I have stopped the admin on machine1, made sure the virtualIP is removed from the NIC, and started on the second node.
I get immediately this error in the logs when logging to the sbconsole:
com.bea.alsb.console.common.base.SBConsoleAccessException: The current login role is not authorized to use the console action: "/SBConsoleEntry"
Googling around, it seems that the issue could be the wrong DefaultAuthorizerInit.ldift and XACMLAuthorizerInit.ldift files, in DOMAIN_HOME/security/
On node1, in DOMAIN_HOME/security/ I have:
DefaultAuthenticatorInit.ldift DefaultRoleMapperInit.ldift XACMLAuthorizerInit.ldift
DefaultAuthorizerInit.ldift SerializedSystemIni.dat XACMLRoleMapperInit.ldift
On node2 I have :
DefaultAuthenticatorInit.ldift DefaultRoleMapperInit.ldift SerializedSystemIni.dat XACMLRoleMapperInit.ldift
so effectively the 2 files DefaultAuthorizerInit.ldift and XACMLAuthorizerInit.ldift are missing.
The other files are also different. Should I replace them?
Then I discover that:
Service Bus 10g: Problem with Pack / Unpack of Domain [ID 981068.1]
OSB domain created with pack/unpack command doesn't work correctly.
This is a known issue. The jar file generated by the "pack" command has to be manually changed.
Please follow the instructions below:
After creating the template, and before you create any new domains from this template, you must do the following:
1) Add the missing files, DefaultAuthorizerInit.ldift and XACMLAuthorizerInit.ldift, from the DOMAIN-ROOT/security folder of your original domain to the security folder inside the template JAR (jar file generated by the pack command).
2) Manually update the top-level security.xml file in the template JAR with the contents of the DOMAIN-ROOT/init-info/security.xml file of your original domain.
So, the message is: don't use pack/unpack for OSB.
Wednesday, July 10, 2013
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment