Question & Answer
Question
What diagnostic information should be collected for ISAM (IBM Security Access Manager) client problems on IBM DataPower Gateway Appliance?
Answer
The following information describes the documentation needed by IBM support to investigate this problem scenario.
1. ISAM version on the ISAM server
2. GSKit version of the Policy Server
3. ISAM configuration file
WebGUI -> Access Manager Client -> 'Main' tab
4. ISAM SSL Key file (.kdb) and Key Stash file (.sth)
WebGUI -> Access Manager Client -> 'Main' tab
5. Start ISAM and LDAP logs on DataPower:
WebGUI -> Access Manager Client -> 'Trace Logging' tab
- Enable Access Manager Tracing: ON
Trace File: <isam.client.log>
Trace File Entries: 100000
Trace Format: Text
Trace Component: *:*.9
- Enable Tracing for LDAP: ON
Trace File for LDAP: <isam.ldap.log>
Trace File Size for LDAP: 100000
Trace Level for LDAP: 65535
* The files are written to temporary:///<ISAM-client-name>/
6. Create debug log target
Application Domain -> Log Target -> Add
- Name: isam-client-pmr
Target Type: File
Log Format: Text
Timestamp: zulu
Log Size: 30000
File Name: logtemp:///ISAM.debug.log
Rotations: 3
Event Subscription Tab -> Add -> Event Category: all
Min Event Priority: debug
Apply
7. Set log level to debug
Application domain -> Control Panel -> Troubleshooting -> Log Level = Debug -> Set Log Level
8. Start packet capture, filtered on the ISAM server and LDAP server ports
(from default domain only)
Control Panel -> Troubleshooting -> Packet Capture Section
- Interface Type: All Interfaces
Mode: Continuous
Maximum size: 20000
Maximum Packet Size: 9000
Filter Expression: port xxx or port yyy (where xxx is the port number of the ISAM server and yyy is the port number of the LDAP server)
click 'Start Packet Capture'
9. Recreate the issue. If the ISAM client will not come up, simply disable and enable the ISAM client to recreate the error.
10. Generate the error-report
Troubleshooting -> Reporting section -> click 'Generate Error Report'
11. Download the error-report, packet capture, sslkeyfile, ISAM, LDAP and debug logs
- temporary:///error-report
- temporary:///capture.pcap
- logtemp:///sslkeyfile.log
- temporary:///<ISAM-client-name>/
- logtemp:///ISAM.debug.log
Was this topic helpful?
Document Information
Modified date:
18 July 2022
UID
swg21410245