Fixes are available
PK50965; 6.0.2.23: CORBA.NO_PERMISSION error occurs when node agent is restarted
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR8 Cumulative Fix for WebSphere Application Server
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
6.1.0.31: Java SDK 1.5 SR11 FP1 Cumulative Fix for WebSphere Application Server
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
APAR status
Closed as program error.
Error description
Under WebSphere Application Server environment with global security enabled and Application Server Clusters running, CORBA.NO_PERMISSION error occurs when only nodeagent is restarted and the application servers are not. The specific error in nodeagent log is: CORBA.NO_PERMISSION: Failed to verify caller subject vmcid: 0x49424000 minor code: 303 completed: No
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM WebSphere Application Server * * versions 6.0.2 and 6.1. * **************************************************************** * PROBLEM DESCRIPTION: With global security enabled, a * * CORBA.NO_PERMISSION occurs during * * application server re-registration * * when a nodeagent is restarted and the * * application server(s) are not. * **************************************************************** * RECOMMENDATION: There is a workaround for this issue, which * * is to ensure that whenever a nodeagent is * * recycled, that all the application servers * * on that node (assuming there are managed * * servers) be recycled as well. * **************************************************************** When a nodeagent is restarted, the application server(s) needs to re-register (assuming there are managed servers) with the nodeagent. The CORBA.NO_PERMISSION error occurs when the application server(s) re-register with the nodeagent. This exception occures when global security is enabled due to a missing security context during the re-register request to the nodeagent. This is not hit during the application server startup, rather is only hit when the nodeagent is restarted and requests that all application servers re-register with the nodeagent. During appserver startup, the main startup thread has already obtained the server subject and has established a security context when it issues the register request to the nodeagent. However, after a nodeagent is restarted (and the application servers aren't), when a re-registration is issued from the nodeagent to the application server(s), the thread that then issues the re-register back to the nodeagent is a generic ORB worker thread which does not have any established security context and credentials, thus resulting in a CORBA.NO_PERMISSIONS exception.
Problem conclusion
With this fix, when the application server re-registers with the nodeagent, the correct security context and credentials will be associated with the thread performing the re-register. The fix for this APAR is currently targeted for inclusion in fixpacks 6.0.2.25 and 6.1.0.15. Please refer to the recommended updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PK50965
Reported component name
WEBS APP SERV N
Reported component ID
5724H8800
Reported release
60A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-08-14
Closed date
2007-08-24
Last modified date
2007-10-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
JEE RUNTIME
Fix information
Fixed component name
WEBS APP SERV N
Fixed component ID
5724H8800
Applicable component levels
R60A PSY
UP
R60H PSY
UP
R60I PSY
UP
R60P PSY
UP
R60S PSY
UP
R60W PSY
UP
R60Z PSY
UP
R61A PSY
UP
R61H PSY
UP
R61I PSY
UP
R61P PSY
UP
R61S PSY
UP
R61W PSY
UP
R61Z PSY
UP
Document Information
Modified date:
29 December 2021