IBM Security Verify

 View Only

  • 1.  TAM 7 - PROGRAM ERROR null null com.tivoli.pd.jutil.PDContext

    Posted Fri January 26, 2024 08:17 PM
    Edited by Victor Amrich Fri January 26, 2024 08:19 PM

    Hello!

    We have some problem with the pd console with the following stack trace:

    PROGRAM ERROR null null com.tivoli.pd.jutil.PDContext <PDContext(PDContext, PDSslServices) constructor> WebContainer : 0 java.lang.NullPointerException
    java.lang.NullPointerException
    at com.tivoli.pd.jutil.PDContext.commonInit(PDContext.java:827)
    at com.tivoli.pd.jutil.PDContext.<init>(PDContext.java:524)
    at com.tivoli.pd.jutil.PDSslServices$2.run(PDSslServices.java:1107)
    at java.security.AccessController.doPrivileged(AccessController.java:192)
    at com.tivoli.pd.jutil.PDSslServices.refreshCert(PDSslServices.java:1039)
    at com.tivoli.pd.jutil.PDSslServices.checkAndRefreshCert(PDSslServices.java:764)
    at com.tivoli.pd.jutil.PDSslServices.<init>(PDSslServices.java:246)
    at com.tivoli.pd.jutil.PDContext.<init>(PDContext.java:296)
    at com.tivoli.pd.jutil.PDContext.<init>(PDContext.java:189)
    at com.tivoli.pd.jutil.PDContext.<init>(PDContext.java:124)
    at com.tivoli.pdconsole.common.servlets.auth.createContext(auth.java:596)
    at com.tivoli.pdconsole.common.servlets.auth.handleLogin(auth.java:115)
    at com.tivoli.pdconsole.common.servlets.auth.doGet(auth.java:77)
    at com.tivoli.pdconsole.common.servlets.auth.doPost(auth.java:90)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:966)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:907)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:145)
    at com.tivoli.pdconsole.isc.servlets.URLFilter.doFilter(URLFilter.java:118)
    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:130)
    at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:696)
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:641)
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:475)
    at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:463)
    at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:92)
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:744)
    at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1425)
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:92)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:394)
    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:152)
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:213)
    at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(AbstractAsyncFuture.java:195)
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:193)
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:725)
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:847)
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1498)

    I check all certificate and any of them are expired, i notice that in the configuration ivmgrd.conf we have:
    # SSL certificate lifetime in days.
    # This parameter is set by the mgrsslcfg utility.
    ssl-cert-life = 3650

    But i do not see any expire certificate:

    Nombre de alias: appsvr

    Válido desde: 06/08/18 16:32 hasta: 04/08/28 16:32

    ----------------------------------

    Nombre de alias: pdca

    Válido desde: 29/07/13 19:33 hasta: 25/07/33 19:33

    I do not know if the midlife of the ssl configure is making this issue.

    Are anothere certificate that can be expire?

    If is the case that one is expired i shoud execute the following command: /opt/IBM/WebSphere/AppServer/java/bin/java com.tivoli.pd.jcfg.SvrSslCfg -action replcert -admin_id [user] -admin_pwd [password] -cfg_file /opt/PolicyDirector/java/export/pdwpm/pdwpm.properties

    How can i check if the /opt/PolicyDirector/java/export/pdwpm/pdwpm.properties is ok? is a way to create this file without making any change or problem in the actual environment, so i could create it have a dump and the execute the replcert?

    Any idea?

    Thanks!



    ------------------------------
    Victor Amrich
    Middleware administration
    Buenos Aires
    ------------------------------



  • 2.  RE: TAM 7 - PROGRAM ERROR null null com.tivoli.pd.jutil.PDContext

    Posted Sat April 06, 2024 06:25 PM

    Hi, any one can help with this error? Thanks!



    ------------------------------
    Victor Amrich
    Middleware administration
    Buenos Aires
    ------------------------------

    Original Message


  • 3.  RE: TAM 7 - PROGRAM ERROR null null com.tivoli.pd.jutil.PDContext

    Posted Mon April 08, 2024 02:08 AM

    Hi Victor,

    I would first check if your Java environment of the Websphere server is still correctly configured. If you did an update of Java, you probably lost the correct PD.jar file.

    The files to check are: PD.jar, PD.properties and PDCA.ks

    To check the ISVA version of PD.jar:

    # unzip -p /opt/IBM/WebSphere/AppServer/tivoli/tam/PD.jar  | grep "Implementation-Version"
    Implementation-Version: 10.0.0.1

    # unzip -p /opt/PolicyDirector/java/export/pdjrte/PD.jar  | grep "Implementation-Version"
    Implementation-Version: 7.0.0.31

    What is the version of your ISVA server? And which version of Java do you use on WAS? Your version of Java is probably not compatible with your version of PD.jar

    Also check if there are not two versions of PD.jar in the WAS folders. It can happen that you have for example one version under /opt/IBM/WebSphere/AppServer/java/8.0/jre/lib/ext/PD.jar and a different one under /opt/IBM/WebSphere/AppServer/tivoli/tam/PD.jar. In that case delete the old one and copy the newer one to the folder where the older one was located.

    I hope this helps. Configuring WAS to use PD.jar has become more difficult. I myself am struggling right now to do the certificate replacement with the "replcert" command. Creating the file with "create" worked after setting the following option: ssl-compliance=sp800-131-transition



    ------------------------------
    Laurent LA Asselborn
    ------------------------------

    Original Message


  • 4.  RE: TAM 7 - PROGRAM ERROR null null com.tivoli.pd.jutil.PDContext

    Posted Mon April 08, 2024 06:37 AM

    Greetings,

    I hope you are aware that ISAM 7 went EoS late 2018: https://www.ibm.com/support/pages/node/1208380

    You REALLY should migrate to a newer version that is supported.



    ------------------------------
    Aki Virtanen
    Security Software Consultant
    IBM Security Software Lab Services
    ------------------------------

    Original Message