It's all about the answers!

Ask a question

Why the logs always be flooded with these messages?


Guowei Jim Hu (1.0k910353) | asked May 06 '10, 5:25 p.m.
We are running our 2.0.0.2 iFix02 RTC server on linux as application server on WAS 7.0.0.7

We found that after a RTC server restart, each time a user start a login session to our RTC server via either web ui, WAS admin console or Eclipse client, if he had a previsous session which was started one or two hours ago, then the login session will trigger a flood of LTPA token expiration message into WAS systemOut.log.

The worst case we saw over 200 such messages were written to the log in one second and it generated over 150MB log in two days.

Here are samples from the log triggered by one login session:

00000030 LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu May 06 17:04:00 EDT 2010, current Date: Thu May 06 17:05:55 EDT 2010.
00000030 LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu May 06 17:04:00 EDT 2010, current Date: Thu May 06 17:05:55 EDT 2010.
00000027 LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu May 06 17:04:00 EDT 2010, current Date: Thu May 06 17:05:55 EDT 2010.
00000027 LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu May 06 17:04:00 EDT 2010, current Date: Thu May 06 17:05:55 EDT 2010.
00000030 LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu May 06 17:04:00 EDT 2010, current Date: Thu May 06 17:05:55 EDT 2010.
00000030 LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu May 06 17:04:00 EDT 2010, current Date: Thu May 06 17:05:55 EDT 2010.

3 answers



permanent link
Guowei Jim Hu (1.0k910353) | answered May 10 '10, 9:34 a.m.
Figured this out with help from WAS support and share with all here incase you are the next.

The cause is that the old LTPA key is either expired or corrupted.

The fix is to stop WAS, remove the LTPA key at WAS_HOME/profiles/profileName/config/cells/cellName/nodes/nodeName/ltpa.
jceks and WAS logs, and start WAS again

Verified that we don't see LTPA token expiration error anymore.

There are still LTPA authentication failure messages in the log but another type:
SECJ0369E: Authentication failed when using LTPA. The exception is No user keshavjh@in.ibm.com found.

Comments
samifall fallatah commented Jun 26 '12, 5:34 a.m.

Thanks a lot, That did fix our issue


Ulf Buchner commented Nov 20 '12, 4:42 a.m.

We had the same issue with RTC 3.0.1. This supposed fix didn't solve it. We got rid of the messages bij setting the LTPA timeout in WAS from 120 to 1200.

We found the following article. Though they describe a different problem, the solution works: https://jazz.net/forum/questions/74478/ltpa-token-problems-when-performance-testing-jazz-products


permanent link
Jirong Hu (1.5k9295258) | answered Jan 17 '12, 10:26 a.m.
I am using RTC3.0.1/WAS7/Oracle 11g on Windows 2008, and just saw this is happening on our production server, but not in our test server.

On production server, existing users can still login and work, but nightly sync job is failed with connection error:

CRJAZ1326E The members of the Jazz groups could not be retrieved.Saturday, January 14, 2012 12:59 AMCRJAZ0742I Unable to connect to the LDAP directory server. Verify that the server application is configured properly and that the LDAP server is reachable.


I believe this had happened on my test server. My question now is: How can I completely fix this problem and prevent this happening again?

Thanks
Jirong

permanent link
Frank Ning (50025119133) | answered Apr 30 '13, 1:26 p.m.
After ltpa.jceks file is removed, I see a log of messages in SystemOut.log file (every couple of seconds):

SECJ0369E: Authentication failed when using LTPA. The exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece\u0000]


Comments
Josh Crawford commented Apr 30 '13, 1:39 p.m.

Hi Frank,  the Ldap error -49 with a 52e data code is an invalid user ID\Password response from AD,  this technote talks a bit more about the codes.
http://www-01.ibm.com/support/docview.wss?uid=swg21290631 

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.