IBM Support

Deployment Manager stopped communicating with nodes in cell topology

Troubleshooting


Problem

The Deployment manager is suddenly having trouble communicating with a node where application servers were created. Deployment Manager SystemOut.log file displays the following error message when clicking on the System administration/Nodes menu from the integrated solution console.

Symptom

The Nodes are out of synchronization and having communication problems with the Deployment Manager,JVM status are reporting incorrectly.

Cause

SECJ9314E: An unexpected exception occurred when trying to run initSecContext() method : GSSException: org.ietf.jgss.GSSException,
major code: 11, minor code: 0
major string: General failure, unspecified at GSSAPI level
minor string: Error: java.lang.Exception: Error: com.ibm.security.krb5.Asn1Exception, status code: 906
message: Unexpected ASN1 identifier

Resolving The Problem

NOTE: This solution only applies if you are NOT using Kerberos authentication. If you are using just SPNEGO SSO, Kerberos is not required and should not be enabled.


The technote can be read that "LTPA & Kerberos" makes syncNode fail. If you have configured SPNEGO, and come across this error, then look into removing Kerberos authentication if it is not need it You may have Kerberos authentication is accidentally enabled, and that is why syncNode might fail. -> Check Authentication mechanism and see if LTPA only is OK for the environment.

This problem arises if your active authentication mechanism is set to "Kerberos and LTPA" on your server. This should be set to "LTPA" only.

We can see this from the security.xml file as follow:

activeAuthMechanism="KRB5_1"

From your admin console, please navigate to Security > Global Security. In the "Authentication" box, change the setting from "Kerberos and LTPA" to just "LTPA". Save, synchronize the change and restart the (Deployment Manager) Dmgr and all of the nodes, application servers in the entire cell.

If issue persists, please consider creating a problem management record with IBM WebSphere software support for further investigation. You need to enable SPNEGO mustgather

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5;8.0;7.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21646283

Page Feedback