How to fix WebSphere 7.0 on Windows 2003 that hangs on startup

WebSphere Today I spent several hours troubleshooting the fresh install of WebSphere 7.0 on Windows 2003. The server passed all post-installation steps successfully, but refused to start after the OS reboot. The last line in the server logs was “Server launched. Waiting for initialization status.”, and the actual server state was unclear – any attempt to start it anew claimed that the service was running, but the server console was not available.

It appears that the Windows service installation, which happens by default during setup time, was problematic. Once you remove the service and reboot the system, you can start WebSphere manually without any trouble.

Here is how to remove the Windows service:

  1. Go to the “bin” folder under WAS installation directory (usually “C:\Program Files\IBM\WebSphere\AppServer\bin”)
  2. Execute the following command: “WASService –remove <name-of-server-node>”

Typically, the name of server node is composed from the computer name with “Node01” suffix.
For example, the node name on “was70-win.mycompany.com” will probably be “was70-winNode01”.

Hat tip to this IBM DeveloperWorks community post for the hints!

Basics of pdadmin: How to work with object policies

Working with protected object policies (or, in short, POPs) is pretty similar to working with ACLs. In this example we will create a POP that requires the end user to authenticate himself with protection level 1 on access to a junction.

First, we’ll create a new POP and display it’s content:

pdadmin sec_master> pop create level1 
pdadmin sec_master> pop show level1
    Protected object policy:  level1
    Description:
    Warning:  No
    Audit level:  none
    Quality of protection:  none
    Time of day access:  sun, mon, tue, wed, thu, fri, sat, :anytime:local
    IP Endpoint Authentication Method Policy
        Auth Level: 0          Network: Any Other Network

pdadmin sec_master> 

Continue reading “Basics of pdadmin: How to work with object policies”

Basics of pdadmin: How to manage WebSEAL junctions

Managing WebSEAL junctions with ‘pdadmin’ command tool is not an easy task. This post will provide a short reference to the most common operations.

First, you need to know the name of the WebSEAL instance you want to manage. Note that it differs from the object path!

pdadmin sec_master> server list
    default-webseald-isam-70.lab.mycompany.com
    ivmgrd-master
pdadmin sec_master>

Continue reading “Basics of pdadmin: How to manage WebSEAL junctions”

Basics of pdadmin: How to attach ACL to an object

Let’s continue our example about unauthenticated junctions in WebSEAL and attach our passthrough ACL to some resource – for example, the famous “favicon.ico” file.

Prerequisites:
* An authenticated ‘pdadmin’ session
* The name of the passthrough ACL (assuming “webseal-passthrough” here)
* The full object name of “favicon.ico” file

So, here it goes:

pdadmin sec_master> acl attach /WebSEAL/isam-70.lab.mycompany.com-default/favicon.ico webseal-passthrough
pdadmin sec_master> acl find webseal-passthrough
/WebSEAL/isam-70.lab.mycompany.com-default/favicon.ico
pdadmin sec_master>

Simple, ah?