3 Replies Latest reply on Mar 29, 2012 12:04 PM by Rohit Nayyar

    BBSA 8.2 Active Directory authentication

    Koray Kusat

      Hi all,

       

      i'm trying to setup AD integration on my sandbox vm. Windows 2008 R2 as Domain Controller and BBSA 8.2 is installed on the same box. But i can't get BL AppSrv start after setting set "AuthServer IsADKAuthEnabled true". I created the necessary files in nsh\br directory and created keytab file and blauthsvc user in AD.

       

       

      Error message in appserver.log is:

       

      ---------------------

      Authentication method in use is Active Directory/Kerberos.

      [29 Mar 2012 18:39:45,945] [main] [WARN] [::] [] Possible configuration issue during login.

      [29 Mar 2012 18:39:45,945] [main] [WARN] [::] [] Check configuration of: C:\Program Files\BMC Software\BladeLogic\NSH\br\blappserv_login.conf

      [29 Mar 2012 18:39:45,945] [main] [WARN] [::] []                    and: C:\Program Files\BMC Software\BladeLogic\NSH\br\blappserv_krb5.conf

      [29 Mar 2012 18:39:45,946] [main] [WARN] [::] [] Actual error returned: Cannot get kdc for realm KORAY.LOCAL

      [29 Mar 2012 18:39:45,946] [main] [ERROR] [::] [] ADKerberos authentication is enabled but it is not configured correctly. If you are not using kerberos authentication, please turn it off in blasadmin by running the blasadmin command "set authserver isadkauthenabled false". If you are using it, please check the configuration files to ensure it is configured correctly

      [29 Mar 2012 18:39:45,950] [main] [ERROR] [::] [] Error installing to Start: name=bladelogic.service.AuthenticationService state=Create

      com.bladelogic.om.infra.app.service.ServiceInitializationException: com.bladelogic.om.infra.mfw.util.BlException: com.bladelogic.om.infra.mfw.util.BlException: Error creating credentials: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)

          at com.bladelogic.om.infra.auth.service.AuthenticationServiceImpl.start(AuthenticationServiceImpl.java:139)

      ----------------------

       

      blappserv_krb5.conf content is:

       

      --------------------------

      [libdefaults]

         ticket_lifetime = 6000

         default_realm = koray.local

         default_tkt_enctypes = rc4-hmac

         default_tgs_enctypes = rc4-hmac

       

      [realms]

         koray.local = {

            kdc = bbsasandbox.koray.local:88

         }

       

      [domain_realm]

         .koray.local = bbsasandbox.koray.local

      ---------------------------

       

      blappserv_login.conf content is:

       

      -------------------------

      com.sun.security.jgss.accept {

       

        com.sun.security.auth.module.Krb5LoginModule required

       

       

          useKeyTab=true

          keyTab="C:\\Program Files\\BMC Software\\BladeLogic\\NSH\\br\\blauthsvc.keytab"

          storeKey=true

          principal="blauthsvc/bbsasandbox@KORAY.LOCAL"

          doNotPrompt=true

          debug=false;

       

      };

      -------------------------

       

      My domain name is koray.local

      my DC (the only server in the domain) is bbsasandbox.koray.local

       

      What am i doing wrong? I need your help.

       

      Regards

        • 1. BBSA 8.2 Active Directory authentication

          The config files looks good,

          I have always used the logging section in the krb5 conf file like, but i dont think it is required.

          [logging]

                   kdc = SYSLOG:INFO

          Are you sure you are using the correct C:\\Program Files\\BMC Software\\BladeLogic\\NSH\\br\\blauthsvc.keytab

           

          have you been able to verify  this ?

           

          Also, can  you paste the complete appserver log,  there should be somethng more before

          [29 Mar 2012 18:39:45,945] [main] [WARN] [::] [] Possible configuration issue during login.

          • 2. BBSA 8.2 Active Directory authentication
            Koray Kusat

            Hi Rohit,

             

            yes i can confirm that i'm using the correct blauthsvc.keytab file.

             

            Some extra lines from blappsrv.log file:

             

             

            [29 Mar 2012 18:22:47,857] [WorkItem-Thread-48] [INFO] [::] [] Work item thread started.

            [29 Mar 2012 18:23:20,964] [main] [INFO] [::] [] Cleanup Service started.

            [29 Mar 2012 18:23:20,983] [main] [INFO] [::] [] Starting Support Service...

            [29 Mar 2012 18:23:20,988] [main] [INFO] [::] [] Support Service started.

            [29 Mar 2012 18:23:20,988] [Support-Thread-0] [INFO] [::] [] Support data thread started.

            [29 Mar 2012 18:23:20,988] [main] [INFO] [::] [] Starting Authentication Service...

            [29 Mar 2012 18:23:20,989] [Support-Thread-2] [INFO] [::] [] Support data thread started.

            [29 Mar 2012 18:23:20,990] [Support-Thread-1] [INFO] [::] [] Support data thread started.

            [29 Mar 2012 18:23:20,999] [main] [WARN] [::] [] Application server login.conf file, C:\Program Files\BMC Software\BladeLogic\NSH\br\blappserv_login.conf, does not exist

            [29 Mar 2012 18:23:21,023] [main] [ERROR] [::] [] ADKerberos authentication is enabled but it is not configured correctly. If you are not using kerberos authentication, please turn it off in blasadmin by running the blasadmin command "set authserver isadkauthenabled false". If you are using it, please check the configuration files to ensure it is configured correctly

            [29 Mar 2012 18:23:21,026] [main] [ERROR] [::] [] Error installing to Start: name=bladelogic.service.AuthenticationService state=Create

            com.bladelogic.om.infra.app.service.ServiceInitializationException: com.bladelogic.om.infra.mfw.util.BlException: java.lang.SecurityException: Unable to locate a login configuration

                at com.bladelogic.om.infra.auth.service.AuthenticationServiceImpl.start(AuthenticationServiceImpl.java:139)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

                at java.lang.reflect.Method.invoke(Unknown Source)

                at org.jboss.joinpoint.plugins.reflect.ReflectMethodJoinPoint.dispatch(ReflectMethodJoinPoint.java:72)

                at org.jboss.kernel.plugins.dependency.KernelControllerContextActions$DispatchJoinPoint.run(KernelControllerContextActions.java:631)

                at java.security.AccessController.doPrivileged(Native Method)

                at org.jboss.kernel.plugins.dependency.KernelControllerContextActions.dispatchJoinPoint(KernelControllerContextActions.java:99)

                at org.jboss.kernel.plugins.dependency.KernelControllerContextActions$LifecycleAction.installAction(KernelControllerContextActions.java:452)

                at org.jboss.kernel.plugins.dependency.KernelControllerContextActions$1.run(KernelControllerContextActions.java:156)

                at java.security.AccessController.doPrivileged(Native Method)

                at org.jboss.kernel.plugins.dependency.KernelControllerContextActions$KernelControllerContextAction.install(KernelControllerContextActions.java:179)

                at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)

                at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:226)

                at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:593)

                at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:346)

                at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:438)

                at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:379)

                at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:225)

                at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:151)

                at org.jboss.kernel.plugins.deployment.AbstractKernelDeployer.deployBean(AbstractKernelDeployer.java:291)

                at com.bladelogic.om.infra.app.service.bootstrap.ServiceBeanXMLDeployer.deployBean(ServiceBeanXMLDeployer.java:38)

                at org.jboss.kernel.plugins.deployment.AbstractKernelDeployer.deployBeans(AbstractKernelDeployer.java:261)

                at org.jboss.kernel.plugins.deployment.AbstractKernelDeployer.deploy(AbstractKernelDeployer.java:117)

                at org.jboss.kernel.plugins.deployment.xml.BeanXMLDeployer.deploy(BeanXMLDeployer.java:91)

                at com.bladelogic.om.infra.app.service.bootstrap.ServiceBootstrap.deploy(ServiceBootstrap.java:252)

                at com.bladelogic.om.infra.app.service.bootstrap.ServiceBootstrap.deployService(ServiceBootstrap.java:199)

                at com.bladelogic.om.infra.app.service.bootstrap.ServiceBootstrap.bootstrap(ServiceBootstrap.java:153)

                at org.jboss.kernel.plugins.bootstrap.AbstractBootstrap.run(AbstractBootstrap.java:91)

                at com.bladelogic.om.infra.app.service.bootstrap.ServiceBootstrap.startup(ServiceBootstrap.java:66)

                at com.bladelogic.om.infra.mfw.fw.BlManager.start(BlManager.java:867)

                at com.bladelogic.om.infra.mfw.fw.BlManager.main(BlManager.java:1387)

            Caused by: com.bladelogic.om.infra.mfw.util.BlException: java.lang.SecurityException: Unable to locate a login configuration

                at com.bladelogic.om.infra.auth.service.AuthSvcStateMachineFactory.<init>(AuthSvcStateMachineFactory.java:53)

                at com.bladelogic.om.infra.auth.service.AuthSvcStateMachineFactory.init(AuthSvcStateMachineFactory.java:70)

                at com.bladelogic.om.infra.auth.service.AuthenticationServiceImpl.start(AuthenticationServiceImpl.java:131)

                ... 32 more

            Caused by: java.lang.SecurityException: Unable to locate a login configuration

                at com.sun.security.auth.login.ConfigFile.<init>(Unknown Source)

                at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

                at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

                at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)

                at java.lang.reflect.Constructor.newInstance(Unknown Source)

                at java.lang.Class.newInstance0(Unknown Source)

                at java.lang.Class.newInstance(Unknown Source)

                at javax.security.auth.login.Configuration$3.run(Unknown Source)

                at java.security.AccessController.doPrivileged(Native Method)

                at javax.security.auth.login.Configuration.getConfiguration(Unknown Source)

                at sun.security.jgss.LoginConfigImpl$1.run(Unknown Source)

                at sun.security.jgss.LoginConfigImpl$1.run(Unknown Source)

                at java.security.AccessController.doPrivileged(Native Method)

                at sun.security.jgss.LoginConfigImpl.<init>(Unknown Source)

                at sun.security.jgss.GSSUtil.login(Unknown Source)

                at sun.security.jgss.krb5.Krb5Util.getKeys(Unknown Source)

                at sun.security.jgss.krb5.Krb5AcceptCredential$1.run(Unknown Source)

                at java.security.AccessController.doPrivileged(Native Method)

                at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Unknown Source)

                at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown Source)

                at sun.security.jgss.GSSManagerImpl.getCredentialElement(Unknown Source)

                at sun.security.jgss.GSSCredentialImpl.add(Unknown Source)

                at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)

                at sun.security.jgss.GSSManagerImpl.createCredential(Unknown Source)

                at com.bladelogic.sso.protocol.kerberos.KerberosServiceStateMachine.initCredentials(KerberosServiceStateMachine.java:476)

                at com.bladelogic.om.infra.auth.service.AuthSvcStateMachineFactory.<init>(AuthSvcStateMachineFactory.java:48)

                ... 34 more

            Caused by: java.io.IOException: Unable to locate a login configuration

                at com.sun.security.auth.login.ConfigFile.init(Unknown Source)

                ... 60 more

            [29 Mar 2012 18:23:21,046] [main] [INFO] [::] [] Starting Service Lifecycle Service...

            [29 Mar 2012 18:23:21,048] [main] [INFO] [::] [] Service Lifecycle Service started.

            [29 Mar 2012 18:23:21,048] [main] [INFO] [::] [] Registering remote services...

            [29 Mar 2012 18:23:21,049] [main] [INFO] [::] [] Shutdown processes complete

            [29 Mar 2012 18:23:21,052] [Thread-1] [INFO] [::] [] Undeploying

            [29 Mar 2012 18:23:21,211] [Thread-1] [ERROR] [::] [] java.rmi.NotBoundException: bladelogic.service.AppServerService

            [29 Mar 2012 18:26:08,730] [main] [INFO] [::] [] Starting Agent Service...

            [29 Mar 2012 18:26:08,745] [main] [INFO] [::] [] Agent Service started.

            [29 Mar 2012 18:26:09,151] [main] [INFO] [::] [] ClientValidation Service started.

            [29 Mar 2012 18:26:09,174] [main] [INFO] [::] [] Starting Configuration Service...

            [29 Mar 2012 18:26:09,301] [main] [INFO] [::] [] Configuration Service started.

            [29 Mar 2012 18:26:09,333] [main] [INFO] [::] [] Starting Content Importer Service...

            [29 Mar 2012 18:26:09,333] [main] [INFO] [::] [] Content Importer Service started.

            [29 Mar 2012 18:26:09,550] [main] [INFO] [::] [] Loading JNI libaries...

            [29 Mar 2012 18:26:09,600] [main] [INFO] [::] [] Loaded JNI library BlAsJni

            [29 Mar 2012 18:26:09,604] [main] [INFO] [::] [] Loaded JNI library XJNIService

            [29 Mar 2012 18:26:09,605] [main] [INFO] [::] [] Loaded JNI library Atrium Core

            [29 Mar 2012 18:26:09,606] [main] [INFO] [::] [] Initializing JNI Configuration...

            [29 Mar 2012 18:26:09,610] [main] [INFO] [::] [] Initialized JNI library BlAsJni

            [29 Mar 2012 18:26:09,632] [main] [INFO] [::] [] Initialized JNI library XJNIService

            [29 Mar 2012 18:26:09,633] [main] [INFO] [::] [] Initialized JNI library Atrium Core

            [29 Mar 2012 18:26:09,633] [main] [INFO] [::] [] JNI Configuration complete.

            [29 Mar 2012 18:26:09,649] [main] [INFO] [::] [] Job Infra Manager Service is starting

            [29 Mar 2012 18:26:09,695] [main] [INFO] [::] [] Starting LDAP Connection Service...

            [29 Mar 2012 18:26:09,696] [main] [INFO] [::] [] LDAP Connection Service started.

            [29 Mar 2012 18:26:09,832] [main] [INFO] [::] [] Starting Model Graph Service...

            [29 Mar 2012 18:26:15,093] [main] [INFO] [::] [] Model Graph Service started.

            [29 Mar 2012 18:26:15,212] [main] [INFO] [::] [] Starting ObjectExporter Service...

            [29 Mar 2012 18:26:15,213] [main] [INFO] [::] [] Verifying exporter classes...

            [29 Mar 2012 18:26:15,237] [main] [INFO] [::] [] Object exporters verified.

            [29 Mar 2012 18:26:15,238] [main] [INFO] [::] [] ObjectExporter Service started.

            [29 Mar 2012 18:26:15,253] [main] [INFO] [::] [] Starting PKI Service...

            [29 Mar 2012 18:26:15,278] [main] [INFO] [::] [] PKI Service started.

            [29 Mar 2012 18:26:15,285] [main] [INFO] [::] [] Starting LDAP Service...

            [29 Mar 2012 18:26:15,285] [main] [INFO] [::] [] LDAP service is not configured.

            [29 Mar 2012 18:26:15,286] [main] [INFO] [::] [] LDAP Service started.

            [29 Mar 2012 18:26:15,292] [main] [INFO] [::] [] Starting Port Provider...

            [29 Mar 2012 18:26:15,292] [main] [INFO] [::] [] Port Provider started.

            [29 Mar 2012 18:26:15,355] [main] [INFO] [::] [] Starting Sizing Service...

            [29 Mar 2012 18:26:15,355] [main] [INFO] [::] [] Sizing Service started.

            [29 Mar 2012 18:26:15,360] [main] [INFO] [::] [] Starting Caching Service...

            [29 Mar 2012 18:26:15,363] [main] [INFO] [::] [] Caching Service started.

            [29 Mar 2012 18:26:15,366] [main] [INFO] [::] [] Starting Session Service...

            [29 Mar 2012 18:26:15,382] [main] [INFO] [::] [] Session Service started.

            [29 Mar 2012 18:26:15,391] [main] [INFO] [::] [] Starting JCIFS Connection Service...

            [29 Mar 2012 18:26:15,391] [main] [INFO] [::] [] JCIFS Connection Service started.

            [29 Mar 2012 18:26:15,431] [main] [INFO] [::] [] Starting SSH Connection Service...

            [29 Mar 2012 18:26:15,432] [main] [INFO] [::] [] SSH Connection Service started.

            [29 Mar 2012 18:26:15,451] [main] [INFO] [::] [] Starting Task Scheduling Service...

            [29 Mar 2012 18:26:15,457] [main] [INFO] [::] [] Task Scheduling Service started.

            [29 Mar 2012 18:26:15,462] [main] [INFO] [::] [] Starting Directory Service...

            [29 Mar 2012 18:26:15,475] [main] [INFO] [::] [] Starting RMI registry on host: BBSASANDBOX

            [29 Mar 2012 18:26:15,626] [main] [INFO] [::] [] Directory Service started.

            [29 Mar 2012 18:26:15,629] [main] [INFO] [::] [] Setting server socket factory: com.bladelogic.om.infra.app.service.client.ServerSocketFactory

            [29 Mar 2012 18:26:15,630] [main] [INFO] [::] [] Setting client socket factory: com.bladelogic.om.infra.app.service.client.OMClientSocketFactory

            [29 Mar 2012 18:26:15,630] [main] [INFO] [::] [] Setting authenticator: com.bladelogic.om.infra.app.service.manage.auth.BlSessionServerAuthenticator

            [29 Mar 2012 18:26:15,631] [main] [INFO] [::] [] Starting Management Service ...

            [29 Mar 2012 18:26:15,727] [main] [INFO] [::] [] Management Service started.

            [29 Mar 2012 18:26:15,735] [main] [INFO] [::] [] Starting App Server Data Source...

            [29 Mar 2012 18:26:16,022] [main] [INFO] [::] [] Initialized connection pool General-Connection-Pool with url = jdbc:sqlserver://bbsasandbox:1433;DatabaseName=bladelogic;SelectMethod=cursor and user = sa

            [29 Mar 2012 18:26:16,042] [main] [INFO] [::] [] Initialized connection pool Job-Connection-Pool with url = jdbc:sqlserver://bbsasandbox:1433;DatabaseName=bladelogic;SelectMethod=cursor and user = sa

            [29 Mar 2012 18:26:16,062] [main] [INFO] [::] [] Initialized connection pool Client-Connection-Pool with url = jdbc:sqlserver://bbsasandbox:1433;DatabaseName=bladelogic;SelectMethod=cursor and user = sa

            [29 Mar 2012 18:26:16,062] [main] [INFO] [::] [] App Server Data Source started.

            [29 Mar 2012 18:26:16,063] [main] [INFO] [::] [] Starting Instrumentation Service...

            [29 Mar 2012 18:26:16,075] [main] [INFO] [::] [] Instrumentation Service started.

            [29 Mar 2012 18:26:16,145] [main] [INFO] [::] [] Starting Database Service...

            [29 Mar 2012 18:26:16,184] [main] [INFO] [::] [] Loaded C:/Program Files/BMC Software/BladeLogic/NSH/br/deployments/default/sql/sqlmap.properties

            [29 Mar 2012 18:26:16,249] [main] [INFO] [::] [] Loaded C:/Program Files/BMC Software/BladeLogic/NSH/br/deployments/default/sql/streamable_sqlmap.properties

            [29 Mar 2012 18:26:16,292] [main] [INFO] [::] [] Database service loaded 2 mapping files.

            [29 Mar 2012 18:26:16,292] [main] [INFO] [::] [] Database Service started.

            [29 Mar 2012 18:26:16,442] [main] [INFO] [::] [] Starting App Server Service...

            [29 Mar 2012 18:26:16,664] [main] [INFO] [::] [] Server: bbsasandbox; id: 1; RMI Port: 9836

            [29 Mar 2012 18:26:16,678] [main] [INFO] [::] [] App Server Service started.

            [29 Mar 2012 18:26:16,679] [main] [INFO] [::] [] Verifying object deleters...

            [29 Mar 2012 18:26:16,685] [main] [INFO] [::] [] Object deleters verified.

            [29 Mar 2012 18:26:16,685] [main] [INFO] [::] [] Verifying object soft deleters...

            [29 Mar 2012 18:26:16,700] [main] [INFO] [::] [] Object soft deleters verified.

            [29 Mar 2012 18:26:16,700] [main] [INFO] [::] [] Starting Notification Service...

            [29 Mar 2012 18:26:16,704] [main] [INFO] [::] [] Notification Service started.

            [29 Mar 2012 18:26:16,705] [main] [INFO] [::] [] Starting SRP Authentication Service...

            [29 Mar 2012 18:26:16,724] [main] [INFO] [::] [] SRP Authentication Service started.

            [29 Mar 2012 18:26:16,724] [main] [INFO] [::] [] Starting Job Executor Service...

            [29 Mar 2012 18:26:16,724] [main] [INFO] [::] [] Job Executor Service started.

            [29 Mar 2012 18:26:16,724] [main] [INFO] [::] [] Starting Atrium Import Service...

            [29 Mar 2012 18:26:16,724] [main] [INFO] [::] [] Atrium Import Service started.

            [29 Mar 2012 18:26:16,758] [main] [INFO] [::] [] Starting RBAC User Service...

            [29 Mar 2012 18:26:16,758] [main] [INFO] [::] [] RBAC User Service started.

            [29 Mar 2012 18:26:16,758] [main] [INFO] [::] [] Starting Event Service...

            [29 Mar 2012 18:26:16,793] [main] [INFO] [::] [] Event Service started.

            [29 Mar 2012 18:26:16,794] [main] [INFO] [::] [] Starting RBAC Role Service...

            [29 Mar 2012 18:26:16,794] [main] [INFO] [::] [] RBAC Role Service started.

            [29 Mar 2012 18:26:16,794] [main] [INFO] [::] [] Starting NshProxyConnection Service...

            [29 Mar 2012 18:26:16,794] [main] [INFO] [::] [] Nsh-Proxy is reserving the controlport

            [29 Mar 2012 18:26:16,797] [main] [INFO] [::] [] Nsh-Proxy is establishing control connection...

            [29 Mar 2012 18:26:16,803] [Event-Processor-Thread-0] [INFO] [::] [] Event processor thread started.

            [29 Mar 2012 18:26:16,803] [Event-Transfer-Thread-1] [INFO] [::] [] Event transfer thread started.

            [29 Mar 2012 18:26:16,803] [Event-Processor-Thread-2] [INFO] [::] [] Event processor thread started.

            [29 Mar 2012 18:26:16,803] [Event-Processor-Thread-4] [INFO] [::] [] Event processor thread started.

            [29 Mar 2012 18:26:16,812] [Event-Dispatcher-Thread] [INFO] [::] [] Event dispatcher thread started.

            [29 Mar 2012 18:26:16,812] [Event-Transfer-Thread-0] [INFO] [::] [] Event transfer thread started.

            [29 Mar 2012 18:26:16,813] [Event-Processor-Thread-3] [INFO] [::] [] Event processor thread started.

            [29 Mar 2012 18:26:16,812] [Thread-7] [INFO] [::] [] Nsh-Proxy is waiting for control socket ...

            [29 Mar 2012 18:26:16,814] [Event-Processor-Thread-1] [INFO] [::] [] Event processor thread started.

            [29 Mar 2012 18:26:16,815] [Event-Transfer-Thread-4] [INFO] [::] [] Event transfer thread started.

            [29 Mar 2012 18:26:16,812] [Event-Transfer-Thread-2] [INFO] [::] [] Event transfer thread started.

            [29 Mar 2012 18:26:16,814] [Event-Transfer-Thread-3] [INFO] [::] [] Event transfer thread started.

            [29 Mar 2012 18:26:16,818] [Thread-7] [INFO] [::] [] Nsh-Proxy accepted the control socket connection

            [29 Mar 2012 18:26:16,818] [main] [INFO] [::] [] Nsh-Proxy established control connection.

            [29 Mar 2012 18:26:16,833] [main] [INFO] [::] [] Nsh-Proxy is starting the selector

            [29 Mar 2012 18:26:16,834] [main] [INFO] [::] [] Nsh-Proxy is starting the acceptor

            [29 Mar 2012 18:26:16,835] [main] [INFO] [::] [] NshProxyConnection Service started.

            [29 Mar 2012 18:26:16,835] [main] [INFO] [::] [] Starting Diagnostic Service...

            [29 Mar 2012 18:26:16,842] [Diagnostic-Test-Runner-Thread-1] [INFO] [::] [] Diagnostic test execution thread started.

            [29 Mar 2012 18:26:16,843] [Diagnostic-Test-Runner-Thread-0] [INFO] [::] [] Diagnostic test execution thread started.

            [29 Mar 2012 18:26:16,843] [Diagnostic-Test-Runner-Thread-2] [INFO] [::] [] Diagnostic test execution thread started.

            [29 Mar 2012 18:26:16,846] [main] [INFO] [::] [] Diagnostic Service started.

            [29 Mar 2012 18:26:16,852] [main] [INFO] [::] [] Adding method invocation provider: com.bladelogic.om.infra.app.service.agentservice.AgentMethodInvocationProvider

            [29 Mar 2012 18:26:16,854] [main] [INFO] [::] [] Adding method invocation provider: com.bladelogic.om.infra.app.api.manage.APIMethodInvocationProvider

            [29 Mar 2012 18:26:16,864] [main] [INFO] [::] [] Starting Routing Service...

            [29 Mar 2012 18:26:18,463] [main] [INFO] [::] [] Routing Service started.

            [29 Mar 2012 18:26:18,463] [main] [INFO] [::] [] Starting Job Run Service...

            [29 Mar 2012 18:26:18,469] [main] [INFO] [::] [] Job Run Service started.

            [29 Mar 2012 18:26:18,469] [main] [INFO] [::] [] Starting Job Schedule Approval Service...

            [29 Mar 2012 18:26:18,483] [main] [INFO] [::] [] Starting RBAC Service...

            [29 Mar 2012 18:26:18,483] [main] [INFO] [::] [] Registering Security checkers...

            [29 Mar 2012 18:26:18,483] [Approval-0] [INFO] [::] [] Approval processor thread started.

            [29 Mar 2012 18:26:18,484] [Approval-2] [INFO] [::] [] Approval processor thread started.

            [29 Mar 2012 18:26:18,485] [Approval-1] [INFO] [::] [] Approval processor thread started.

            [29 Mar 2012 18:26:18,490] [main] [INFO] [::] [] Security checkers registered.

            [29 Mar 2012 18:26:18,490] [main] [INFO] [::] [] RBAC Service started.

            [29 Mar 2012 18:26:18,490] [main] [INFO] [::] [] Starting Distribution Manager...

            [29 Mar 2012 18:26:18,498] [main] [INFO] [::] [] Distribution Manager started.

            [29 Mar 2012 18:26:18,508] [Bl-Exec-1] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,513] [Bl-Exec-0] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,514] [Bl-Exec-3] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,515] [Bl-Exec-7] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,515] [Bl-Exec-5] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,516] [Bl-Exec-9] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,517] [main] [INFO] [::] [] BlExec Service started.

            [29 Mar 2012 18:26:18,517] [main] [INFO] [::] [] Starting Schedule Service...

            [29 Mar 2012 18:26:18,517] [main] [INFO] [::] [] Schedule Service started.

            [29 Mar 2012 18:26:18,517] [Bl-Exec-10] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,529] [Bl-Exec-12] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,529] [Bl-Exec-6] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,530] [Bl-Exec-8] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,530] [Bl-Exec-4] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,533] [Bl-Exec-2] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,534] [Bl-Exec-11] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,534] [Bl-Exec-18] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,535] [Bl-Exec-17] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,535] [Bl-Exec-19] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,536] [Bl-Exec-13] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,536] [Bl-Exec-15] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,536] [Bl-Exec-14] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,536] [Bl-Exec-16] [INFO] [::] [] BlExec worker thread started.

            [29 Mar 2012 18:26:18,539] [main] [INFO] [::] [] Starting RBAC Authentication User Service...

            [29 Mar 2012 18:26:18,540] [main] [INFO] [::] [] RBAC Authentication User Service started.

            [29 Mar 2012 18:26:18,540] [main] [INFO] [::] [] Starting File Manager Service...

            [29 Mar 2012 18:26:18,554] [main] [INFO] [::] [] Validating file server host (bbsasandbox)...

            [29 Mar 2012 18:26:29,262] [main] [INFO] [::] [] Validating file server path (//bbsasandbox/c/BLFS/)...

            [29 Mar 2012 18:26:29,266] [main] [INFO] [::] [] Cleaning up application server temp directory: C:/Program Files/BMC Software/BladeLogic/NSH/tmp/application_server

            [29 Mar 2012 18:26:29,273] [main] [INFO] [::] [] Cleaning up file server temp directory: //bbsasandbox/c/BLFS/tmp/bbsasandbox

            [29 Mar 2012 18:26:29,281] [main] [INFO] [::] [] Cleaning up temp zip files in: C:\Program Files\BMC Software\BladeLogic\NSH\br

            [29 Mar 2012 18:26:29,291] [main] [INFO] [::] [] File Manager Service started.

            [29 Mar 2012 18:26:29,292] [main] [INFO] [::] [] Starting SSLConnectionManager Service...

            [29 Mar 2012 18:26:29,310] [main] [INFO] [::] [] SSL-Connections is starting the worker threads

            [29 Mar 2012 18:26:29,315] [SSL-Connections-Thread-0] [INFO] [::] [] Client worker thread started.

            [29 Mar 2012 18:26:29,317] [SSL-Connections-Thread-2] [INFO] [::] [] Client worker thread started.

            [29 Mar 2012 18:26:29,317] [SSL-Connections-Thread-7] [INFO] [::] [] Client worker thread started.

            [29 Mar 2012 18:26:29,319] [main] [INFO] [::] [] SSL-Connections is reserving the controlport

            [29 Mar 2012 18:26:29,320] [SSL-Connections-Thread-8] [INFO] [::] [] Client worker thread started.

            [29 Mar 2012 18:26:29,319] [SSL-Connections-Thread-1] [INFO] [::] [] Client worker thread started.

            [29 Mar 2012 18:26:29,319] [SSL-Connections-Thread-3] [INFO] [::] [] Client worker thread started.

            [29 Mar 2012 18:26:29,319] [SSL-Connections-Thread-5] [INFO] [::] [] Client worker thread started.

            [29 Mar 2012 18:26:29,318] [SSL-Connections-Thread-6] [INFO] [::] [] Client worker thread started.

            [29 Mar 2012 18:26:29,318] [SSL-Connections-Thread-4] [INFO] [::] [] Client worker thread started.

            [29 Mar 2012 18:26:29,322] [Thread-10] [INFO] [::] [] SSL-Connections is waiting for control socket ...

            [29 Mar 2012 18:26:29,321] [main] [INFO] [::] [] SSL-Connections is establishing control connection...

            [29 Mar 2012 18:26:29,321] [SSL-Connections-Thread-9] [INFO] [::] [] Client worker thread started.

            [29 Mar 2012 18:26:29,329] [Thread-10] [INFO] [::] [] SSL-Connections accepted the control socket connection

            [29 Mar 2012 18:26:29,330] [main] [INFO] [::] [] SSL-Connections established control connection.

            [29 Mar 2012 18:26:29,340] [main] [INFO] [::] [] SSL-Connections is starting the selector

            [29 Mar 2012 18:26:29,341] [main] [INFO] [::] [] SSL-Connections is starting the acceptor

            [29 Mar 2012 18:26:29,341] [main] [INFO] [::] [] SSLConnectionManager Service started.

            [29 Mar 2012 18:26:29,517] [main] [INFO] [::] [] Starting Authentication Service...

            [29 Mar 2012 18:26:29,664] [main] [WARN] [::] [] Authentication method in use is Active Directory/Kerberos.

            [29 Mar 2012 18:26:29,664] [main] [WARN] [::] [] Possible configuration issue during login.

            [29 Mar 2012 18:26:29,664] [main] [WARN] [::] [] Check configuration of: C:\Program Files\BMC Software\BladeLogic\NSH\br\blappserv_login.conf

            [29 Mar 2012 18:26:29,665] [main] [WARN] [::] []                    and: C:\Program Files\BMC Software\BladeLogic\NSH\br\blappserv_krb5.conf

            [29 Mar 2012 18:26:29,665] [main] [WARN] [::] [] Actual error returned: Cannot get kdc for realm KORAY.LOCAL

            [29 Mar 2012 18:26:29,665] [main] [ERROR] [::] [] ADKerberos authentication is enabled but it is not configured correctly. If you are not using kerberos authentication, please turn it off in blasadmin by running the blasadmin command "set authserver isadkauthenabled false". If you are using it, please check the configuration files to ensure it is configured correctly

            [29 Mar 2012 18:26:29,668] [main] [ERROR] [::] [] Error installing to Start: name=bladelogic.service.AuthenticationService state=Create

            com.bladelogic.om.infra.app.service.ServiceInitializationException: com.bladelogic.om.infra.mfw.util.BlException: com.bladelogic.om.infra.mfw.util.BlException: Error creating credentials: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)

                at com.bladelogic.om.infra.auth.service.AuthenticationServiceImpl.start(AuthenticationServiceImpl.java:139)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

                at java.lang.reflect.Method.invoke(Unknown Source)

                at org.jboss.joinpoint.plugins.reflect.ReflectMethodJoinPoint.dispatch(ReflectMethodJoinPoint.java:72)

                at org.jboss.kernel.plugins.dependency.KernelControllerContextActions$DispatchJoinPoint.run(KernelControllerContextActions.java:631)

                at java.security.AccessController.doPrivileged(Native Method)

                at org.jboss.kernel.plugins.dependency.KernelControllerContextActions.dispatchJoinPoint(KernelControllerContextActions.java:99)

                at org.jboss.kernel.plugins.dependency.KernelControllerContextActions$LifecycleAction.installAction(KernelControllerContextActions.java:452)

                at org.jboss.kernel.plugins.dependency.KernelControllerContextActions$1.run(KernelControllerContextActions.java:156)

                at java.security.AccessController.doPrivileged(Native Method)

                at org.jboss.kernel.plugins.dependency.KernelControllerContextActions$KernelControllerContextAction.install(KernelControllerContextActions.java:179)

                at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)

                at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:226)

                at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:593)

                at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:346)

                at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:438)

                at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:379)

                at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:225)

                at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:151)

                at org.jboss.kernel.plugins.deployment.AbstractKernelDeployer.deployBean(AbstractKernelDeployer.java:291)

                at com.bladelogic.om.infra.app.service.bootstrap.ServiceBeanXMLDeployer.deployBean(ServiceBeanXMLDeployer.java:38)

                at org.jboss.kernel.plugins.deployment.AbstractKernelDeployer.deployBeans(AbstractKernelDeployer.java:261)

                at org.jboss.kernel.plugins.deployment.AbstractKernelDeployer.deploy(AbstractKernelDeployer.java:117)

                at org.jboss.kernel.plugins.deployment.xml.BeanXMLDeployer.deploy(BeanXMLDeployer.java:91)

                at com.bladelogic.om.infra.app.service.bootstrap.ServiceBootstrap.deploy(ServiceBootstrap.java:252)

                at com.bladelogic.om.infra.app.service.bootstrap.ServiceBootstrap.deployService(ServiceBootstrap.java:199)

                at com.bladelogic.om.infra.app.service.bootstrap.ServiceBootstrap.bootstrap(ServiceBootstrap.java:153)

                at org.jboss.kernel.plugins.bootstrap.AbstractBootstrap.run(AbstractBootstrap.java:91)

                at com.bladelogic.om.infra.app.service.bootstrap.ServiceBootstrap.startup(ServiceBootstrap.java:66)

                at com.bladelogic.om.infra.mfw.fw.BlManager.start(BlManager.java:867)

                at com.bladelogic.om.infra.mfw.fw.BlManager.main(BlManager.java:1387)

            Caused by: com.bladelogic.om.infra.mfw.util.BlException: com.bladelogic.om.infra.mfw.util.BlException: Error creating credentials: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)

                at com.bladelogic.om.infra.auth.service.AuthSvcStateMachineFactory.<init>(AuthSvcStateMachineFactory.java:53)

                at com.bladelogic.om.infra.auth.service.AuthSvcStateMachineFactory.init(AuthSvcStateMachineFactory.java:70)

                at com.bladelogic.om.infra.auth.service.AuthenticationServiceImpl.start(AuthenticationServiceImpl.java:131)

                ... 32 more

            Caused by: com.bladelogic.om.infra.mfw.util.BlException: Error creating credentials: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)

                at com.bladelogic.sso.protocol.kerberos.KerberosServiceStateMachine.initCredentials(KerberosServiceStateMachine.java:486)

                at com.bladelogic.om.infra.auth.service.AuthSvcStateMachineFactory.<init>(AuthSvcStateMachineFactory.java:48)

                ... 34 more

            Caused by: GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)

                at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Unknown Source)

                at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown Source)

                at sun.security.jgss.GSSManagerImpl.getCredentialElement(Unknown Source)

                at sun.security.jgss.GSSCredentialImpl.add(Unknown Source)

                at sun.security.jgss.GSSCredentialImpl.<init>(Unknown Source)

                at sun.security.jgss.GSSManagerImpl.createCredential(Unknown Source)

                at com.bladelogic.sso.protocol.kerberos.KerberosServiceStateMachine.initCredentials(KerberosServiceStateMachine.java:476)

                ... 35 more

            Caused by: javax.security.auth.login.LoginException: Cannot get kdc for realm KORAY.LOCAL

                at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)

                at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

                at java.lang.reflect.Method.invoke(Unknown Source)

                at javax.security.auth.login.LoginContext.invoke(Unknown Source)

                at javax.security.auth.login.LoginContext.access$000(Unknown Source)

                at javax.security.auth.login.LoginContext$5.run(Unknown Source)

                at java.security.AccessController.doPrivileged(Native Method)

                at javax.security.auth.login.LoginContext.invokeCreatorPriv(Unknown Source)

                at javax.security.auth.login.LoginContext.login(Unknown Source)

                at sun.security.jgss.GSSUtil.login(Unknown Source)

                at sun.security.jgss.krb5.Krb5Util.getKeys(Unknown Source)

                at sun.security.jgss.krb5.Krb5AcceptCredential$1.run(Unknown Source)

                at java.security.AccessController.doPrivileged(Native Method)

                ... 42 more

            Caused by: KrbException: Cannot get kdc for realm KORAY.LOCAL

                at sun.security.krb5.KrbKdcReq.send(Unknown Source)

                at sun.security.krb5.KrbKdcReq.send(Unknown Source)

                at sun.security.krb5.KrbAsReq.send(Unknown Source)

                at sun.security.krb5.Credentials.sendASRequest(Unknown Source)

                at sun.security.krb5.Credentials.acquireTGT(Unknown Source)

                ... 58 more

            • 3. BBSA 8.2 Active Directory authentication

              try this

              "C:\Program Files\BMC Software\BladeLogic\version\NSH\jre\bin\klist" -t -k

              "C:\\Program Files\BMC Software\BladeLogic\version\NSH\br\

              blauthsvc.keytab

               

              Also

              does this exist

              C:\Program Files\BMC Software\BladeLogic\NSH\br\blappserv_login.conf

               

              What are the blasadmin settings

              get this output

              blasadmin show AuthServer all

              Please note that the parameters should be set to this , it by default looks in the br diretory for these

              AuthSvcKrb5Config:blappserv_krb5.conf

              AuthSvcKrb5LoginConfig:blappserv_login.conf

              Can you confirm this ?

              1 of 1 people found this helpful