added this in FAQ, we should put this in the real docs somewhere:

http://rhq-project.org/display/JOPR2/FAQ#FAQ-WhenIimportaserverlikeJBossEAP5orTomcat%2CIseeitschildJVMresourceininventory%2Cbutitisred%28DOWN%29.Why%3F

"Q: When I import a server like JBoss EAP 5 or Tomcat, I see its child JVM resource in inventory, but it is red (DOWN). Why?

A: You probably started your server with JMX remoting enabled and secured. For example, you probably set something like the following system properties in your server:

-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=5222
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.password.file=/jmxremote.password
-Dcom.sun.management.jmxremote.access.file=/jmxremote.access

When this happens, the JMX plugin's code will examine the command line for your server's process, see that the JMX server is remoted and secured, and try to set up its secure, remote JMX connector. When it does, it will not have the appropriate credentials to use and thus can't connect to the remote JMX MBeanServer and will consider it in a DOWN state. You must go into your new child JVM resource's Connection Properties page in the GUI and enter your valid credentials (username and password) that you set in your JMX remote access files. If you don't want RHQ to go through that remote JMX endpoint, you could try to unset all the Connection Properties for that JVM resource except the Type property - set that to "Parent". This tells RHQ to use the connection to the parent resource in order to communicate with the JVM resource. If your JVM is a child of, say, a JBossAS 4 or a JBoss EAP 5 resource, this is valid - the parent of the JVM (which is the JBossAS server resource) should be able to provide the connection to the JVM resource information."