Today I spent several hours troubleshooting the fresh install of WebSphere 7.0 on Windows 2003. The server passed all post-installation steps successfully, but refused to start after the OS reboot. The last line in the server logs was “Server launched. Waiting for initialization status.”, and the actual server state was unclear – any attempt to start it anew claimed that the service was running, but the server console was not available.
It appears that the Windows service installation, which happens by default during setup time, was problematic. Once you remove the service and reboot the system, you can start WebSphere manually without any trouble.
Here is how to remove the Windows service:
- Go to the “bin” folder under WAS installation directory (usually “C:\Program Files\IBM\WebSphere\AppServer\bin”)
- Execute the following command: “WASService –remove <name-of-server-node>”
Typically, the name of server node is composed from the computer name with “Node01” suffix.
For example, the node name on “was70-win.mycompany.com” will probably be “was70-winNode01”.
Hat tip to this IBM DeveloperWorks community post for the hints!
Working with protected object policies (or, in short, POPs) is pretty similar to working with ACLs. In this example we will create a POP that requires the end user to authenticate himself with protection level 1 on access to a junction.
First, we’ll create a new POP and display it’s content:
pdadmin sec_master> pop create level1
pdadmin sec_master> pop show level1
Protected object policy: level1
Audit level: none
Quality of protection: none
Time of day access: sun, mon, tue, wed, thu, fri, sat, :anytime:local
IP Endpoint Authentication Method Policy
Auth Level: 0 Network: Any Other Network
Continue reading “Basics of pdadmin: How to work with object policies”
Managing WebSEAL junctions with ‘pdadmin’ command tool is not an easy task. This post will provide a short reference to the most common operations.
First, you need to know the name of the WebSEAL instance you want to manage. Note that it differs from the object path!
pdadmin sec_master> server list
Continue reading “Basics of pdadmin: How to manage WebSEAL junctions”
Let’s continue our example about unauthenticated junctions in WebSEAL and attach our passthrough ACL to some resource – for example, the famous “favicon.ico” file.
* An authenticated ‘pdadmin’ session
* The name of the passthrough ACL (assuming “webseal-passthrough” here)
* The full object name of “favicon.ico” file
So, here it goes:
pdadmin sec_master> acl attach /WebSEAL/isam-70.lab.mycompany.com-default/favicon.ico webseal-passthrough
pdadmin sec_master> acl find webseal-passthrough
Sometimes you need to find the object name of your WebSEAL instance – for example, to attach an ACL. Typically it is “/WebSEAL/<server-name>-<instance>”, but here is the simplest way to verify that:
pdadmin sec_master> object list /WebSEAL