Some customers report problems when they connect Process Server to Process Center as an online server. In most circumstances, the problems are caused by incorrect configuration. So I summarize the most likely problematic configurations as below.
- URL of Process Center
This setting specifies the URL that IBM Process Server uses to connect to a pre-220.127.116.11 Process Center.
This setting specifies the URL that IBM Process Server uses to connect to an IBM BPM 18.104.22.168 or later Process Center. An 22.214.171.124 or later Process Center supports both the processCenterUrl setting and the processCenterInternalUrl setting. However, the processCenterInternalUrl is the preferred method of communication and it is automatically used when it is available.
The typical processCenterUrl is http://<ProcessCenter_host>:< WC_defaulthost>/ProcessCenter or https://<ProcessCenter_host>:< WC_defaulthost_secure>/ProcessCenter. The ProcessCenter_host and port should always be same between processCenterUrl and processCenterInternalUrl. But processCenterInternalUrl also has the literal string Internal appended at the end for the context root, for example, https://<ProcessCenter_host>:<WC_defaulthost_secure>/ProcessCenterInternalUrl.
The most common problems:
Using incorrect process center host;
Using http with WC_defaulthost_secure, or https with WC_defaulthost;
Using proxy/web server host of process center environment with incorrect port;
Using incorrect context root
There is a quick way to isolate problem related to URL – connect to Process Center via a web browser with same URL of processCenterUrl on the machine of Process Server, which can help you confirm if the URL is correct, and the network between Process Center and Process Server is connected.
- ProcessCenterUser and BPMAuthor roles
- Get the authentication alias of the roles "ProcessCenterUser" and “BPMAuthor” on Process Server environment.
- Get the user and password defined in the authentication alias.
- Ensure the user who maps to role “ProcessCenterUser” exists on Process Center environment, and the password of the authentication alias is the password of this user on Process Center environment. The user will be used during the heartbeat to log into Process Center and it does not need any special authorization in Process Center.
For example, ProcessCenterUser role is configured with authentication alias ProcessCenterUserAuthenticationAlias_DePS, and user admin is defined in this alias. The user admin exists in both Process Server and Process Center, but the password of admin user on Process Server is “admin”, while on Process Center it is “passw0rd”. So in this alias on Process Server, the password should be “passw0rd”, instead of “admin”.
- For role BPMAuthor, by default it’s mapped to authentication alias DeAdminAlias. Sometimes customers may create a specific authentication alias, BPMAuthorAlias, for the role. Either way, you need to ensure the BPMAuthor role must point to the same user in both the Process Center and the Process Server, and must have the same password.
The user should have the authority to access and deploy snapshots to the Process Server. This user is saved in the LSW_SERVER table in the Process Center database and used when the process application is deployed to this Process Server.
This is a key parameter to determine if this Process Server is offline or online. A Process Server is online when the heartBeatInterval value is a number that is greater than 0 (zero). The heartbeat interval is the polling interval, in seconds, that is used by the Process Server to communicate its location and characteristics to the Process Center.
- HTTP VS HTTPS
Firstly you need to confirm whether you can use secure http communication between Process Server and Process Center. If it’s not allowed in your environment, for example, the HTTPS port is not opened on your firewall, you need to change your environment configuration or configure BPM to use HTTP instead. The HTTP VS HTTPS related configurations should be checked from two directions as below.
- From Process Server to Process Center
- Check the values of processCenterUrl and processCenterInternalUrl, and ensure the URL starts from https:// and use WC_defaulthost_secure port.
- Import WebSphere Application Server (WAS) root SSL certificate from Process Center to Process Server
- Check the values of processCenterUrl and processCenterInternalUrl, and ensure the URL starts from http:// and use WC_defaulthost port.
- From Process Center to Process Server
- Check the value of useHTTPSURLPrefixes and ensure it’s true on both Process Server and Process Center.
- Import WAS root SSL certificate of Process Server to Process Center
- Check the value of deploySnapshotUsingHttps on both Process Center and Process Server, and ensure it’s true (for V126.96.36.199 only)
- Check the value of useHTTPSURLPrefixes and ensure it’s false on both Process Server and Process Center.
- Check the value of deploySnapshotUsingHttps on both Process Center and Process Server and ensure it’s false (for V188.8.131.52 only)
HTTP is set as the default for communication between Process Center and Process Server on BPM V184.108.40.206.
HTTPS is set as the default for communication between Process Center and Process Server on BPM V8.5.5 and later.
HTTPS is set as the default for communication from Process Center to Process Server on BPM V220.127.116.11.
Regarding how to check and change the values of these configurations, here are the steps.
- Start the wsadmin scripting tool. To start wsadmin using the Jython language, run the following command from the bin directory of the deployment manager profile:
wsadmin -conntype NONE -lang jython
- Get the Process Server/Center configuration of the application cluster:
wsadmin> ps = AdminConfig.getid("/Cell:/ServerCluster:application_cluster_name/BPMClusterConfigExtension:/BPMProcessServer:/")
wsadmin> pc = AdminConfig.getid("/Cell:/ServerCluster:application_cluster_name/BPMClusterConfigExtension:/BPMProcessCenter:/")
- Check current configuration of the Process Center or Process Server:
wsadmin> print AdminConfig.show(ps)
- Change configuration, for example, update the useHTTPSURLPrefixes variable:
wsadmin> AdminConfig.modify(ps, [['useHTTPSURLPrefixes', 'false']])
- Save the changes and exit:
Regarding how to import SSL certificate, here are the steps:
- Import the Process Server WAS root SSL certificate into Process Center.
- In the Process Center WAS administrative console, click Security > SSL certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates > Retrieve from port.
- Enter the Host name, secure Port of the Process Server profile (WC_defaulthost_secure), and Alias, and click Retrieve signer information. You can retrieve the signer information for any of the servers listed.
- Click Apply and save changes.
- The steps of import Process Center root SSL certificate to Process Server are similar as above as well.
title image (modified) credit: (cc) Some rights reserved by ClkerFreeVectorImages