Message Queue and Berkley DB - 2005Q4 - Access Manager Session Failover
Hi. I know that Access Manager has a separate forum, but since this forum flocks with Message queue gurus, I thought I'd try my luck here as well, since what I seem to be facing is essentially a message queue problem.
AM session failover worked fine with 2003Q4, but now with 2005Q4, I am facing some problems.
Environment:
Host 1 and Host2, both Solaris 9.
2 Directory Servers, multi-master replication.
2 Directory proxy servers, balancing both the DS.
2 AM instances, not (yet) configured as a site, but both names exist in the platform list.
To setup AM session failover, I proceeded as follows:
1. Installed message queue on both host1 and host2
2. When i ran imqusermgr add -u amsvrusr -p password -i aminstance, it required imqbrokerd to be already up. So I started it with just imqbrokerd, and by default, it started listening on 7676, with imqbroker as the default instance name. Did anyone create a new instance named aminstance? If yes, how?
3. On running the above command again, this time I got the error the aminstance is not a valid instance (i did not create one). Thus, I reissued the command as imqusermgr add -u amsvrusr -p password -g admin, letting the default instance be imqbroker. (I used -g admin since with 2003Q4, I faced troubles if I did not do this.)
4. imqusermgr update -u guest -a false to disable guest.
I made the following changes in amsfo.conf:
1. CLUSTER_LIST=HOST1_FQDN:7676,HOST2_FQDN:7676
2. BROKER_INSTANCE_NAME=imqbroker
3. BROKER_PORT=7676
My load balancer is Resonate Central Dispatch, and I have load-balancers cookies enabled on it. My guess is that session failover can be tested without a load balancer anyway, but I tried both with and without an LB.
I ran amsfopassword to create password file.
I did all of the same steps on Host1 as well as Host2. Once this was done, I ran the amsfoconfig script (only on Host 1), and provided it with the password for amAdmin, as well as for the message queue amsvrusr user created above.
Before restarted AM web containers (just to be sure), I started the amsfo start command as well, to ensure the messege brokerd, as well as amsessiondb, are both up. This was done on both the hosts.
The site got configured (with load balancer URL, etc.), and so did the secondary instance in session service in AM. On accessing through load balancer, things work fine. But if I shut down one instance of AM, users are required to log in again.
Other users dont show in sessions list either when an AM webserver is shut down (ie, their session doesn't transition from one server to the other). However, amAdmin always manages to failover.
I tried the entire thing manually too (as was done with 2003Q4), but no luck.
I'll be grateful if anybody could provide me with some pointers here. Please do let me know if there is any other information that you may need.
Thanks for your patience!
Ankush
# 2
Update:
Thanks to jrmint's help, the ports now do listen on as they are supposed to.
Unfortunately, sessions are still not failing over.
/var/opt/SUNWam/debug/amSession gives the dreaded null pointer exception, repeatedly:
ERROR: JMQSessionRepository.save(): failed to save Session
java.lang.NullPointerException
at com.iplanet.dpro.session.jmqdb.PersistSession.setString(PersistSession.java:310 )
at com.iplanet.dpro.session.jmqdb.JMQSessionRepository.save(JMQSessionRepository.j ava:357)
at com.iplanet.dpro.session.service.SessionService.saveForFailover(SessionService. java:2756)
at com.iplanet.dpro.session.service.InternalSession.updateForFailover(InternalSess ion.java:1060)
at com.iplanet.dpro.session.service.InternalSession.setIsISStored(InternalSession. java:588)
at com.sun.identity.authentication.service.LoginState.updateSessionForFailover(Log inState.java:4390)
at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext. java:420)
at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(Auth ContextLocal.java:472)
at com.sun.identity.authentication.UI.LoginViewBean.processLoginDisplay(LoginViewB ean.java:1101)
at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.jav a:676)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:4 08)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase. java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.j ava:615)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:193)
at com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:213)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java: 280)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java: 212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java: 161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
and
ERROR: JMQSessionRepository.delete(): failed deleting session
java.lang.NullPointerException
at com.iplanet.dpro.session.jmqdb.PersistSession.setString(PersistSession.java:310 )
at com.iplanet.dpro.session.jmqdb.JMQSessionRepository.delete(JMQSessionRepository .java:306)
at com.iplanet.dpro.session.service.SessionService.removeInternalSession(SessionSe rvice.java:681)
at com.iplanet.dpro.session.service.SessionService.destroyInternalSession(SessionS ervice.java:1006)
at com.sun.identity.authentication.service.AuthD.destroySession(AuthD.java:505)
at com.sun.identity.authentication.service.LoginState.destroySession(LoginState.ja va:1029)
at com.sun.identity.authentication.service.AMLoginContext.destroySession(AMLoginCo ntext.java:602)
at com.sun.identity.authentication.service.AMLoginContext.logout(AMLoginContext.ja va:579)
at com.sun.identity.authentication.server.AuthContextLocal.logout(AuthContextLocal .java:500)
at com.sun.identity.authentication.UI.LogoutViewBean.forwardTo(LogoutViewBean.java :260)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase. java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.j ava:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:787)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:193)
at com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:213)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java: 280)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java: 212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java: 161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
Any one have facing something similar? I double checked if the jars are there is serverclasspath in server.xml, and they are (or this should have been a no classdeffound error, anyway). Any clues regarding what is it that its not being able to reference?
Thanks a lot!
