| Sun Mainframe Transaction Processing Troubleshooting and Tuning Guide |    
|
| Sun Mainframe Transaction Processing Troubleshooting and Tuning Guide |
|
| C H A P T E R 11 |
|
Sun Mainframe Security Facility |
This chapter describes problems you might encounter when starting and using the Sun Mainframe Security Facility (Sun MSF). It contains the following topics:
Refer to the Sun Mainframe Transaction Processing Software Administrator's Guide for information about configuring and using Sun MSF.
Sun MSF is an installed set of Java archive (JAR) files and associated Java property files that contain the site's configuration. Sun MSF also depends on access to the selected RDBMS repository, such as Oracle, and its supplied Java Database Connector (JDBC
) class files, and property files. Troubleshooting Sun MSF problems, therefore, typically involves recognizing and deciphering errors and exceptions reported by the installed Java runtime environment (JRE) while running the following Sun MSF commands:
SecurityLogs
SecAdmin
MakeAnAdministrator
SecurityServer
This failure might occur when attempting to run any of the Sun MSF tools. Typically, one of the following messages will be displayed:
Exception in thread "main" java.lang.NoClassDefFoundError: classname
(SecSvc_FATAL) Unexpected error java.lang.NoClassDefFoundError: classname
The classname not found is expected to be present in one of the supplied Sun MSF or JDBC class files specified in the CLASSPATH environment variable. If the classname begins with com/sun/emp/security/... , either or both of the following Sun MSF JAR files are not properly specified in that CLASSPATH environment:
$EMPSECURITY/lib/secrt.jar
$EMPSECURITY/lib/secrtpa.jar
Otherwise, the classname should start with a prefix that identifies the JDBC class needed. For example, for Oracle, classname starts with oracle/sql/.... If that is the case, the JDBC class file(s) are not properly specified in your $CLASSPATH.
This failure might occur when attempting to run any of the Sun MSF tools. The failure can take different forms, but all will contain the following string:
java.security.AccessControlException: access denied (Java-class resource permission)
This problem occurs when the installed JRE security policy is not properly specified in one or both of the following files;
Java-home/lib/security/java.policy
Java-home/lib/security/jaas.policy
Review these policy files to determine if the indicated Java-class, resource, and permission are provided for in the required grant directive.
java.lang.IllegalArgumentException: port out of range: nnnnn
occurs when the serverPortNumber value configured in the
Java-home/lib/MSFconfig.properties file is greater than the maximum UNIX socket port number that can be specified. The value must be less than 65536. Modify the value in the MSFconfig.properties file and try restarting the server.
java.net.BindException: Permission denied
occurs when the serverPortNumber value configured in the
Java-home/lib/MSFconfig.properties file is lower than the allowed range, and, therefore, is one of the reserved UNIX socket port numbers. The serverPortNumber value typically must be between 1024 and 65535. Review the Java-home/lib/security/java.policy file and locate the directive "grant ... permission java.net.SocketPermission to see what socket port numbers are allowed by your JRE. Modify the value in the MSFconfig.properties file and try restarting the server.
java.net.BindException: Address already in use
occurs when the serverPortNumber value configured in the
Java-home/lib/MSFconfig.properties file is already in use. This indicates that another Security Server is already running using that UNIX socket port number. Modify the value in the MSFconfig.properties file and try restarting the server.
This might occur when the RDBMS repository accessed through the JDBC classes has errors of some kind, such as tables missing, RDBMS permissions deleted, or referential integrity problems. This type of error will typically be reported as an SQL error; for example:
java.sql.SQLException: ORA-00942: table or view does not exist
This might be a very serious problem, based on the actual RDBMS error reported. It might be necessary to shut down Sun MSF services and reload the security repository to correct the problem.
| Sun Mainframe Transaction Processing Troubleshooting and Tuning Guide | 816-5333-11 |
|
Copyright © 2004, Sun Microsystems, Inc. All rights reserved.