Transactions in mws monitoring, integration b2b responds with access denied (solved)

Hi all,
In the upgrade from webMethods 7.1 to webMthods 9.5 the trading networks console application is missing. The replacement for that is a page in my webMethods server. I installed that package (in 9.5 test environment), had a lot of patience during the first startup (it took 30 minutes)
I studied all my webMethods server and trading networks documents but cant figger out how to configure mws and integration server the correct way.
When I start fi mws portal\navigate\applications\monitoring\integration\b2b\transactions I get an error message after a while (aproc 20 seconds) with a red cross
HTTP error response:

Access Denied


This sound like a time out error , or insuffincient permissions for the user.
If I log on the the integration server adminstration page with the same credentials it responds immediately.
I get the same error with the other tn related functions.
Can someone help me?

Doc1.docx (84.8 KB)

It’s a big version jump :)…anways for IS/TN and MWS to work and authenticate B2B settings you need to review all ISAdministrators and MWS Administrators documentation before you setup and all the setup requires proper TNAdministrators ACL’s to be configured in the Integration Server…It’s a little tricky though during the initial phase and setup (which requires both IS and MWS restarts couple of times for the ACL’s to take affect)…

Do you have all Administrator rights for this install and configuring?

HTH,
RMG

I have all necessary authorisation. Installed webMethods 4.6, 6.5 and 7.1 myself.
Working with webMethods trading networks since 2002
You could say I’m a seasoned administrator :smiley:
Never worked with my webmethods; came it across during the installation of 7.1 I guess.
Didnt succeed in getting it to work :oops:. There was no real need then, so I did not dive into that further.
But o o they took away my trading networks console, and I need my transaction logging once in a while.
It seems that my webMethods is the only way.
I would be very glad if you could point out some tips.
by the way:
I spent days and days with reading docs on is, mws and tn.
Its a lot of ‘old wine in new bags’ (a traslation of a Dutch proverb, sorry I dont recall an English or American way of saying)
thanks
Gert

OK nice to hear about your experience from 2002.

In the IS Admin page ACL’s section what do currently see under each of these…

Administrators ACL and TNAdministrators ACL and TNMWSUsers ACL

Can you please list out individually for the above?

Also I assume you logged into MWS as Administrator user?

HTH,
RMG

also make sure the SAML is configured on both sides.
on IS admin, Settings > Resources
Single Sign-On with My webMethods Server
MWS SAML Resolver URL http://*****:8585/services/SAML

Yes another good point brought up.

@rmg,
We did not do much acl configuration, because we work behind a couple of firewalls
I listed all acls in the attached document, for further reference.
Administrators ACL results in allowed for 424195, 720860, Administrator, kabouter
TNAdministrators results in 424195, 720860, Administrator, kabouter
TNMWSUsers ACL results in 720860, Administrator
I tried with logon as administrator and as 720860 (my personal account)
Without success
@Tong Wang
Single sign on with MWS has been defined
For completeness I listed the complete resource settings page
Email Notification
SMTP Server
Port
Transport Layer Security
Truststore Alias
Internal Email
Service Email
Default Email Charset utf-8

Server Memory
Available Memory 24 % (179322 KB)
Committed Memory 748480 KB

Server Thread Pool
Available Threads 96 % (72 Threads)
Maximum Threads 75
Minimum Threads 10
Available Threads Warning Threshold 15 % (11 Threads)
Scheduler Thread Throttle 75 % (56 Threads)
Scheduler Current Threads 0

Session
Session Timeout 10 minutes
Enable Stateful Session Limit Yes
Maximum Stateful Sessions 2147483647
Available Stateful Sessions Warning Threshold 25 %

Outbound HTTP Settings
User Agent Mozilla/4.0 [en] (WinNT; I)
Maximum Redirects 5
Timeout 300 seconds
Retries 0

Single Sign-On with My webMethods Server
MWS SAML Resolver URL http://localhost:8585/services/SAML

aclconfig.docx (290 KB)

@Tong Wang
SAML has been defined in IS as
http://localhost:8585/services/SAML
I did not configure that myself; its probably done during installation
If I request the url from localhost it responds with

If I request the url from my desktop (http://eunl1-aps-39:8585/services/SAML)
gives the same response:

I don’t know how I can check if it is configured in mws (I presume that you mean IS and MWS with both sides)

access errors are solved.
I installed 2 extra applications last wednesday
‘centra site’ and monitor.
I need to find out what they can do for me, but at leaset I can access trading networks now

Thanks for your help

btw Is there an agreement about how to indicated that an issue has been solved?

Glad to hear your MWS/TN access issue resolved :smiley:

Monitor only useful if you are dealing with any BPM/Tasks and Service Auditing enabled purpose in any of your interfaces.

What agreement are you talking about?

HTH,
RMG

So I presume that the installation of centrasite did the job.

About the agreement:
I participated in a satelite reception forum ( 8) ) for some years. In the forum you could select an option field in order to indicate that the problem was solved.
You could see in the topics list if there were topics without a solution.
It saves a little time when searching for sollutions and also when trying to help.

Gotcha! :smiley:

But I believe Centrasite nothing to do with the access issues…Most part will be the ACLs and monitor install.

HTH,
RMG

Hi All,

thank you for inspiration.
With new WM installer most of above tasks were done automatically.

But what we have faith-ed with was also the SSL between IS and TN.
One of the reason is that we use self-signed certificate.

Because by default starter is defined wrapper, no customized Java OPTS, ARGS, … were not affected.

At the end I realized that everything is
IntegrationServer/…/profiles/IS/configuration/custom_wrapper.conf (if doesn’t exist then in wrapper.conf)

There we added path to own keystore where the self-signed certificates are stored:
wrapper.java.additional.17=-Djavax.net.ssl.trustStore=/apps/wm01/security/truststore.jks

After restart of IS everything start to work. Without Centrasite.

Regards
Rudo