How to resolve the RepoSecurityException which appears during Admin server startup?
Article ID: KB0084464
Updated On:
| Products | Versions |
|---|---|
| TIBCO Administrator | - |
| Not Applicable | - |
Description
Resolution:
Description
========
How to resolve the RepoSecurityException which appears during TIBCO Administrator server startup?
Below is the RepoSecurityException which can be seen in the output when starting the TIBCO Administrator server.
<----------
com.tibco.infra.repository.RepoSecurityException: Can not read policy domain for repository server dva : Failed in authentication.
at com.tibco.repo.secure.RepoSecure.<init>(RepoSecure.java:135)
at com.tibco.repo.RemoteRepoProcess.a(RemoteRepoProcess.java:3238)
at com.tibco.repo.RemoteRepoProcess.a(RemoteRepoProcess.java:530)
at com.tibco.repo.RemoteRepoProcess.<init>(RemoteRepoProcess.java:203)
at com.tibco.repo.RemoteRepoServlet$RemoteRepoProcessThread.run(RemoteRepoServlet.java:150)
2009 May 27 12:54:14:531 CEST Repository.dva Error [Servlet] AEREPO-100012 Error in running repository servlet : Can not read policy domain for repository server dva : Failed in authentication.
----->
Environment
=========
- TIBCO Administrator 5.4.0, 5.6.x
- TIBCO Runtime Agent (TRA) 5.5.x, 5.6.x
Cause
====
There are two possible reasons.
1). An incomplete password change. Possibly the password is only changed in the Administrator GUI, but not via DomainUtility. Please review the steps in Docs TIBCO Administrator User's Guide -> Managing Users and Roles -> Changing Domain Administrator User Credentials.
2). The domain resides outside the default location $TIBCO_HOME/tra/domain. In this case, the RepoSecurityException appears even if the password was changed in the Administrator GUI and via domainutilitycmd. There was a defect with domainutilitycmd (CR#1-AS6ZV7/TRA-1761) , domainutilitycmd not updating $TIBCO_HOME/administrator/domain/domainname/bin/tibcoadmin_domainname.tra upon password change when the domain resides outside the default location $TIBCO_HOME/tra/domain. Please NOTE this defect has been addressed from TRA 5.7.0 and greater so if you are on latest TRA you have no impact.
Resolution
========
For reason 1 above:
1). set repo.isSecurityEnabled to false in the file $TIBCO_HOME/administrator/domain/domainname/bin/tibcoadmin_domainname.tra
2). Restart the TIBCO Administrator server.
3). Run DomainUtility, select task "Server Settings" > "Update Domain Credentials" and finish the password change.
4). Reset repo.isSecurityEnabled back to true, which is the default value.
5). Restart the TIBCO Administrator server.
For reason 2 above, run DomainUtlity (GUI mode) when changing domain credentials.
Alternatively, after running domainutilitycmd, manually update repo.securePassword property in the file
$TIBCO_HOME/administrator/domain/domainname/bin/tibcoadmin_domainname.tra
with the value of "Credential" property under AuthorizationDomain.properties or AdministrationDomain.properties. Note that the values in these last two files may look different but they are actually two different encrypted values of the same password. Therefore repo.securePassword can be set to either value.
References:
TIBCO Administrator User's Guide -> Managing Users and Roles -> Changing Domain Administrator User Credentials
TIBCO Runtime Agent Domain Utility User’s Guide -> Server Settings and Migration -> Changing Domain Credentials
[KEYWORDS / Tags]
password, Credentials
Description
========
How to resolve the RepoSecurityException which appears during TIBCO Administrator server startup?
Below is the RepoSecurityException which can be seen in the output when starting the TIBCO Administrator server.
<----------
com.tibco.infra.repository.RepoSecurityException: Can not read policy domain for repository server dva : Failed in authentication.
at com.tibco.repo.secure.RepoSecure.<init>(RepoSecure.java:135)
at com.tibco.repo.RemoteRepoProcess.a(RemoteRepoProcess.java:3238)
at com.tibco.repo.RemoteRepoProcess.a(RemoteRepoProcess.java:530)
at com.tibco.repo.RemoteRepoProcess.<init>(RemoteRepoProcess.java:203)
at com.tibco.repo.RemoteRepoServlet$RemoteRepoProcessThread.run(RemoteRepoServlet.java:150)
2009 May 27 12:54:14:531 CEST Repository.dva Error [Servlet] AEREPO-100012 Error in running repository servlet : Can not read policy domain for repository server dva : Failed in authentication.
----->
Environment
=========
- TIBCO Administrator 5.4.0, 5.6.x
- TIBCO Runtime Agent (TRA) 5.5.x, 5.6.x
Cause
====
There are two possible reasons.
1). An incomplete password change. Possibly the password is only changed in the Administrator GUI, but not via DomainUtility. Please review the steps in Docs TIBCO Administrator User's Guide -> Managing Users and Roles -> Changing Domain Administrator User Credentials.
2). The domain resides outside the default location $TIBCO_HOME/tra/domain. In this case, the RepoSecurityException appears even if the password was changed in the Administrator GUI and via domainutilitycmd. There was a defect with domainutilitycmd (CR#1-AS6ZV7/TRA-1761) , domainutilitycmd not updating $TIBCO_HOME/administrator/domain/domainname/bin/tibcoadmin_domainname.tra upon password change when the domain resides outside the default location $TIBCO_HOME/tra/domain. Please NOTE this defect has been addressed from TRA 5.7.0 and greater so if you are on latest TRA you have no impact.
Resolution
========
For reason 1 above:
1). set repo.isSecurityEnabled to false in the file $TIBCO_HOME/administrator/domain/domainname/bin/tibcoadmin_domainname.tra
2). Restart the TIBCO Administrator server.
3). Run DomainUtility, select task "Server Settings" > "Update Domain Credentials" and finish the password change.
4). Reset repo.isSecurityEnabled back to true, which is the default value.
5). Restart the TIBCO Administrator server.
For reason 2 above, run DomainUtlity (GUI mode) when changing domain credentials.
Alternatively, after running domainutilitycmd, manually update repo.securePassword property in the file
$TIBCO_HOME/administrator/domain/domainname/bin/tibcoadmin_domainname.tra
with the value of "Credential" property under AuthorizationDomain.properties or AdministrationDomain.properties. Note that the values in these last two files may look different but they are actually two different encrypted values of the same password. Therefore repo.securePassword can be set to either value.
References:
TIBCO Administrator User's Guide -> Managing Users and Roles -> Changing Domain Administrator User Credentials
TIBCO Runtime Agent Domain Utility User’s Guide -> Server Settings and Migration -> Changing Domain Credentials
[KEYWORDS / Tags]
password, Credentials
Issue/Introduction
How to resolve the RepoSecurityException which appears during Admin server startup?
Feedback
Yes
No
Powered by
