IBM Support

WebSphere Application Server fails to start after change to LDAP settings

Troubleshooting


Problem

Attempts to start the server fail after making a change to the LDAP settings in the administrative console or with wsadmin.

Cause

When changes to LDAP settings are not validated, the server will not start. The problem usually occurs for the following reasons:

  1. Global security is enabled for the server.
  2. A change is made in the IBM® WebSphere® Application Server administrative console under Security > User Registries > LDAP.
  3. The change is saved without going to the Global Security panel and clicking OK or Apply to validate the new settings.

Resolving The Problem



Attempts to start the server fail after making a change to the LDAP settings in the administrative console or with wsadmin. For example, you change the Server user ID in the administrative console, save the changes, and then attempt to restart the server. The startServer.log shows the following message:

    ADMU3011E: Server launched but failed initialization.
Server log files should contain failure information. Log file <install_root>/logs/<servername>/SystemOut.log contains an exception similar to the following:
    SECJ0336E: Authentication failed for user uid=12345, c=us, ou=bluepages, o=ibm.com because of the following exception: javax.naming. AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

The following changes are necessary to fix any problems starting the server when security is enabled, regardless of the cause.
  1. Disable global security in the security.xml file. This allows you to start the server.
    1. Locate security.xml file in <install_path>/WebSphere/AppServer/config/cells/<your_cell_name>
    2. Make a backup copy and store it somewhere outside of WebSphere Application server directories.
    3. Open security.xml file in an editor and search for the first occurrence of the word enabled.
    4. Change enabled="true" to enabled="false".
    5. Save the file and restart the server.
    6. Open the Administration Console and go to Security > Global Security. The "Enabled" box should now be unchecked.
  2. Start the server and make any needed changes in the LDAP settings panel of the WebSphere Administrative Console.

  3. Go to the Global Security panel and re-enable security. At this point, the userid and password will be checked against the LDAP server.

    4. If authentication to the LDAP server fails, an error message will appear in the console.

  4. Once validation is successful, restart the WebSphere server to save your changes.

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.5;8.5;8.0;7.0;6.1","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Java SDK","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21232505

Page Feedback