IBM Support

Access failure with insufficient or empty credentials

Troubleshooting


Problem

When a server instance in a WebSphere network deployment (ND) environment with global security is configured with the ITCAM for Application Diagnostics agent, the application may fail while accessing the Deployment Manager's AdminClient. This problem can happen in ITCAM for WebSphere v6.1 also.

Symptom

Errors like the following can be seen in SystemErr.log or SystemOut.log:

javax.management.JMRuntimeException: ADMN0022E: Access is denied for the getName operation on ThreadPool MBean because of insufficient or empty credentials

and the stack trace will have a method (like getAttribute, invoke) of com.ibm.ws.management.AdminClientImpl class trying to use SOAP or RMI connector to complete the operation.

Cause

If the Deployment Manager's connection properties are not specified in ITCAM for AD's properties, it uses WebSphere's AdminService to discover this. This returns an AdminClient to the Deployment Manager that does not have any credentials since it runs within the security context of the running process. This AdminClient is then cached by WebSphere's AdminClientFactory and then subsequently given to the application that fails since it does not have associated security credentials.

Environment

WebSphere network deployment (including cluster environments) with global security enabled

Resolving The Problem

If the application fails due to the above reason, check the <DC_HOME>/runtime/<server>/datacollector.properties and make sure the Deployment Manager's connection properties are available and set correctly:

deploymentmgr.connnection.type=SOAP (or RMI)

deploymentmgr.soap.connection=<dmgr_host>:<dmgr_soap_port> (if SOAP is used)

deploymentmgr.rmi.connection=<dmgr_host>:<dmgr_rmi_port> (if RMI is used)

Note that the same datacollector.properties also has two additional properties called deploymentmgr.rmi.host and deploymentmgr.rmi.port. Setting these will not resolve the issue.

[{"Product":{"code":"SSDTFJ","label":"Tivoli Composite Application Manager for Application Diagnostics"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"ITCAM for APPLICATION DIAGNOSTICS Agent for WebSphere","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"7.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Product Synonym

ITCAMfAD

Document Information

Modified date:
17 June 2018

UID

swg21573021