BPMSecurityUnlock command

Edit online

Draft comment:
This topic only applies to BAW, and is located in the BAW repository. Last updated on 2025-03-13 12:15

Use the BPMSecurityUnlock command to unlock an application cluster member during server startup.

The BPMSecurityUnlock command is run using the AdminTask object of the wsadmin scripting client.

Because group replication occurs at the application-cluster level and application clusters contain multiple servers, group replication starts simultaneously on multiple servers when you start a cluster or group. IBM® Business Automation Workflow designates a server to synchronize the external security group using a lock mechanism. Therefore, the cluster member that acquired the lock synchronizes an external Lightweight Directory Access Protocol (LDAP) security provider and an internal database. The other cluster members wait for the lock to be released and then read the information from the database.

If the cluster member that controls the lock stops, leaving the lock set in the database, the other cluster members can go into an interminable loop. If a failure is detected, unlock the application cluster member that acquired the lock by running the BPMSecurityUnlock command.

To ensure that you do not interrupt normal processing, you must allow enough time for your normal server start up time. For example, if normal server start up time is 20 minutes, wait 20 minutes before executing the command.

Important: In a network deployment environment, you must run the BPMSecurityUnlock command on the cluster member that acquired the lock; do not run this command from the deployment manager profile.

Prerequisites

Note: In an environment with multiple security domains configured, use the PALService MBean instead of this wsadmin command. See The Process Application LifeCycle (PAL) MBean.

Draft comment:
Does this command run in connected or not connected mode? If it runs in connected mode, include security role information. Make clear if the role is a BPM or WAS role. For a wsadmin command that runs in connected mode, you must specify the user and password parameters in the syntax and example.

Error logs

Informational messages indicate how long the lock is active for.

CWLND0004W - The system has been waiting for the group replication lock to be released for the last 20 minutes.
Explanation: For more information, see the BPMSecurityUnlock command topic in the Information Center.
User action: To ensure that you do not interrupt normal processing, allow enough time for your server to start up normally before you unlock the application cluster member that acquired the lock by running the BPMSecurityUnlock command.

CWLND0005I - The group replication process has started.
Explanation: This message is for informational purposes only.
User action: No action is required.

CWLND0006I - The group replication process has competed.
Explanation: This message is for informational purposes only.
User action: No action is required.

Parameters

None.

Example

The following example illustrates how to run the BPMSecurityUnlock command. In the example, the user establishes a SOAP connection to the Workflow Center server.

This topic applies only to the IBM Business Automation Workflow Advanced
configuration.

Important: In a network deployment environment, use the port configured for the application cluster member that runs the Workflow Server or Workflow Center applications. To determine the correct port number, see the WebSphere® administrative console Ports collection page (click Servers > Server Types > WebSphere application servers > server_name > Communications > Ports and find the value for SOAP_CONNECTOR_ADDRESS).

wsadmin -conntype SOAP -port 8880 -host ProcessCenterServer01.mycompany.com -user admin -password admin -lang jython
AdminTask.BPMSecurityUnlock()