creation of profiles in WAS 7

When you execute wasprofile command in WAS 7, it will throw error :

C:\IBM\WebSphere\AppServer\bin>wasprofile.bat
CWMBU0001I: The wasprofile.bat script has been deprecated and replaced by the ma
nageprofiles.bat script.
manageprofiles requires an argument
Run manageprofiles -help or visit our Information Center at: http://www14.software.ibm.com/webapp/wsbroker/redirect?version=p
ix&product=was-nd-dist&topic=rxml_manageprofiles

1. To list number of profiles, execute command

manageProfiles -listProfiles

eg. C:\IBM\WebSphere\AppServer\bin>manageProfiles -listProfiles

2. To delete all the existing profiles, execute
C:\IBM\WebSphere\AppServer\bin>manageProfiles.bat -deleteAll
INSTCONFSUCCESS: Success: All profiles are deleted.

Once profile is deleted, remove left directories manually.
To delete directories recursively in windows use command :
rmdir /s /q

3. Create new prfoiles including deployment manager
Now this could be interesting which directory could be recommended, many user creates profiles under path WebSphere\AppServer\profiles\\, now this works without issue in unix flavor but in case if 32 bit Windows there is limitation of 255 characters in path. So many people prefer to create profiles like :\IBM\Profiles\\

Command to create new profile :
Syntax : manageProfiles -create -profileName -profilePath -templatePath -nodeName -cellName -hostname -serverName -startingPort 10000 -winserviceCheck

eg : C:\IBM\WebSphere\AppServer\bin>manageProfiles -create -profileName AppSrv01 -profilePath C:\IBM\profiles\AppSrv01 -nodeName AppSrv01Node -cellName AppSrv01Cell -hostname localhost -serverName server -startingPort 10000 -winserviceCheck false

gives output as

INSTCONFSUCCESS: Success: Profile AppSrv01 now exists. Please consult C:\IBM\pro
files\AppSrv01\logs\AboutThisProfile.txt for more information about this profile.

4. to check the ports assigned and other details for new profiles check the file at
\logs\AboutThisProfile.txt

C:\IBM\WebSphere\AppServer\bin>type \IBM\profiles\AppSrv01\logs\AboutThisProfile.txt

5.

start Deployment Manager by some other command

Wow, I got amazed when I tried this today, and it worked when I executed the below command to start the Deployment Manager.

\wasprofile\\bin\startServer.sh dmgr - to start
\wasprofile\\bin\stopServer.sh dmgr - to stop
One can also use the command startManager command to start/stop the DMGR

Disabling security for WAS admin console - very famous

You can disable administrative security using the command line:

1. At the command prompt, type the following:
\bin\wsadmin.bat -conntype NONE

2. When the system command prompt re-displays, type:
securityoff

3. When done, type exit and restart the application server.

This procedure should work without any problem, but in the event that it fails, you can disable administrative security by directly editing the security.xml file

profile_home\config\cells\cell_name\

Open this file and change the security attribute enabled=true to enabled=false.
Other security properties, such as Java 2 security and application security, can also be found in this file. Modifying the XML file should only be done as a last resort. Be sure to save an original copy of the security.xml file before making any modification.

how to configure WAS to stop application server without prompting for password even though security is enabled

1. If you are using the SOAP connection type (default) to stop the server, edit the following file:
   

profile_home\properties\soap.client.props

Then, change the values of these properties:
com.ibm.SOAP.securityEnabled=true
com.ibm.SOAP.loginUserid=
com.ibm.SOAP.loginPassword=

Again, the user ID , with its password , is the user ID with Administrator role rights or the primary administrative user name defined in the user account repository.

2. We recommend that you encode the com.ibm.SOAP.loginPassword propertyvalue using:

\bin\PropFilePasswordEncoder.bat soap.client.props com.ibm.SOAP.loginPassword
Examine the result and remove the backup file, soap.client.props.bak, created by the command used previously. It contains the unencrypted password.

3. Try stopping the JVM, without giving user id and password.

What is Java 2 secuirty in WAS ?

Java 2 security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources.

new features in WAS S 7

1. Security part had been separated, in prior version, enablingg security means, enabling security at admin console and application (J2EE security was always separate) in WAS 7, Admin console secuirity, Application security and J2EE security, all are independant of each other.
   

Recover WAS admin console password

There are two ways to deal with password at WAS admin console

1. Disable the security for WAS and login as anonymous. Go to security settings, if it is local security are free to modify the password, but if it is LDAP user then find the user and check with LDAP team for respective user.

Now in Production environment this becomes next to impossible to disable security, we can find the password by using step 2.

2. Login on server ( either application server or deployment server).

• Go to directory profiles/profie_name/config/cells .
  
• Open file security.xml.
• Look for tag userRegistry
• Find the encrypted password for respective user
• Enter the encrypted value to URL : http://www.sysman.nl/wasdecoder/

This will decript the password for WAS admin console.

Difference between SystemOut.log and SystemErr.log

System.out leads the output to the standard output stream
System.err leads the output to the standard error stream

The JVM logs are created by redirecting the System.out and System.err streams of the JVM to independent log files.

WebSphere Application Server writes formatted messages to the System.out stream.
In addition, applications and other code can write to these streams using the print() and println() methods defined by the streams. Some Developer Kit built-ins such as the printStackTrace() method on the Throwable class can also write to these streams.

Typically,
The System.out log is used to monitor the health of the running application server.
The System.out log can be used for problem determination, but it is recommended to use the IBM Service log and the advanced capabilities of the Log Analyzer instead.

The System.err log contains exception stack trace information that is useful when performing problem analysis.