Troubleshooting
Problem
Attempts to start the server fail after making a change to the LDAP settings in the administrative console or with wsadmin.
Cause
When changes to LDAP settings are not validated, the server will not start. The problem usually occurs for the following reasons:
- Global security is enabled for the server.
- A change is made in the IBM® WebSphere® Application Server administrative console under Security > User Registries > LDAP.
- The change is saved without going to the Global Security panel and clicking OK or Apply to validate the new settings.
Resolving The Problem
Attempts to start the server fail after making a change to the LDAP settings in the administrative console or with wsadmin. For example, you change the Server user ID in the administrative console, save the changes, and then attempt to restart the server. The startServer.log shows the following message:
ADMU3011E: Server launched but failed initialization.
<install_root>/logs/<servername>/SystemOut.log
contains an exception similar to the following:
SECJ0336E: Authentication failed for user uid=12345, c=us, ou=bluepages, o=ibm.com because of the following exception: javax.naming. AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
- Disable global security in the
security.xml
file. This allows you to start the server. - Locate
security.xml
file in<install_path>/WebSphere/AppServer/config/cells/<your_cell_name>
- Make a backup copy and store it somewhere outside of WebSphere Application server directories.
- Open
security.xml
file in an editor and search for the first occurrence of the word enabled. - Change enabled="true" to enabled="false".
- Save the file and restart the server.
- Open the Administration Console and go to Security > Global Security. The "Enabled" box should now be unchecked.
- Start the server and make any needed changes in the LDAP settings panel of the WebSphere Administrative Console.
- Go to the Global Security panel and re-enable security. At this point, the userid and password will be checked against the LDAP server.
- Once validation is successful, restart the WebSphere server to save your changes.
If authentication to the LDAP server fails, an error message will appear in the console.
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.5;8.5;8.0;7.0;6.1","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Java SDK","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21232505