Skip to main content

AIX: v2ur1 - admin console login problems

21 replies [Last post]
dvb123
Offline
Joined: 2007-11-29

Hello. I've installed v2ur1 on AIX 5.3 (ppc64).

The unpacking and Ant config completed with no errors. The default domain, domain1 starts up no problem. When I try to login into the admin console it fails - "Authentication failed, Re-enter your username and password". I'd like to know how to troubleshoot this, i.e. turn on some additional logging or find why its failing.

TIA,
David Victor.

--

I think I'm entering the correct default ids and passwords from the developer profile.

In my home dir there is:
.asadminpass: asadmin://admin@localhost:4848 YWRtaW5hZG1pbg==

The Ant config - completed thus.

create.domain:
[exec] Current OS is AIX
[exec] Executing '/users/dev/ics_c/r/src/java/glassfish/bin/asadmin' with arguments:
[exec] 'create-domain'
[exec] '--adminport'
[exec] '4848'
[exec] '--instanceport'
[exec] '9080'
[exec] '--user'
[exec] 'admin'
[exec] '--passwordfile'
[exec] '/users/dev/ics_c/red/dbar0ric/src/java/glassfish/passfile'
[exec] '--domainproperties'
[exec] 'orb.listener.port=3700:jms.port=7676:http.ssl.port=9181'
[exec] '--savelogin'
[exec] 'domain1'
[exec]
[exec] The ' characters around the executable and arguments are
[exec] not part of the command.
[exec] Using port 4848 for Admin.
[exec] Using port 9080 for HTTP Instance.
[exec] Using port 7676 for JMS.
[exec] Using port 3700 for IIOP.
[exec] Using port 9181 for HTTP_SSL.
[exec] Using default port 3820 for IIOP_SSL.
[exec] Using default port 3920 for IIOP_MUTUALAUTH.
[exec] Using default port 8686 for JMX_ADMIN.
[exec] Domain being created with profile:developer, as specified by variable AS_ADMIN_PROFILE in configuration file.
[exec] Security Store uses: JKS
[exec] Domain domain1 created.
[exec] Login information relevant to admin user name [admin] for this domain [domain1] stored at [/users/dev//.asadminpass] successfully.
[exec] Make sure that this file remains protected. Information stored in this file will be used by asadmin commands to manage this domain.
[delete] Deleting: /users/dev//src/java/glassfish/passfile
[antcall] Exiting /users/dev//src/java/glassfish/setup.xml

The domain starts up ok:

Admin Console is available at [http://localhost:4848].
Use the same port [4848] for "asadmin" commands.
User web applications are available at these URLs:
[http://localhost:9080 https://localhost:9181 ].

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
dvb123
Offline
Joined: 2007-11-29

> Can you try one thing?
> Don't use the command prompt to enter the password
> and try executing the following CLI command:
> "asadmin list-components --port 8848 --passwordfile
> ./passfile --user admin"

Now trying with 32 bit JVM, admin port 4848. Still no luck.

$ >asadmin list-components --port 4848 --passwordfile ./passfile --user admin
Invalid user or password
CLI137 Command list-components failed.

$ >asadmin login
Please enter the admin user name>admin
Please enter the admin password>
Trying to authenticate for administration of server at host [localhost] and port [4848] ...
java.io.IOException: Invalid user or password

---

Java config:

$> java -version
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build pap32devifx-20071025a (SR6b))
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 AIX ppc-32 j9vmap3223-20071007 (JIT enabled)
J9VM - 20071004_14218_bHdSMR
JIT - 20070820_1846ifx1_r8
GC - 200708_10)
JCL - 20071025

JVM is installed under a Unix login rather than in /usr.
I.e.

its in ~/usr/java5/

e.g.
JDK:
$ >ls usr/java5
COPYRIGHT* docs/ include/ lib/
bin/ fixes.html jre/
$ >

JRE:

$ >ls usr/java5/jre
bin/ javaws/ lib/
$ >

I have had to modify the 'ant' config and setup.xml - as its defaulting 'java' to be
at usr/java5/jre/../bin - when 'java' is in jre/bin...

---

janey
Offline
Joined: 2005-05-30

Hi dvb123,

Thanks for trying this out on a 32-bit jvm. Is there anyway that I can access to your AIX machine (ssh, vnc, telnet etc)?
You can send me the detail offline at "jane dot young at sun dot com".

Thanks,
Jane

dvb123
Offline
Joined: 2007-11-29

> Hi dvb123,
>
> Thanks for trying this out on a 32-bit jvm.
.
>
> Thanks,
> Jane

Any suggestions for troubleshooting further - that I can try myself ?

Will respond seperately via email.

dvb123
Offline
Joined: 2007-11-29

Some more debug output:

$> [b]asadmin list-domains[/b]
++++++++++++++++++++++++++++ Command loaded from file and it is list-domains 0 | {terse boolean t, false,echo boolean e, false,domaindir string null,} | } | | } | list-domains [--terse=false] [--echo=false] [--domaindir domain_directory] {}
basePackage: com.sun.enterprise.cli.commands
propertyFile: LocalStrings
basePackage: com.sun.enterprise.cli.commands
propertyFile: LocalStrings
**** insert Default Options terse false
**** insert Default Options echo false
Reading asadminenv.conf file
asadminenv.conf: set the following options: profile=developer
asadminenv.conf: set the following options: secure=false
asadminenv.conf: set the following options: port=4848
domain1 running
Command list-domains executed successfully.
$>
$> [b]asadmin login --port 8848[/b]
++++++++++++++++++++++++++++ Command loaded from file and it is login 0 | {terse boolean t, false,echo boolean e, false,host string H, localhost,port string p, 4848,secure boolean s, null,} | } | | } | asadmin login [--terse=false] [--echo=false] [--host localhost] [--port 4848|4849] [--secure | s] {}
basePackage: com.sun.enterprise.cli.commands
propertyFile: LocalStrings
basePackage: com.sun.enterprise.cli.commands
propertyFile: LocalStrings
**** insert Default Options terse false
**** insert Default Options echo false
**** insert Default Options host localhost
Reading asadminenv.conf file
asadminenv.conf: set the following options: profile=developer
asadminenv.conf: set the following options: secure=false
Please enter the admin user name>admin
Please enter the admin password>
Trying to authenticate for administration of server at host [localhost] and port [8848] ...
com.sun.enterprise.cli.framework.CommandException: java.io.IOException: Invalid user or password
at com.sun.enterprise.cli.commands.LoginCommand.authenticate(LoginCommand.java:128)
at com.sun.enterprise.cli.commands.LoginCommand.runCommand(LoginCommand.java:72)
at com.sun.enterprise.cli.framework.CLIMain.invokeCommand(CLIMain.java:171)
at com.sun.enterprise.cli.framework.CLIMain.main(CLIMain.java:79)
Caused by: java.io.IOException: Invalid user or password
at com.sun.enterprise.admin.jmx.remote.comm.ServletConnection.handleException(ServletConnection.java:264)
at com.sun.enterprise.admin.jmx.remote.comm.ServletConnection.receive(ServletConnection.java:148)
at com.sun.enterprise.admin.jmx.remote.comm.MBeanServerMessageConductor.invoke(MBeanServerMessageConductor.java:84)
at com.sun.enterprise.admin.jmx.remote.internal.RemoteMBeanServerConnection.getDefaultDomain(RemoteMBeanServerConnection.java:332)
at com.sun.enterprise.cli.commands.LoginCommand.authenticate(LoginCommand.java:123)
... 3 more

java.io.IOException: Invalid user or password
$>

$> [b]asadmin list-components --port 8848 --user admin --passwordfile ./passfile[/b]
++++++++++++++++++++++++++++ Command loaded from file and it is list-components ? | {user string u, null,password string w, null,passwordfile string null,host string H, localhost,port string p, 4848,secure boolean s, null,interactive boolean I, true,terse boolean t, false,echo boolean e, false,type string null,} | } | | } | list-components [--terse=false] [--echo=false] [--interactive=true] [--host localhost] [--port 4848|4849] [--secure | -s] [--user admin_user] [--passwordfile filename] [--type application|ejb|web|connector|webservice] [target (Default server)] {|paramtypes , [java.lang.String]|manpage , [com.sun.enterprise.tools.cli.help]|objectname , [com.sun.appserv:type=applications,category=config]|operation , [getAllUserDeployedComponents]|displaytype , [name]|params , [{#1}]|command-type , [list]}
basePackage: com.sun.enterprise.cli.commands
propertyFile: LocalStrings
basePackage: com.sun.enterprise.cli.commands
propertyFile: LocalStrings
**** insert Default Options host localhost
**** insert Default Options interactive true
**** insert Default Options terse false
**** insert Default Options echo false
Reading asadminenv.conf file
asadminenv.conf: set the following options: profile=developer
asadminenv.conf: set the following options: secure=false
Object Name = [com.sun.appserv:type=applications,category=config]
Types =
java.lang.String,

Types Info [0] = java.lang.String
{#1}
ParamsInfo = null
OperationName = getAllUserDeployedComponents
Types =
java.lang.String,

password value read from $HOME/.asadminpass
********** getMBeanInfo **********
Invalid user or password
com.sun.enterprise.cli.framework.CommandException: CLI137 Command list-components failed.
at com.sun.enterprise.cli.commands.ListComponentsCommand.runCommand(ListComponentsCommand.java:148)
at com.sun.enterprise.cli.framework.CLIMain.invokeCommand(CLIMain.java:171)
at com.sun.enterprise.cli.framework.CLIMain.main(CLIMain.java:79)
Caused by: java.io.IOException: Invalid user or password
at com.sun.enterprise.admin.jmx.remote.comm.ServletConnection.handleException(ServletConnection.java:264)
at com.sun.enterprise.admin.jmx.remote.comm.ServletConnection.receive(ServletConnection.java:148)
at com.sun.enterprise.admin.jmx.remote.comm.MBeanServerMessageConductor.invoke(MBeanServerMessageConductor.java:84)
at com.sun.enterprise.admin.jmx.remote.internal.RemoteMBeanServerConnection.getMBeanInfo(RemoteMBeanServerConnection.java:384)
at com.sun.enterprise.cli.commands.ListComponentsCommand.printDebug(ListComponentsCommand.java:226)
at com.sun.enterprise.cli.commands.ListComponentsCommand.runCommand(ListComponentsCommand.java:115)
... 2 more

CLI137 Command list-components failed.

[b]jps[/b] - don't have that in the 1.5 JVM here.

janey
Offline
Joined: 2005-05-30

Is your domain1 running on port 8848?
Also, can you remove $HOME/.asadminpass and try "asadmin list-components" again?

Thanks,
Jane

dvb123
Offline
Joined: 2007-11-29

> Is your domain1 running on port 8848?

Yes.

> Also, can you remove $HOME/.asadminpass and try
> "asadmin list-components" again?

It fails the same way.

dvb123
Offline
Joined: 2007-11-29

No luck with this. (Using Firefox on NT, or Mozilla on AIX - and AIX CLI)

Have created a new domain:

asadmin create-domain --adminport 8848 --instanceport 8085 --user admin --passwordfile ./passfile --domainproperties orb.listener.port=8700:jms.port=8676:http.ssl.port=8191 --savelogin domain2

passfile:

AS_ADMIN_PASSWORD=adminadmin

If I either start the new domain, or copy generated 'admin-keyfile' to the original domain still unable to login from browser or CLI.

e.g.

$ dbar0ric> asadmin login --port 8848 --host localhost
Please enter the admin user name>admin
Please enter the admin password>adminadmin
Trying to authenticate for administration of server at host [localhost] and port [8848] ...
java.io.IOException: Invalid user or password

---

dvb123
Offline
Joined: 2007-11-29

... out of ideas. JBOSS, weblogic work fine on same AIX config, so probably is to do with the Glassfish key generation/store ?

janey
Offline
Joined: 2005-05-30

Can you try one thing?
Don't use the command prompt to enter the password and try executing the following CLI command:
"asadmin list-components --port 8848 --passwordfile ./passfile --user admin"

AIX ppc64 - is that a 64-bit processsor? are you using JVM 64-bit or 32-bit?

Thanks,
Jane

dvb123
Offline
Joined: 2007-11-29

Will try the suggestion and report back.

Yes, ppc64 is 64 bit, & the 1.5 JVM is the 64 bit one. It works fine with everthing else I've tried e.g. Jboss, Weblogic.

Couple of other things I've noticed with the AIX build:

1. asadmin login - echo's back the password when entered, don't think it should.
2. asadmin start-domain --verbose - the log output freezes until the domain is stopped, and then
isn't verbose.

Wonder if I should log bugs ?

janey
Offline
Joined: 2005-05-30

Hi dvb123,

Thanks for the information.
The reason why password is echo'd back is that the native library that handles the interactive inputs is written in 32-bit. Is it possible if you can run with JVM 1.5 32-bit?
Let me know if this works.

Thanks,
Jane

dvb123
Offline
Joined: 2007-11-29

ok. 32 bit it is. Will report back. Thank you.

David V.

lizbs
Offline
Joined: 2008-02-22

For what it's worth, I'm experiencing the same issue using Windows, Java 1.5.

D:\tools\glassfish>java -version
java version "1.5.0_11"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03)
Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode, sharing)

D:\tools\glassfish>

dvb123
Offline
Joined: 2007-11-29

Have now installed v2-b58g on my home Mac OS X system. Works fine (of course). So with the same admin user id & password it works fine on the Mac, but fails on the AIX build. So its probably a config issue or possibly I bug - although I very much doubt that.

Any suggestions - you win a virtual coconut if you beat me to the root cause. :-)

DV.

cchidamb
Offline
Joined: 2005-06-15

under INSTALL_ROOT/domains/domain1/config you should see a file called admin-keyfile. The only way I can think of a recovery here is you can do asadmin create-domain foo with your id/passwd. Copy the admin-keyfile from foo domain to the domain that's not working. You're ready to go now. I believe admin-keyfile is corrupted. Just replace it by creating another domain it's a hack but should work.

dvb123
Offline
Joined: 2007-11-29

Thank you. I'll give this a try. I saw this in the doc. set. Will also take a look at the DD for the admin console app if I can find it. Perhaps, I can relax the security ?

km
Offline
Joined: 2005-10-28

Good point. There is a significant room for improvement here.

Unless you know that the default admin user is "admin" and default admin password is
"adminadmin", you just can't use admin console.

The problematic part is when you do "asadmin setup.xml" or "asadmin setup-cluster.xml" you
don't know what these credentials are and that's why you keep on wondering what they are.

I suggest you file an RFE/bug. The fix is simple. Just change the setup.xml as:
[code]
168

169
170
171
172
173
[/code]
and the installation becomes self-documenting.

Bypassing the admin console security is not the best thing to do, although that's possible.

I am also interested in winning the virtual coconut :)

- Kedar

janey
Offline
Joined: 2005-05-30

Do you mean "ant -f setup.xml" or "ant -f setup-cluster.xml", not "asadmin"?

km
Offline
Joined: 2005-10-28

Jane, thanks for correcting. Yes, I meant "ant -f setup[-cluster].xml".

Regards,
Kedar

cchidamb
Offline
Joined: 2005-06-15

usually default id/passwd is admin/adminadmin . What did you type?

dvb123
Offline
Joined: 2007-11-29

Yes - that's what I've been trying. On my Mac OS box it works ok.

Thanks for the suggestion.