We Keep Coding

Infinispan Server CLI authentification

I tries to start Infinispan 10.1.3 in server mode. But after security configuration I have following error in CLI:
[disconnected]> connect
Username: admin
Password: ********
The user is not allowed to access the server resource: ISPN000287: Unauthorized access: subject 'null' lacks 'ADMIN' permission
In result I can't connect to my Infinspan server via CLI :(
I created all Infinispan configuration exactly according documentation:
in file infinispan.xml I added:
<security>
<authorization>
<identity-role-mapper />
<role name="all" permissions="ALL" />
<role name="reader" permissions="READ" />
<role name="writer" permissions="WRITE" />
<role name="supervisor" permissions="READ WRITE EXEC"/>
</authorization>
</security>
...
<endpoints socket-binding="default" security-realm="default">
<hotrod-connector name="hotrod">
<authentication>
<sasl mechanisms="SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256
SCRAM-SHA-1 DIGEST-SHA-512 DIGEST-SHA-384
DIGEST-SHA-256 DIGEST-SHA DIGEST-MD5 PLAIN"
server-name="infinispan"
qop="auth"/>
</authentication>
</hotrod-connector>
<rest-connector name="rest">
<authentication mechanisms="DIGEST BASIC"/>
</rest-connector>
</endpoints>
In file users.properties I added:
admin=123
In file groups.properties I added:
admin=admin

The CLI uses the REST API. I'm not sure if your configuration is correct, but I'm fixing some issues that might be related just now. Will be probably released in the next 10.1.x version
https://issues.redhat.com/browse/ISPN-11525
Update:
If you upgrade your 10.1.x version, it should work now

JNDI lookup error for name: java:comp/env/jdbc/DynaPropDB

Am getting below error while starting the liberty server:
[ERROR ]
com.it.properties.PropertyResourceException for user [UnKnown] self logged on Jan 23, 2019 12:43:12 PM.
Exception instance reference code [13EE91EC-BCA0-49C1-7ABC-5F537ABC5F53].
I have DynaPropAdminWeb Access for the application
Correctly placed lookup-name and binding-name in web.xml file and ibm-web-bnd.xml file

It would be helpful if you provide the relevant web.xml, ibm-web-bnd.xml, and server.xml config snippets for the resource reference and data source. Absent that, taking your word that the deployment descriptor and binding file are correct, then the problem will be in the server config, either in incorrectly specifying the dataSource/jdbcDriver/library or with feature enablement. A common mistake in Liberty is forgetting to enable the jndi-1.0 feature (which is needed for JNDI lookups) alongside the jdbc-4.x feature. In case that is the problem, here is an example,
<server>
<featureManager>
<feature>jdbc-4.2</feature>
<feature>jndi-1.0</feature>
<feature>servlet-4.0</feature>
</featureManager>
<dataSource jndiName="jdbc/DynaPropDB">
<jdbcDriver libraryRef="jdbcLib"/>
<properties serverName="localhost" portNumber="1234" databaseName="exampleDB"/>
</dataSource>
<library id="jdbcLib">
<file name="C:/drivers/jdbc/myJdbcDriver.jar"/>
</library>
</server>
Also, here is a link to a knowledge center page with configuration examples for various commonly-used databases.

Why does this web api need a local web api call to log?

I have two almost identical web api services programmed in C# and installed on the same Windows 2008 Server on IIS 6.1. When I do web api calls to them, they both work just fine. I am using log4net for logging purposes. One of them, however, does not always log. They both have the same exact log4net configuration, which is:
<log4net>
<root>
<level value="DEBUG" />
<appender-ref ref="RollingLogFileAppender" />
</root>
<appender name="RollingLogFileAppender" type="log4net.Appender.RollingFileAppender">
<file value="C:\LOGS\SomeFolder\" />
<appendToFile value="true" />
<lockingModel type="log4net.Appender.FileAppender+MinimalLock" />
<preserveLogFileNameExtension value="true" />
<rollingStyle value="Date" />
<datePattern value="'WebApi.One.'yyyy-MM-dd'.log'" />
<staticLogFileName value="false" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%-5level [%thread][%date{dd-MM-yy HH:mm:ss,fff}] %logger - %message%newline" />
</layout>
</appender>
</log4net>
The only difference in the configuration is the datePattern which has a slightly different name so that they do not log to the same exact file.
For the web api where logging works as expected a new log file is created each day as soon as a web api call comes in. For the web api where logging does not seem to work the new log file is not created. However, if I make a web api call from a browser on the same server as it is installed on, then logging starts. After the logging has started for that day it continues fine (even with web api calls coming from other machines). But the next day no new file is created.
I am unable to see what the difference is. Surely there must be something I am not thinking of that makes these two web apis behave differently when it comes to logging. Remember, both of the services work fine, it is just the logging that is not working for one of them.
Any suggestions?
Edit 1:
After adding diagnostics as suggested by Peter I can see that the access to the path is denied:
log4net:ERROR Could not create Appender [RollingLogFileAppender] of type [log4net.Appender.RollingFileAppender]. Reported error follows.
System.UnauthorizedAccessException: Access to the path 'C__LOGS_WebApi.One_' is denied.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.Threading.Mutex.MutexTryCodeHelper.MutexTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.Mutex.CreateMutexWithGuaranteedCleanup(Boolean initiallyOwned, String name, Boolean& createdNew, SECURITY_ATTRIBUTES secAttrs)
at System.Threading.Mutex..ctor(Boolean initiallyOwned, String name, Boolean& createdNew, MutexSecurity mutexSecurity)
at System.Threading.Mutex..ctor(Boolean initiallyOwned, String name)
at log4net.Appender.RollingFileAppender.ActivateOptions()
at log4net.Repository.Hierarchy.XmlHierarchyConfigurator.ParseAppender(XmlElement appenderElement)
log4net:ERROR Appender named [RollingLogFileAppender] not found.
I don't know why though.
Edit 2:
I checked solutions in these StackOverflow answers:
What am I doing wrong with thie log4net implementation?
log4net: Error on loading custom appender
But still no progress.
This looked very similar, but I could see no solution there (although maybe there is one).
Edit 3:
Folder permissions:

According to the exception message, the process does not have enough rights to write to the location of the log file.
In my experience with dealing with IIS, changing the security permissions on the folder where the log file is stored so that the application/process has the rights to modify the log file(s) usually works.
To confirm/troubleshoot start by giving everyone full control on the folder and testing that the file can be modified.
If that works then you can confirm it is a permission issue.
I usually give IIS_IUSRS the following permission on the Log folder where I store my logs and archive.
Read
Write
Modify
To limit possible attack vectors I try to give the process as few permission as needed to perform its function. Adding and removing permissions and then testing that it still functions as desired.

It looks like a security issue, to debug this you should enable debugging for log4net:
<appSettings>
<add key="log4net.Internal.Debug" value="true"/>
</appSettings>
And
<system.diagnostics>
<trace autoflush="true">
<listeners>
<add
name="textWriterTraceListener"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="C:\tmp\log4net.txt" />
</listeners>
</trace>
</system.diagnostics>
in your configuration.
This way you are able to see why the creation of the file fails.
log4net faq

SSL config for outbound connections doesn't work in websphere-liberty 17.0.0.2

I'm trying to configure websphere-liberty server to use default keystore and trustore for all outbound connections (actually REST calls) and for inbound use a custom key and trust stores. But it fails with SSLHandshakeException when try to make a call to external REST service. In logs I can see that it uses my custom truststore instead of default one.
Below is my server.xml
<?xml version="1.0" encoding="UTF-8"?>
<server description="Default server">
<featureManager>
<feature>appSecurity-2.0</feature>
<feature>transportSecurity-1.0</feature>
<feature>jaxrs-2.0</feature>
<feature>json-1.0</feature>
<feature>javaMail-1.5</feature>
<!--<feature>ssl-1.0</feature>-->
</featureManager>
<sslDefault sslRef="saasSSLConfig" outboundSSLRef="outboundSSLConfig" />
<ssl id="saasSSLConfig" keyStoreRef="saasKeyStore" trustStoreRef="saasTrustStore" clientAuthentication="true" sslProtocol="TLSv1" />
<keyStore id="saasKeyStore" location="/opt/ibm/wlp/output/defaultServer/resources/security/sbs_endpoint_keystore.jks" password="pwd" />
<keyStore id="saasTrustStore" location="/opt/ibm/wlp/output/defaultServer/resources/security/serverTruststore.jks" password="pwd" />
<ssl id="outboundSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="defaultTrustStore" />
<basicRegistry id="basic" realm="BasicRealm">
<!-- <user name="yourUserName" password="" /> -->
</basicRegistry>
<httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" httpsPort="9443" />
<applicationManager autoExpand="true"/>
</server>
BTW if change saasSSLConfig to use defaultTrustStore instead of saasTrustStore then everything works fine.
Server version:
WebSphere Application Server 17.0.0.2 (1.0.17.cl170220170523-1818) on IBM J9 VM, version pxa6480sr4fp7-20170627_02 (SR4 FP7) (en_US)
Error:
[ERROR] CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN CN=*.api.ibm.com, O=International Business Machines, L=Armonk, ST=New York, C=US was sent from the target host. The signer might need to be added to local trust store /opt/ibm/wlp/output/defaultServer/resources/security/serverTruststore.jks, located in SSL configuration alias saasSSLConfig. The extended error message from the SSL handshake exception is: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.;
SSLHandshakeException invoking https://dev.api.ibm.com/scx/test/sbs/customer/222222222: java.security.cert.CertificateException: PKIXCertPathBuilderImpl could not build a valid CertPath.

Liberty does not load cacerts automatically. You can create a keyStore element to point to it if desired. So in your case above you can create a configuration like this.
<ssl id="outboundSSLConfig" keyStoreRef="cacertKeyStore" />
<keyStore id="cacertKeyStore" location=<fill in path to your jdk cacerts file> password="changeit" />
I am assuming you do not need a key for this configuration so I simplified to just a keyStoreRef on outboundSSLConfig. It will use what is pointed to by keyStoreRef for both key and trust.

In your configuration I do not see keyStore elements for defaultKeyStore and defaultTrustStore. If they are missing that will cause outboundSSLConfig to be an invalid SSL configuration. Can you please add them and see if things work.

The SQL Server Analysis Services (MSSQLSERVER) service terminated unexpectedly

I just created a new AWS Instance with Windows 2012 R2 and SQL Server 2014 installed.
On configuration manager when I try to restart the service analysis Services I get this error.
The SQL Server Analysis Services (MSSQLSERVER) service terminated unexpectedly.
The computer is a domain controller, and I am using Ted Pattison's guide to install a SharePoint 2013 environment on this computer:
https://www.criticalpathtraining.com/the-best-sharepoint-2013-vm-build-guide-in-the-industry/
This is a lab env I am trying to setup,but I cant see more info on the event log, just this XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7034</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-08-06T17:59:50.000930500Z" />
<EventRecordID>4995</EventRecordID>
<Correlation />
<Execution ProcessID="636" ThreadID="4472" />
<Channel>System</Channel>
<Computer>WingtipServer.wingtip.com</Computer>
<Security />
</System>
- <EventData>
<Data Name="param1">SQL Server Analysis Services (MSSQLSERVER)</Data>
<Data Name="param2">3</Data>
<Binary>4D005300530051004C005300650072007600650072004F004C004100500053006500720076006900630065000000</Binary>
</EventData>
</Event>

Unfortunately you have indicated in your reply to my comment that you have installed SQL server and then promoted the machine to a domain controller.
As this process wipes out any local accounts/groups etc (including all the ones created by the SQL installer), it doesn't migrate them to become domain accounts, the install is now broken and only an uninstall/reinstall will sort that out.
This is the same for lots of applications and is not unique to SQL server. It is mentioned in this MSDN blog post too:
Can I install SQL Server on a domain controller?
Specifically this bit:
After SQL Server is installed on a computer, you cannot change the computer from a domain member to a domain controller. You must uninstall SQL Server before you change the host computer to a domain controller.