APAR status
Closed as fixed if next.
Error description
Deploy IBM i2 Analyze with a DB2 password containing "!". Then execute "setup -t startLiberty" command to start the i2analyze server. This results in an error "User ID or Password invalid. ERRORCODE=-4214". Stack Dump = java.lang.IllegalStateException: I2ANALYZE_STATUS:0005 - Exception during initialization. The application is in an unusable state. at com.i2group.apollo.servlet.ApplicationLifecycleManager.startServ icesOrThrow(ApplicationLifecycleManager.java:324) at com.i2group.apollo.servlet.ApplicationLifecycleManager.access$20 0(ApplicationLifecycleManager.java:53) at com.i2group.apollo.servlet.ApplicationLifecycleManager$1.run(App licationLifecycleManager.java:235) at com.ibm.ws.concurrent.internal.SubmittedTask.run(SubmittedTask.j ava:268) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.ja va:522) at java.util.concurrent.FutureTask.run(FutureTask.java:277) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExec utor.java:1153) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExe cutor.java:628) at java.lang.Thread.run(Thread.java:785) Caused by: com.i2group.apollo.common.exception.SystemResourceRuntimeExcepti on: Failed Resource Type: [DATABASE] from the source class [com.i2group.apollo.versioncheck.internal.VersionCheckEntityMana gerModule] with additional context [WriteStore]: Failure to create EntityManagerFactory. The likely cause is the system was unable to connect to the database for the data source named [WriteStore] at com.i2group.apollo.common.exception.SystemResourceRuntimeExcepti on.createNewException(SystemResourceRuntimeException.java:304) at com.i2group.apollo.common.exception.SystemResourceRuntimeExcepti on.createNewDatabaseException(SystemResourceRuntimeException.jav a:60) at com.i2group.apollo.common.guice.EntityManagerModule.wrappedExcep tion(EntityManagerModule.java:135) at com.i2group.apollo.common.guice.EntityManagerModule.<init>(Entit yManagerModule.java:63) at com.i2group.apollo.versioncheck.internal.VersionCheckEntityManag erModule.<init>(VersionCheckEntityManagerModule.java:30) at com.i2group.apollo.servlet.VersionCheckInitializer$1.createInjec tor(VersionCheckInitializer.java:30) at com.i2group.apollo.servlet.VersionCheckInitializer.checkDatabase VersionMatchesCodeVersion(VersionCheckInitializer.java:41) at com.i2group.apollo.servlet.ApolloWriteSideContextListenerHelper. performCustomValidation(ApolloWriteSideContextListenerHelper.jav a:22) at com.i2group.apollo.servlet.ApplicationLifecycleManager$2.execute (ApplicationLifecycleManager.java:462) at com.i2group.apollo.servlet.ApplicationLifecycleManager$2.execute (ApplicationLifecycleManager.java:458) at com.i2group.apollo.common.orm.internal.RobustDatabaseTaskExecuto r.execute(RobustDatabaseTaskExecutor.java:106) at com.i2group.apollo.servlet.ApplicationLifecycleManager.startServ ices(ApplicationLifecycleManager.java:418) at com.i2group.apollo.servlet.ApplicationLifecycleManager.startServ icesOrThrow(ApplicationLifecycleManager.java:297) ... 8 more Caused by: <openjpa-2.2.3-SNAPSHOT-r422266:1708660 fatal general error> org.apache.openjpa.persistence.PersistenceException: [jcc][t4][2013][11249][4.19.49] Connection authorization failure occurred. Reason: User ID or Password invalid. ERRORCODE=-4214, SQLSTATE=28000 DSRA0010E: SQL State = 28000, Error Code = -4,214 The problem with the username and password used in the server.datasources.xml was that the encryption of the clear password was not correct. The clear password has an exclamation ! character in it which is being interpreted on the Windows command-line and not reaching Liberty's securityUtility command which actually performs the encryption. See below some attempts without escaping ! characters. You can see that the output encrypted text is the same in both attempts even though it appears that the input text is different (The second input text includes the ! characters) c:\IBM\i2analyze\deploy\wlp\bin>securityUtility encode --encoding=xor "abc" {xor}Pj08 c:\IBM\i2analyze\deploy\wlp\bin>securityUtility encode --encoding=xor "abc!!" {xor}Pj08 This means that when decrypted the ! characters are not included, and in this case providing the database with an incorrect password.
Local fix
The work around for this is to use the securityUtitlity manually escaping the ! with ^ as below: c:\IBM\i2analyze\deploy\wlp\bin>securityUtility encode --encoding=xor "abc^!" {xor}Pj08fg== Then replace the password in the server.datasources.xml file , then restart liberty.
Problem summary
Calling the Liberty encyption routine on Windows command line required any ! characters to be 'escaped' to prevent truncation of the command line terms.
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
PO06602
Reported component name
I2 ANALYZE
Reported component ID
5725G2200
Reported release
412
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-11-03
Closed date
2016-11-10
Last modified date
2016-11-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Security
Fix information
Applicable component levels
R413 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSXVTH","label":"i2 Analyze"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"412","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
10 November 2016