Welcome
IBM® Workload Scheduler
Welcome to the IBM® Workload Scheduler documentation, where you can find information about how to install, maintain, and use IBM Workload Scheduler. The documentation has been updated for IBM Workload Scheduler Version 10.1 Fix Pack 6.
Troubleshooting
Troubleshooting Dynamic Workload Console
Describes how to troubleshoot problems with the Dynamic Workload Console related to connections, performance, user access, reports, and others.
Troubleshooting connection problems
LDAP account locked after one wrong authentication attempt

Product requirements
This section contains links to the IBM® Workload Scheduler Download Documents, System Requirements, and Release Notes.
Fix Pack readmes
For the latest information about a Fix Pack, see the appropriate Readme File.
Product Library in PDF format
This section contains links to the PDF versions of all the publications provided in IBM Documentation for IBM Workload Automation.
Considerations for GDPR readiness
Overview
Mobile Applications Userʼs Guide
Dynamic Workload Console User's Guide
AI Data Advisor (AIDA) User's Guide
Scheduling Job Integrations with IBM Workload Automation
IBM® Workload Scheduler
Welcome to the IBM® Workload Scheduler documentation, where you can find information about how to install, maintain, and use IBM Workload Scheduler. The documentation has been updated for IBM Workload Scheduler Version 10.1 Fix Pack 6.
- Quick Start Guide
- Fix Pack readmes
  For the latest information about a Fix Pack, see the appropriate Readme File.
- Planning and Installation
- User's Guide and Reference
- Administration Guide
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Troubleshooting
  - Getting started
    Gives an overview of what troubleshooting information is contained in this publication, and where to find troubleshooting information which is not included.
  - Logs and traces
    Provides detailed information about logs and traces, and how to customize them and set the logging and tracing levels.
  - Capturing product data
    Describes the facilities available for data capture in the event of problems occurring. It provides full details of the Data capture utility and the provisions for first failure data capture.
  - In-Flight Trace facility
    Describes the tracing facility for troubleshooting the IBM Workload Scheduler engine. This facility is called In-Flight Trace.
  - Troubleshooting performance
    This refers you to the Administration Guide for the resolution of performance problems.
  - Troubleshooting networks
    Describes how to recover from short-term and long-term network outages and offers solutions to a series of network problems.
  - Troubleshooting engine problems
    Gives solutions to problems that might occur with the modules and programs that comprise the basic scheduling "engine" on the master domain manager.
  - Troubleshooting dynamic workload scheduling
    This section provides information that is useful in identifying and resolving problems with dynamic workload scheduling, including how to tune the job processing rate and how to solve common dynamic scheduling problems.
  - Troubleshooting when automatically adding dynamic agent workstations to the plan
    This section provides information that is useful in identifying and resolving problems in the IBM Workload Scheduler environment when you enable the automatic adding of dynamic agent workstations to the plan.
  - Troubleshooting Dynamic Workload Console
    Describes how to troubleshoot problems with the Dynamic Workload Console related to connections, performance, user access, reports, and others.
  - Troubleshooting workload service assurance
    Gives you troubleshooting information about workload service assurance by explaining how it works and how it exchanges information between the modules. In addition, it provides solutions to common problems.
  - Troubleshooting switch manager
    Provides troubleshooting information about the fault-tolerant switch manager in terms of the event counter, the Ftbox, and link problems. It also provides solutions to some common problems with the backup domain manager.
  - Synchronizing the database with the Symphony file
  - Corrupt Symphony recovery
    Explains the symptoms of Symphony file corruption and links you to tasks that can recover the file on the master domain manager, fault-tolerant agent, or lower domain manager.
  - Support information
  - Date and time format reference - strftime
- Driving IBM Workload Automation
- Extending IBM Workload Automation
IBM® Z Workload Scheduler
Welcome to the IBM® Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product.
Messages and Codes
Glossary
Installing IBM® Workload Scheduler
How to monitor your IBM® Workload Scheduler using the Dynamic Workload Console
How to create your scheduling environment using the Dynamic Workload Console
Notices

LDAP account locked after one wrong authentication attempt

LDAP accounts might be blocked even after only one login attempt when connecting using the web user interface or Dynamic Workload Console through LDAP/AD authentication, if wrong credentials are provided because of internal LDAP/AD security policy. This happens because one login attempt with wrong credentials using the web user interface or Dynamic Workload Console, is transformed into several authentication requests to LDAP.

Cause and solution:

When a single LDAP hostname is mapped to multiple IP addresses in a network configuration, if an invalid password is entered during the login, WebSphere makes as many login attempts as the number of associated IP addresses plus 1. If the resulting number exceeds the maximum number of failed logins allowed by local LDAP/AD security policy, the LDAP account is blocked. In the log file messages.log the following error shows an authentication error because of wrong credentials:

ECJ0369E: Authentication failed when using LTPA. The exception is
javax.naming.AuthenticationException: [LDAP: error code 49 -
80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 52e, vece

The WebSphere APAR PK42672 addresses this problem in the following way:

Two new custom properties are available to prevent this issue; use the one suitable for your LDAP configuration:

If LDAP is configured using the wsadminl command to register backend LDAP server hostnames, in the administration console click Security > User Registries > LDAP > Custom Properties and set to true the property com.ibm.websphere.security.ldap.retryBind. If this property is set to false, the Application Server does not retry LDAP bind calls. The default value is true.
If LDAP is configured associating a hostname with multiple IP addresses using the network configuration, in the administration console click Security > User Registries > LDAP > Custom Properties and set to false the property com.ibm.websphere.security.registry.ldap.singleLDAP. If this property is set to true, the Application Server does not resolve an LDAP hostname to multiple IP addresses. The default value is false.