Troubleshooting
Problem
After applying one of the following Fix Packs or Cumulate Security Updates (CSUs)
- IBM MQ 9.1.0.36 (or later)
- IBM MQ 9.2.0.42 (or later)
- IBM MQ 9.3.0.40 (or later)
- IBM MQ 9.4.0.21 (or later)
- IBM MQ 9.4.5.1 (or later)
and starting the mqweb server, attempts to log into the MQ Console fail with the error message:
Login failed. Enter a valid user ID and password.
This occurs even when valid credentials are provided.
Symptom
When checking the mqweb server log files, you may observe errors similar to the examples shown below:
console.log:
[ERROR ] CWWKS4000E: A configuration exception has occurred. The requested TokenService instance of type Ltpa2 could not be found.
messages.log:
[5/28/26 11:34:30:496 BST] 00000034 com.ibm.ws.logging.internal.impl.IncidentImpl I FFDC1015I: An FFDC Incident has been created: "javax.crypto.BadPaddingException: Given final block not properly padded com.ibm.ws.security.token.ltpa.LTPAKeyInfoManager 274" at ffdc_26.05.28_11.34.30.0.log [5/28/26 11:34:30:513 BST] 00000034 com.ibm.ws.logging.internal.impl.IncidentImpl I FFDC1015I: An FFDC Incident has been created: "javax.crypto.BadPaddingException: Given final block not properly padded com.ibm.ws.security.token.ltpa.internal.LTPAKeyCreateTask 125" at ffdc_26.05.28_11.34.30.1.log [5/28/26 11:34:30:513 BST] 00000034 com.ibm.ws.security.token.ltpa.internal.LTPAKeyCreateTask E CWWKS4106E: LTPA configuration error. Unable to create or read LTPA key file: /var/mqm/web/installations/Installation1/servers/mqweb/resources/security/ltpa.keys ... [5/28/26 11:34:31:234 BST] 00000035 com.ibm.ws.session.WASSessionCore I SESN8501I: The session manager did not find a persistent storage location; HttpSession objects will be stored in the local application server's memory. ... [5/28/26 11:34:47:233 BST] 00000058 com.ibm.ws.security.token.internal.TokenManagerImpl E CWWKS4000E: A configuration exception has occurred. The requested TokenService instance of type Ltpa2 could not be found. [5/28/26 11:34:47:291 BST] 00000058 com.ibm.ws.logging.internal.impl.IncidentImpl I FFDC1015I: An FFDC Incident has been created: "java.lang.IllegalArgumentException: CWWKS4000E: A configuration exception has occurred. The requested TokenService instance of type Ltpa2 could not be found. com.ibm.ws.security.token.internal.TokenManagerImpl 89" at ffdc_26.05.28_11.34.47.0.log [5/28/26 11:34:47:354 BST] 00000058 com.ibm.ws.logging.internal.impl.IncidentImpl I FFDC1015I: An FFDC Incident has been created: "com.ibm.websphere.security.auth.TokenCreationFailedException: CWWKS4000E: A configuration exception has occurred. The requested TokenService instance of type Ltpa2 could not be found. com.ibm.ws.security.credentials.ssotoken.internal.SSOTokenCredentialProvider 114" at ffdc_26.05.28_11.34.47.1.log [5/28/26 11:34:47:385 BST] 00000058 com.ibm.ws.logging.internal.impl.IncidentImpl I FFDC1015I: An FFDC Incident has been created: "javax.security.auth.login.CredentialException: CWWKS4000E: A configuration exception has occurred. The requested TokenService instance of type Ltpa2 could not be found. com.ibm.ws.security.authentication.jaas.modules.UsernameAndPasswordLoginModule 114" at ffdc_26.05.28_11.34.47.2.log
In addition to this, FDCs will be generated containing information similar to these:
FDC 1:
------Start of DE processing------ = [5/28/26 11:34:30:433 BST]
Exception = javax.crypto.BadPaddingException
Source = com.ibm.ws.security.token.ltpa.LTPAKeyInfoManager
probeid = 274
Stack Dump = javax.crypto.BadPaddingException: Given final block not properly padded
at com.ibm.crypto.provider.AbstractBufferingCipher.a(AbstractBufferingCipher.java:143)
at com.ibm.crypto.provider.AbstractBufferingCipher.engineDoFinal(AbstractBufferingCipher.java:15)
at javax.crypto.Cipher.doFinal(Cipher.java:65)
at com.ibm.ws.crypto.ltpakeyutil.LTPACrypto.decrypt(LTPACrypto.java:693)
at com.ibm.ws.crypto.ltpakeyutil.KeyEncryptor.decrypt(KeyEncryptor.java:55)
at com.ibm.ws.security.token.ltpa.LTPAKeyInfoManager.decryptKeys(LTPAKeyInfoManager.java:332)
at com.ibm.ws.security.token.ltpa.LTPAKeyInfoManager.loadLtpaKeysFile(LTPAKeyInfoManager.java:273)
at com.ibm.ws.security.token.ltpa.LTPAKeyInfoManager.prepareLTPAKeyInfo(LTPAKeyInfoManager.java:139)
at com.ibm.ws.security.token.ltpa.internal.LTPAKeyCreateTask.getPreparedLtpaKeyInfoManager(LTPAKeyCreateTask.java:57)
at com.ibm.ws.security.token.ltpa.internal.LTPAKeyCreateTask.createRequiredCollaborators(LTPAKeyCreateTask.java:97)
at com.ibm.ws.security.token.ltpa.internal.LTPAKeyCreateTask.run(LTPAKeyCreateTask.java:107)
at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:344)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.lang.Thread.run(Thread.java:822)
FDC 2:
------Start of DE processing------ = [5/28/26 11:34:47:244 BST]
Exception = java.lang.IllegalArgumentException
Source = com.ibm.ws.security.token.internal.TokenManagerImpl
probeid = 89
Stack Dump = java.lang.IllegalArgumentException: CWWKS4000E: A configuration exception has occurred. The requested TokenService instance of type Ltpa2 could not be found.
at com.ibm.ws.security.token.internal.TokenManagerImpl.getTokenServiceForType(TokenManagerImpl.java:185)
at com.ibm.ws.security.token.internal.TokenManagerImpl.createSSOToken(TokenManagerImpl.java:84)
at com.ibm.ws.security.credentials.ssotoken.internal.SSOTokenCredentialProvider.setSsoTokenCredential(SSOTokenCredentialProvider.java:110)
at com.ibm.ws.security.credentials.ssotoken.internal.SSOTokenCredentialProvider.setCredential(SSOTokenCredentialProvider.java:87)
at com.ibm.ws.security.credentials.internal.CredentialsServiceImpl.setCredentials(CredentialsServiceImpl.java:78)
at com.ibm.ws.security.authentication.internal.jaas.modules.ServerCommonLoginModule.setCredentials(ServerCommonLoginModule.java:180)
at com.ibm.ws.security.authentication.jaas.modules.UsernameAndPasswordLoginModule.setUpTemporarySubject(UsernameAndPasswordLoginModule.java:154)
at com.ibm.ws.security.authentication.jaas.modules.UsernameAndPasswordLoginModule.login(UsernameAndPasswordLoginModule.java:86)
at com.ibm.ws.kernel.boot.security.LoginModuleProxy.login(LoginModuleProxy.java:53)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
at java.security.AccessController.doPrivileged(AccessController.java:755)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:696)
at javax.security.auth.login.LoginContext.login(LoginContext.java:597)
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"ARM Category":[{"code":"a8m0z000000cwq4AAA","label":"Administration-\u003EWebUI"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0.0;10.0.1;8.0.0;8.1.0;9.0.0;9.0.1;9.0.2;9.0.3;9.0.4;9.0.5;9.1.0;9.1.1;9.1.2;9.1.3;9.1.4;9.1.5;9.2.0;9.2.1;9.2.2;9.2.3;9.2.4;9.2.5;9.3.0;9.3.1;9.3.2;9.3.3;9.3.4;9.3.5;9.4.0;9.4.1;9.4.2;9.4.3;9.4.4;9.4.5"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
05 June 2026
UID
ibm17274419