Saturday, 20 May 2017

Hmmm - ADMA5107E and CWWBA0008E seen whilst uninstalling a SCA module from IBM BPM Advanced 8.5.7

Hmmm, I started seeing this whilst attempting to remove an existing SCA module ( EAR file ) from a BPM Advanced 8.5.7 environment: -

[5/20/17 6:10:25:473 UTC] 0000013b UninstallSche I   ADMA5017I: Uninstallation of MQ_Test started.
[5/20/17 6:10:25:535 UTC] 0000013b DMAdapter     I getAnalysisEngine FFDC1009I: Analysis Engine using data base: /opt/ibm/WebSphere/AppServer/properties/logbr/ffdc/adv/ffdcdb.xml
[5/20/17 6:10:25:616 UTC] 0000013b FfdcProvider  W logIncident FFDC1003I: FFDC Incident emitted on /opt/ibm/WebSphereProfiles/Dmgr01/logs/ffdc/dmgr_78f7b3ac_17.05.20_06.10.25.5262387762556679923990.txt 679
[5/20/17 6:10:25:652 UTC] 0000013b BPCAppMgmt    I   CWWBF0021I: Uninstall of process application MQ_Test completed.
[5/20/17 6:10:25:671 UTC] 0000013b FfdcProvider  W logIncident FFDC1003I: FFDC Incident emitted on /opt/ibm/WebSphereProfiles/Dmgr01/logs/ffdc/dmgr_78f7b3ac_17.05.20_06.10.25.669165681660585464853.txt 715
[5/20/17 6:10:25:673 UTC] 0000013b FfdcProvider  W logIncident FFDC1003I: FFDC Incident emitted on /opt/ibm/WebSphereProfiles/Dmgr01/logs/ffdc/dmgr_78f7b3ac_17.05.20_06.10.25.6728117628847154269247.txt 804
[5/20/17 6:10:25:675 UTC] 0000013b FfdcProvider  W logIncident FFDC1003I: FFDC Incident emitted on /opt/ibm/WebSphereProfiles/Dmgr01/logs/ffdc/dmgr_78f7b3ac_17.05.20_06.10.25.6741709013655431538129.txt 814
[5/20/17 6:10:25:678 UTC] 0000013b FfdcProvider  W logIncident FFDC1003I: FFDC Incident emitted on /opt/ibm/WebSphereProfiles/Dmgr01/logs/ffdc/dmgr_78f7b3ac_17.05.20_06.10.25.676378039060005473378.txt 001
[5/20/17 6:10:25:699 UTC] 0000013b FfdcProvider  W logIncident FFDC1003I: FFDC Incident emitted on /opt/ibm/WebSphereProfiles/Dmgr01/logs/ffdc/dmgr_78f7b3ac_17.05.20_06.10.25.6783939092327342589718.txt 328
[5/20/17 6:10:25:703 UTC] 0000013b UninstallSche I   ADMA5107E: The application MQ_Test cannot be uninstalled.


[5/20/17 6:10:25:529 UTC]     FFDC ProbeId:679$1@7c861ea7 Exception thrown in RequiredModelMBean while trying to invoke operation getProcessTemplateState
        at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(
        at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(
Caused by: CWWBA0008E: Process template 'processMessage. Tue 2017-05-16 18:11:58.000' is not found.

There wasn't a corresponding Process Template showing up in the BPC Explorer: -

even whilst logged in as the Deployment Environment super-user, deAdmin.

I'd tried the obvious - stopping the entire DE - Cluster Members, Node Agent, Deployment Manager etc. - but to no avail.

I even tried removing the wstemp directory from within the DM's profile, but again no dice.

Working on the assumption that the problem was in the WAS rather than BPM world ( because BPC Explorer showed no template ), I took the nuclear option of removing the JEE application from the DM configuration: -

cd /opt/ibm/WebSphereProfiles/Dmgr01/config/cells/PSCell1/applications
rm -Rf MQ_Test.ear/

restarted the Deployment Manager, and forcibly resynced the node: -

/opt/ibm/WebSphereProfiles/Dmgr01/bin/ -lang jython -user wasadmin -password passw0rd

AdminControl.invoke('WebSphere:name=repository,process=nodeagent,platform=common,node=Node1,version=5.0,type=ConfigRepository,mbeanIdentifier=repository,cell=PSCell1,spec=1.0', 'refreshRepositoryEpoch')
AdminControl.invoke('WebSphere:name=cellSync,process=dmgr,platform=common,node=Dmgr,version=,type=CellSync,mbeanIdentifier=cellSync,cell=PSCell1,spec=1.0', 'syncNode', '[Node1]')

Having done the latter, the app disappeared from the All Applications view: -

and, more importantly, I was then able to install a fresh copy of the SCA module: -

AdminApp.install('/tmp/'+AppName+'.ear', '[ -nopreCompileJSPs -distributeApp -nouseMetaDataFromBinary -nodeployejb -appname '+AppName+' -createMBeansForResources -noreloadEnabled -nodeployws -validateinstall warn -processEmbeddedConfig -filepermission .*\.dll=755#.*\.so=755#.*\.a=755#.*\.sl=755 -noallowDispatchRemoteInclude -noallowServiceRemoteInclude -asyncRequestDispatchType DISABLED -nouseAutoLink -noenableClientModule -clientMode isolated -novalidateSchema -MapResRefToEJB [[ '+AppName+'Web "" '+AppName+'Web.war,WEB-INF/web.xml sca/resource/export/readTheMessage_MQEXPORT_CF javax.jms.ConnectionFactory jms/'+conFact+' "" "" "" ] -MapModulesToServers [[ MQ_TestWeb MQ_TestWeb.war,WEB-INF/web.xml WebSphere:cell='+cellID+',cluster='+clusterName+' ]]]')

and start the application: -

AdminControl.invoke('WebSphere:name=ApplicationManager,process=AppClusterMember1,platform=proxy,node=Node1,version=,type=ApplicationManager,mbeanIdentifier=ApplicationManager,cell=PSCell1,spec=1.0', 'startApplication', '[MQ_Test]')

which is always nice :-)

WebSphere to WebSphere - Problems with WAS to MQ Server Connection Channel

This was driving me batty  for a few hours, until I really focused on the problem.

This was what I was seeing in WAS: -


     Caused by [5] --> Message : CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'TESTQMGR.SVRCONN' to host ''. [3=TESTQMGR.SVRCONN]
... JMSWMQ0018: Failed to connect to queue manager 'TESTQM' with connection mode 'Client' and host name 'mq75.novalocal(1420)'. JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR'). CC=2;RC=2397;AMQ9204: Connection to host 'mq75.novalocal(1420)' rejected. [[CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'TESTQMGR.SVRCONN' to host ''. [3=TESTQMGR.SVRCONN]],3=mq75.novalocal(1420),5=RemoteConnection.analyseErrorSegment] CC=2;RC=2397;AMQ9641: Remote CipherSpec error for channel 'TESTQMGR.SVRCONN' to host ''. [3=TESTQMGR.SVRCONN]

[5/19/17 13:59:53:500 UTC] 00000119 SystemOut     O <?xml version="1.0" encoding="UTF-8"?>
<p:theMessage xmlns:p="http://SCA_Test" xmlns:ns0="http://SCA_Test" xmlns:xsi="" xsi:type="p:theMessage"/>SCA
[5/19/17 13:59:53:500 UTC] 00000119 SystemOut     O 
[5/19/17 13:59:53:517 UTC] 00000119 ProcessEngine I   CWWBE0003E: A runtime fault was returned by the implementation of activity 'Invoke'. JMSWMQ0018: Failed to connect to queue manager 'TESTQM' with connection mode 'Client' and host name 'mq75.novalocal(1420)'.
[5/19/17 13:59:53:531 UTC] 00000119 SibMessage    W   [:] CWSJY0003W: JMSCC0109: A message driven bean threw a runtime exception '
                       Message : CWWBE0003E: A runtime fault was returned by the implementation of activity 'Invoke'.: caused by: CWWBE0003E: A runtime fault was returned by the implementation of activity 'Invoke'.
                         Class : class

     Caused by [1] --> Message : CWWBE0003E: A runtime fault was returned by the implementation of activity 'Invoke'.

and in MQ: -


AMQ9639: Remote channel 'TESTQMGR.SVRCONN' did not specify a CipherSpec.

Remote channel 'TESTQMGR.SVRCONN' did not specify a CipherSpec when the local
channel expected one to be specified.

The remote host is 'bpm857 ('.

The channel did not start.
Change the remote channel 'TESTQMGR.SVRCONN' on host 'bpm857 (' to
specify a CipherSpec so that both ends of the channel have matching

The problem was, as ever, between he chair and the keyboard ( PEBCAK ).

I revisited my Jython script and realised where I'd gone wrong.

Whilst I had created a dedicated SSL configuration to reflect the TLS version ( 1.2 ) and SSL cipher specification ( SSL_RSA_WITH_AES_128_CBC_SHA256 ) I'd obviously been tinkering with the WAS configuration at some point post-execution.

I re-ran my script: -


AdminTask.createSSLConfig('[-alias '+configAlias+' -type JSSE -scopeName (cell):'+cellID+' -keyStoreName CellDefaultKeyStore -keyStoreScopeName (cell):'+cellID+' -trustStoreName CellDefaultTrustStore -trustStoreScopeName (cell):'+cellID+'  -jsseProvider IBMJSSE2 -sslProtocol TLSv1.2 -clientAuthentication false -clientAuthenticationSupported false -securityLevel HIGH -enabledCiphers '+cipher+' ]')

AdminTask.createDynamicSSLConfigSelection('[-dynSSLConfigSelectionName '+configAlias+' -scopeName (cell):'+cellID+' -dynSSLConfigSelectionDescription '+configAlias+' -dynSSLConfigSelectionInfo *,'+qmgrHostname+','+qmgrPortNumber+' -sslConfigName '+configAlias+' -sslConfigScope (cell):'+cellID+' -certificateAlias ]')

and things started working.

Thursday, 18 May 2017

IBM Integration Bus - Tinkering with WebAdmin permissions

This came up in a conversation with one of my team earlier.

In brief, it's possible to configure the IIB 10 Web Admin UI to be protected by a user ID / password.

This is what I did: -

Define a user ID, password and role - iibadmins

mqsiwebuseradmin TESTNODE_iibadmin -c -u davehay -a passw0rd -r iibadmins

Grant the appropriate permissions to the iibadmins role

mqsichangefileauth TESTNODE_iibadmin -r iibadmins -p all+

Stop the Integration Node

mqsistop TESTNODE_iibadmin

Enable the file-based authentication / authorisation

mqsichangeauthmode TESTNODE_iibadmin -s active -m file

Start the Integration Node

mqsistart TESTNODE_iibadmin

For reference: -

IBM Integration Bus - Modifying the Listener Ports for the HTTPConnector

One of my colleagues was endeavouring to change the port on which the HTTPConnector object listens within an IBM Integration Bus 10 environment.

In the past, she'd have run this command: -

mqsichangeproperties TESTNODE_iibadmin -e default -o HTTPConnector -n 8000

and then used this command to check: -

mqsireportproperties TESTNODE_iibadmin -e default -o HTTPConnector -r

However, she was finding that the port didn't change.

We dug into the documentation, and found this: -

You must use the explicitlySetPortNumber attribute, because the port attribute no longer works.

I validated this on my own IIB box: -

Confirm the port on which it is listening

netstat -aon | grep LISTEN

tcp        0      0    *               LISTEN      off (0.00/0/0)
tcp        0      0  *               LISTEN      off (0.00/0/0)
tcp        0      0*               LISTEN      off (0.00/0/0)
tcp6       0      0 :::111                  :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::8080                 :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::22                   :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 ::1:25                  :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::8443                 :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::4414                 :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::8000                 :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 ::1:11883               :::*                    LISTEN      off (0.00/0/0)

Changed the port from 8000 to 9000

mqsichangeproperties TESTNODE_iibadmin -e default -o HTTPConnector -n explicitlySetPortNumber -v 9000

BIP8071I: Successful command completion. 

Restart the Integration Service ( fka Execution Group )

mqsistopmsgflow TESTNODE_iibadmin -e default

BIP1188I: Stopping the integration server 'default'...
BIP1189I: The integration server 'default' is reported as stopped.
BIP8071I: Successful command completion.

mqsistartmsgflow TESTNODE_iibadmin -e default

BIP1186I: Starting the integration server 'default'...
BIP1187I: The integration server 'default' is reported as started.
BIP8071I: Successful command completion.

Confirm the port on which it is listening

netstat -aon | grep LISTEN

tcp        0      0   *               LISTEN      off (0.00/0/0)
tcp        0      0    *               LISTEN      off (0.00/0/0)
tcp        0      0  *               LISTEN      off (0.00/0/0)
tcp        0      0*               LISTEN      off (0.00/0/0)
tcp6       0      0 :::111                  :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::8080                 :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::22                   :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 ::1:25                  :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::8443                 :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::4414                 :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 :::9000                 :::*                    LISTEN      off (0.00/0/0)
tcp6       0      0 ::1:11883               :::*                    LISTEN      off (0.00/0/0)

Validate the Configuration

mqsireportproperties TESTNODE_iibadmin -e default -o HTTPConnector -r


      nodeLabel='SOAP Input'

BIP8071I: Successful command completion. 

Note that I've also configured my Integration Server to use the Embedded HTTP Listener: -

mqsichangeproperties TESTNODE_iibadmin -e default -o ExecutionGroup -n httpNodesUseEmbeddedListener -v true 

as evidenced above.

Sources: -

Monday, 15 May 2017

WebSphere Liberty Collectives - Problems with the FileService MBean

I kept seeing this exception: -

[15/05/17 09:16:25:071 BST] 0000031d           E CWWKX7900E: Access denied to the /opt/IBM/wlp path.

in my Liberty Collective Controller's log: -


even though I'd configured the appropriate permission using the remoteFileAccess stanza in my include.xml : -


The exception popped up each time I accessed the Collective Controller: -,/opt/IBM/work,cc/${server.config.dir}/server.xml

Can you see where I went wrong ?

I had: -


rather than: -


In other words, I'd forgotten the closing brace.

Interestingly, Liberty didn't seem to complain as, I guess, the XML was valid, even though the data within the stanza was incorrect.

Now sorted ….

For the record, I'm running the latest version of Liberty: -

/opt/IBM/wlp/bin/server version

WebSphere Application Server (1.0.16.cl170120170227-0220) on IBM J9 VM, version pxa6480sr3fp12-20160919_01 (SR3 FP12) (en_GB)

and I'm tinkering with Collectives in the context of IBM API Connect, where I'm using the Liberty Collective Controller with a Node.JS runtime.

Saturday, 13 May 2017

macOS Sierra and Apple Mail - Tinkering with Mail Signatures

On behalf of a friend, I've been tinkering with the signatures in  Mail, as included with macOS Sierra 10.12.4.

Things have changed since last I tried this, most importantly that it's not easy to add a HTML signature ( with fonts, images, links etc. ).

Thankfully, this blog helped: -

There are plenty of tutorials online to create an HTML signature in Apple Mail with older versions of OS X, and you have probably already seen one of my own tutorials on how to add HTML Signatures in Lion, Mountain Lion, iOS 7, Mavericks or Yosemite, El Capitan, but the process has changed ever so slightly for the new OS X Sierra (10.12). Here is how to do it:

The most important thing to remember is that the signature HTML file is stored in a so-called "secret" or hidden location: -


although, apparently, it may also be held on iCloud Drive.

These are the three files that I have: -

ls -l

total 24
-rw-r--r--@ 1 davidhay  staff  1117 13 May 17:28 AAB3F8DA-A379-44E7-A399-E976B2BFB2D1.mailsignature
-rw-r--r--@ 1 davidhay  staff   430 13 May 16:20 AccountsMap.plist
-rw-r--r--@ 1 davidhay  staff   385 13 May 16:15 AllSignatures.plist

meaning that I "merely" needed to edit the .mailsignature file: -

atom /Users/davidhay/Library/Mail/V4/MailData/Signatures/AAB3F8DA-A379-44E7-A399-E976B2BFB2D1.mailsignature 

and modify the <body> section: -



inserting my custom HTML ( created using Eclipse ).

As per the other blog, I did need to leverage: -

chflags uchg AAB3F8DA-A379-44E7-A399-E976B2BFB2D1.mailsignature 

and: -

chflags nouchg AAB3F8DA-A379-44E7-A399-E976B2BFB2D1.mailsignature 

to lock and unlock the file.

Now to see whether my "customer" likes her signature ...

Thursday, 11 May 2017

Doh, WebSphere Liberty Profile, still getting it wrong ...

I saw this from my Liberty runtime today: -

[AUDIT   ] CWWKT0016I: Web application available (default_host): http://e88e0bcb807d:9080/IBMJMXConnectorREST/
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://e88e0bcb807d:9080/ibm/api/collective/notify/
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://e88e0bcb807d:9080/ibm/adminCenter/deploy-1.0/
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://e88e0bcb807d:9080/ibm/adminCenter/serverConfig-1.0/
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://e88e0bcb807d:9080/ibm/api/
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://e88e0bcb807d:9080/ibm/adminCenter/explore-1.0/
[AUDIT   ] CWWKT0016I: Web application available (default_host): http://e88e0bcb807d:9080/adminCenter/
[AUDIT   ] CWWKS9104A: Authorization failed for user admin while invoking on /. The user is not granted access to any of the required roles: [Administrator].


because I had forgotten to set up my server.xml properly: -

<?xml version="1.0" encoding="UTF-8"?>
<server description="Default server">


    <keyStore password="passw0rd"/> 
    <basicRegistry id="basic" realm="customRealm">
        <user name="admin" password="passw0rd" />


    <httpEndpoint id="defaultHttpEndpoint"
                  httpsPort="9443" />
    <applicationManager autoExpand="true"/>


specifically I didn't have a user registry (!) or a user to whom to assign the Administrator role.

Can you say "Doofus" ?

For the record, this is how I start / use Liberty ( which is running in a Docker Container ): -

foobar=`docker run -d -t -p 80:9080 -p 443:9443 websphere-liberty:latest`
docker cp server.xml $foobar:/opt/ibm/wlp/usr/servers/defaultServer
docker exec -i -t $foobar /bin/bash

/opt/ibm/wlp/bin/server stop defaultServer

docker start $foobar
docker logs $foobar -f