PI83149: File registry xml file not synchronized to nodes

Fixes are available

APAR status

Closed as program error.

Error description

The fileregistry xml file is not always synchronized to the node

Local fix

VMML3 is working on a fix to resolve syncing
the fileRegistry for the global and custom security domain.
The problem is with copying the fileregistry to the wrong
location.

Problem summary

****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server                                      *
*                  using security domains with file            *
*                  repositories.                               *
****************************************************************
* PROBLEM DESCRIPTION: The fileregistry xml file for the       *
*                      security domain does not consistently   *
*                      synchronize to the nodeagent.           *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The fileregistry xml file is not always synchronized to the
nodeagent.
If the fileregistry xml file is synchronzied to the nodeagent
(either automatically or manually), authentication errors can
occur on valid file based users. For example, after users are
added to the security domain's file registry, an authentication
exception occurs on the nodeagent or the
application server during administrative actions such as
synchronization or stopping the server (when the same
administrative user worked correctly previously). In this case,
a SECJ0305I and/or CWWIM4001E  message is logged listing the
administrative user.
The security error resolves once the nodeagent or server is
restarted.
Example of error messages:
RoleBasedAuth A   SECJ0305I: The role-based
authorization check failed for admin-authz operation
NodeSync:isNodeSynchronized.  The user
user:ServiceAccount/uid=admin, o=defaultWIMFileBasedRealm
(unique ID: user:serviceaccount/uid=admin,
o=defaultwimfilebasedrealm) was not granted any of the following
required roles: deployer, operator, configurator, monitor,
administrator, adminsecuritymanager, auditor.
com.ibm.websphere.wim.exception.EntityNotFoundException:
CWWIM4001E  The 'uid=admin,o=defaultWIMFileBasedRealm' entity
was not found.

Problem conclusion

The synchronization error was resolved so the file registry xml
appears on the nodeagent correctly. Adding, remove or changing
file registry users are copied and updated correctly on
nodeagents and application servers so the SECJ0305I or
CWWIM4001E  does not occur.


The fix for this APAR is currently targeted for inclusion in
fix pack 8.0.0.15, 8.5.5.13, and 9.0.0.6.  Please refer to the
Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

In a cell, both the deployment manager (dmgr) and nodes must be
updated to a release containing the fix for the file registry
problem to be resolved.

Temporary fix

Copy fileregistry.xml manually. If there are problems
synchronizing or stopping, the nodeagent or application server,
the the nodeagent or application server can be killed and
restarted.

Comments

APAR Information

APAR number
PI83149
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-06-15
Closed date
2017-08-16
Last modified date
2017-08-16

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800

Applicable component levels

R800 PSY
UP
R850 PSY
UP
R900 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
04 May 2022

Tips

PI83149: File registry xml file not synchronized to nodes

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R800 PSY

R850 PSY

R900 PSY

Document Information

Share your feedback

Need support?