While connecting two app servers with an ibm http webserver, we are able to successfully connect with only one server

Question

While running two app servers (which has mobilefirst servers hosted 7.1 version) from ibm http server, only one server runs successfully on keeping only one of the Route attribute active in the plugin-cfg.xml of the http server. In the server which is not running, the following error is seen in the messages.log.

CWWKS4001E: The security token cannot be validated. This can be for the following reasons 1. The security token was generated on another server using different keys. 2. The token configuration or the security keys of the token service which created the token has been changed. 3. The token service which created the token is no longer available.

Kindly guide in resolving the error above. Thanks.

You mention "only one server runs successfully on keeping only one of the Route attribute active ". What do you mean by only one server runs successfully? Does the server not start? Or does it not handle requests? Does this issue occur if you by-pass IHS and hit the server directly from the client? — Vivin K, Sep 01 '16 at 11:01
Hi @VivinK, When I have both the Route attributes active, only one server works with the runtimes in it, while the other jus opens the console with no runtime. Both servers are in running state. If we bypass IHS both the servers work perfectly fine rendering the runtimes and deployed apps. — user1618655, Sep 01 '16 at 11:59

score 0 · Answer 1 · answered Sep 01 '16 at 11:23

0

Sounds like your two servers have not exchanged/shared LTPA keys and IHS and the WAS Plugin are a red herring.

http://www.ibm.com/support/knowledgecenter/SSAW57_liberty/com.ibm.websphere.wlp.nd.doc/ae/twlp_sec_ltpa.html http://www.ibm.com/support/knowledgecenter/SSAW57_liberty/com.ibm.websphere.wlp.nd.doc/ae/twlp_sec_sso.html

Note: For SSO to work across Liberty servers, full profile servers, or both, set the following resources:
The servers must use the same LTPA keys and share the same user registry.

answered Sep 01 '16 at 11:23

covener

17,402
2
31
45

Hi @covener, We are using a ibm http server supporting only the http protocol, not the https protocol. Is this solution still applicable?? – user1618655 Sep 01 '16 at 12:02
Yes, ltpa is unrelated to SSL. – covener Sep 01 '16 at 12:39
sory i cant find ltpa in server.xml – user1618655 Sep 02 '16 at 07:58

Srujan reddy · Answer 2 · 2016-09-02T16:22:56.880

Sounds like communication issue between two servers. Are the inbound ports opened on another server to communicate with HTTP server? if they are opened use telnet and test whether both servers (HTTP and app server) are communicating with each other.

On HTTP Server, open command prompt and enter below command.

telnet <app server ip> <app server port>

If this is not successful then you need to open ports on app server.

While connecting two app servers with an ibm http webserver, we are able to successfully connect with only one server

2 Answers2