As it appears WAS 8 comes with SSL turned on for RMI/IIOP connections. That subtle configuration difference can give you a lot of headache. Especially if you, as one of our clients, are trying to connect as JMS thin client. Client side exception you may encounter will be similar to this one
You can test this by sending JMS message to server by putting com.ibm.ws.ejb.thinclient_8.0.0.jar & com.ibm.ws.sib.client.thin.jms_8.0.0.jar in classpath and running class with following VM arguments:
On other side if you just want to behave WAS as it did in version 6.1 or 7.0 you can disable RMI SSL. This can be done via admin console by exercising "CSIv2 inbound&outbound communications" options found in Global security menu. Change Transport property from "SSL-required" to "SSL-supported" after restart you should be good to go and send JMS messages without SSL.
javax.naming.ServiceUnavailableException: A communication failure occurred while attempting to obtain an initial context with the provider URL: "iiop://localhost:2812". Make sure that any bootstrap address information in the URL is correct and that the target name server is running. A bootstrap address with no port specification defaults to port 2809. Possible causes other than an incorrect bootstrap address or unavailable name server include the network environment and workstation network configuration. [Root exception is org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible: Forwarded IOR failed with: java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine:host=mresetar-t510,port=0 . . . Caused by: java.net.ConnectException: connect: Address is invalid on local machine, or port is not valid on remote machine at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:391) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:252)As stack trace has nothing to point you in right direction you may wander around and try to change version of JMS client and who-knows-what. If you want to change JMS client (you're on Java 6) and really want to use SSL then you could follow notes found here to enable security and here to setup JMS client.
You can test this by sending JMS message to server by putting com.ibm.ws.ejb.thinclient_8.0.0.jar & com.ibm.ws.sib.client.thin.jms_8.0.0.jar in classpath and running class with following VM arguments:
-Dcom.ibm.CORBA.Debug=true -Dcom.ibm.CORBA.CommTrace=true -Dcom.ibm.CORBA.Debug.Output=client.log -Dcom.ibm.SSL.ConfigURL=file:/d:/IBM/WebSphere/Was8Nd/profiles/AppSrv01/properties/ssl.client.props -Dcom.ibm.CORBA.ConfigURL=file:/d:/IBM/WebSphere/Was8Nd/profiles/AppSrv01/properties/sas.client.props -Dcom.ibm.CORBA.loginUserid=admin -Dcom.ibm.CORBA.loginPassword=admin -Dcom.ibm.CORBA.loginSource=propertiesJava class to test JNDI connection and to send JMS message is available here.
On other side if you just want to behave WAS as it did in version 6.1 or 7.0 you can disable RMI SSL. This can be done via admin console by exercising "CSIv2 inbound&outbound communications" options found in Global security menu. Change Transport property from "SSL-required" to "SSL-supported" after restart you should be good to go and send JMS messages without SSL.
Thank you! Was just about to pull my hair out.
ReplyDeleteI uѕed to be able to find good adѵice from your сontent.
ReplyDeletemy web blog: el tarot gratis
Hello, I enjoy rеading through your artiсle.
ReplyDeleteI wanted to wгite a lіttle cοmment to support you.
my pagе; vοyanсе ρаr telephone
()
Thank you very much for this post.
ReplyDeleteWe were facing the same issue after migrating from WAS 6 to 8.
Your blog helped us in resolving this.
Thanks much, i am facing an exception, when i went with this step :http://stackoverflow.com/questions/23568162/simple-ejb-client-or-junit-not-working-with-ibm-websphere. Can you help?
ReplyDeleteJugunu
For those of you who like to disable the SSL-required flag as mentioned above.
ReplyDeleteGo to:
Security -> Global security -> RMI/IIOP security -> CSIv2 inbound communications
Chapter "CSIv2 Transport Layer"
Change:
Transport => SSL-supported (instead of SSL-required)
Repeat for
Security -> Global security -> RMI/IIOP security -> CSIv2 outbound communications
Beware maybe you also need to adjust other security domains as well (as I had to):
Security -> Security domains -> Click on -> RMI/IIOP security
Check here if the global setting is used otherwise you may want to change the settings as done above.