Previous Topic: OneView Monitor TroubleshootingNext Topic: Report Server Troubleshooting


Administrative UI Troubleshooting

The following sections detail common problems you may experience with registering the Administrative UI and the proposed solutions.

Administrative UI Hangs

Symptom:

I have restarted the Policy Server to which the Administrative UI is registered. When I try to start a task in the Administrative UI, it hangs.

Solution:

Restart the Administrative UI.

WebSphere Crashes with an Unhandled Exception

Symptom:

I have installed the Administrative UI to an existing WebSphere infrastructure. WebSphere has crashed and the native_stderr log reports an unhandled exception in the IBM Java Garbage Collector.

Solution:

Patch the embedded Java SDK in WebSphere.

Note: For more information, see the IBM Solution.

Cannot Register a Policy Server Connection

Symptom:

The Administrative UI is registered to a Policy Server that is unavailable and I am trying to register another Policy Server connection. When I log into the Administrative UI with an administrator that has super user permissions, the Register Policy Server Connection task does not appear.

Solution:

A single user was delegated super user permissions when the connection to the external administrator store was configured. Log into the Administrative UI with this super user account. When a Policy Server connection becomes unavailable, this super user is the only user that can register a Policy Server connection.

API Error Appears

Symptom:

The Administrative UI registration fails with an Agent API failure message.

Solution:

The Policy Server is not started. Start the Policy Server using the Policy Server Management Console.

Registration Not on File Error Appears

Symptom:

Registering the Administrative UI with a Policy Server fails with a registration record not on file error message.

You can receive this message when:

Solution:

Do one of the following:

If you are registering the Administrative UI for the first–time

  1. Log into the Policy Server host system.
  2. Run the following command:
    XPSRegClient siteminder_administrator[:passphrase] -adminui-setup
    
    siteminder_administrator

    Specifies a CA SiteMinder® administrator. If you are installing the Administrative UI as part of:

    • A new 12.52 SP1 environment, specify the default CA SiteMinder® administrator account (siteminder).
    • An upgrade, specify any CA SiteMinder® administrator account with super user permissions in the policy store.

    Note: If you are upgrading from r12.0 SP1 and do not have a super user account, use the smreg utility to create the default CA SiteMinder® administrator (siteminder). For more information about using the smreg utility, see the Policy Server Administration Guide.

    passphrase

    Specifies the password for the CA SiteMinder® administrator account.

    Limits:

    • The passphrase must contain at least six (6) characters.
    • The passphrase cannot include an ampersand (&) or an asterisk (*).
    • If the passphrase contains a space, enclose the passphrase with quotation marks.
  3. Log into the Administrative UI using the default CA SiteMinder® administrator account to complete the registration.

If you are trying to register an additional Policy Server connection

  1. Log into the Policy Server host system.
  2. Run the following command:
    XPSRegClient client_name[:passphrase] -adminui
    
    client_name

    Identifies the Administrative UI being registered.

    Limit: This value must be unique. For example, if you have previously used smui1 to register an Administrative UI, enter smui2.

    passphrase

    Specifies the password required to complete the registration of the Administrative UI.

    Limits:

    • The passphrase must contain at least six (6) characters.
    • The passphrase cannot include an ampersand (&) or an asterisk (*).
    • If the passphrase contains a space, enclose the passphrase with quotation marks.
  3. Log into the Administrative UI to register the Policy Server connection.
Invalid Registration File Error Appears

Symptom:

I am trying to register an additional Policy Server connection. The registration fails with an invalid registration file error message.

Solution:

Verify that the passphrase you entered is identical to the passphrase you created using XPSRegClient. The value you created must match the value that you enter using the Administrative UI.

If you do not have a passphrase:

  1. Log into the Policy Server host system.
  2. Run the following command:
    XPSRegClient client_name[:passphrase] -adminui
    
    client_name

    Identifies the Administrative UI being registered.

    Limit: This value must be unique. For example, if you have previously used smui1 to register an Administrative UI, enter smui2.

    passphrase

    Specifies the password required to complete the registration of the Administrative UI.

    Limits:

    • The passphrase must contain at least six (6) characters.
    • The passphrase cannot include an ampersand (&) or an asterisk (*).
    • If the passphrase contains a space, enclose the passphrase with quotation marks.
  3. Log into the Administrative UI to register the Policy Server connection.
Registration Fails without Timeout

Symptom:

The Administrative UI registration fails without timing out.

Solution:

Do the following:

Cannot Find the Administrative UI Registration Log

Symptom:

I am trying to troubleshoot the Administrative UI registration and cannot find the log file.

Solution:

XPSRegClient creates and saves the log file in policy_server_home\log. The file name is XPSRegClient.date

policy server home

Specifies the Policy Server installation path.

date

Specifies the date on which XPSRegClient created the file.

Example: XPSRegClient.2007-12-1.154002

Note: The last six digits are a unique identifier you can use if more than one file is created on the same day.

Search Fails with Timeout Error

Symptom:

I cannot complete a search for policy objects. The Administrative UI displays a connection timeout error instead of returning the search results.

Solution:

When you search on many policy objects using the Administrative UI, either or both of the following results can occur:

The latter results in a connection timeout error. Adjusting the Administrative UI Policy Server connection timeout and creating a registry key for the Policy Server tunnel buffer size solves the problem.

To adjust the Policy Server connection timeout:

  1. Log in to the Administrative UI.
  2. Click Administration, Admin UI, Policy Server Connections, Modify Policy Server Connection, Search to open the Policy Server connection object.
  3. Select the appropriate Policy Server and click Submit.
  4. Set the Timeout field in the Advanced section to a large value, such as 2,000 seconds.

    The Policy Server connection timeout is now increased.

To create a registry key for the tunnel buffer size:

  1. Create the following Policy Server registry key:

    HKLM\SOFTWARE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\PolicyServer\

    Max AdmComm Buffer Size

  2. Set this registry key to a large value, such as 2,097,000 Kilobytes (0x1FFF68).
  3. Save the changes and exit the registry.

Note: If the problem persists after the connection timeout and buffer size changes, restart the Administrative UI

Cannot Find the Default Logging File

Symptom:

I am trying to troubleshoot a deployed Administrative UI instance and cannot find the default application server log file.

Solution:

If you used the stand–alone installation option, the name of the default log file is server.log. This log file is located at administrative_ui_home\CA\SiteMinder\adminui\server\default\log.

administrative_ui_home

Specifies the Administrative UI installation path.

Note: If you installed the Administrative UI to an existing instance of JBoss, WebSphere, or WebLogic, see your vendor–specific documentation for more information about default logging.

Default Log File does not Provide Enough Information

Symptom:

I am trying to troubleshoot a deployed Administrative UI instance and the default application server log file does not provide enough information.

Solution:

Use the SiteMinderLog4j properties file to configure CA SiteMinder®-specific logging settings. The file contains comments about configuring the logging settings. The location of the file depends on the installation option that was used to install the Administrative UI.

Note: If you upgraded the Administrative UI to 12.52 SP1, the properties file is located at deploy/IdentityMinder.ear/user_console.war/META-INF.