I recently set up a horizontal WebSphere Portal Cluster using this excellent Guide :
All steps from the Guide returned “Successful Build” messages.
However, when I shut down the secondary node, I noticed that the Administration Access list of authenticated Portal users was missing users that were successfully registered earlier in the day using Portal Admin.
On further investigation into the System logs for node agent on secondary Portal “node2” I found the following error:
"due to failed validation of the LTPA token. The exception is com.ibm.websphere.security.CustomRegistryException: The realm in the token: ajwxs0474t.spc.hursley.ibm.com:389 does not match the current realm: defaultWIMFileBasedRealm"
I found this description on potential causes :
This is typically due to an expired token or a token created with different LTPA keys. If the token is expired, you might need to increase the LTPA timeout, if necessary. If the keys are not the same, ensure one set of LTPA keys are used in all cells that interoperate, or ensure that a newly added node has synchronized.
Checking the LTPA “timeout” was ok it became clear there was a chance the nodes were not in sync.
The Solution was to synchronise the nodes in the cluster :
1.stop all WebSphere portal servers and node agents in the cell2. turn off administrative security in the cell (via the deployment manager) console
3. restart the DM
4. perform a manual sync of each node (syncNode.bat – see references below for guidance)
5.turn on administrative security in the cell (via the deployment manager)
6.restart the DM
7.perform a manual sync of each nodes (syncNode.bat)
8.start node agents in the cell
9.start the WebSphere portal servers
syncNode.bat references :
For my 2 Portal Cluster, I only needed to run the syncNode.bat command once on each Portal server.
More information on WebSphere Application Server synchronisation :
Many thanks to my colleague in IBM IDR, Austin Texas, who provided guidance and education I needed to do this.