How to configure a WebSphere Application Monitor for
advertisement
How to configure a WebSphere Application Monitor for WAS 6.1?
First of all we need to check the WebSphere configuration using the Administrative Console, to open this
console from the WAS server you can go to: StartAll ProgramsIBM WebSphereApplication
Server<WAS version>Profiles<Profile name>Administrative console
(Image 1)
Or you can access this link:
https://<WAS SERVER>:<PORT>/ibm/console
Then go to: ServersApplication Servers in that place you can find the node name and the version of
your WAS:
(Image 2)
Click over the instance name and then look for the Ports option:
(Image 3)
Here you can find the port information you have to use in the WebSphere Application monitor
configuration:
(Image 4)
The port you have to look is the SOAP_CONNECTOR_ADDRESS
Then go to PMI (Performance Monitor Infrastructure):
(Image 5)
You should check the “Enable PMI” and also check the “Extended” option:
(Image 6)
Click on “Apply” and then in “Save”:
(Image 7)
All these instructions have to be done by the WAS admin.
On the SiteScope server is necessary to install the WebSphere Application Client that can be
downloaded from the IBM portal.
First of all you have to verify you are able to connect to the SOAP_CONNECTOR_ADDRESS port, so open
an Internet Explorer browser and go to the page:
https://<WAS_HOST>:<SOAP_CONNECTOR_ADDRESS >/
You should be able to see a page like:
(Image 8)
Once install the client some files should be pasted from the WAS server to this client folder installation
in the SiteScope server:
From WAS box
To SiteScope box
<WAS_SERVER>\runtimes\com.ibm.ws.admin.client_6.1.0.jar
%WAS_ENV%\com.ibm.ws.admin.client_6
.1.0.jar
%WAS_ENV%\org.eclipse.osgi_3.2.1.R32x
_v20060919.jar
%WAS_ENV%\com.ibm.ws.runtime_6.1.0.
jar
%WAS_ENV%\DummyClientTrustFile.jks
<WAS_SERVER>\plugins\org.eclipse.osgi_3.2.1.R32x_v20060919.j
ar
<WAS_SERVER>\plugins\com.ibm.ws.runtime_6.1.0.jar
<WAS_SERVER>\WebSphere\AppServer\profiles\<ServerName>\etc\
DummyClientTrustFile.jks
<WAS_SERVER>\WebSphere\AppServer\profiles\<ServerName>\etc\
DummyClientKeyFile.jks
%WAS_ENV%\DummyClientKeyFile.jks
After that if the WAS is configured with SSL you have to import a certificate
Instructions taken from the R&D document “WebSphere 6.1 troubleshooting”:
“
(SSL only) Get SSL certificate from WAS server – open URL to the WAS server with SOAP port in
Internet Explorer with https protocol, for example:
https://<WAS_HOST>:<SOAP_CONNECTOR_ADDRESS >/
Download the server certificate by double-clicking the key lock icon in Internet Explorer when there is an
SSL connection. The icon is located in the status bar for Internet Explorer 6, and to the right of the URL
field for Internet Explorer 7 (the field is marked red when self-signed certified is used by the server).
In the Certificate dialog box, select the Details tab, and click Copy to File.
In the Certificate Export Wizard, export the server certificate as Base-64 encoded X.509 (.CER) certificate
to %WAS_ENV%\wascert.cer (in base-64 format).
After that open a CMD and go to the %WAS_ENV%\java\bin folder and execute the following commend:
%WAS_ENV%\java\bin\keytool -import -v -file %WAS_ENV%\wascert.cer -alias was_cert
%WAS_ENV%\java\jre\lib\security\cacerts
-keystore
When prompted for the password, type changeit (default password for JRE).
When asked if you trust the imported certificate, type yes.
Check that SiteScope\templates.application\websphere.props file contain next line:
was61x_classpath=com.ibm.ws.admin.client_6.1.0.jar;com.ibm.ws.runtime_6.1.0.jar;
Replace any other line which is started from was61x_classpath= with this one.
Modify %WAS_ENV%\java\jre\lib\security\java.security file. So it will be
== FROM==
# Default JSSE socket factories
#ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl
#ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl
# WebSphere socket factories (in cryptosf.jar)
ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory
ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory
==TO==
# Default JSSE socket factories
ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl
ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl
# WebSphere socket factories (in cryptosf.jar)
#ssl.SocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLSocketFactory
#ssl.ServerSocketFactory.provider=com.ibm.websphere.ssl.protocol.SSLServerSocketFactory
”
After copy and paste all those files from your WAS server to the %WAS_ENV%\ folder you should have a
folder like this one:
(Image 9)
Now restart the SiteScope service.
Finally we are ready to configure the WebSphere Application Monitor in SiteScope.
Open the SiteScope GUI and create a new WebSphere Application Server monitor
(Image 10)
Fill the requested information:
(Image 11)
Target: Node you want to obtain the counters (See image 4).
Server: Server where your WebSphere Application is installed.
Port Number: SOAP_CONNECTOR_ADDRESS (See image 2).
Credentials: Write the login information of your WAS Administrative Console.
WebSphere directory: Path of the WAS client installed in the SiteScope server.
Trust Store: %WAS_ENV%\AppClient\DummyClientTrustFile.jks
Trust store password: WebAS
Key Store: %WAS_ENV%\AppClient\DummyClientKeyFile.jks
Key Store password: WebAS
Click on “Get Counters” and select the information you need.
Taken from the R&D document “WebSphere 6.1 troubleshooting”:
“
How to troubleshoot the WAS monitor?
Step 1: Enable debug for WebSphere monitor:
Open SiteScope\conf\core\Tools\log4j\PlainJava\log4j.properties file and add next lines to the
bottom of this file:
###################################################################################
# WebSphere monitor
###################################################################################
log4j.category.com.mercury.sitescope.monitors.j2ee.websphere=DEBUG, websphere.appender
log4j.additivity.com.mercury.sitescope.monitors.j2ee.websphere=false
log4j.category.com.mercury.sitescope.monitors.j2ee.rmiprocess=DEBUG, websphere.appender
log4j.additivity.com.mercury.sitescope.monitors.j2ee.rmiprocess=false
log4j.appender.websphere.appender=org.apache.log4j.RollingFileAppender
log4j.appender.websphere.appender.File=../${log.file.path}/websphere_monitor.log
log4j.appender.websphere.appender.MaxFileSize=${def.file.max.size}
log4j.appender.websphere.appender.MaxBackupIndex=${def.files.backup.count}
log4j.appender.websphere.appender.layout=org.apache.log4j.PatternLayout
log4j.appender.websphere.appender.layout.ConversionPattern=%d [%t] (%F:%L) %-5p - %m%n
Increase the size of logs by changing lines at the top of the file:
From
def.file.max.size=1000KB
def.files.backup.count=5
To
def.file.max.size=5000KB
def.files.backup.count=10
Restart SiteScope after this change.
Step 2: Check SiteScope\logs\RunMonitor.log file if it has any follow exceptions:
The DummyClientTrustFile.jks and DummyClientKeyFile.jks files are not valid. Probably they were copied
from wrong profile. You need to check step 5 from “Testing SiteScope WebSphere Monitor
configuration”.
Caused by: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause
is…
1. The com.ibm.ws.admin.client_6.1.0.jar and com.ibm.ws.runtime_6.1.0.jar are missed or have
different names. You need to check step 2 from “Testing SiteScope WebSphere Monitor
configuration”.
Caused by: com.mercury.sitescope.monitors.j2ee.rmiprocess.ConnectionException: Inner exception is:
java.lang.ClassNotFoundException: com.ibm.websphere.management.AdminClientFactory
2. The com.ibm.ws.security.crypto_6.1.0.jar is missed. You need to check step 4 from “Testing
SiteScope WebSphere Monitor configuration”.
Caused by: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.net.SocketException:
java.lang.ClassNotFoundException: com.ibm.websphere.ssl.protocol.SSLSocketFactory;
targetException=java.lang.IllegalArgumentException: Error opening socket: java.net.SocketException:
java.lang.ClassNotFoundException: com.ibm.websphere.ssl.protocol.SSLSocketFactory
3. The server host or port is not valid. You need to specify valid host and port.
Caused by: [SOAPException: faultCode=SOAP-ENV:Protocol; msg=;
targetException=java.net.MalformedURLException]
4. Jks files are missed from %WAS_ENF% folder.
Caused by: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException:
faultCode=SOAP-ENV:Client; msg=Error opening socket: java.net.SocketException: Default SSL context init failed:
IBMKeyManager: Problem accessing key store java.lang.Exception: Keystore file does not exist: D:\AppClient
D:\AppClient\RSP4\DummyClientKeyFile.jks; targetException=java.lang.IllegalArgumentException: Error opening
socket: java.net.SocketException: Default SSL context init failed: IBMKeyManager: Problem accessing key store
java.lang.Exception: Keystore file does not exist: D:\AppClient D:\AppClient\RSP4\DummyClientKeyFile.jks]
5. Certificate wasn’t imported into java keystore.
Caused by: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException:
faultCode=SOAP-ENV:Client; msg=Error opening socket: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h:
No trusted certificate found; targetException=java.lang.IllegalArgumentException: Error opening socket:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: No trusted certificate found]
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.reconnect(SOAPConnectorClient.java:344)
at com.ibm.ws.management.connector.soap.SOAPConnectorClient.<init>(SOAPConnectorClient.java:177)
... 29 more
6. SSL certificate on WebSphere side was created using wild card in CN, example:
cn=*.mydomain.com. To resolve it you need to change CN in the SSL certificate without wild
card, example cn=mydomain. This action could be done with using of ikeyman utility – on
WebSphere machine WebSphere\AppServer\bin.ikeyman.bat. This action should be done by
WebSphere administrator.
Caused by: com.mercury.sitescope.monitors.j2ee.rmiprocess.ConnectionException: ADMC0053E: The system cannot
create a SOAP connector to connect to host waspapp06 at port 8881 with SOAP connector security enabled.; nested
exception is:
com.ibm.websphere.management.exception.ConnectorException: ADMC0053E: The system cannot create a SOAP
connector to connect to host waspapp06 at port 8881 with SOAP connector security enabled.
at
com.mercury.sitescope.monitors.j2ee.websphere.WebSphereMonitorJMX.connect(WebSphereMonitorJMX.java:171)
at com.mercury.sitescope.monitors.j2ee.websphere.WebSphereMonitorJMX.<init>(WebSphereMonitorJMX.java:102)
... 10 more
7. This issue was reproduced only on Windows 2008 R2 64bit with external JVM. We currently
investigate it. As solution customer should use internal JVM.
WebSphereServiceImpl.main() encountered an exception: java.rmi.server.ExportException: Port already in use: 0;
nested exception is: java.net.BindException: Address already in use: NET_Bind
java.rmi.server.ExportException: Port already in use: 0; nested exception is:
java.net.BindException: Address already in use: NET_Bind
8. The description about any other exception which contains exception code like ADMC0053E could
be found by following link (choose your code by first letters in it from left panel)-
http://publib.boulder.ibm.com/infocenter/wxdinfo/v6r0/index.jsp?topic=/com.ibm.web
sphere.messages.doc/com.ibm.ws.management.resources.connector.html
”
