DSXchange

A short text to describe your forum
http://www.dsxchange.com/

No Engine credentials were found on the Services Tier

http://www.dsxchange.com/viewtopic.php?f=72&t=145663

Page 1 of 3

No Engine credentials were found on the Services Tier

Posted: Mon Apr 30, 2012 12:48 pm
by mavrick21
Hello Gurus,

We very recently installed 8.5 server edition on RHEL and immediately installed FP1. Engine, Metadata and Services are all on the same Linux box. We are trying to get OS authentication working with the help of Administration PDF help. We also tried steps in http://www-01.ibm.com/support/docview.w ... wg21576785.

Here's what we see on the web console:
User registry - Not shared
In User credentials - For all the suite users the value for InfoSphere Information Server Engine Operating System Users is dsadm

We get the following error while trying to login:

No Engine credentials were found on the Services Tier for the specified user ('dsadm') on Information Server Engine '<IP address No port>

Code: Select all

No Engine credentials were found on the Services Tier for the specified user ('dsadm') on Information Server Engine '<IP address No port>'

This error occurred on 4/30/2012 at 9:27 AM (Standard format: 2012/04/30 09:27:30)

Product Version: 8.5.0.0
Client tag: xxxxxxxxxxxxxx
Application: DSDesign.exe (PID 1532)
Operating System: Windows Server 2003 5.2 Service Pack 2
.NET Framework version: 1.1.4322.2443
Machine Name: xxxxxxxxxxxxxx
User Name: xxxxxxxxxxxxxx
Language: English (United States)
Time Zone: Mountain Daylight Time

Error message: No Engine credentials were found on the Services Tier for the specified user ('dsadm') on Information Server Engine '<IP address No port>'

Exception type: com/ascential/acs/security/auth/DataStageServerNotFoundException
Exception message: Node for DataStageServer with name [<IP address No port>] is not found in the repository.
Exception stack trace:
com.ascential.acs.security.auth.DataStageServerNotFoundException: Node for DataStageServer with name [<IP address No port>] is not found in the repository.
	at com.ascential.acs.security.auth.server.impl.AuthorizationServiceBean.usesSharedRegistry(AuthorizationServiceBean.java:322)
	at com.ascential.acs.security.auth.server.impl.AuthorizationServiceBean.getDataStageCredential(AuthorizationServiceBean.java:365)
	at com.ascential.acs.security.auth.server.EJSRemoteStatelessAuthorizationService_68a3cbe1.getDataStageCredential(Unknown Source)
	at com.ascential.acs.security.auth.server._EJSRemoteStatelessAuthorizationService_68a3cbe1_Tie.getDataStageCredential(_EJSRemoteStatelessAuthorizationService_68a3cbe1_Tie.java:287)
	at com.ascential.acs.security.auth.server._EJSRemoteStatelessAuthorizationService_68a3cbe1_Tie._invoke(_EJSRemoteStatelessAuthorizationService_68a3cbe1_Tie.java:117)
	at com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:622)
	at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:475)
	at com.ibm.rmi.iiop.ORB.process(ORB.java:513)
	at com.ibm.CORBA.iiop.ORB.process(ORB.java:1574)
	at com.ibm.rmi.iiop.Connection.respondTo(Connection.java:2841)
	at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2714)
	at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:63)
	at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:118)
	at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1550)
Caused by: com.ascential.acs.registration.NodeNotFoundException: Node "<IP address No port>" not registered.
	at com.ascential.acs.registration.server.impl.RegistrationServiceBean.getRegisteredApplication(RegistrationServiceBean.java:660)
	at com.ascential.acs.registration.server.impl.RegistrationServiceBean.getConfigProperty(RegistrationServiceBean.java:944)
	at com.ascential.acs.registration.server.EJSRemoteStatelessRegistrationService_54194779.getConfigProperty(Unknown Source)
	at com.ascential.acs.registration.server._RegistrationServiceRemote_Stub.getConfigProperty(_RegistrationServiceRemote_Stub.java:1128)
	at com.ascential.acs.registration.ejb.EJBRegistrationService.getConfigProperty(EJBRegistrationService.java:917)
	at com.ascential.acs.security.auth.server.impl.AuthorizationServiceBean.usesSharedRegistry(AuthorizationServiceBean.java:308)
	... 13 more

Loaded modules:
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22507_x-ww_C7DAD021\gdiplus.dll     5.2.6002.22507
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087\comctl32.dll     6.0.3790.4770
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.4770_x-ww_A689AB02\COMCTL32.dll     5.82.3790.4770
.
.
.
etc...
Do we need to install any patches or install FP2?

Appreciate any help.

Thanks
-Mav

Posted: Mon Apr 30, 2012 3:53 pm
by ray.wurlod
Don't know about fixes and patches yet. You initial problem is that you have not set up Engine credentials for user dsadm.

Posted: Mon Apr 30, 2012 4:02 pm
by mavrick21
Ray,

Can you please point me to where I can read more about setting up Engine credentials?

Thanks

Posted: Mon Apr 30, 2012 4:07 pm
by ray.wurlod
IBM InfoSphere Information Server Administration Guide, Chapter 6 (for version 8.7), section "Engine security configuration".

Posted: Mon Apr 30, 2012 4:16 pm
by mavrick21
Thanks Ray! I found it in the same Chapter for version 8.5. I'll update this post as soon as I make some progress.

Posted: Wed May 02, 2012 11:17 am
by mavrick21
Hello,

Looks like we get the same error again. Below are the steps we did:

1) Reinstalled IIS 8.5 on RHEL. This would make internal User registry as default and clean up our previous mess. Did not change any ports just kept in the defaults.
2) Using IIS web console:
a) Created user 'USER123'. Checked everything under Suite and Suite component in Roles tab. [Project under Roles tab is empty]. Save & Close.
b) Create group 'GROUP123'. Added USER123 to this group. Checked everything under Suite and Suite component in Roles tab. [Project under Roles tab is empty] Save & Close.
c) Checked Engine Credentials -> Share User Registry between InfoSphere Information Server and its engine. Save & Close.
3) Restarted RHEL box.
4) Opened Designer client and entered these values:
Host name: <IP address NO port>
User name: USER123
Pasword : XXXXXXX
Project : <IP address NO port>/dstage1
5) Clicked on Login and I get the same error:
Error message: No Engine credentials were found on the Services Tier for the specified user ('USER123') on Information Server Engine '<IP address>'
6) Tried 'dsadm', 'isadmin', 'wasadmin' in username fields and get the same error.

Looks like WAS and dsrpcd are running fine.

Not sure what we are doing wrong. Appreciate any help.

Thanks

Posted: Wed May 02, 2012 3:47 pm
by ray.wurlod
Engine credentials must map to an operating system user on the engine tier.

Posted: Wed May 02, 2012 3:53 pm
by mavrick21
Ray,

Would it work if we create USER123 on Linux box and restart IIS? Do we have to add USER123 to any particular group on Linux?

Thanks

Posted: Wed May 02, 2012 3:59 pm
by ray.wurlod
The user needs appropriate read/write permission to objects in DataStage. I'd put the user ID into the global DataStage group (which I usually call dstage).

Posted: Wed May 02, 2012 4:13 pm
by mavrick21
No luck! :cry:

Created USER123 and added it to 'dstage' group (Our global datastage group too) in Linux. Restarted linux box. Opened web console, unchecked and saved 'Share User Registry between InfoSphere Information Server and its engine'. Then checked and saved it again.

Get the same error: "No Engine credentials were found on the Services Tier"

Posted: Wed May 02, 2012 5:02 pm
by mavrick21
Since the above step didn't work I changed User Registry to Not Shared in web console. Assigned User Credentials to USER123. That didn't help either.

If anyone could please tell me the steps, that they followed after a fresh 8.5 install to allow a single user to login to Designer, it would be really helpful. I'm ready to reinstall IIS 8.5 again.

Thanks.

Posted: Thu May 03, 2012 11:32 am
by Mike
mavrick21 wrote:Assigned User Credentials to USER123.
Just to clarify:
You've added USER123 to the internal registry (Users and Groups-->Users-->New User) and you've mapped engine credentials for internal USER123 to the RHEL USER123 account (Domain Management-->Engine Credentials-->Open User Credentials)

Mike

Posted: Thu May 03, 2012 1:38 pm
by mavrick21
That's right Mike. I tried that too but to no avail. I'm just trying to get internal registry authentication setup since it's the "easiest" to configure and we have less than 3 users.

If you could tell me the steps to get internal registry authentication up and working I don't mind reinstalling IIS 8.5.

Note: I've just installed IIS 8.5 and no patches or FPs. I presume patches/FPs have nothing to do with what I'm trying to do.

Thank you

Posted: Thu May 03, 2012 1:57 pm
by Mike
That's all there is to the internal registry setup which is the installation default.

Perhaps your switch to a shared registry and back has caused an issue. I've not experimented with a shared registry myself.

Mike

Posted: Thu May 03, 2012 2:01 pm
by mavrick21
Mike,

Okay let me try reinstalling 8.5 and then follow the steps you've mentioned.

Thanks
All times are UTC-06:00
Page 1 of 3

Powered by phpBB® Forum Software © phpBB Limited