How to configure a WebSphere Application Monitor for WAS 6.1? First of all we need to check the WebSphere configuration using the Administrative Console, to open this console from the WAS server you can go to: StartAll ProgramsIBM WebSphereApplication Server<WAS version>Profiles<Profile name>Administrative console (Image 1) Or you can access this link: https://<WAS SERVER>:<PORT>/ibm/console Then go to: ServersApplication Servers in that place you can find the node name and the version of your WAS: (Image 2) Click over the instance name and then look for the Ports option: (Image 3) Here you can find the port information you have to use in the WebSphere Application monitor configuration: (Image 4) The port you have to look is the SOAP_CONNECTOR_ADDRESS Then go to PMI (Performance Monitor Infrastructure): (Image 5) You should check the “Enable PMI” and also check the “Extended” option: (Image 6) Click on “Apply” and then in “Save”: (Image 7) All these instructions have to be done by the WAS admin. On the SiteScope server is necessary to install the WebSphere Application Client that can be downloaded from the IBM portal. First of all you have to verify you are able to connect to the SOAP_CONNECTOR_ADDRESS port, so open an Internet Explorer browser and go to the page: https://<WAS_HOST>:<SOAP_CONNECTOR_ADDRESS >/ You should be able to see a page like: (Image 8) Once install the client some files should be pasted from the WAS server to this client folder installation in the SiteScope server: From WAS box To SiteScope box <WAS_SERVER>\runtimes\com.ibm.ws.admin.client_6.1.0.jar %WAS_ENV%\com.ibm.ws.admin.client_6 .1.0.jar %WAS_ENV%\org.eclipse.osgi_3.2.1.R32x _v20060919.jar %WAS_ENV%\com.ibm.ws.runtime_6.1.0. jar %WAS_ENV%\DummyClientTrustFile.jks <WAS_SERVER>\plugins\org.eclipse.osgi_3.2.1.R32x_v20060919.j ar <WAS_SERVER>\plugins\com.ibm.ws.runtime_6.1.0.jar <WAS_SERVER>\WebSphere\AppServer\profiles\<ServerName>\etc\ DummyClientTrustFile.jks <WAS_SERVER>\WebSphere\AppServer\profiles\<ServerName>\etc\ DummyClientKeyFile.jks %WAS_ENV%\DummyClientKeyFile.jks After that if the WAS is configured with SSL you have to import a certificate Instructions taken from the R&D document “WebSphere 6.1 troubleshooting”: “ (SSL only) Get SSL certificate from WAS server – open URL to the WAS server with SOAP port in Internet Explorer with https protocol, for example: https://<WAS_HOST>:<SOAP_CONNECTOR_ADDRESS >/ Download the server certificate by double-clicking the key lock icon in Internet Explorer when there is an SSL connection. The icon is located in the status bar for Internet Explorer 6, and to the right of the URL field for Internet Explorer 7 (the field is marked red when self-signed certified is used by the server). In the Certificate dialog box, select the Details tab, and click Copy to File. In the Certificate Export Wizard, export the server certificate as Base-64 encoded X.509 (.CER) certificate to %WAS_ENV%\wascert.cer (in base-64 format). After that open a CMD and go to the %WAS_ENV%\java\bin folder and execute the following commend: %WAS_ENV%\java\bin\keytool -import -v -file %WAS_ENV%\wascert.cer -alias was_cert %WAS_ENV%\java\jre\lib\security\cacerts -keystore When prompted for the password, type changeit (default password for JRE). When asked if you trust the imported certificate, type yes. Check that SiteScope\templates.application\websphere.props file contain next line: was61x_classpath=com.ibm.ws.admin.client_6.1.0.jar;com.ibm.ws.runtime_6.1.0.jar; Replace any other line which is started from was61x_classpath= with this one. Modify %WAS_ENV%\java\jre\lib\security\java.security file. So it will be == FROM== # Default JSSE socket factories #ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl #ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl # WebSphere socket factories (in cryptosf.jar) ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory ==TO== # Default JSSE socket factories ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl # WebSphere socket factories (in cryptosf.jar) #ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory #ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory ” After copy and paste all those files from your WAS server to the %WAS_ENV%\ folder you should have a folder like this one: (Image 9) Now restart the SiteScope service. Finally we are ready to configure the WebSphere Application Monitor in SiteScope. Open the SiteScope GUI and create a new WebSphere Application Server monitor (Image 10) Fill the requested information: (Image 11) Target: Node you want to obtain the counters (See image 4). Server: Server where your WebSphere Application is installed. Port Number: SOAP_CONNECTOR_ADDRESS (See image 2). Credentials: Write the login information of your WAS Administrative Console. WebSphere directory: Path of the WAS client installed in the SiteScope server. Trust Store: %WAS_ENV%\AppClient\DummyClientTrustFile.jks Trust store password: WebAS Key Store: %WAS_ENV%\AppClient\DummyClientKeyFile.jks Key Store password: WebAS Click on “Get Counters” and select the information you need. Taken from the R&D document “WebSphere 6.1 troubleshooting”: “ How to troubleshoot the WAS monitor? Step 1: Enable debug for WebSphere monitor: Open SiteScope\conf\core\Tools\log4j\PlainJava\log4j.properties file and add next lines to the bottom of this file: ################################################################################### # WebSphere monitor ################################################################################### log4j.category.com.mercury.sitescope.monitors.j2ee.websphere=DEBUG, websphere.appender log4j.additivity.com.mercury.sitescope.monitors.j2ee.websphere=false log4j.category.com.mercury.sitescope.monitors.j2ee.rmiprocess=DEBUG, websphere.appender log4j.additivity.com.mercury.sitescope.monitors.j2ee.rmiprocess=false log4j.appender.websphere.appender=org.apache.log4j.RollingFileAppender log4j.appender.websphere.appender.File=../${log.file.path}/websphere_monitor.log log4j.appender.websphere.appender.MaxFileSize=${def.file.max.size} log4j.appender.websphere.appender.MaxBackupIndex=${def.files.backup.count} log4j.appender.websphere.appender.layout=org.apache.log4j.PatternLayout log4j.appender.websphere.appender.layout.ConversionPattern=%d [%t] (%F:%L) %-5p - %m%n Increase the size of logs by changing lines at the top of the file: From def.file.max.size=1000KB def.files.backup.count=5 To def.file.max.size=5000KB def.files.backup.count=10 Restart SiteScope after this change. Step 2: Check SiteScope\logs\RunMonitor.log file if it has any follow exceptions: The DummyClientTrustFile.jks and DummyClientKeyFile.jks files are not valid. Probably they were copied from wrong profile. You need to check step 5 from “Testing SiteScope WebSphere Monitor configuration”. Caused by: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is… 1. The com.ibm.ws.admin.client_6.1.0.jar and com.ibm.ws.runtime_6.1.0.jar are missed or have different names. You need to check step 2 from “Testing SiteScope WebSphere Monitor configuration”. Caused by: com.mercury.sitescope.monitors.j2ee.rmiprocess.ConnectionException: Inner exception is: java.lang.ClassNotFoundException: com.ibm.websphere.management.AdminClientFactory 2. The com.ibm.ws.security.crypto_6.1.0.jar is missed. You need to check step 4 from “Testing SiteScope WebSphere Monitor configuration”. Caused by: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.net.SocketException: java.lang.ClassNotFoundException: com.ibm.websphere.ssl.protocol.SSLSocketFactory; targetException=java.lang.IllegalArgumentException: Error opening socket: java.net.SocketException: java.lang.ClassNotFoundException: com.ibm.websphere.ssl.protocol.SSLSocketFactory 3. The server host or port is not valid. You need to specify valid host and port. Caused by: [SOAPException: faultCode=SOAP-ENV:Protocol; msg=; targetException=java.net.MalformedURLException] 4. Jks files are missed from %WAS_ENF% folder. Caused by: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.net.SocketException: Default SSL context init failed: IBMKeyManager: Problem accessing key store java.lang.Exception: Keystore file does not exist: D:\AppClient D:\AppClient\RSP4\DummyClientKeyFile.jks; targetException=java.lang.IllegalArgumentException: Error opening socket: java.net.SocketException: Default SSL context init failed: IBMKeyManager: Problem accessing key store java.lang.Exception: Keystore file does not exist: D:\AppClient D:\AppClient\RSP4\DummyClientKeyFile.jks] 5. Certificate wasn’t imported into java keystore. Caused by: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found; targetException=java.lang.IllegalArgumentException: Error opening socket: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found] at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:344) at com.ibm.ws.management.connector.soap.SOAPConnectorClient.<init>(SOAPConnectorClient.java:177) ... 29 more 6. SSL certificate on WebSphere side was created using wild card in CN, example: cn=*.mydomain.com. To resolve it you need to change CN in the SSL certificate without wild card, example cn=mydomain. This action could be done with using of ikeyman utility – on WebSphere machine WebSphere\AppServer\bin.ikeyman.bat. This action should be done by WebSphere administrator. Caused by: com.mercury.sitescope.monitors.j2ee.rmiprocess.ConnectionException: ADMC0053E: The system cannot create a SOAP connector to connect to host waspapp06 at port 8881 with SOAP connector security enabled.; nested exception is: com.ibm.websphere.management.exception.ConnectorException: ADMC0053E: The system cannot create a SOAP connector to connect to host waspapp06 at port 8881 with SOAP connector security enabled. at com.mercury.sitescope.monitors.j2ee.websphere.WebSphereMonitorJMX.connect(WebSphereMonitorJMX.java:171) at com.mercury.sitescope.monitors.j2ee.websphere.WebSphereMonitorJMX.<init>(WebSphereMonitorJMX.java:102) ... 10 more 7. This issue was reproduced only on Windows 2008 R2 64bit with external JVM. We currently investigate it. As solution customer should use internal JVM. WebSphereServiceImpl.main() encountered an exception: java.rmi.server.ExportException: Port already in use: 0; nested exception is: java.net.BindException: Address already in use: NET_Bind java.rmi.server.ExportException: Port already in use: 0; nested exception is: java.net.BindException: Address already in use: NET_Bind 8. The description about any other exception which contains exception code like ADMC0053E could be found by following link (choose your code by first letters in it from left panel)- http://publib.boulder.ibm.com/infocenter/wxdinfo/v6r0/index.jsp?topic=/com.ibm.web sphere.messages.doc/com.ibm.ws.management.resources.connector.html ”