Trying to connect to Dynamic Workload Console but it errors:
AWSJCO005E WebSphere Application Server has
given the following error: CORBA NO_PERMISSION 0x49424300 No; nested
exception is:
org.omg.CORBA.NO_PERMISSION:
SERVER (id=7992, host=zld03236.vci.att.com) TRACE START:
org.omg.CORBA.NO_PERMISSION: Validation of LTPA token failed
due to invalid keys or token type. vmcid: 0x49424000 minor code: 300
completed: No
How to resolve this error?
Cause
LTPA keys need to be synchronized between Tivoli Dynamic Workload Console (TDWC) and TWS when both components are installed to the same host with independent embedded WebSphere Application Server (eWAS) instances. The same is often true for TDWC and TWS installed to separate systems.
Answer
The official TWS documentation that addresses exporting and importing LTPA keys between TDWC and TWS WebSpheres does not cover the use of WebSphere's Admin Console.
Reference: Configuring to use the same LTPA token_keys
How to synchronize TDWC and TWS to use the same LTPA keys using WebSphere Admin Console:
EXPORT LTPA KEY from TDWC:
NOTE: To create the correct TIP URL for TDWC's WebSphere run /wastools/showHostProperties.sh > myHostProps.txt as root to discover the port value for the httpsPort. The default port is 29443.
The TIP URL will be: https://:/ibm/console
The Integrated Solutions Console URL is launched and you will either be automatically logged in or will come to a login prompt. Login as the "Primary administrative user"
NOTE: If the primary administrative user name is unknown then expand "Users and Groups", then "Administrative user roles". The user assigned the Role "Primary administrative user name" is the user that has the authorization to export and import LTPA keys.
Open "Security" -> "Global Security". The center panel will be labeled "Global security". The far right column is titled "Authentication". Under the "Authentication" column select the word "LTPA". If "LTPA" is not highlighted in blue then you are not logged in as the primary administrative user.
The last section of the panel is labeled "Cross-cell single sign-on". a. Enter any password in the *Password and *Confirm password fields. b. Enter the full path to a new file to store the key to export. For example: /usr/tivoli/tdwc/ltpakey c. Select [Export keys]
NOTE: If the TWS engine is on a remote server, then place a copy of the ltpakey file on the remote server. IMPORTANT: Be sure to transfer the file in binary mode.
IMPORT LTPA KEY into TWS:
NOTE: To create the correct ISC URL for TWS's WebSphere run /wastools/showHostProperties.sh > myHostProps.txt as root to discover the port value for adminSecurePort. The default port is 31124.
The URL will be: https://:/ibm/console
At the Integrated Solutions Console (ISC) for the TWS instance:
Log in to TWS's ISC as the TWS WebSphere user (this is most likely the user for which TWS was installed.)
Run steps 3 and 4 from the EXPORT steps above using the same password and file, and select [Import keys]
TEST CONNECTION from TDWC to TWS: You should be able to perform a successful test connection from TDWC to the intended TWS instance.
DISABLE AUTOMATIC LTPA key generation on TDWC and TWS WebSpheres Reference: Disabling the automatic generation of LTPA token_keys
RESTART WEBSPHERE: The final step is to stop and start WebSphere on both TDWC and TWS.
NOTE: You can use the conman stopappserver and startappserver commands to stop and restart WebSphere for TWS. You can use the stopWas.sh (.bat) and startWas.sh (.bat) files to stop and restart WebSphere for TDWC.
Also, see Technotes # 1509409 and # 1377224 for additional details and related information.
See more in the version 9.x Administration Guide https://www.ibm.com/support/knowledgecenter/SSGSPN_9.4.0/com.ibm.tivoli.itws.doc_9.4/awsadmst.pdf