amserver Exceptions when starting
I've got an Access Mgr 7 installation that was done on a Solaris 10 x86 server. All was working fine until I had to change the IP address on the server. Hostname is the same, IP address is different. Now I get LoginLogoutMapping exceptions when trying to start the web server. I've checked several things...
a) directory server is runnng and accessible.
b) puser / dsame user passwords in serverconfig.xml have been validated and have the correct encryption
c) the encryption key in AMConfig.properties is ok
d) platform service (in the ldap) has the correct name
e) hostname and domainname return the correct values
f) running as root, so no permissions issues
g) cookie domain is correct
h) dns alias is configured correctly.
I'm out of ideas.... anybody have a suggestion? This worked fine until I changed the IP address of the server. To change the IP address, I edited:
/etc/inet/ipnodes
I'd really like to not have to reinstall, since this server has been installed in a data center now... out of my physical reach.
thanks in advance.
[1123 byte] By [
KenBDunbar] at [2007-11-26 6:34:54]
# 1
Has DNS and/or hostfile both been updated so the new ip address ALWAYS resolves to the old name?
# 2
They have. everything resolves to the correct host.domain.com and IP address.
I also should have mentioned that I am using a Sun Web Server as the web container for Access Manager. The web container works.If you start the web server, you can access all supported web sites. Access Manager is the only app not starting.
# 3
So what is the exception you磖e seeing?What do the debug logs tell you when debug level is set to message?What does ps -ef | grep webservd show?-Bernhard
# 4
WebServer logs....
failure: WebModule[/amserver]: WEB2783: Servlet /amserver threw load() exception
javax.servlet.ServletException: WEB2778: Servlet.init() for servlet LoginLogoutMapping threw exception
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:949)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:347 8)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
-- Root Cause --
java.lang.NullPointerException
at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.j ava:71)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:347 8)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
amAuth log from the Access Manager
04/20/2006 10:01:32:569 PM CDT: Thread[main,5,main]
ERROR: AuthD failed to get session service instance
04/20/2006 10:01:32:570 PM CDT: Thread[main,5,main]
ERROR: AuthD init()
java.lang.NullPointerException
at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:706)
at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.j ava
:71)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:347 8)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
amAuthContext from the Access Manager
04/20/2006 10:01:32:056 PM CDT: Thread[EventService,5,main]
ERROR: Failed to create AuthContext with null: Naming Service is not available.
amSecurity from the Access Manager
04/20/2006 10:01:32:064 PM CDT: Thread[EventService,5,main]
ERROR: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.
Check AMConfig.properties for the following properties
com.sun.identity.agents.app.username
com.iplanet.am.service.password
app.username is present and correct
there is no such attribute as com.iplanet.am.server.password in teh AMConfig.properties file
The directory server has no errors in it, and in fact the access log shows puser and dsame user binding during the startup.
Any ideas what's wrong?
# 5
Basically, the problem is caused by that AM can not create Application SSO token, which is the internal application session required for AM to work. There are serval ways for AM to figure out what user/password to use.
Obviously, in your environment, AM 7.0 can not find any of them. Could you look in debug log amSecurity and amSDK for more errors? I guess something else getting changed along with the IP address.
# 6
here's what I'm getting in a couple of other AM debug logs....
amSecurity logs
05/02/2006 01:20:13:989 PM CDT: Thread[EventService,5,main]
ERROR: SystemAppTokenProvider.getAppSSOToken()
com.sun.identity.authentication.spi.AuthLoginException(1):null
com.sun.identity.authentication.spi.AuthLoginException(2):null
com.sun.identity.authentication.spi.AuthLoginException: Failed to create new Authentication Context: Naming Servi
ce is not available.
at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java: 1310)
at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java: 1261)
at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:178)
at com.sun.identity.security.SystemAppTokenProvider.getAppSSOToken(SystemAppTokenP rovider.java:90)
at com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:215)
at java.security.AccessController.doPrivileged(Native Method)
at com.iplanet.am.sdk.ldap.AMEntryEventListener.<init>(AMEntryEventListener. java:92)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessor Impl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructor AccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
at java.lang.Class.newInstance0(Class.java:350)
at java.lang.Class.newInstance(Class.java:303)
at com.iplanet.services.ldap.event.EventService.run(EventService.java:397)
at java.lang.Thread.run(Thread.java:595)
05/02/2006 01:20:13:991 PM CDT: Thread[EventService,5,main]
ERROR: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.
Check AMConfig.properties for the following properties
com.sun.identity.agents.app.username
com.iplanet.am.service.password
in my case... com.sun.identity.agents.app.username = UrlAccessAgent
and there is no entry in the AMConfig.properties file for com.iplanet.am.service.password.
From the amNaming logs...
amNaming logs
05/02/2006 01:20:13:985 PM CDT: Thread[EventService,5,main]
ERROR: Naming service connection failed for http://dun8.ryppletec.com:9080/amserver/namingservice
com.iplanet.services.comm.client.SendRequestException: Connection refused
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:196)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:87)
at com.iplanet.services.naming.WebtopNaming.getNamingTable(WebtopNaming.java:555)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:59 3)
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:531 )
at com.iplanet.services.naming.WebtopNaming.getServiceAllURLs(WebtopNaming.java:25 7)
at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java: 1307)
at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java: 1261)
at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:178)
at com.sun.identity.security.SystemAppTokenProvider.getAppSSOToken(SystemAppTokenP rovider.java:90)
at com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:215)
at java.security.AccessController.doPrivileged(Native Method)
at com.iplanet.am.sdk.ldap.AMEntryEventListener.<init>(AMEntryEventListener. java:92)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessor Impl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructor AccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
at java.lang.Class.newInstance0(Class.java:350)
at java.lang.Class.newInstance(Class.java:303)
at com.iplanet.services.ldap.event.EventService.run(EventService.java:397)
at java.lang.Thread.run(Thread.java:595)
05/02/2006 01:20:13:988 PM CDT: Thread[EventService,5,main]
ERROR: updateNamingTable : Naming Service is not available.
There is no amSDK log getting generated. all logs in the debug directory (with debug level set to message) are:
amAuth
amSecurity
amAuthContext
amClientDetection
amNaming
that's it.
I initially thought it might be a cookie issue but the web log is showing the request coming from .ryppletec.com which is the proper cookie domain.
kd
# 7
I take that last statement back... the debug leve is set to error.Turning it up now.(man I was positive I'd reset that... ) :-(
# 8
Turned up the debug level and really don't get any more info, other than the ldap is getting accessed successfully. puser and dsameuser are both binding fine.
# 9
Additional information.... I created a file for silent installation and run amconfig using this silent file. Mode was complete installation. The installation was successful. Start up of the web container is yielding exactly the same errors.
Started the Web Container admin, to add a new listener port.
Admin blew away all my server.xml entries for the Access Manager. (no backup cause I don't have the thing working yet)
Can anyone tell me if there are differences in the server.xml config for AM 6 Vs. AM 7? Seems on initial look, the jars are the same, but there's no amconsole URI defined. I can recreate the server.xml file from other AM6 installations I have, but are there any other differences in the server.xml config for AM7?
# 10
the famous LoginLogoutException has bugged me a lot as well, and the reason was that my directory server was on a different machine, the problem arises everytime the directory server is not accessible. IF you have a directory server on a seperate machine then try telnet directory server 389 to check if it is accessible.
moreover since you changed the ip address for the machine, try the telnet command with the hostname to check if its valid.
once the directory server is accessible, the problem will be elimintated.
# 11
Directory Server is on the same machine, and telnet on 389 worked.
I've tried the following....
created a state file and ran amconfig to try reinstalling.
Success with the reinstall, didn't change anything in the directory as it found the proper entries. I was hopful, but still couldn't start the web server... due to the LoginLogoutMapping errors. (yes I realize it's because something can't access the directory server, but I couldn't find what)
so... I complete uninstalled the web container, and access manager, and reinstalled AM 6.2. All is happy now.
I'll figure out AM 7.0 sometime when I'm not in a time constraint. Good thing I don't charge myself for my own hours, because I'd be broke, all the time I spent trying to get AM7 running again.
Had a thought that it might have something to do with realms and zones... but too much time wasted as it is.
Problem solved... running AM 6.2.
Thanks for all the input guys.
# 12
HI ericow.
I too am facing an error similar to:
ERROR: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.
Check AMConfig.properties for the following properties
com.sun.identity.agents.app.username
com.iplanet.am.service.password
This appears in the amSecurity debug file on the agent. Is there a way to fix this? Would sincerely appreciate any input on this.
Thanks!
