This section describes some facilities that might be useful in troubleshooting SESM installation and configuration problems. It includes the following topics:

Logging and Debugging Mechanisms

This section describes the logging and debugging options available to help troubleshoot SESM. The logging and debugging mechanisms are MBeans which are configured in the MBean configuration files. By changing the configuration of the logging and debugging mechanisms, you can change the amount of detail reported and specify message filtering.

Using SESM Application Log Files

You can use the SESM application's log files to troubleshoot problems. Two of the log files have debugging mechanisms that you can configure along with the logging features.

An SESM web application and its Jetty container write to the following log files:

HTTP request log—This log file records all incoming HTTP requests. You can use this log file to analyze volume and traffic patterns for the web server.

: The default name for this file is date.request.log.
: See the HttpServer MBean description in the "Container Attributes" section for information on configuring this log, including file name and retention period.

Jetty application log—This log file records logging and debugging messages. The logging messages record the startup of the Jetty server and all ongoing activity, such as errors trapped by the Jetty server and HTTP errors. If the SESM application fails to start, look at this log. Make sure you monitor this log file for illegal HTTP requests that might indicate attempts to subvert the web server. If you enable debugging, the log file also includes more detailed debugging messages.

: The default name for this file is date.jetty.log.
: See the Log MBean and Debug MBean descriptions in the "Container Attributes" section for information on configuring this log, including file name, retention period, and contents.

SESM application log—This log file records logging and debugging messages. The logging tool logs SESM application activity. The debugging mechanism produces messages useful to developers in debugging applications.

: The default name for this file is date.application.log.
: See the Logger MBean in the "SESM Application Attributes" section for information on configuring this file, including its file name and retention period, whether debugging is turned on or off, and the content of logging and debugging messages.

Log File Locations

: For each SESM application, all of these log files are located in the same directory. The application.log Java system property is used to specify the directory location. See Table 5-1, "Java System Properties in the Startup Script", for a description of how the start script sets application.log, the default values of application.log, and how to change this default.

When you execute a startup script that includes the java command, you can specify any Java option on the command line. To specify Java options, use -jvm as an option on the command line. For example, you can add the following option to the command line when you execute the SESM application startup script:

-jvm -Djava.compiler=NONE

SESM Management Console

The Sun example JMX server, which is the JMX server installed with the Jetty component in the SESM installation package, includes a JMX HTML adaptor. SESM uses the adaptor to produce a management console that shows the current value of all MBean attributes in all of the MBean configuration files.

Note This JMX HTML adaptor is not production quality. For example, configuration changes made using this console are not persistent. You should remove it from your configuration files before transitioning the SESM application to public use. See the "ManagementConsole" section 4-18 for information about configuring and removing this adaptor.

You can access the SESM management console on a web browser at the following URL:

http://  SESMserver:managementPortNumber/

Where:

: SESMserver—Host name or IP address of the workstation where SESM is installed.
: managementPortNumber—The port configured in the HtmlAdaptorServer MBean in the application configuration file. The default management port number used by the SESM installation program is:

applicationPortNumber + 100


: For example, for NWSP, the installer uses a default application port number of 8080 and a corresponding management port number of 8180.

Management Console User Name and Password

Before you gain access to the management console, you must enter a valid user name and password. Enter the values that match the values in the ManagementConsole MBean in the application's configuration file. See the "ManagementConsole" section for more information.

Obtaining License and Version Information

If you purchased SESM, your license number is available on the License Certificate shipped with the product. If you have not purchased SESM, you can install an evaluation copy of the software without a license number. An evaluation installation provides full software functionality. Although the evaluation options do not have an expiration period, you must obtain a license before deploying SESM in a production environment.

The installation program records the license number and the software version you installed in the licensenum.txt file under the installation directory.

Troubleshooting Hints

This section contains some hints that might help you identify and fix problems in SESM. The hints are divided into the following topics:

JRE and JDK Troubleshooting

If the installer does not find an appropriate JRE, it installs the bundled JRE Version 1.2.2.

This section contains the following topics:

Warning and Error Messages after JRE Installation

The JRE installation might produce warning messages and nonfatal error messages. These messages are expected and normal.

The warning message states that JSPs will not be compiled. You do not need to recompile JSPs to run the NWSP application.

: If you are a Web developer expecting to write new JSPs or change the NWSP JSPs, you must load the Java Development Kit (JDK). To obtain a recent JDK, go to:

http://java.sun.com/products/j2se

The nonfatal JIT relocation error message is the result of a problem within the bundled JVM obtained from Sun Microsystems. It does not affect SESM operation. You can ignore this message and all supporting information.

Searching for an Existing JDK or JRE

The installer does the following when searching for a valid JDK or JRE:

1. It searches for a JDK Version 1.2.2 that is already installed.

2. Failing that, it searches for a JRE Version 1.2.2 or later that is already installed.

3. Failing that, it installs and uses the bundled JRE Version 1.2.2.

In some cases, even though a JRE is installed, the installer may not find it or finds a different JRE.

On Windows NT, the installer looks in the NT Registry for the location of a JDK or JRE. It uses Java Version 1.2.2 in preference to Version 1.3.

On Solaris, the installer looks in the following well-known locations before installing the bundled JRE:

usr/jre

/usr/jre1.2.2

/usr/java1.2

/usr/java

/usr/java1.2.2

/usr/jdk

/usr/jdk1.2

/usr/jdk1.2.2

/opt/jre

/opt/jre1.2.2

/opt/java

/opt/java1.2

/opt/java1.2.2

/opt/jdk

/opt/jdk1.2

/opt/jdk1.2.2

/usr/jre1.3

/usr/jre1.3.0

/usr/java1.3

/usr/java

/usr/java1.3.0

/usr/jdk

/usr/jdk1.3

/usr/jdk1.3.0

/opt/jre1.3

/opt/jre1.3.0

/opt/java

/opt/java1.3

/opt/java1.3.0

/opt/jdk

/opt/jdk1.3

/opt/jdk1.3.0

Using a Pre-installed JRE or JDK

On either platform, you can specify the location of a pre-installed JRE or JDK by starting the installation process on a command line and specifying the javahome parameter, as follows:

installImageName -is:javahome location

Where:

: installImageName is the name of the SESM downloaded image.
: location is the path name for the JRE or JDK.

Recompiling a Customized JSP

If you do not see changes that you make to a JSP, follow these procedures:

Step 1 Install a JDK (Version 1.2.2 or later).

Step 2 Edit the application start script so that it uses the JDK, rather than the JRE. (For example, edit .../jetty/bin/start.sh).

Step 3 Ensure that JDK_HOME points to the directory into which you installed the JDK.

Step 4 Stop the SESM application.

Step 5 Change directories to the application's WEB-INF directory. For example, enter:

cd SESM_install/nwsp/docroot/WEB-INF

Step 6 In the WEB-INF directory, back up the web.xml file by renaming it. For example, enter:

cp web.xml web.xml.bak

Step 7 In the WEB-INF directory, copy the web.recompile.xml file over web.xml. For example, enter:

cp web.recompile.xml web.xml

Step 8 Restart the SESM application.

The installed web.xml file points to precompiled versions of the JSPs. It does not reference the JSPs in .../nwsp/docroot. Thus, changing the JSPs in docroot has no effect if you use the installed web.xml file.

The web.recompile.xml file references the JSPs in .../nwsp/docroot, rather than using the precompiled JSPs.

Installation Troubleshooting

This section describes some problems that you might encounter during installation.

No X Server for a Solaris Installation

To install SESM on a Solaris server with no X server, use the Silent or Console installation modes.

Incorrect Permissions

The SESM installation program writes to parts of the file system or Windows registry that are only accessible to a privileged user (that is, root on Solaris, or a member of the Administrators group on Windows NT). An SESM installation must be performed by a privileged user who has access to these resources. Otherwise, the outcome of the installation is unpredictable.

Files Not Found

If you receive Java error messages indicating missing files in system level directories (for example, /var, on Solaris), you do not have correct permissions to perform the installation. See the preceding "Incorrect Permissions" section.

Configuration File Location Troubleshooting

The SESM installation program places the J2EE web server and SESM configuration files in the correct directories as defined in the startup scripts. If the configuration files are moved for any reason, then you must edit the web.xml file to reflect the new locations.

SESM Configuration Troubleshooting

If the SESM software is installed correctly, and all of the configuration files are in the proper location, but the SESM web application does not function, then examine the configuration values in the SESM application's MBean configuration file (for example, nwsp/config/nwsp.xml).

Communication with SSG

If the SSG port number or shared secret specified in the SESM application's MBean configuration file does not match actual SSG configuration (as performed on the SSG host), the SSG cannot see the SESM requests or is unable to decrypt the requests because the shared secret does not match. When the shared secret does not match, the SSG returns an Access Reject message.

For more information on SSG configuration, see "Configuring the SSG."

Communication with RADIUS Server

If incorrect IP addresses or port numbers are specified in the SESM application's MBean configuration file for the primary and secondary RADIUS servers, the RADIUS servers cannot see the SESM requests.

If the IP addresses and port numbers are correct, the RADIUS server returns an Access Reject when either of the following errors is present:

The shared secret specified for the RADIUS server in the application's appl.xml is not correct.
The SESM web application is not properly configured as a RADIUS client.

For more information on RADIUS configuration, see "Configuring RADIUS."

Out of Memory Exceptions

Out of memory exceptions might indicate that there is not enough Java virtual memory reserved to handle the number of users currently logged on.

The generic startup script sets the Java virtual memory (VM) size to 64MB. To change this value, stop the application, edit the generic start script (start.sh or start.cmd), and restart the application.

Web Server Unavailable

Messages stating that the web server is unavailable might indicate that there is not enough Java virtual memory reserved to handle the number of users currently logged on. Follow the instructions in the "Out of Memory Exceptions" section to increase Java virtual memory.

RADIUS Configuration Troubleshooting

The RADIUS server must be configured to recognize the following two clients:

SESM web application
SSG

If either of these configuration items is incorrect, then the RADIUS server sends Access Reject messages in response to all requests. See the "Configuring NAS Clients" section for information on configuring these RADIUS clients.

For service profile requests, the password for service and service group profiles must match those defined for the SSG and the SESM application. This password is used in Access Request messages for profiles, where the profile name is the service or service group name and the password is as defined in the following two locations:

the servicePassword attribute in the AAA section of the SESM application's MBean configuration file
the service-password parameter for the SSG

SSG Configuration Troubleshooting

The SSG must have a default network location defined, from which the SESM web application is accessible. Otherwise, client requests never reach the SESM application, and the client browser eventually times out.

The SSG must have the radius-helper parameters configured with the correct port numbers and shared secret so that the SSG can see SESM messages and decrypt them. Because the SSG carries out authentication against the RADIUS server, it must also have the correct values defined for the radius-server parameters.

Table of Contents

Log File Locations