naming.CommunicationException: anonymous bind failed: xxxxxxx.xxxxx.com:636 . 0000002a FormLoginExte E SECJ0118E: Authentication error during authentication for user xxxxxx@cn.ibm.com |
4 answers
|
I want to log in websphere admin console.
https://hostname:9043/ibm/console/logon.jsp but get the following message: Login failed. Check the user ID and password and try again. My user id and password is correct. |
|
I want to change from anonymous bind to user/password in websphere admin console.
but I can't to log in. who can tell me how to update a file to change? |
What happened is that the bluepages certificate changed over the weekend, and your server doesn't know to trust the new one. Since you were using the bluepages to authenticate your admin rights for WAS, you are kind of dead in the water. (You can't even restart the server without rebooting the machine since it requires your bluepage credentials). The same thing happened to me.
I was able to resolve the problem by reverting back to OS security by editing the security.xml file, and then turning off security all together until I could load the new certificate for bluepages. Here's how I did it (there are probably better ways since I have almost no experience with WebSphere, and some of these steps might even be unnecessary): Open a cmd prompt in WebSphere\AppServer\bin enter wsadmin.bat -conntype NONE (this lets you connect ot the local websphere without providing any credentials, but I think also limits what you can do). inside wasadmin console enter: securityoff This should disable administrator security. You still need to have websphere not use bluepages for the user register. To do that that go to WebSphere\AppServer\profiles\AppSrv01\config\cells[whatever your cell name is]\security.xml and change activeUserRegistry="LDAPUserRegistry_1" to activeUserRegistry="LocalOSUserRegistry" Reboot your server, and you should be able to logon via the web admin console. Go to the security section on the left, and select "SSL certificate and key management". On the Related Items pane on the right, select "Key stores and certificates". Go to NodeDefaultTrustStore and under Additional Properties, select signer certificates. You should see one for bluepages, delete it, and select retrieve from port to get a new one. Once that's done, go to Security administration, applications, and infrastructure section of security on the left pane. You can re-enable administration security, and application security, and you should set the User account repository back to standalone ldap. |
|
Thanks.Now my server is ready
I follow your comments. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.