|
|
This chapter provides some help with troubleshooting problems in a Cisco Subscriber Edge Services Manager (SESM) deployment. It includes the following topics:
Figure 13-1 shows a procedure for analyzing problems in SESM portal applications. The numbered callouts are keyed to the table that follows the figure.
| 1 | See MBean Configuration File Names , Log File Descriptions , and Obtaining License and Version Information. |
| 2 | |
| 3 | |
| 4 | See SPE Attributes. |
| 5 | Make sure the subscriber is subscribed to services and has the proper privileges to access those services. See the CDAT documentation: http://www.cisco.com/univercd/cc/td/doc/solution/sesm |
| 6 | |
| 7 |
Figure 13-2 shows a procedure for analyzing problems in RDP. The numbered callouts are keyed to the table that follows the figure.
| 1 | See MBean Configuration File Names, Log File Descriptions, and Obtaining License and Version Information. |
| 2 | |
| 3 | |
| 4 | |
| 5 | |
| 6 | See the client and server socket components in the RDP MBeanand RADIUS Data Proxy MBeans. |
| 7 |
This section describes some facilities that might be useful in troubleshooting SESM installation and configuration problems. It includes the following topics:
The SESM log files can help troubleshoot SESM applications and deployments. By changing the configuration of the logging and debugging mechanisms, you can change the amount of detail reported and specify message filtering. Two of the log files have debugging mechanisms in addition to the logging features.
You can configure all three of these logs for each SESM portal application and for CDAT. RDP uses only the application log.
Table 13-1 shows the MBeans that configure the log files. The MBeans control the level of verbosity in the logs, message filtering, debugging, file location, and file management.
| Log Type | MBean Name and Reference to More Information | Filename Attribute | Default Log Filename |
|---|---|---|---|
Request log | RequestLog | date.request.log | |
Jetty log | filename | date.jetty.log | |
Application log | logFile | date.application.log |
To change the location of a log file, change the value of the filename attributes listed in Table 13-1. All of the log filename attributes use the application.home property, which ensures that all logs for an application are located in the same directory. The value for the application.home property is set by the start script at run time. See Table 9-1, "Java System Properties in Startup Scripts" for more information about the application.home property.
The installed default configuration places all log files for an application into the logs subdirectory under the application home directory. For example:
SESMinstallDir
nwsp
logs
If the logs directory does not exist, it is created at application runtime.
When you execute a startup script that includes the java command, you can specify any Java option on the command line. To specify Java options, use -jvm as an option on the command line. For example, you can add the following option to the command line when you execute the SESM application startup script:
-jvm -Djava.compiler=NONE
If you purchased SESM, your license number is available on the License Certificate shipped with the product. If you have not purchased SESM, you can install an evaluation copy of the software without a license number. An evaluation installation provides full software functionality. Although the evaluation options do not have an expiration period, you must obtain a license before deploying SESM in a production environment.
The installation program records the license number and the software version you installed in the licensenum.txt file under the installation directory.
This section contains some hints that might help you identify and fix problems in SESM. The problems are divided into the following topics:
If the SESM installation program does not find an appropriate JRE, it installs the bundled JRE. See the section "Installing the Bundled JRE" section.
This section contains the following topics:
The SESM installation program does the following when searching for a valid JDK or JRE:
1. It searches for a JDK Version 1.3.1 that is already installed.
2. Failing that, it searches for a JRE Version 1.3.1 or later that is already installed.
3. Failing that, it installs and uses the bundled JRE Version 1.3.1_03.
In some cases, even though a JRE is installed, the installation program may not find it or finds a different JRE.
On Windows NT, the installation program looks in the NT Registry for the location of a JDK or JRE. It searches for the following:
\Java\1.3.1 \Java\1.3 \Program Files\JavaSoft\JRE\1.3.1 \Program Files\JavaSoft\JRE\1.3 | \JavaSoft\JRE\1.3.1 \JavaSoft\JRE\1.3 \Java\JRE\1.3.1 \Java\JRE\1.3 |
/usr/jdk1.3.1 /usr/jdk1_3_1 /usr/jdk1.3 /usr/jdk1_3 /usr/jdk /opt/jdk1.3.1 /opt/jdk1_3_1 /opt/jdk1.3 /opt/jdk1_3 /opt/jdk | /usr/java1.3.1 /usr/java1_3_1 /usr/java1.3 /usr/java1_3 /usr/java /opt/java1.3.1 /opt/java1_3_1 /opt/java1.3 /opt/java1_3 /opt/java | /usr/j2sdk1.3.1 /usr/j2sdk1_3_1 /usr/j2sdk1.3 /usr/j2sdk1_3 /usr/j2sdk /opt/j2sdk1.3.1 /opt/j2sdk1_3_1 /opt/j2sdk1.3 /opt/j2sdk1_3 /opt/j2sdk | /usr/jre1.3.1 /usr/jre1_3_1 /usr/jre1.3 /usr/jre1_3 /usr/jre /opt/jre1.3.1 /opt/jre1_3_1 /opt/jre1.3 /opt/jre1_3 /opt/jre |
installImageName -is:javahome location
Where:
The installed web.xml file points to precompiled versions of the JSPs. It does not reference the JSPs in /nwsp/webapp. Thus, changing the JSPs in webapp has no effect if you use the installed web.xml file.
If you do not see changes that you make to a JSP, do either of the following:
http://java.sun.com/products/j2se
This section describes some potential problems that you might encounter during installation.
To install SESM on a Solaris server with no X server, use the Silent or Console installation modes.
The SESM installation program writes to parts of the file system or Windows registry that are only accessible to a privileged user (that is, root on Solaris, or a member of the Administrators group on Windows NT). An SESM installation must be performed by a privileged user who has access to these resources. Otherwise, the outcome of the installation is unpredictable.
If you receive Java error messages indicating missing files in system level directories (for example, /var, on Solaris), you do not have correct permissions to perform the installation. See the preceding "Incorrect Permissions" section.
On a Solaris system, if you remove the contents of the SESM installation directory using the rm command instead of uninstalling SESM using the uninstall utility, then subsequent installations of SESM into the same directory might be adversely affected.
Uninstall SESM using uninstall.bin. If uninstalling is not possible, before reinstalling SESM, delete the vpd.properties file from the home directory of the person who is performing the installation.
 |
Note If you deploy multiple SESM installations, and you delete the vpd.properties file to recover from removing one of the installations, then you cannot use uninstall.bin to uninstall any of the other installations. |
The SESM installation program places the J2EE web server and SESM configuration files in the correct directories as defined in the startup scripts. If the configuration files are moved for any reason, then you must edit the web.xml file to reflect the new locations.
If the SSG port number or shared secret specified in the SESM application's MBean configuration file does not match actual SSG configuration (as performed on the SSG host), the SSG cannot see the SESM requests or is unable to decrypt the requests because the shared secret does not match. When the shared secret does not match, the SSG returns an Access Reject message.
For more information on SSG configuration, see "Configuring the SSG for SESM Deployments."
If incorrect IP addresses or port numbers are specified in the SESM application's MBean configuration file for the primary and secondary RADIUS servers, the RADIUS servers cannot see the SESM requests.
If the IP addresses and port numbers are correct, the RADIUS server returns an Access Reject when either of the following errors is present:
For more information on RADIUS configuration, see "Configuring RADIUS for SESM Deployments."
Messages stating that the web server is unavailable might indicate that there is not enough Java virtual memory reserved to handle the number of users currently logged on. Follow the instructions in the "Out of Memory Exceptions" section to increase Java virtual memory.
The RADIUS server must be configured to recognize the following two clients:
If either of these configuration items is incorrect, then the RADIUS server sends Access Reject messages in response to all requests. See the "Configuring RADIUS Clients" section for information on configuring these RADIUS clients.
The SSG must have a default network location defined, from which the SESM web application is accessible. Otherwise, client requests never reach the SESM application, and the client browser eventually times out.
The SSG must have the radius-helper parameters configured with the correct port numbers and shared secret so that the SSG can see SESM messages and decrypt them. Because the SSG carries out authentication against the RADIUS server, it must also have the correct values defined for the radius-server parameters.
This section describes how some characteristics of PDA devices might impact subscriber experiences when accessing the SESM portal.
Posted: Fri Oct 18 10:00:36 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.