Granting privileges on the remote CEI server to prevent JNDI binding error

When you are deploying a monitor model with remote Common Event Infrastructure (CEI) and administrative security enabled, an error binding a queue to JNDI can occur on the remote CEI server. This problem occurs only when using queue-based event delivery and is more likely to occur when the remote CEI is included in a network-deployment environment. If the problem is not corrected, the emitted events will not reach the monitor model queue associated with the IBM® Business Monitor server

When a monitor model is deployed with remote CEI and administrative security enabled, the following messages are included in the SystemOut.log file for the remote CEI: 
SECJ0305I: The role-based authorization check failed for naming-authz operation NameServer:bind_new_corba_context. The user admin (unique ID: <user details>) was not granted any of the following required roles: CosNamingCreate, CosNamingDelete.
NMSV0610I: A NamingException is being thrown from a javax.naming.Context implementation. Details follow:
Context implementation: com.ibm.ws.naming.jndicos.CNContextImpl
Context method: createSubcontext
Context name: CellName/clusters/ClusterName
Target name: jms/wbm/HelloWorldMM/20080121000000

This problem occurs because the user ID specified in the CEI options during model deployment does not have CosNamingCreate and CosNamingDelete authority on the remote CEI server.

If this problem is not corrected before emitting events to be monitored by the monitor model, additional symptoms will occur at the time events are emitted. The emitted events will not reach the monitor model queue associated with the IBM Business Monitor server, and the following messages will be included in the SystemOut.log file for the remote CEI:

EventGroupQue W com.ibm.events.distribution.impl.EventGroupQueueSender EventGroupQueueSender CEIES0003W The event server failed to initialize a JMS destination for an event group because the specified JMS destination could not be found in JNDI.
Event group name: wbm_HelloWorldMM_20080121000000_Group
JMS connection factory JNDI name: jms/wbm/HelloWorldMM/20080121000000/QF
JMS destination JNDI name: jms/wbm/HelloWorldMM/20080121000000/Q
Context: CellName/clusters/ClusterName
Note: This problem does not occur if you are using IBM Business Monitor with table-based event delivery.

Resolving the problem

To resolve this problem, you must grant CosNamingCreate and CosNamingDelete privileges on the remote CEI server to the user ID specified in the CEI options during model deployment.
  1. In the WebSphere® Application Server administrative console for the remote CEI server, navigate to Environment > Naming > CORBA Naming Service Groups.
  2. Assign the user ID the CosNamingCreate and CosNamingDelete naming roles.
Parent topic: Administration troubleshooting
Related information:
Assigning users to naming roles