Maximo Open Forum

 View Only
  • 1.  Node Agent on ctgNode Fails to Synchronize with Deployment Manager due to AD Hostname Error

    Posted 11-10-2024 12:25
    We're encountering issues with the node agent on `ctgNode4` within our WebSphere Application Server cluster. After the server automatically restarted (Unexpectedly), we manually restarted this specific node while other nodes on different servers remained operational. Since then, Active Directory (AD) authentication has been failing only on `UI4`, while AD users are able to log in successfully on other UIs.
     
    [11/10/24 18:02:58:553 AST] 00000204 exception     E com.ibm.ws.wim.adapter.ldap.LdapConnection getDirContext CWWIM4520E  The 'javax.naming.CommunicationException: HOST_NAME_OF_AD:PORT [Root exception is java.net.UnknownHostException: HOST_NAME_OF_AD]' naming exception occurred during processing.
    [11/10/24 18:02:58:553 AST] 00000204 exception     E com.ibm.ws.wim.adapter.ldap.LdapConnection getDirContext 
                                     com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E  The 'javax.naming.CommunicationException: HOST_NAME_OF_AD:PORT [Root exception is java.net.UnknownHostException: HOST_NAME_OF_AD]' naming exception occurred during processing.
    at com.ibm.ws.wim.adapter.ldap.LdapConnection.getDirContext(LdapConnection.java:1878)
    at com.ibm.ws.wim.adapter.ldap.LdapConnection.search(LdapConnection.java:3323)
    at com.ibm.ws.wim.adapter.ldap.LdapConnection.checkSearchCache(LdapConnection.java:3241)
    at com.ibm.ws.wim.adapter.ldap.LdapConnection.search(LdapConnection.java:3439)
    at com.ibm.ws.wim.adapter.ldap.LdapConnection.searchEntities(LdapConnection.java:3675)
    at com.ibm.ws.wim.adapter.ldap.LdapAdapter.login(LdapAdapter.java:3207)
    at com.ibm.ws.wim.ProfileManager.loginImpl(ProfileManager.java:3864)
    at com.ibm.ws.wim.ProfileManager.genericProfileManagerMethod(ProfileManager.java:365)
    at com.ibm.ws.wim.ProfileManager.login(ProfileManager.java:478)
    at com.ibm.websphere.wim.ServiceProvider.login(ServiceProvider.java:545)
    at com.ibm.ws.wim.registry.util.LoginBridge.checkPassword(LoginBridge.java:194)
    at com.ibm.ws.wim.registry.WIMUserRegistry$1.run(WIMUserRegistry.java:355)
    at com.ibm.ws.wim.registry.WIMUserRegistry$1.run(WIMUserRegistry.java:345)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5568)
    at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5694)
    at com.ibm.ws.wim.security.authz.jacc.JACCSecurityManager.runAsSuperUser(JACCSecurityManager.java:438)
    at com.ibm.ws.wim.env.was.JACCAuthorizationService.runAsSuperUser(JACCAuthorizationService.java:1086)
    at com.ibm.ws.wim.security.authz.ProfileSecurityManager.runAsSuperUser(ProfileSecurityManager.java:285)
    at com.ibm.ws.wim.registry.WIMUserRegistry.checkPassword(WIMUserRegistry.java:344)
    at com.ibm.ws.security.registry.UserRegistryImpl.checkPassword(UserRegistryImpl.java:394)
    at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPAServerObject.java:997)
    at com.ibm.ws.security.server.lm.ltpaLoginModule.login(ltpaLoginModule.java:662)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
    at java.lang.reflect.Method.invoke(Method.java:508)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:788)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:196)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
    at java.security.AccessController.doPrivileged(AccessController.java:747)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:696)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:597)
    at com.ibm.ws.security.auth.JaasLoginHelper.jaas_login(JaasLoginHelper.java:491)
    at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4906)
    at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4508)
    at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:4504)
    at com.ibm.ws.security.web.FormLoginExtensionProcessor$1.run(FormLoginExtensionProcessor.java:607)
    at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
    at com.ibm.ws.security.web.FormLoginExtensionProcessor.formLogin(FormLoginExtensionProcessor.java:618)
    at com.ibm.ws.security.web.FormLoginExtensionProcessor.formLogin(FormLoginExtensionProcessor.java:260)
    at com.ibm.ws.security.web.FormLoginExtensionProcessor.handleRequest(FormLoginExtensionProcessor.java:238)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:143)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:96)
    at psdi.webclient.system.filter.HttpXFrameOptionsFilter.doFilter(HttpXFrameOptionsFilter.java:38)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at psdi.webclient.system.filter.MTContextFilter.doFilter(MTContextFilter.java:53)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:197)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:90)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:979)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1119)
    at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4164)
    at com.ibm.ws.webcontainer.webapp.WebAppImpl.handleRequest(WebAppImpl.java:2210)
    at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1033)
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:382)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:532)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:318)
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:88)
    at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1833)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909)
     
    [11/10/24 18:03:01:881 AST] 00000204 LTPAServerObj E   SECJ0369E: Authentication failed when using LTPA. The exception is com.ibm.websphere.wim.exception.WIMException.
    [11/10/24 18:03:01:881 AST] 00000204 FormLoginExte E   SECJ0118E: Authentication error during authentication for user USER1
     
    Troubleshooting Steps Taken:
    Restarted ctgNode4 node agent, but the issue persists.
    Attempted synchronization through the WebSphere console, which fails due to the node being shown as inactive.

    Thanks

    #Administration
    #EndUser
    #EverythingMaximo
    #Infrastructure

    ------------------------------
    Hariprasad R
    ------------------------------


  • 2.  RE: Node Agent on ctgNode Fails to Synchronize with Deployment Manager due to AD Hostname Error

    Posted 11-11-2024 11:44

    Hariprasad,

    As a first step, you can shutdown the node, and delete the contents, but not the folder, of tranlog, temp, and wstemp folders in the profile node folder.  Then you can use the command line syncNode command to resync the node.  This will force a full resync with the deployment manager, which may resolve your issue assuming it is some partial configuration state caused by your unexpected reboot.

    That said, the error java.net.UnknownHostException: HOST_NAME_OF_AD indicates you may have a host level name resolution problem.  I assume HOST_NAME_OF_AD is your redacted version of the hostname and not actually part of the error message. As a simple test, log on to the node4 host server and try to ping your HOST_NAME_OF_AD server.  If it doesn't resolve then your host DNS configuration is probably corrupt or otherwise misconfigured.

    Regards,

    Jason



    ------------------------------
    Jason VenHuizen
    Sharptree
    ------------------------------



  • 3.  RE: Node Agent on ctgNode Fails to Synchronize with Deployment Manager due to AD Hostname Error

    Posted 28 days ago

    Jason,

    Thank you for replying, I followed your instructions by clearing the contents of the tranlog, temp, and wstemp folders, then restarted all nodes and used the syncNode command from the command prompt for node4, but node4 is still not visible in the console. Additionally, I encountered an error when attempting to stop the server.

    On the network side, I was able to ping the deployment manager server from node4, but I am unable to ping the Active Directory (AD) server from node4.

    Could you suggest the next steps?



    ------------------------------
    Hariprasad R
    ------------------------------



  • 4.  RE: Node Agent on ctgNode Fails to Synchronize with Deployment Manager due to AD Hostname Error

    Posted 25 days ago

    Jason,

    Thank you for your detailed explanation. After reviewing the issue, it turns out there was a DNS misconfiguration on the servers. This caused Node4 to fail in connecting with the DMGR.

    The DNS has been corrected, and everything is functioning as expected now. I appreciate your guidance



    ------------------------------
    Hariprasad R
    ------------------------------