Business Process Choreographer task instances fail after migration to IBM Business Process Manager (BPM)

Troubleshooting

Problem

If your source environment uses both active and historical LTPA keys, after you migrate to IBM Business Process Manager, executing a Business Process Choreographer task instance that uses historical keys will cause an error.

Symptom

When you run an instance that uses historical LTPA keys, you see an error similar to the following error:

[5/8/13 15:56:49:834 GMT+01:00] 000000c7 J2EEContext E ASYN9999E: Unexpected Exception Occurred: com.ibm.websphere.asynchbeans.SerialDeserialException: Exception while deserializing a saved service. Service=security. Unable to deserialize the Subjects in this Context, cause: Validation of LTPA token failed due to invalid keys or token type.
at com.ibm.ws.asynchbeans.J2EEContext.setSavedServicesFromBytes(J2EEContext.java:1942)
at com.ibm.ws.asynchbeans.J2EEContext.readObject(J2EEContext.java:1535)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1039)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1774)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1344)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:363)
at com.ibm.ws.asynchbeans.ExecutionContextImpl.readObject_PAE(ExecutionContextImpl.java:290)
at com.ibm.ws.asynchbeans.ExecutionContextImpl.access$100(ExecutionContextImpl.java:52)
at com.ibm.ws.asynchbeans.ExecutionContextImpl$PAEReadObject.run(ExecutionContextImpl.java:347)
at com.ibm.ws.asynchbeans.ExecutionContextImpl$PAEReadObject.run(ExecutionContextImpl.java:338)
at java.security.AccessController.doPrivileged(AccessController.java:280)
at com.ibm.ws.asynchbeans.ExecutionContextImpl.readObject(ExecutionContextImpl.java:185)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

Cause

During migration, the active LTPA key is exported from the source environment and imported into V8.5. The historical LTPA keys are not included.

Resolving The Problem

To resolve the problem, perform the following steps after the migration:

1. In the migration target environment, in the administrative console, go to Security > SSL certificate and key management > Key sets > CellLTPAKeyPair.

Set the Maximum number of keys referenced in the cell to at least the same value as the value in the source cell.
Set the key store password to the same value as the value in the source cell.
Set Delete key references that are beyond the maximum number of keys to the same value as the value in the source cell.

2. In the migration target environment, back up the key store file. By default, the key store file is WAS_ROOT/profiles/dmgr_profile_name/config/cells/cell_name/ltpa.jceks.

3. Manually replace the key store file in the migration target cell with the key store file from the source environment. This process copies (and replaces) all keys of the source environment to the target environment.

4. In the source environment, ensure that no new keys are created from this point on.

5. Restart the target environment.

[{"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Migration","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Product Synonym

BPM

Was this topic helpful?

Document Information

Modified date:
15 June 2018

UID

swg21638908

Tips