You are coming to office on Monday and finding the note from your Senior Administrator:
«I hate this job. Departed to Goa. Don’t search me».
But you don’t know any administrative passwords.
What to do?
Action 1. You want to know password of WAS BPM administrator and tw_admin password
Pay your attention to the file <Your BPM profile Home>/config/cells/<YourCellName>/security.xml
Find these strings:
<userRegistries xmi:type="security:WIMUserRegistry" xmi:id="WIMUserRegistry_1" serverId="admin" serverPassword="{xor}Fhc+KzoLNzYsFTA9" realm="defaultWIMFileBasedRealm" ignoreCase="true" useRegistryServerId="false" primaryAdminId="admin" registryClassName="com.ibm.ws.wim.registry.WIMUserRegistry"/>
<authDataEntries xmi:id="JAASAuthData_1355405911516" alias="BPMAdmin_Auth_Alias" userId="tw_admin" password="{xor}Fhc+KzoLNzYsFTA9" description="Authentication Alias for BPM Admin"/>
Red colour marks the necessary encrypted passwords. Just for simplicity they are identical.
Let's decrypt them.
cd /<BPM_Home_folder>/lib
IBM BPM 7.5 (7.5.1.1)
/<BPM_Home_folder>/java/jre/bin/java -Djava.ext.dirs=/<BPM_Home_folder>/deploytool/itp/plugins/com.ibm.websphere.v7_7.0.3.v20110824_2356/wasJars -cp securityimpl.jar:iwsorb.jar com.ibm.ws.security.util.PasswordDecoder {xor}Fhc+KzoLNzYsFTA9
encoded password == "{xor}Fhc+KzoLNzYsFTA9", decoded password == "IHateThisJob"
IBM BPM 8.0 (8.0.1)
/<BPM_Home_folder>/java/jre/bin/java -Djava.ext.dirs=/<BPM_Home_folder>/deploytool/itp/plugins/com.ibm.websphere.v8_1.0.201.v20111031_1843/wasJars -cp securityimpl.jar:iwsorb.jar com.ibm.ws.security.util.PasswordDecoder {xor}Fhc+KzoLNzYsFTA9
encoded password == "{xor}Fhc+KzoLNzYsFTA9", decoded password == "IHateThisJob"
Also you can do the reverse action:
/<BPM_Home_folder>/java/jre/bin/java -Djava.ext.dirs=/<BPM_Home_folder>/deploytool/itp/plugins/com.ibm.websphere.v7_7.0.3.v20110824_2356/wasJars -cp securityimpl.jar:iwsorb.jar com.ibm.ws.security.util.PasswordEncoder IHateThisJob
decoded password == "IHateThisJob", encoded password == "{xor}Fhc+KzoLNzYsFTA9"
«I hate this job. Departed to Goa. Don’t search me».
But you don’t know any administrative passwords.
What to do?
Action 1. You want to know password of WAS BPM administrator and tw_admin password
Pay your attention to the file <Your BPM profile Home>/config/cells/<YourCellName>/security.xml
Find these strings:
<userRegistries xmi:type="security:WIMUserRegistry" xmi:id="WIMUserRegistry_1" serverId="admin" serverPassword="{xor}Fhc+KzoLNzYsFTA9" realm="defaultWIMFileBasedRealm" ignoreCase="true" useRegistryServerId="false" primaryAdminId="admin" registryClassName="com.ibm.ws.wim.registry.WIMUserRegistry"/>
<authDataEntries xmi:id="JAASAuthData_1355405911516" alias="BPMAdmin_Auth_Alias" userId="tw_admin" password="{xor}Fhc+KzoLNzYsFTA9" description="Authentication Alias for BPM Admin"/>
Red colour marks the necessary encrypted passwords. Just for simplicity they are identical.
Let's decrypt them.
cd /<BPM_Home_folder>/lib
IBM BPM 7.5 (7.5.1.1)
/<BPM_Home_folder>/java/jre/bin/java -Djava.ext.dirs=/<BPM_Home_folder>/deploytool/itp/plugins/com.ibm.websphere.v7_7.0.3.v20110824_2356/wasJars -cp securityimpl.jar:iwsorb.jar com.ibm.ws.security.util.PasswordDecoder {xor}Fhc+KzoLNzYsFTA9
encoded password == "{xor}Fhc+KzoLNzYsFTA9", decoded password == "IHateThisJob"
IBM BPM 8.0 (8.0.1)
/<BPM_Home_folder>/java/jre/bin/java -Djava.ext.dirs=/<BPM_Home_folder>/deploytool/itp/plugins/com.ibm.websphere.v8_1.0.201.v20111031_1843/wasJars -cp securityimpl.jar:iwsorb.jar com.ibm.ws.security.util.PasswordDecoder {xor}Fhc+KzoLNzYsFTA9
encoded password == "{xor}Fhc+KzoLNzYsFTA9", decoded password == "IHateThisJob"
Also you can do the reverse action:
/<BPM_Home_folder>/java/jre/bin/java -Djava.ext.dirs=/<BPM_Home_folder>/deploytool/itp/plugins/com.ibm.websphere.v7_7.0.3.v20110824_2356/wasJars -cp securityimpl.jar:iwsorb.jar com.ibm.ws.security.util.PasswordEncoder IHateThisJob
decoded password == "IHateThisJob", encoded password == "{xor}Fhc+KzoLNzYsFTA9"
Can we change the password after the app goes live ? What are the steps to change it?
ReplyDeleteHi Lavanya,
ReplyDeleteYes, you can.
I won't describe it because this way is described in IBM Information Center.
http://pic.dhe.ibm.com/infocenter/dmndhelp/v7r5mx/index.jsp?topic=%2Fcom.ibm.wbpm.imuc.sbpm.doc%2Ftopics%2Ftchang_tw_adm_nd_pw.html
http://pic.dhe.ibm.com/infocenter/dmndhelp/v8r0mx/index.jsp?topic=%2Fcom.ibm.wbpm.imuc.ebpmps.doc%2Ftopics%2Ftchanging_admin_password.html
http://pic.dhe.ibm.com/infocenter/iisinfsv/v8r5/index.jsp?topic=%2Fcom.ibm.swg.im.iis.found.admin.common.doc%2Ftopics%2Fwasadmin_changing_username_pwd.html
etc...
Thanks for reading my blog!
Hi, The BPM SIBus is always in partial start after cluster restarts but SIBus is not coming up with green color, that is actual issue at BPMv8501
Delete[6/3/14 17:36:56:672 EDT] 000000cc DataTransferS E CWLLG1031E: An exception has occurred. Error: CWSIA0241E: An exception was received during the call to the method JmsManagedConnectionFactoryImpl.createConnection: com.ibm.websphere.sib.exception.SIResourceException: CWSIT0008E: A successful connection was made to the bootstrap server at localhost:9096:BootstrapSecureMessaging but the server returned an error condition: CWSIT0088E: There are currently no messaging engines in bus BPM.DeSingle.Bus running. Additional failure information: CWSIT0103E: No messaging engine was found that matched the following parameters: bus=BPM.DeSingle.Bus, targetGroup=SingleCluster, targetType=BusMember, targetSignificance=Required, transportChain=InboundSecureMessaging, proximity=Bus..
com.lombardisoftware.core.TeamWorksException: CWSIA0241E: An exception was received during the call to the method JmsManagedConnectionFactoryImpl.createConnection: com.ibm.websphere.sib.exception.SIResourceException: CWSIT0008E: A successful connection was made to the bootstrap server at localhost:9096:BootstrapSecureMessaging but the server returned an error condition: CWSIT0088E: There are currently no messaging engines in bus BPM.DeSingle.Bus running. Additional failure information: CWSIT0103E: No messaging engine was found that matched the following parameters: bus=BPM.DeSingle.Bus, targetGroup=SingleCluster, targetType=BusMember, targetSignificance=Required, transportChain=InboundSecureMessaging, proximity=Bus..
at com.lombardisoftware.core.TeamWorksException.asTeamWorksException(TeamWorksException.java:136)
at com.lombardisoftware.server.queue.RecordQueue.queue(RecordQueue.java:359)
I have tried with delete and drop options for SIB-tables on database, and restarted the deployment environment with cluster, verified the database, SIB tables are re-created in Database but still getting the same issue.
Delete[6/3/14 17:36:56:672 EDT] 000000cc DataTransferS E CWLLG1031E: An exception has occurred. Error: CWSIA0241E: An exception was received during the call to the method JmsManagedConnectionFactoryImpl.createConnection: com.ibm.websphere.sib.exception.SIResourceException: CWSIT0008E: A successful connection was made to the bootstrap server at localhost:9096:BootstrapSecureMessaging but the server returned an error condition: CWSIT0088E: There are currently no messaging engines in bus BPM.DeSingle.Bus running. Additional failure information: CWSIT0103E: No messaging engine was found that matched the following parameters: bus=BPM.DeSingle.Bus, targetGroup=SingleCluster, targetType=BusMember, targetSignificance=Required, transportChain=InboundSecureMessaging, proximity=Bus..
ReplyDeletecom.lombardisoftware.core.TeamWorksException: CWSIA0241E: An exception was received during the call to the method JmsManagedConnectionFactoryImpl.createConnection: com.ibm.websphere.sib.exception.SIResourceException: CWSIT0008E: A successful connection was made to the bootstrap server at localhost:9096:BootstrapSecureMessaging but the server returned an error condition: CWSIT0088E: There are currently no messaging engines in bus BPM.DeSingle.Bus running. Additional failure information: CWSIT0103E: No messaging engine was found that matched the following parameters: bus=BPM.DeSingle.Bus, targetGroup=SingleCluster, targetType=BusMember, targetSignificance=Required, transportChain=InboundSecureMessaging, proximity=Bus..
at com.lombardisoftware.core.TeamWorksException.asTeamWorksException(TeamWorksException.java:136)
at com.lombardisoftware.server.queue.RecordQueue.queue(RecordQueue.java:359)
I have seen this message from FFDC logs
ReplyDelete6/3/14 17:08:33:004 EDT] FFDC Exception:com.ibm.db2.jcc.am.SqlException SourceId:com.ibm.ws.sib.msgstore.persistence.impl.PersistentMessageStoreImpl.start ProbeId:1:204:1.47.1.52 Reporter:com.ibm.ws.sib.msgstore.persistence.impl.PersistentMessageStoreImpl@9c93f086
com.ibm.db2.jcc.am.SqlException: DB2 SQL Error: SQLCODE=-443, SQLSTATE=38553, SQLERRMC=SYSIBM.SQLTABLES;TABLES;SYSIBM:CLI:-805, DRIVER=4.11.69
at com.ibm.db2.jcc.am.gd.a(gd.java:679)
at com.ibm.db2.jcc.am.gd.a(gd.java:60)
at com.ibm.db2.jcc.am.gd.a(gd.java:127)
at com.ibm.db2.jcc.am.jn.b(jn.java:2230)
at com.ibm.db2.jcc.am.jn.c(jn.java:2213)
at com.ibm.db2.jcc.t4.cb.k(cb.java:369)
at com.ibm.db2.jcc.t4.cb.e(cb.java:97)
at com.ibm.db2.jcc.t4.q.e(q.java:81)
at com.ibm.db2.jcc.t4.rb.k(rb.java:160)
at com.ibm.db2.jcc.am.jn.lb(jn.java:2179)
at com.ibm.db2.jcc.am.kn.b(kn.java:3920)
at com.ibm.db2.jcc.am.ln.fc(ln.java:152)
at com.ibm.db2.jcc.am.lc.a(lc.java:7809)
at com.ibm.db2.jcc.am.lc.Zd(lc.java:6405)
at com.ibm.db2.jcc.am.lc.getSchemas(lc.java:6333)
at com.ibm.ws.rsadapter.jdbc.WSJdbcDatabaseMetaData.getSchemas(WSJdbcDatabaseMetaData.java:1589)
at com.ibm.ws.sib.msgstore.persistence.impl.DatabaseMetaDataExtensions.getSchemas(DatabaseMetaDataExtensions.java:303)
at com.ibm.ws.sib.msgstore.persistence.impl.Table.schemaExists(Table.java:560)
at com.ibm.ws.sib.msgstore.persistence.impl.Table.initialize(Table.java:266)
at com.ibm.ws.sib.msgstore.persistence.impl.MEOuterOwnerTable.initialize(MEOuterOwnerTable.java:80)
at com.ibm.ws.sib.msgstore.persistence.impl.TableManager$1.run(TableManager.java:263)
at com.ibm.ws.sib.msgstore.persistence.impl.DatasourceController.performFirstAction(DatasourceController.java:231)
at com.ibm.ws.sib.msgstore.persistence.impl.TableManager.initialize(TableManager.java:248)
at com.ibm.ws.sib.msgstore.persistence.impl.PersistentMessageStoreImpl.start(PersistentMessageStoreImpl.java:198)
at com.ibm.ws.sib.msgstore.impl.MessageStoreImpl.start(MessageStoreImpl.java:1569)
at com.ibm.ws.sib.admin.impl.JsMessagingEngineImpl.start(JsMessagingEngineImpl.java:638)
at com.ibm.ws.sib.admin.impl.HAManagerMessagingEngineImpl.conditionalStart(HAManagerMessagingEngineImpl.java:2338)
at com.ibm.ws.sib.admin.impl.HAManagerMessagingEngineImpl.activate(HAManagerMessagingEngineImpl.java:1334)
at com.ibm.ws.sib.admin.impl.JsActivationThread.run(JsActivationThread.java:94)
==> Performing default dump from com.ibm.ws.sib.utils.ffdc.SibDiagnosticModule :Tue Jun 03 17:08:33 EDT 2014
SIB FFDC dump for::com.ibm.db2.jcc.am.SqlException: DB2 SQL Error: SQLCODE=-443, SQLSTATE=38553, SQLERRMC=SYSIBM.SQLTABLES;TABLES;SYSIBM:CLI:-805, DRIVER=4.11.69
Platform Messaging :: Messaging engine::[BPM.DeSingle.Bus:SingleCluster.000-BPM.DeSingle.Bus]
Platform Messaging :: Release name: :WAS855.SIB
Platform Messaging :: Level name: :cf021409.0
Hi,
ReplyDeleteLooking on your last post I think you have a trouble with your database. Have you update your DB recently? I had the same error after some update. You need to bind your DB before using it.
Please read this link and try.
http://www-01.ibm.com/support/docview.wss?uid=swg21369762
Good luck.
Yes, I have updated the db2 database sever v10.0 with fixpack-2 ...!!!
ReplyDeleteI have tried but it got failed with 3 errors fro grants
ReplyDeleteFYI
C:\Users\db2admin>db2 bind db2schema.bnd blocking all grant public
LINE MESSAGES FOR db2schema.bnd
------ --------------------------------------------------------------------
SQL0061W The binder is in progress.
SQL0031C File "C:\Users\db2admin\db2schema.bnd" could not be
opened.
SQL0082C An error has occurred which has terminated
processing.
SQL0092N No package was created because of previous errors.
SQL0091N Binding was ended with "3" errors and "0" warnings.
C:\Users\db2admin>
You use the incorrect folder: this file is in C:\Program Files\IBM\SQLLIB\bnd
DeleteDo you have any cross cell configration between bpm and websphere business monitor server??
ReplyDeleteYes, I did it. Look at http://www-01.ibm.com/support/docview.wss?uid=swg27041520
Delete