Datapower OAuth Implementation

The diagram represents a sample implementation of Datapower OAuth with client credentials grant

Curl commands for validation

curl -k https://datapowerip:wts-port/token -d "grant_type=client_credentials&scope=myappscope&client_id=my-oauth-client&client_secret=xxxx"
{ "token_type":"bearer", "access_token":"AAEQZXNsLW9hdXRoLWNsaWVudHpgnOEYxWUBn/+E5sWHQ3hmceNpl7iHSGXsloTedkGwXz2p1Eb9o3v+lB0jcRZhgBQrpwCupRyCmGioipGXhIfeMyYB3oBuuJhO0RWKuOHX", "expires_in":3600, "scope":"myappscope" }


curl -k -X "GET" "https://datapowerip:mpg-port/{myapp-url-data}" -H "Authorization: Bearer AAEQZXNsLW9hdXRoLWNsaWVudHpgnOEYxWUBn/+E5sWHQ3hmceNpl7iHSGXsloTedkGwXz2p1Eb9o3v+lB0jcRZhgBQrpwCupRyCmGioipGXhIfeMyYB3oBuuJhO0RWKuOHX" -H "Accept: application/json"

Tealeaf packet forwarder commands

service pktfwdr start
service pktfwdr stop
service pktfwdr status
service pktfwdr ctcstats -p

JVM arguments

To rotate gc 100 log files after 1000 cycles each

-Xverbosegclog:/opt/WebSphere/logs/gc#.log,100,1000

WebSphere Server initialization failed on AIX

Delete files under /tmp/javasharedresources and rerun the start command

Datapower 7199 hardware guide

http://publib.boulder.ibm.com/infocenter/wsdatap/v4r0m2/topic/com.ibm.dp.doc/7199InstallationUsersGuide.pdf

MQ Commands

cd /usr/bin/mqm
./runmqsc queue-manager-name

START LISTENER ('listener-name')

Datapower device information / type / serial no

Status -> System -> Version Information

Datapower Web GUI timeout

Update the idle timeout settings in
Network -> Management -> Web Management Service -> Idle Timeout
Default: 600 seconds
Maximum; 65535 seconds

WSRR Datapower Integration

1) Login to DP domain. Network -> XML Management Interface -> Main -> Enabled services -> Check WSSR subscription and save.
2) Search -> WSRR Server -> Configure WSRR Server
3) Change the host name in SOAP URL.
4) Create SSL Proxy profile with forward crypto and valid cred with WSRR server (ex; production wsrr server) certificate
5) Enter user name and password to authenticate to WSRR server. Select WSRR Version 7.5 or later.
6) Save

7) Login into WSRR Runtime -> Search wsdl from search box -> Save the search (my_WSDLs)
8) Login to WSSR Runtime admin console and import the datapower certificate into NodeDefaultTrustStore.

8) From DP -> Create WSP -> Add WSRR Saved Search Subscription -> Choose WSRR Server -> Select Search  (my_WSDLs). The search will automatically show up.
9) Set the synchronization to automatic
10) Set fetch policy attachments to on.

WSRR activities

1) To share spaces, login as the user created the space.
Go to spaces -> Right click on Actions -> Search by users/groups -> Share space

WSRR install

1)
Download DB2_97_limited_CD_Linux_x86-64.tar.gz
gunzip DB2_97_limited_CD_Linux_x86-64.tar.gz
tar -xvf DB2_97_limited_CD_Linux_x86-64.tar
cd wser
./db2_setup

2)
Download WSRR_v8.0_LINUX_X86_ML.tar.gz
The installer is same for both 32 and 64 bit
tar -zxvf WSRR_v8.0_LINUX_X86_ML.tar.gz
./launchpad.sh

Installation issues
- set ulimit properly. Otherwise, install will fail
- gsr9015e: error related to creating remote database although local database is chosen
check resolv.conf and hosts file for proper name resolution.

3) Start server
4) Load enablement profile
5) I repeated the same steps across 3 servers (ex: s1, s2 and s3)

6) Server functionalities
s1 - WSRR Master Governance server
s2 - WSRR Production Runtime
s3 - WSRR Governance Runtime

7) Login into s1 WAS administration console
Security -> SSL Certificate and Key management -> Keystores and Certificates -> NodeDefaultTrustStore -> Signer Certificates -> Retrieve from port
Host name: s2
Port: 9443
Alias: s2

Repeat the step for s3 host

8) Login into s2 WAS administration console

Security -> SSL Certificate and Key management -> Keystores and Certificates -> NodeDefaultTrustStore -> Signer Certificates -> Retrieve from port
Host name: s1
Port: 9443
Alias: s1
If you are using itcam, configure signer certificate for itcam as well.

9) Login into s3 WAS administration console

Security -> SSL Certificate and Key management -> Keystores and Certificates -> NodeDefaultTrustStore -> Signer Certificates -> Retrieve from port
Host name: s1
Port: 9443
Alias: s1

If you are using itcam, configure signer certificate for itcam as well.

10) Update the realm name to be unique on each server. 

11) Restart all the servers

12) Login to ServiceRegistry for s1
http://s1:9080/ServiceRegistry
Perspective -> Configuration -> Active Profile -> Promotion -> Promotion Properties
Edit the xml to have the following content.

============

<?xml version="1.0" encoding="UTF-8"?>

<promotion-configuration xmlns="http://www.ibm.com/xmlns/prod/serviceregistry/6/1/PromotionProperties" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<environments>

<environment name="http://www.ibm.com/xmlns/prod/serviceregistry/6/1/GovernanceProfileTaxonomy#Staging">
<servers>
<server name="s3" port="2809"/>
</servers>
<promotion>
<type>sync-optimized</type>
</promotion>
<security enabled="true">
<wsrrUser>wasadmin</wsrrUser>
<wsrrRealm>defaultWIMFileBasedRealm3</wsrrRealm>
<wsrrPassword>(DES)aXRzbzR5b3U=</wsrrPassword>
</security>
</environment>

<environment name="http://www.ibm.com/xmlns/prod/serviceregistry/6/1/GovernanceProfileTaxonomy#Production">
<servers>
<server name="s2" port="2809"/>
</servers>
<promotion>
<type>sync-optimized</type>
</promotion>
<security enabled="true">
<wsrrUser>wasadmin</wsrrUser>
<wsrrRealm>defaultWIMFileBasedRealm2</wsrrRealm>
<wsrrPassword>(DES)aXRzbzR5b3U=</wsrrPassword>
</security>
</environment>

</environments>

<transitions>

<transition name="http://www.ibm.com/xmlns/prod/serviceregistry/lifecycle/v6r3/LifecycleDefinition#ApproveStagingDeployment">
<target-environments>
<name>http://www.ibm.com/xmlns/prod/serviceregistry/6/1/GovernanceProfileTaxonomy#Staging</name>
</target-environments>
<ignore-relationships>
<name>Deployed_On_Application_Server</name>
<name>Runs_On_Computer_System</name>
</ignore-relationships>
<include-policies>
<applies-to>http://www.ibm.com/xmlns/prod/serviceregistry/profile/v6r3/GovernanceEnablementModel#ServiceLevelDefinition</applies-to>
<applies-to>http://www.ibm.com/xmlns/prod/serviceregistry/profile/v6r3/GovernanceEnablementModel#ServiceLevelAgreement</applies-to>
<applies-to>http://www.ibm.com/xmlns/prod/serviceregistry/profile/v6r3/GovernanceProfileExtensions#ServiceLevelDefinition</applies-to>
<applies-to>http://www.ibm.com/xmlns/prod/serviceregistry/profile/v6r3/GovernanceProfileExtensions#ServiceLevelAgreement</applies-to>
<allowed-state>http://www.ibm.com/xmlns/prod/serviceregistry/lifecycle/v6r3/LifecycleDefinition#SOAPolicyLifecycle_Approved</allowed-state>
<allowed-state>http://www.ibm.com/xmlns/prod/serviceregistry/lifecycle/v6r3/LifecycleDefinition#SOAPolicyLifecycle_Superceded</allowed-state>
<allowed-state>http://www.ibm.com/xmlns/prod/serviceregistry/lifecycle/v6r3/LifecycleDefinition#SOAPolicyLifecycle_Deprecated</allowed-state>
<allowed-state>http://www.ibm.com/xmlns/prod/serviceregistry/lifecycle/v6r3/LifecycleDefinition#SOAPolicyLifecycle_Retired</allowed-state>
</include-policies>
</transition>

<transition name="http://www.ibm.com/xmlns/prod/serviceregistry/lifecycle/v6r3/LifecycleDefinition#ApproveProductionDeployment">
<target-environments>
<name>http://www.ibm.com/xmlns/prod/serviceregistry/6/1/GovernanceProfileTaxonomy#Production</name>
</target-environments>
<ignore-relationships>
<name>Deployed_On_Application_Server</name>
<name>Runs_On_Computer_System</name>
</ignore-relationships>
<include-policies>
<applies-to>http://www.ibm.com/xmlns/prod/serviceregistry/profile/v6r3/GovernanceEnablementModel#ServiceLevelDefinition</applies-to>
<applies-to>http://www.ibm.com/xmlns/prod/serviceregistry/profile/v6r3/GovernanceEnablementModel#ServiceLevelAgreement</applies-to>
<applies-to>http://www.ibm.com/xmlns/prod/serviceregistry/profile/v6r3/GovernanceProfileExtensions#ServiceLevelDefinition</applies-to>
<applies-to>http://www.ibm.com/xmlns/prod/serviceregistry/profile/v6r3/GovernanceProfileExtensions#ServiceLevelAgreement</applies-to>
<allowed-state>http://www.ibm.com/xmlns/prod/serviceregistry/lifecycle/v6r3/LifecycleDefinition#SOAPolicyLifecycle_Approved</allowed-state>
<allowed-state>http://www.ibm.com/xmlns/prod/serviceregistry/lifecycle/v6r3/LifecycleDefinition#SOAPolicyLifecycle_Superceded</allowed-state>
<allowed-state>http://www.ibm.com/xmlns/prod/serviceregistry/lifecycle/v6r3/LifecycleDefinition#SOAPolicyLifecycle_Deprecated</allowed-state>
<allowed-state>http://www.ibm.com/xmlns/prod/serviceregistry/lifecycle/v6r3/LifecycleDefinition#SOAPolicyLifecycle_Retired</allowed-state>
</include-policies>
</transition>

</transitions>
</promotion-configuration>

============

13) 
http://s1:9080/ServiceRegistry
Perspective -> Administration -> View -> Concepts -> New
Name: testObject
Finish

14) Perspective -> Administration -> View -> Concepts -> testObject -> Governance

WebSphere commands

Delete a profile
1) $WAS_HOME/bin/manageprofiles.sh -delete -profileName {profile_name}
2) Delete the profile directory $WAS_HOME/profiles/{profile_name}
3)  $WAS_HOME/bin/manageprofiles.sh -validateAndUpdateRegistry

db2 commands

db2 list db directory

db2 drop database sample
db2 connect to sample 

su - db2inst1
db2stop
db2start
db2ilist

db2 get dbm cfg | grep SVC
db2set -i db2inst1 DB2COMM=tcpip
db2 update dbm cfg using SVCENAME 50000

WebSphere Portal 6.1.0.5 fixpack upgrade

1) Download the following files from IBM
 6.1-WP-UpdateInstaller-AIX.tar.gz
 6.1.0-WP-Multi-FP005
 6.1.0.5-WCM-PM45034
 6.1.0.5-6.1.5.2-WP-CFPM40015-CF15

2) Create directory portal_root/update
    Extract 6.1-WP-UpdateInstaller-AIX.tar.gz under update directory
3) Create directory portal_root/update/fixpack
    Extract remaining zip files under fixpack directories

4) Check PortalAdminPwd and WasPassword are in wkplc.properties file.
5) Check all DB passwords are in wkplc_comp.properties file.
6) Add the following line in wkplc.properties file
    PWordDelete=false.
7) Check XmlAccessPort property in wkplc_comp.properties matches the value of the portal server http port

8) Set DbSafeMode=true in wkplc_dbtype.properties

9) Do a full resynchronization on node agents
10) Disable Automatic synchronization in nodeagents and restart nodeagents
11) Stop WebSphere_Portal on primary node

12) Run the upgrade
portal_root_dir/update/updatePortal.sh -install -installDir "portal_root_dir" -fixpack -fixpackDir "portal_root_dir/update/fixpacks" -fixpackID WP_PTF_6105

WebSphere 8.5 Liberty Profile Setup

1) Download the WebSphere 8.5 liberty profile from
https://www.ibm.com/developerworks/mydeveloperworks/blogs/wasdev/entry/download_wlp?lang=en

Install
2) Copied the above jar to linux system. Had jdk 1.7 installed already on this system.

3) Create home directory /opt/was8.5.
 Extract the jar file to home directory
java -jar wlp-developers-8.5.0.0

4) The contents are extracted under wlp directory

5) cd wlp/bin
 ./server create my-server

6) server.xml is located under /wlp/usr/servers/my-server directory

Start
7) Start using wlp/bin/server start my-server

Stop
8) Start using wlp/bin/server stop my-server

wsadmin issues

Problem

WASX7015E: Exception running command: "configureWASD "/apps/WebSphere/ESB/local/wily""; exception information:
 com.ibm.ws.scripting.ScriptingException: WASX7025E: Error found in String ""; cannot create ObjectName.

Solution
1. Your JVM maybe down. Start the process or try again.
2. One of the values may be wrong. Cell, node or jvm name.

Datapower upgrade using CLI

Datapower upgrade using CLI
Tested from XI52 4.0.2 to 5.0.0

1) Setup a web server to download the image xi5000.tam61.scrypt3.
Default Apache web server is sufficient for this setup.

2) SSH into Datapower
xi52#config
Global configuration mode
xi52(config)#copy http://10.201.56.130/xi5000.tam61.scrypt3 image:///xi5000.tam61.scrypt3
File copy success
xi52(config)#flash
Flash configuration mode
xi52(config-flash)#boot image xi5000.tam61.scrypt3
Invoking Dynamic Loader
............
Firmware upgrade successful
Device is rebooting now.

3) I usually do ping -t datapower-ip from command line to monitor the device status.

4) SSH or restore session from putty
xi52#config
xi52# show version
Verify the updated firmware version

Password decoder

1) cd to $WAS_HOME/plugins directory
2) java -Djava.ext.dirs=.:../lib com.ibm.ws.security.util.PasswordDecoder {xor}some-encoded-password

Output
encoded password == "{xor} some-encoded-password", decoded password == "password-in-clear"

WXS commands

xscmd -c showMapSizes
xscmd -c showPlacement -g Entitlement_GRID -ms mapSet 

WebSphere Extreme Scale Operations

Set the environment variables in a file env.sh


CATALOGSERVER_HOST={ip-address}
CATALOGSERVER_PORT=2809

CATALOGSERVER_NAME=catalogserver1
CATALOG_SERVICE_ENDPOINTS=$CATALOGSERVER_NAME:$CATALOGSERVER_HOST:6600:6601

CONTAINER_NAME=container1

OBJECTGRID_HOME={root_dir}/ObjectGrid
OBJECTGRID_ENDORSED_DIRS=-Djava.endorsed.dirs=${OBJECTGRID_HOME}/lib/endorsed
OG_CLASSPATH=${OBJECTGRID_HOME}/properties:${OBJECTGRID_HOME}/lib/objectgrid.jar


start_catalogserver.sh 
#!/bin/sh

source ~/.bash_profile
source $SCRIPTS/env.sh

echo "-----------------------"
echo "Start Catalog Server"
echo "-----------------------"

nohup java -classpath $OG_CLASSPATH $OBJECTGRID_ENDORSED_DIRS com.ibm.ws.objectgrid.InitializationService $CATALOGSERVER_NAME -catalogServiceEndPoints $CATALOG_SERVICE_ENDPOINTS >> $SCRIPTS/logs/catalogserver.log &


start_container.sh 
#!/bin/sh

source $SCRIPTS/env.sh

echo "-----------------------"
echo "Start Container"
echo "-----------------------"

nohup java -classpath $OG_CLASSPATH $OBJECTGRID_ENDORSED_DIRS com.ibm.ws.objectgrid.InitializationService $CONTAINER_NAME -catalogServiceEndPoints $CATALOGSERVER_HOST:$CATALOGSERVER_PORT -objectgridFile $SCRIPTS/xml/objectgrid.xml -deploymentPolicyFile $SCRIPTS/xml/deployment.xml >> $SCRIPTS/logs/container.log &

stop_container.sh 

#!/bin/sh

source ~/.bash_profile

source $SCRIPTS/env.sh

nohup $OBJECTGRID_HOME/bin/stopOgServer.sh $CONTAINER_NAME -catalogServiceEndPoints $CATALOGSERVER_HOST:$CATALOGSERVER_PORT >> $SCRIPTS/logs/container.log &

#sleep 20

#ps -ef | grep java

stop_catalogserver.sh 

#!/bin/sh

source ~/.bash_profile

source $SCRIPTS/env.sh

nohup $OBJECTGRID_HOME/bin/stopOgServer.sh $CATALOGSERVER_NAME -catalogServiceEndPoints $CATALOGSERVER_HOST:$CATALOGSERVER_PORT >> $SCRIPTS/logs/catalogserver.log &

#sleep 20

#ps -ef | grep java

WebSphere Extreme Scale Installation

1. Download WXS 7.1 version (CI294ML.zip) from IBM Passport Advantage site
2. Unzip the file
3. cp wxssetup.response custom-wxssetup.response

4. Update the file with the following content
 -OPT silentInstallLicenseAcceptance="true"
-OPT disableNonBlockingPrereqChecking="true"
-OPT installLocation="/apps/WebSphere/WXS/v70/Royal1/DEV"
-OPT selectServer="true"
-OPT selectClient="true"
-OPT selectXSConsoleOther="true"
-OPT profileAugmentList=""

5. ./install -options ./custom-wxssetup.response -silent
 or
WXS/install.linux.x86_64 -options custom-wxssetup.response -silent (depending on your operating system)

Note: install silent option may take a while.. please be patient until it creates the directories

6. Start Console Server for using Web console
ObjectGrid/bin/startConsoleServer.sh
http://{ip_address}:7080
Login using admin/admin

WebSphere Hyperion DB references

WebSphere Hyperion DB references are found in files

SharedServices9/config/scheduler.properties
SharedServices9/config/Domain.xml
SharedServices9/config/WorkflowEngine.properties

WebSphere Hyperion Upgrade 9.3.3.x

Steps to upgrade Hyperion from 9.1.x to 9.3.3.x

Upgrade Shared Services
1) Download SharedServices_9_3_3_aix.tar and extract the contents
2) Stop Workspaces, Reporting servers, SharedServices and OpenLDAP
3) Run setup.bin
   install path reference
   -W bean6.hyperionHome=/apps/Hyperion
   -P installLocation="/apps/Hyperion/SharedServices/9.3.1"
  Exit the installation wizard without launching the Hyperion Configuration Utility.

4) Run ./configtool.sh -console
5) Verify css.install.upgrade=true in CMS.properties
6) Deploy interop.ear manually through websphere console
7) If plugin is used, check <Config AcceptAllContent="true">. If not, change it.
8) Start OpenLDAP and SharedServices Server
9) Validate Shared Services URL
   http://servername:port/interop/index.jsp
   http://servername:port/interop/content

Upgrade Workspace
1) Download Workspace patch p9900557_93300_AIX.tar and extract the contents
2) Stop Workspaces, Reporting servers, SharedServices and OpenLDAP
3) Update 9.3.3.0.0.158_aix/SP_Installer/patch.properties with correct db information if desired.
4) Set BIPLUS_HOME in patch.sh
5) Run 9.3.3.0.0.158_aix/SP_Installer/patch.sh from the extracted files
6) Run ./configtool.sh -console
   a) Because WebSphere ND is used, set manual mode as true (Manual: true)
   b) Choose both options Deploy to App Server & Configure Web Server
   c) Configure components: type false for all components
8) workspace.war will be created in /apps/Hyperion/BIPlus/InstallableApps directory
9) Deploy the workspace.war manually through the console - you can pick precompilejsps=true
10) Create a file context.properties with the following content and place it under workspace.war/conf directory
   This step is very important. Otherwise, Explore icon in workspace will not show up and login will be impacted as well
    #cat context.properties
    HPSU=Y
    ChangeManagement=Y
    Reports=N
    Analyzer=N
    HP=N
    BPMA=N
    HFM=N
    HPS=N
 
11) Update WEB-INF/web.xml with session timeout of 120 instead of 60
12) Make these changes in JSPs in workspace.war/jsp/shared directory
    - editBQYActionEmailOptionsWidget.jsp (2 occurrences of 250 that needs to be 2000)
    - editBQYActionEmailSectionWidget.jsp (2 occurrences of 250 that needs to be 2000)
    - editBQYActionEmailWidget.jsp (1 occurrence of 250 that needs to be 2000)
13) Start OpenLDAP, Shared Services and Wokspace
14) Validate workspace URL
    http://servername:port/workspace/index.jsp
15) Apply Microsoft 2010 patch - copy clientservlet.jar to workspace WEB/lib (no restart required)
16) Repeat steps on all workspace servers.

IHS/Plugin steps
1) Regenerate the plugin from WebSphere ND.
2) In plugin-cfg.xml, Check <Config AcceptAllContent="true">. If not, change it.
3) In plugin-cfg.xml, Replace workspace/* with the following.

   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/cdsrpc"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/administration/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/browse/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/personalpages/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/viewmanager/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/jobmanager/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/ihtml/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/dataaccess/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/logon"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/logon/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/prefs"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/js/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/modules/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/resources/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/conf/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/media/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/BPMContext"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/wsrp4j/*"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/ResourceProxy"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/*.jsp"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/*.jsv"/>
   <Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/workspace/*.jsw"/>

4) Check LoadModule and WebSpherePluginConfig lines are not commented out in httpd.conf. Hyperion installer sometimes update httpd.conf.
5) Restart web server

Troubleshooting
1) workspace.ear/workspace.war/WEB-INF/config/ws.conf & workspace.ear/workspace.war/WEB-INF/portlet.xml will have references to reporting server.
   ./WEB-INF/config/ws.conf:WebClient.UserInterface.Login.RMServer=myhypr01:6800
   ./WEB-INF/config/ws.conf:WebClient.Diagnostics.Log.LoggingService=myhypr01:6800
   ./WEB-INF/portlet.xml:            <value>myhypr01</value>

Thread Dump

Thread dump using wsadmin.

./wsadmin.sh
wsadmin> set jvm [$AdminControl completeObjectName type=JVM,process=yourjvmname,*]
wsadmin> $AdminControl invoke $jvm dumpThreads

IBM Installation Manager for AIX

1) Download IBM Installation Manager 1.4.4 for AIX from
https://www-304.ibm.com/support/docview.wss?uid=swg24029226&wv=1#downloads

2) Copy the download to software directory on your server.
unzip agent.installer.aix.motif.ppc_1.4.4000.20110525_1254.zip

3) Install the installation manager as non-root user (ex: wsadmin), execute
./userinst

Datapower commands

xi50(config rbm)# show rbm
xi50(config)# send error-report {emailserver} dperror2 {email address}
xi50(config)# show file temporary:///error-report.txt

Enable and disable log target
xi52#config
xi52(config)#logging target {log-target-name}
xi52(config logging target log-target-name)# admin-state enabled



show clock
show system
show version
show license
show tcp
show filesystem
show domains
show connections
show mem
show int
show int mode
show web-mgmt


test hardware

Error report

write mem

save error-report
show file temporary:///error-report.6800104.20120731170058683EDT.txt.gz

Datapower replace battery

Recently replaced battery on Datapower 7993. IBM part # for the battery is 44X0512 which is $100+. Got CR2 3.0V battery from a local store which is significantly cheap.

Replaced the battery and ran
SSH into datapower

xi50#configure
xi50(config)# show battery
xi50(config)# service battery-installed
xi50(config)# show battery

Restart the DataPower and you will not see the critical alert 'Installed battery is nearing end of life.'

Unable to access Datapower WSDL URLs

Problem
Unable to access Datapower WSDL URLs through browser.

Solution
Allow GET on http and/or https handlers in datapower.

Password Decoder

java -classpath <WASHOME>/deploytool/itp/plugins/com.ibm.websphere.v61_6.1.200/ws_runtime.jar com.ibm.ws.security.util.PasswordDecoder "<password with {xor}>"
Note: Double quotes is required in the password

WebSphere 7 - Change node name

To rename the node, login into the node machine and run this command from appropriate node path.

$WAS_HOME/profiles/{profile_dir}/bin
./renameNode.sh {dmgr_name} {dmgr_port} {new_node_name} -user {dmgr_login_usr} -password {dmgr_login_password}

ILOG BRMS 7.1 Rule Execution Server Setup on WebSphere 7.x

Install Rule Execution Server as specified in Team server section.

1) Create JDBC Provider
Navigate to Resources -> JDBC -> JDBC Provider

Scope: Cell=Cell01, Node=Node01, Server=ilog-rts
Name: Rule Execution Server JDBC Provider
Description: Oracle JDBC Driver
Database Type: Oracle
Provider Type: Oracle JDBC Driver
Implementation Type: XA data source
Update classpath to point to Oracle JDBC Driver jar.
${WAS_HOME}/lib/ext/ojdbc14_g.jar
The jar file was manually copied to the location.

2) Create J2C Alias
Navigate to Security -> Global Security -> Java Authentication and Authorization Service -> J2C Authentication data
Uncheck Prefix new alias names and save it.
Alias: ilog-res-user
Specify user id and password for ilog schema.
Save

3) Create Data Source
Navigate to Resources -> JDBC -> JDBC providers -> Rule Execution Server JDBC Provider -> Data sources -> New

Data source name: Rule Execution Server Data Source
JNDI name: jdbc/resdatasource

Component-managed authentication alias: ilog-res-user

Container-managed authentication alias: ilog-res-user

Test connection 

You might get this error during test connection,
The test connection operation failed for data source Rule Execution Server Data Source on server nodeagent at node Node01 with the following exception: java.sql.SQLException: invalid arguments in callDSRA0010E: SQL State = null, Error Code = 17,433. View JVM logs for further details.

Please restart node agent.
System administration -> Node agents -> restart

Test connection again to get a successful message

4) Deploy the RES MBeans descriptors
Copy the /executionserver/lib/jrules-mbean-descriptors.jar to ${WAS_HOME}/lib directory

5) Deploy the XU RAR
Navigate to Resources -> Resource Adapters -> Select scope at node level ->  Install RAR -> Select ${INSTALL_DIR}/executionserver/applicationservers/WebSphere7/jrules-res-xu-WAS7.rar  -> Next

General Properties: Name: ILOG RES XU Resource Adapter

Navigate to Resources -> Resource Adapters -> Select scope at node level ->  ILOG RES XU Resource Adapter > J2C connection factories -> New
Name: xu_cf
JNDI name: eis/XUConnectionFactory
Save

6) Integrate WebSphere with LDAP
Please see my post on WebSphere LDAP integration

7) Map resAdministrators to Monitor role
Navigate to Users and Groups -> Add -> search for resAdministrators and map to Monitor role.

8) Create Cluster or Server
Create a websphere cluster (with members) or server named ILOG RES server

9) Deploy Host Transparent Decision Service (HTDS) Application
Navigate to Applications -> Application Types - WebSphere enterprise application -> New
Choose Remote file system -> Browser and select EAR IBM/WebSphereILOGJRules710/executionserver/applicationservers/WebSphere7/jrules-res-htds-WAS7.war
Next

Choose Detailed and Select the checkbox Generate Default Bindings
Continue and install the app with defaults.
Finish

Click on Manage Applications
Navigate to Enterprise Applications > jrules-res-htds-WAS7 -> Manage Modules > DecisionService ->  Change Class loader order to parent last
Save the configuration

10) Deploy RES Management Application
Navigate to Applications -> Application Types - WebSphere enterprise application -> New
Choose Remote file system -> Browser and select EAR IBM/WebSphereILOGJRules710/executionserver/applicationservers/WebSphere7/jrules-res-management-WAS7.ear
Next

Choose Detailed and Select the checkbox Generate Default Bindings
Continue and install the app with defaults.
Finish

Map security roles to users and groups
Select each role and Map Groups one by one.
resAdministrators role map to resAdministratorsMapped groups
resDeployers role map to resDeployers Mapped groups
resMonitors role map to resMonitors Mapped groups
Finish

Click on Manage Applications
Navigate to Enterprise Applications > ILOG-Rule-Execution-Server -> Manage Modules > ILOG Rule Execution Server Console ->  Change Class loader order to parent last
Save the configuration

11) Set the Web container property
Navigate to Servers -> Server Types -> WebSphere Application Servers -> ILOG RES server -> Container Settings -> Web Container Settings -> Web Container -> Custom properties -> New
DecodeUrlAsUTF8:False
Save

12) Start the RES Server

iLog performance issue on first login

Problem
After restarting the server, load Rule Team Server login is extremely slow during first login attempt/ home page initialization.

Solution
Add this entry to your /etc/hosts file
127.0.0.1 publib.boulder.ibm.com

This is a known bug in JRules 7.1.0, "Failure to connect to the online help site results in a long delay when logging into RTS after server reboot for the first time". The slowness is due to connection attempt to the RTS Online Help page on publib.boulder.ibm.com websites when the server has no Internet access.
APAR: RS00379

WebSphere Transaction Timeout

Problem
ILOG reports the transaction timeout issue

 WTRN0006W: Transaction XYZ has timed out after 300 seconds.
0000000f TimeoutManage I   WTRN0124I: When the timeout occurred the thread with which the transaction is, or was most recently, associated was Thread[WebContainer : 6,5,main]. The stack trace of this thread when the timeout occurred was:
org.springframework.beans.factory.support.AbstractBeanDefinition.validate(AbstractBeanDefinition.java:929)
org.springframework.beans.factory.support.DefaultListableBeanFactory.registerBeanDefinition(DefaultListableBeanFactory.java:577)
org.springframework.beans.factory.support.BeanDefinitionReaderUtils.registerBeanDefinition(BeanDefinitionReaderUtils.java:148)

Solution
To set transaction timeout in WebSphere, navigate to Server -> Server Types -> WebSphere Application Servers -> Server Name -> Container Services -> Transaction Service -> Maximum transaction timeout.
The default is 300s. You can change the value as desired.

DataPower XI50 Firmware Upgrade

1) Download DataPower firmware fixpack from IBM Fix Central (e.g. xi3814.scrypt2)
2) Login as admin to Datapower default domain

3) Backup current configuration
Navigate to Administration -> Export Configuration -> Select Create a backup of the entire system ->
Export File Name: export-backup
Download the backup zip file

4) Perform Upgrade
a) Administration -> File Management -> image: Actions -> Upload Firmware image
b) Administration -> System Control -> Shudown -> Select Reload Firmware -> Perform Shutdown
c) Administration -> System Control -> Boot Image -> Select Firmware image -> Perform Boot
DataPower will restart as part of steps 4b) and 4c) and you will have to relogin.

You can also perform continuous ping on data power IP to monitor its state (e.g. ping -t datapowerip) while performing steps 1 - 3.

ILOG Team Server Dynamic Domains Setup

Developers might be using dynamic domain feature in ILOG. To embed dynamic domain jar into existing team server EAR, follow these steps.

1) Setup Ant
Ant is bundled withing ILOG Team Server. Update your .bash_profile to setup PATH for ANT.
ANT_HOME=/NAS/QA/WAS7/IBM/WebSphereILOGJRules710/shared/tools/ant
export PATH=$ANT_HOME/bin:$PATH
Re-login to shell

2) Execute Repackage EAR command
cd /opt/IBM/WebSphereILOGJRules710/teamserver/bin
build.xml is found within this directory

Execute
ant repackage-ear -DadditionalJars=/export/home/was7adm/DynamicDomain.jar -DsourceEar=/opt/IBM/WebSphereILOGJRules710/teamserver/applicationservers/WebSphere7/jrules-teamserver-WAS7.ear -DtargetEar=/export/home/was7adm/jrules-teamserver-WAS7.ear

3) Deploy the updated Team Server EAR
Found in /export/home/was7adm/jrules-teamserver-WAS7.ear

WebSphere - LDAP Integration

WebSphere 7.1 - Federated Repository - Microsoft Active Directory LDAP Integration

1) Login to deployment manager
2) Navigate to Security -> Global Security
3) Select Federated repositories -> Configure
4) Specify Realm name: ActiveDirectoryRealm

5) Add Base entry to Realm -> Add Repository
Specify these properties
Repository identifier: ActiveDirectoryRepositoryId
Directory Type: Microsoft Windows Active Directory
Primary host name: {your ldap server}
Bind distinguised name: {your_ldap_bind_id: CN=wpsbind,OU=_something,dc=company,dc=com}
Bind password: {ldap_bind_password}
Click ok

6) Repository dropdown should have ActiveDirectoryRepositoryId

Specify your base dn under these fields.
 Distinguished name of a base entry that uniquely identifies this set of entries in the realm
  dc=company,dc=com
 Distinguished name of a base entry in this repository
  dc=company,dc=com
Click ok

7) Remove the default file repository
o=defaultWIMFileBasedRealm   InternalFileRepository   File

8) Specify Primary administrative user name: CN=wasadmin,OU=_something,dc=company,dc=com
Click ok

9) In the Global Security screen,
Check Enable administrative security
Check Enable administrative security
Uncheck/ Disable Java 2 secuirty
Under Available realm definitions, select Federated repositories and set as current.
Click Apply

10) Review the changes, Synchronize the changes with nodes and save,

11) Stop nodes and deployment manager
System -> Nodes -> Select Nodes -> Stop
System -> Deployment Manager -> Stop

12) Start deployment manager and nodes
/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh
/IBM/WebSphere/AppServer/profiles/node01Profile01/bin/startNode.sh

13) Launch the websphere deployment console and login using wasadmin ldap id (samaccountname) specified as primary administrative ID.

WebSphere Change Default Ports

When you create a new server, the default unique ports are generated.
Follow these steps if you would like to change them.

1) Navigate to Servers -> WebSphere application servers -> server name -> Ports
Update WC_defaulthost port from 9080 to 9680
Update WC_defaulthost_secure from 9443 to 9743

2) Navigate to Environment -> Virtual hosts -> default host -> Update the desired ports next to the node name matching step 1.
Update node1:9080 to node:9680
Update node1:9443 to node:9743

Restart the server.

ILOG BRMS 7.1 Team Server Installation on WebSphere 7.x

The installation steps are based on WAS 7.x/ JRules 7.1.x in Solaris 32 bit platform

1) Install WebSphere
Follow the WebSphere installation procedures and setup

2) Download Software
JRules core - JRules_V7.1_en_CZH9QNA.bin
JRules Java EE Add-on - JRules_WebSphere_V7.1_en_CZH9VNA.jar
Team Server - RTS_V7.1_en_CZHB1NA.bin

3) Install Rule Execution Server
Execute JRules_V7.1_en_CZH9QNA.bin and select Rule Execution Server alone.
Finish installation

4) Install Rule Team Server

Execute RTS_V7.1_en_CZHB1NA.bin.

Finish installation

5) Install  Java EE Add-on
java -jar JRules_WebSphere_V7.1_en_CZH9VNA.jar
Finish installation

6) Create Application Server
Login to WebSphere deployment manager and create a new server ilog-rts under node1

7) Create JDBC Provider
Navigate to Resources -> JDBC -> JDBC Provider

Scope: Cell=Cell01, Node=Node01, Server=ilog-rts
Name: Rule Team Server JDBC Provider
Description: Oracle JDBC Driver
Database Type: Oracle
Provider Type: Oracle JDBC Driver
Implementation Type: Connection pool data source

Update classpath to point to Oracle JDBC Driver jar.
${WAS_HOME}/lib/ext/ojdbc14_g.jar
The jar file was manually copied to the location.

8) Create J2C Alias
Navigate to Security -> Global Security -> Java Authentication and Authorization Service -> J2C Authentication data
Uncheck Prefix new alias names and save it.
Alias: ilog-rts-user
Specify user id and password for ilog schema.
Ask your DBA's to create an empty schema to use as team server repository.
Save

9) Create Data Source
Navigate to Resources -> JDBC -> JDBC providers -> Rule Team Server JDBC Provider -> Data sources -> New

Data source name: Rule Team Server Data Source
JNDI name: jdbc/ilogDataSource

Component-managed authentication alias: ilog-rts-user

Container-managed authentication alias: ilog-rts-user

Test connection 

You might get this error during test connection,
The test connection operation failed for data source Rule Team Server Data Source on server nodeagent at node Node01 with the following exception: java.sql.SQLException: invalid arguments in callDSRA0010E: SQL State = null, Error Code = 17,433. View JVM logs for further details.

Please restart node agent.
System administration -> Node agents -> restart

Test connection again to get a successful message

10) Integrate WebSphere with LDAP
Please see my post on WebSphere LDAP integration


11) Install Team Server Application
Navigate to Applications -> Application Types - WebSphere enterprise application -> New
Choose Remote file system -> Browser and select EAR IBM/WebSphereILOGJRules710/teamserver/applicationservers/WebSphere7/jrules-teamserver-WAS7.ear
Next

Choose Detailed and Select the checkbox Generate Default Bindings
Continue

Map security roles to users and groups
Select each role and Map Groups one by one.
rtsUser role map to rtsUser Mapped groups
rtsAdministrator role map to rtsAdministrator Mapped groups
rtsConfigManager role map to rtsConfigManager Mapped groups
rtsInstaller role map to rtsInstaller Mapped groups
Finish

Click on Manage Applications
Navigate to Enterprise Applications > ILOG Rule Team Server > Manage Modules > teamserver.war
Change Class loader order to parent last
Save the configuration

12) Start Team Server
Servers -> Server Types -> WebSphere application servers -> Check ilog-rts-server -> Start

13) Verification
http://{server}:9080/teamserver
Login using rtsAdmin

14) Complete Installation Manager
Configure the Rule Team Server database -> Select Generate SQL -> Select Execute the SQL script
Next
Setup groups -> New -> rtsUser and rtsConfgManager
Finish

15) Access Team Server
http://host:port/teamserver

WebSphere 7.x installation

The installation steps are for WebSphere 7.1 environment setup on Solaris 9.

1) Create user

#useradd -m was7adm

#passwd was7adm

Login an was7adm

2) Download software

Core installation - C1G3EML.tar (was 7 solaris 32 bit)
WebSphere update installer - 7.0.0.11-WS-UPDI-SolarisSparc.tar
WebSphere Fix packs - 7.0.0-WS-WASSDK-SolarisSparc-FP0000011.pak and 7.0.0-WS-WAS-SolarisSparc-FP0000011.pak

3) Export Display

If you are performing GUI install, make sure xterm is running

export DISPLAY={ip_addr}:0.0

4) Install Deployment Manager
Execute C1G3EML.tar to a temp location and execute ./install from WAS directory.

Installation directory: as desired

WebSphere Application Server Environment:  Management (Only deployment manager will be installed without any node)

Disable admin security

Finish installation

Run installation verification and start Deployment Manager

5) Install WebSphere Update Installer

Extract 7.0.0.11-WS-UPDI-SolarisSparc.tar to a temp  location

Execute updateinstaller/install.

Installation path: /opt/IBM/WebSphere/UpdateInstaller

6) Upgrade WebSphere Fixpack

Copy Fixpack files to UpdateInstaller/maintenance directory

Launch update installer and install the fixpacks

7) Launch Administrative console

http://{server}:9060/ibm/console/
Verify the WebSphere version from Welcome Panel

8) Repeat the core installation process each node without creating profiles.
Install update installer and fix packs to each node.
 If you are running on NAS, one core installation is sufficient and you can mount the same core file system on different nodes.

9) Create Custom Profiles

On  the server allocated for nodes, create profiles.

Invoke IBM/WebSphere/AppServer/bin/ProfileManagement/pmt.sh

I usually give profile name with convention {hostname}Profile01 and match same name in the directory.

Click Next

Specify Deployment Manager name and port (8879)

In the Security certificate section, Select expiration period as 15 years for default and root certs and change the keystore password if desired.
Finish installation

10) Login into deployment manager and check your node has been added under System Administration -> Nodes.

Determine Quickr version

Check the files

TS.product

PDM.product

WebSphere ADMR0104E Error

Problem:

WebSphere ADMR0104E: The system is unable to read document cells node-metadata.properties: java.io.IOException: Permission denied

Solution:

Change the ownership to right owner at the was install root or above and not just the cells directory. Restart the server.

Publish Post

WebSphere Portal Traces

Traces to troubleshoot URL mapping context after virtual portal creation:

com.ibm.wps.engine.Servlet=all:com.ibm.wps.services.vpmapping.*=all:
com.ibm.wps.command.vp.*=all:com.ibm.wps.portlets.managevirtualportals.*
=all

Traces to debug xmlaccess:
com.ibm.wps.command.xml.*=all

WebSphere Portal 6.1 Virtual Portal Creation

The below steps were validated in RHEL 5 64 bit environment

1. Export the configuration using xmlaccess from the existing virtual portal

./xmlaccess.sh -user wpsadmin -password {password} -url http://existingvp.test.com:10040/wps/config -in /opt/IBM/WebSphere/PortalServer/doc/xml-samples/Export.xml -out /home/wasadmin/newvp-export.xml

2. Create an empty virtual portal
Edit /opt/IBM/WebSphere/wp_profile/ConfigEngine/properties/wkplc.properties with the following values:
VirtualPortalTitle=Virtual Portal Cloning
VirtualPortalRealm=realm-vptest
VirtualPortalHostName=newvp.test.com
VirtualPortalContext={leave it empty}
VirtualPortalNlsFile={leave it empty}
VirtualPortalObjectId={leave it empty}

Run /opt/IBM/WebSphere/wp_profile/ConfigEngine/ConfigEngine.sh create-virtual-portal

3. Import the configuration using xmlaccess to new virtual portal
./xmlaccess.sh -user wpsadmin -password {password} -url http://newvp.test.com:10040/wps/config -in /home/wasadmin/newvp-export.xml -out /home/wasadmin/newvp-import-results.xml

Tips:
1) Manually edit the exported xml file for any changes.
2) If the update portlet fails for your custom portlets because of this message.


com.ibm.wps.command.xml.XmlCommandException: EJPXA0043E: An error occurred while creating or updating the resource. [url-mapping-context ....
com.ibm.wps.command.mappingurl.MappingURLCommandException: EJPEC0622E: A resource of a virtual portal can only be mapped to a context of the same virtual portal.

make the following change.

url-mapping-context action="update"
to
url-mapping-context action="locate"

3) Find and change existingvp.test.com to newvp.test.com in the exported xml file

Changing admin password in WebSphere Portal and Quickr

Run the 'Changing password' task according to Info center instructions

Files to be checked (depending on WebSphere version)
security.xml
wkplc.properties
wpconfig.properties

wimconfig.xml
wmm.xml
wmmur.xml
wmmWasAdmin.xml

Please put appropriate LTPA password

User password encoder to generate correct encrypted strings.

Reset password in ldap

Lotus Quickr DB2 start

To start db2 instance on Lotus Quickr, execute

/opt/IBM/Quickr/db2/instance/db2istrt

WebSphere Portal Users and Groups listing

For WebSphere Portal 6.1 and above
Refer to wimconfig.xml for all settings

For WebSphere Portal below 6.1
Refer to wmm.xml

If you do not see any users under All authenticated portal users or groups, modify the search filter in the above corresponding file like searchFilter="" (empty without specifiying any values)

If your LDAP base has a lot of users, sometimes portal hangs. You can validate the users by searching using cn instead of viewing complete listing.

For clustered environments, refer to the above files both from Deployment Manager and Portal Server.

Datapower IP Change

xi50# configure terminal
Global configuration mode

xi50(config)# test hardware
[success] Backtrace file does not exist.
[success] MAC address of interface 'eth0' is 00:0a:4b:80:de:28.
[warning] Physical link on interface 'eth0' is down.
[success] Statistics for interface 'eth0' show no errors.
[success] MAC address of interface 'eth1' is 00:1b:21:0d:e3:ae.
[warning] Physical link on interface 'eth1' is down.
[success] Statistics for interface 'eth1' show no errors.
[success] MAC address of interface 'eth2' is 00:1b:21:0d:e3:af.
[warning] Physical link on interface 'eth2' is down.
[success] Statistics for interface 'eth2' show no errors.
[success] MAC address of interface 'mgt0' is 00:0a:4b:80:de:2c.
[success] Physical link on interface 'mgt0' is up.
[success] Statistics for interface 'mgt0' show no errors.
[success] Expected number of interfaces: 4 - Found: 4.
[success] The fan 'chassis-1' is ok.
[success] The fan 'chassis-2' is ok.
[success] The fan 'chassis-3' is ok.
[success] The fan 'chassis-4' is ok.
[success] The fan 'chassis-5' is ok.
[success] The fan 'chassis-6' is ok.
[success] The fan 'chassis-7' is ok.
[success] The fan 'chassis-8' is ok.
[success] Status of temperature reading 'Temperature CPU1' is ok.
[success] Status of temperature reading 'Temperature CPU2' is ok.
[success] Status of temperature reading 'Temperature System 1' is ok.
[success] Status of voltage reading 'Voltage +12' is ok.
[success] Status of voltage reading 'Voltage +3.3' is ok.
[success] Status of voltage reading 'Voltage +5' is ok.
[success] Battery status is OK.
[success] CPUs OK
[success] Status of crypto 'hardware2' is fully operational.

xi50(config)# int mgt0
Interface configuration mode (mgt0 )

xi50(config-if[eth4])# ip address your-ip-address/24
Operation succeeded

xi50(config-if[eth4])# ip default-gateway your-gateway-ip-address
Operation succeeded

xi50(config-if[eth4])# exit

xi50(config)# web-mgmt your-ip-address 9090
Web management: successfully started
xi50(config)# ssh your-ip-address

% Pending

SSH service listener enabled

xi50(config)# write memory
Overwrite previously saved configuration? [y/n]: y
Configuration saved successfully.
xi50(config)#

WebSphere 6.1 - JMX SOAP Connection Example

import java.util.Properties;

import com.ibm.websphere.management.AdminClient;

import com.ibm.websphere.management.AdminClientFactory;

public class JMXTest {

public static void main(String[] args) {

JMXTest jmxtest = new JMXTest();

jmxtest.execute();

}

public void execute() {

try {

Properties connectProps = new Properties(); 

connectProps.setProperty(AdminClient.CONNECTOR_TYPE, AdminClient.CONNECTOR_TYPE_SOAP); 

connectProps.setProperty(AdminClient.CONNECTOR_HOST, "{hostname}"); 

connectProps.setProperty(AdminClient.CONNECTOR_PORT, "{8879 or your-soap-port"); 

connectProps.setProperty(AdminClient.CONNECTOR_SECURITY_ENABLED, "true");

connectProps.setProperty(AdminClient.USERNAME, "{username}");

connectProps.setProperty(AdminClient.PASSWORD, "{password}");

connectProps.setProperty("javax.net.ssl.trustStore", "/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/etc/DummyClientTrustFile.jks");

connectProps.setProperty("javax.net.ssl.keyStore", "/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/etc/DummyClientKeyFile.jks");

AdminClient adminClient = null; 

try 

{ 

adminClient = AdminClientFactory.createAdminClient(connectProps); 

System.out.println("Connected Successfully");

} 

catch (Exception e) 

{ 

System.out.println("Exception creating admin client: " + e); 

e.printStackTrace();

}

} catch (Exception e) {

e.printStackTrace();

}

}

DataPower XI150 Firmware upgrade steps

Login into data power 

1) Administration -> File Management -> image: Actions -> Upload Firmware image

2) Administration -> System Control -> Shudown -> Select Reload Firmware -> Perform Shutdown

3) Administration -> System Control -> Boot Image -> Select Firmware image -> Perform Boot 

Datapower will restart as part of steps 2 and 3 and you will have to relogin.

You can also perform continuous ping on data power IP to monitor its state (e.g. ping -t datapowerip) while performing steps 1 - 3.

 

WebSphere host lookup error

Problem:

ADMU0027E: An error occurred during federation 

ADMU0036E: The Deployment Manager cannot lookup by name host {hostname} at address 127.0.0.1; rolling back to original configuration.

Solution:

Check the /etc/hosts file. Remove loop back address and add hostname with relevant server IP.

WebSphere SOAP Connection Errors

Problem:

WASX7023E: Error creating "SOAP" connection to host "{hostname}"; exception information: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted; targetException=java.lang.IllegalArgumentException: Error opening socket: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted]

Solution:

Attempt to recreate the problem using wsadmin

./wsadmin.sh -conntype SOAP -host {hostname} -port {8879 or relevant port}  -user {username} -password {password}

Copy the deployment manager Dummy*.jks files from /etc location to app server /etc location.

Try running the above wsadmin command

WebSphere 6.1 - JMX MBeans Query Example

Server side configuration
-------------------------
Set these parameters in Generic JVM arguments.
-Djavax.management.builder.initial= -Dcom.sun.management.jmxremote

Specify these JVM custom properties
com.sun.management.jmxremote.authenticate false
com.sun.management.jmxremote.port 9004
com.sun.management.jmxremote.ssl false

Restart the server for the changes to take effect.

Java client program
-------------------
import java.util.Set;
import javax.management.MBeanServerConnection;
import javax.management.ObjectName;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXServiceURL;

public class JMXTest {

public static void main(String[] args) {
JMXTest jmxtest = new JMXTest();
jmxtest.execute();
}

public void execute() {
MBeanServerConnection mbeanServerConnection = null;
JMXServiceURL serviceURL;
try {
serviceURL = new JMXServiceURL(
"service:jmx:rmi://{your_host_name}:2809/jndi/JMXConnector");
JMXConnector jmxConnector = JMXConnectorFactory.connect(serviceURL);
mbeanServerConnection = jmxConnector.getMBeanServerConnection();
System.out.println("Successfully Connected!");

String query = "WebSphere:type=IlrBresModel,*";
ObjectName queryName = new ObjectName(query);
Set s = mbeanServerConnection.queryNames(queryName, null);
if (!s.isEmpty())
System.out.println(s.iterator().next());
else
System.out.println("MBean was not found");
} catch (Exception e) {
e.printStackTrace();
}

}

}

You should also have these two jars in the class path for the Java program to run.
com.ibm.ws.runtime_6.1.0.jar
ws_runtime.jar

Otherwise, runtime exceptions will be thrown. 

WebSphere 6.1 - Remove uninstallable enterprise apps

Problem:
WebSphere enterprise apps remain uninstalled after remove node.

Solution:
cd profile/config/cells/{cellname}/applications
Manually delete the ear directories.
Restart dmgr if necessary.

WebSphere Portal Server 6.1.0.1 database transfer

Problem:
WebSphere Portal Server 6.1.0.1 database transfer fails with message: ORA-02158: invalid CREATE INDEX option

Solution:
Update {dbdomain}.space_mapping.properties files table spaces without the quotes
dbdomian.AI_APP.tablespace=TABLESPACE TBLSNAME
instead of
dbdomian.AI_APP.tablespace="TABLESPACE TBLSNAME"

WebSphere Redhat installer issues

The installer is unable to run in graphical mode. Try running the installer with the -console or -silent flag.

http://www-01.ibm.com/support/docview.wss?uid=swg21303823

Links - WebSphere Plugin

http://www.alphaworks.ibm.com/tech/wspa

Rotate IBM HTTP Server / Plugin logs

The script has been tested on Solaris environment

rotate_http_logs.sh
-----------------------------
#!/usr/bin/bash -x

# Define variables. These variables can also be defined in .profile and the profile can be sourced
HOST=servernamegoeshere
IHS_ROOT=/opt/IBM/HTTPServer
IHS_BIN=$IHS_ROOT/bin
IHS_CONF=$IHS_ROOT/conf
IHS_LOGS=$IHS_ROOT/logs
PLUGIN_ROOT=$IHS_ROOT/Plugins
PLUGIN_CONF=$PLUGIN_ROOT/config
PLUGIN_LOGS=$PLUGIN_ROOT/logs

# Rotate IBM HTTP Plugin Log
cd $PLUGIN_LOGS/$HOST
SOURCE_FILE=http_plugin.log
TARGET_FILE=http_plugin.log.`date +%Y-%m-%d`
cp $SOURCE_FILE $TARGET_FILE
touch $SOURCE_FILE

# Rotate IBM HTTP Access Log
cd $IHS_LOGS
SOURCE_FILE=error_log
TARGET_FILE=error_log.`date +%Y-%m-%d`
sudo touch $SOURCE_FILE

# Rotate IBM HTTP Error Log
SOURCE_FILE=access_log
TARGET_FILE=access_log.`date +%Y-%m-%d`
sudo touch $SOURCE_FILE

#sudo is used for web servers if the service is run as non root

Create a cron job
-------------------------
0 23 * * * /var/adm/scripts/rotate_http_logs.sh

Setup Apache Name based hosting

NameVirtualHost *

<VirtualHost *>
DocumentRoot /opt/content/domain1/
ServerName http://www.domain1.com/
ErrorLog logs/domain1-error-log
CustomLog logs/domain1-access-log common
</VirtualHost >

<VirtualHost *>
DocumentRoot /opt/content/domain2/
ServerName http://www.domain2.com/
ErrorLog logs/domain2-error-log
CustomLog logs/domain2-access-log common
</VirtualHost >

Apache version of IBM HTTP server

To find the apache version of IBM HTTP Server,
/opt/IBM/HTTPServer/bin/apachectl -v

WebSphere and Oracle 10g Data Source

Problem:
WebSphere 6.1 - Solaris 9 - java.sql.SQLException: java.lang.UnsatisfiedLinkError: no ocijdbc9 in java.library.path

Solution:
It appears that there might be ojdbc jars from Oracle 9i reference somewhere inside the WebSphere classloader path. Update the jar references to Oracle 10g jdbc lib JARs.

Problem:
WebSphere 6.1 - Solaris 9 - java.sql.SQLException: java.lang.UnsatisfiedLinkError: no ocijdbc10 in java.library.path

Solution:
Update .profile for the account that runs WebSphere with the following.
LD_LIBRARY_PATH=$ORACLE_HOME/lib32
export $LD_LIBRARY_PATH
Exit the SSH session, relogin to Unix system and restart the WebSphere process

For 64 bit systems, LD_LIBRARY_PATH=$ORACLE_HOME/lib instead of lib32.