Wednesday, November 8, 2017

IBM WebSphere 9 with Java 8.0 Service Refresh 5 : how to fix sync issue when LTPA token become invalid

During last weeks I was working on  WebSphere Portal 9 environment who runs over a WebSphere Application server 9.0 FP4 with last JVM available 8.0 SR5 .  Every day after some hours I've noted the nodes goes in unsynched status without a clear reason and after a manual SyncNode the syncronization will be restablished until the next day.

After some investigation I noted sync issue was started at the end of the LTPA token with the following errors:

Node Agent:
[11/3/17 17:05:35:849 CET] 0000006b AdminServiceI 3   invoke method throws exception
                                 com.ibm.websphere.management.exception.AdminException: javax.management.JMRuntimeException: ADMN0022E: Access is denied for the isNodeSynchronized operation on NodeSync MBean because of insufficient or empty credentials.

DMGR
[11/3/17 17:05:52:651 CET] 00000105 SecurityHelpe >  isCertPathValidatorException Entry
                                 com.ibm.websphere.security.auth.WSLoginFailedException: Validation of LTPA token failed due to invalid keys or token type.


I've open a PMR and after I've send the log   ( remember to follow the Must gather steps when you set logs to WAS support) IBM support has recognized a similar behavior on  known APAR

IJ00732: JAVA JIT: INCORRECT RESULTS FOR PATTERNS OF SHIFTED AND OR'D BYTES
http://www.ibm.com/support/docview.wss?uid=swg1IJ00732
Due to this JIT failure, sudden LTPA toke validation issue happens and it results into the  synchronization issue.

Would it be possible to see if the issue can be avoided by the JVM entiry?
System administration > Deployment manager > Process definition  > Environment Entries
Name: TR_DisableIORByteSwap
Value: 1

I've followed the suggested workaround and the issue was fixed !
A new JVM 8.0.5.5 now scheduled for Nov 13th  will fix this issue.


No comments:

Post a Comment