org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible vmcid: IBM minor code: E07 from stand-alone app

Question

I'm connecting to the WebSphere instance from the stand-alone Java app which is quite trivial:

InitialContext initCtx = new InitialContext();

That code was working perfectly in WebSphere 7, but after updating to WebSphere 8.5 I got the following exception:

Caused by: org.omg.CORBA.TRANSIENT: initial and forwarded IOR inaccessible  vmcid: IBM  minor code: E07  completed: No
    at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1276)
    at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1457)
    at com.ibm.rmi.corba.ClientDelegate.createRequest(ClientDelegate.java:1164)
    at com.ibm.CORBA.iiop.ClientDelegate.createRequest(ClientDelegate.java:1423)
    at com.ibm.rmi.corba.ClientDelegate.request(ClientDelegate.java:1886)
    at com.ibm.CORBA.iiop.ClientDelegate.request(ClientDelegate.java:1379)
    at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:458)
    at com.ibm.WsnBootstrap._WsnNameServiceStub.getProperties(_WsnNameServiceStub.java:38)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties(WsnInitCtxFactory.java:1441)
    ... 43 more

After research, I've fout out that IBM support page, which said to go to CSIv2 inbound and outbound settings (by me, Admin Console->Security->GlobalSecurity->RMI/IIOP security) and set the transport to SSL-Supported.

However, it didn't change anything. I've tried to change the 'Cleint certificate authentication' to Never, and Transport to TCP/IP for both CSIv2 inbound and outbound, but still without success. The error persisted until I've turned off 'Enable administrative security', which is not an option, because I need to enable 'Application Security' (the application logic depends of that).

How can I make my code working again? Everything was OK on WebSphere 7.

Answer 1

My research on this issue may prove useful to others;

WebSphere 8 changed the default setting of RMI/IIOP SSL security from 'supported' to 'required'. If you want a secure connection you'll need to get the certs from the server and set Java system properties to files that specify the location of the certs;

com.ibm.CORBA.ConfigURL=file:/opt/IBM/JazzSM/profile/properties/sas.client.props
com.ibm.SSL.ConfigURL=file:/opt/IBM/JazzSM/profile/properties/ssl.client.props

If this doesn't work, you'll need to start debugging by setting the following System properties;

com.ibm.CORBA.Debug=true
com.ibm.CORBA.CommTrace=true
com.ibm.CORBA.Debug.Output=/tmp/corba.log

By studying this log and orb trace logs in the working directory, I found that the client failed to establish an ephemeral TCP connection to the server at "port=0". No mention of SSL in the logs! I wrote a small app to test my code running as a java console app and found that the SSL connection was successful and it worked fine. By diff'ing the logs, I found that only in the good case, the JVM was finding a local file 'orb.properties'. I then found that in my problem case, my test app was using a different JVM and my real app was using a JVM that had no 'orb.properties'. I could resolve the problem in a number of ways .. e.g. by including an orb.properties in my application and injecting the contents as System properties.