Policy Server Administration Guide › General SOA Security Manager Troubleshooting › Command Line Troubleshooting of the Policy Server

Command Line Troubleshooting of the Policy Server

You can run the Policy Server process interactively in a separate window with debugging options turned on to troubleshoot problems. The following server executable may be run from the command line:

install_dir/siteminder/bin/smpolicysrv

Note: On Windows systems, do not run the smpolicysrv commands from a remote desktop or Terminal Services window. The smpolicysrv command depends on inter-process communications that do not work if you run the smpolicysrv process from a remote desktop or Terminal Services window.

Use the following options with the smpolicysrv command:

-tport_number

This option is used to modify the TCP port that the server binds to for Agent connections. If this switch is not used, the server defaults to the TCP port specified through the Policy Server Management Console.

-uport_number

This option is used to modify the UDP port that the server binds to for RADIUS connections. If this switch is not used, the server defaults to the UDP port specified through the Policy Server Management Console. This switch is applicable to the authentication and accounting servers only.

-stop

This switch stops the server in the most graceful manner possible. All database and network connections are closed properly using this method.

-abort

This switch stops the server immediately, without first closing database and network connections.

-stats

This switch produces current server runtime statistics such as thread pool limit, thread pool message, and the number of connections.

-resetstats

This switch resets the current server runtime statistics without restarting the Policy Server. This switch resets the following counters:

• Max Threads is reset to the Current Threads value.
• Max Depth of the message queue is reset to the Current Depth of the message queue.
• Max Connections is reset to Current Connections.
• Msgs, Waits, Misses, and Exceeded limit are reset to zero.

This switch does not reset the following counters:

• Thread pool limit
• Current Threads
• Current Depth of the message queue
• Current Connections
• Connections Limit

-publish

Publishes information about the Policy Server.

-tadmport_number

Sets the TCP port for the administration service.

-uacport_number

Sets the UDP port for Radius accounting.

-uadmport_number

Sets the UDP port for the administration service.

-uauthport_number

Sets the UDP port for Radius authentication.

-ac

Enables the servicing of Agent API requests.

-noac

Disables the servicing of Agent API requests.

-adm

Enables the servicing of administration requests.

-noadm

Disables the servicing of administration requests.

-radius

Enables the servicing of RADIUS requests.

-noradius

Disables the servicing of RADIUS requests.

-onlyadm

Combines the following options into a single option:

• -adm
• -noac
• -noradius

–starttrace

The command:

• starts logging to a trace file and does not affect trace logging to the console.
• issues an error if the Policy Server is not running.

If the Policy Server is already logging trace data, running the –starttrace command causes the Policy server to:

• rename the current trace file with a time stamp appended to the name in the form: file_name.YYYYMMDD_HHmmss.extension
• create a new trace file with the original name

  For example, if the trace file name in Policy Server Management Console’s Profiler tab is C:\temp\smtrace.log, the Policy Server generates a new file and saves the old one as c:\temp\smtrace.20051007_121807.log. The time stamp indicates that the Policy Server created the file on October 7, 2005 at 12:18 pm. If you have not enabled the tracing of a file feature using the Policy Server Management Console’s Profiler tab, running this command does not do anything.

-stoptrace

The command:

• stops logging to a file and does not affect trace logging to the console.
• issues an error if the Policy Server is not running.

You can use two smpolicysrv command line options, -dumprequests and -flushrequests, to troubleshoot and recover more quickly from an overfull Policy Server message queue. Only use these options in the following case:

1. Agent requests waiting in the Policy Server message queue time out.
2. One or more Agents resend the timed-out requests, overfilling the message queue.

!Important Do not use -dumprequests and -flushrequests in normal operating conditions.

-dumprequests

Outputs a summary of each request in the Policy Server message queue to the audit log.

-flushrequests

Flushes the entire Policy Server message queue, so that no requests remain.