Product Documentation
Abstract
MustGather documents aid in problem determination and save time resolving Problem Management Records (PMRs).
Content
Collecting MustGather data early, even before opening the PMR, helps IBM® Support quickly determine:
- Symptoms match known problems (rediscovery).
- There is a nondefect problem that can be identified and resolved.
- There is a defect that identifies a workaround to reduce the severity.
- Locating root cause can speed the development of a code fix.
| [MustGather information based on Directory Integrator Version: |
General MustGather Information for All Versions
How to Collect version 6.1.1 Information
How to Collect version 7.x Information
How to Collect Debug Information
How to Collect SSL Information
How to Collect SSL Information from AMC
How to Collect AMC Information
How to Collect WebService Information
How to Collect Password plug-in Information
How to Collect Java OOM Information
How to Collect Federated Directory Server Information
How to Collect Config Editor Information
Upload Data to IBM Support
Featured Documents
| [General MustGather Information for All Versions |
- A complete & comprehensive description of the reported problem, including the exact errors seen
- Software inventory - OS and Application (including interim fix and fix packs)
- How long has this issue occurred?
- Remedial actions taken to resolve the issue?
- Business impact?
- Is the error found in the production, development, or test system environment?
- Has this previously worked, or is it a new build?
- What changes have been made recently if it has previously worked - either to the immediate system or to any associated infrastructure?
- Collect MustGather information for either version v6.1.1 or v7.x
- Upload Data to IBM Support
Return to top of page
| [Version 6.1.1 MustGather Information |
- Collect the Tivoli Directory Integrator version and build information found in the
"Help->About IBM Tivoli Directory Integrator" splash screen of the Config Editor. - Collect the JVM version
<TDI_Install_Directory>/jvm/jre/bin/java -version - Collect the <TDI_Solution_Directory>/solution.properties and <TDI_Install_Dir>/etc/global.properties
- Collect the <TDI_Solution_Dir>/logs/ibmdi.log, Tivoli Directory Integrator solution config file (xml), and any custom assembly line log file(s).
- If there is an RMI adapter issue, collect the complete profile (.jar file) and Security Identity Manager log.
- If possible, collect the log from the data source to which Tivoli Directory Integrator is connecting (like the LDAP logs or Domino logs), which correlates with the time of the failure.
Return to top of page
| [Version 7.x MustGather Information |
- Collect the Security Directory Integrator version
<SDI_Install_Directory>/bin/applyUpdates -queryreg - Collect the JVM version
<SDI_Install_Directory>/jvm/jre/bin/java -fullversion - Collect the property files associated with the server
<SDI_Solution_Directory>/solution.properties and <SDI_Install_Dir>/etc/global.properties - Collect the <SDI_Solution_Dir>/logs/ibmdi.log, SDI solution config file (xml), and any custom assembly line log file(s).
- If SDI Dashboard related, collect the <SDI_Solution_Directory>\osgi\configuration\#############.log
- If there is an RMI adapter issue, collect the complete profile (.jar file) and Security Identity Manager log.
- If possible collect the log from the data source to which SDI is connecting (like the LDAP logs or Domino logs) which correlates with the time of the incident.
Return to top of page
| [How to Collect an SDI Server debug log |
1. Stop the SDI Server process
Pre-7.2.0-ISS-SDI-FP0008
2. Edit the <SDI_Solution_Directory>/etc/log4j.properties
3. Modify the following line:
log4j.rootCategory=INFO, Default
to
log4j.rootCategory=DEBUG, Default
2. Edit the <SDI_Solution_Directory>/etc/log4j.properties
3. Modify the following line:
log4j.rootCategory=INFO, Default
to
log4j.rootCategory=DEBUG, Default
Post-7.2.0-ISS-SDI-FP0008
2. Edit the <SDI_Solution_Directory>/etc/log4j2.xml
3. Modify the following line:
<Root level="info">
to
<Root level="debug">
3. Modify the following line:
<Root level="info">
to
<Root level="debug">
4. Rename <SDI_Solution_Directory>/logs/ibmdi.log, to force a new log to be created on server startup
5. Re-create the problem and collect the <SDI_Solution_Dir>/logs/ibmdi.log
5. Re-create the problem and collect the <SDI_Solution_Dir>/logs/ibmdi.log
| [How to Collect an SSL Trace |
- Enable SSL debugging:
- If running the assembly line from the SDI Server (also known as ibmdisrv) or Windows Service, enable 'javax.net.debug=all' in <SDI_Solution_Directory>/solution.properties
- If running the assembly line from the SDI Config Editor (also known as ibmditk), enable 'javax.net.debug=ssl,handshake,data,trustmanager,keymanager' in <SDI_Solution_Directory>/solution.properties
- Re-create the problem and capture the output:
The SSL output will go to stdout, so stdout will need to be directed to a file:- If run from 'ibmdisrv' use this example to start the SDI server and redirect to a file:
<SDI_Install_Directory>/ibmdisrv -c <xml file> -r <AL> -l /tmp/ssl.log - If run from a Windows Service use this example:
Update the 'cmdoptions' parameter found in 'ibmdiservice.props' to include the '-l /tmp/ssl.log'
For example, cmdoptions=-d -l c:/temp/ssl.log - If run from 'ibmditk' use this example:
The SSL output appears in the Console Tab of the SDI Config Editor. Use the <ctrl-a> keys to select all text within the Console tab, then <ctrl-c> & <ctrl-v> in your preferred text editor to place the data in a text file.
- If run from 'ibmdisrv' use this example to start the SDI server and redirect to a file:
- Capture the output of the jks files:
- Windows:
-
<SDI_Install_Directory>\jvm\jre\bin\keytool.exe -list -v -keystore <SDI_Solution_Directory>\testserver.jks -storepass server <SDI_Install_Directory>\jvm\jre\bin\keytool.exe -list -v -keystore <SDI_Solution_Directory>\serverapi\testadmin.jks -storepass administrator
-
- Un*x:
-
<SDI_Install_Directory>/jvm/jre/bin/keytool -list -v -keystore <SDI_Solution_Directory>/testserver.jks -storepass server <SDI_Install_Directory>/jvm/jre/bin/keytool -list -v -keystore <SDI_Solution_Directory>/serverapi/testadmin.jks -storepass administrator
-
- Windows:
- Items to consider:
- The SDI Server loads the jks file on startup. Restart the SDI process after making changes to a jks file.
- Check that the Java™ process associated with the SDI Server has been stopped by either using Windows Task Manager or Un*x 'ps -ef' command, before restarting.
- When starting the SDI Server process, confirm the Solution Directory first.
To determine the default <SDI_Solution_Directory>, refer to the contents of the <SDI_Install_Directory>/bin/defaultSolDir file. To reference an alternative solution directory at startup, use the '-s <SDI_Solution_Directory>' argument with either ibmdisrv or ibmditk
Return to top of page
| [How to Collect an SSL Trace for AMC |
1. Stop the AMC processes (command usage: amcservice [start|stop] [amc] [am])
2. Add the following line to <SDI_Install_Directory>/lwi/conf/overrides/tdiamc_dist.properties:
javax.net.debug=ssl
3. Start the AMC processes (command usage: amcservice [start|stop] [amc] [am])
4. Re-create the problem
5. The SSL output can be found in <SDI_Install_Directory>/lwi/logs/trace-log.html and the Console Window (if the AMC process started from the command line).
6. Collect the <SDI_Install_Directory>/lwi/logs and Console output for IBM Support
Return to top of page
| [How to Collect AMC Information |
If you are unable to log on to the Administration and Monitoring Console server or if the server fails to start, review the <TDI_Install_Directory>/lwi/logs to determine the error.
You can increase the logging for the Administration and Monitoring Console in two separate ways:
A. lwilog.sh or lwilog.bat script
or
B. logging.properties file
A. lwilog.sh script
If the server is actively running, use the lwilog.sh script to add the 'com.ibm.di.amc' logger.
<TDI_Install_Directory>/lwi/bin/lwilog.sh -addlogger -name com.ibm.di.amc -level FINEST
After the logging threshold is changed by using the lwilog.sh script, refresh the logs by using the -refresh parameter. As seen in the following example.
<TDI_Install_Directory>/lwi/bin/lwilog.sh -refresh
B. logging.properties file
If the server is not actively running, edit the <TDI_Install_Directory>/lwi/conf/logging.properties file and add the following lines. If you edit the logging.properties file, restart the Administration and Monitoring Console server.
# additional AMC logging
com.ibm.di.amc.level=FINEST
LWI logs containing the AMC information is stored in the <TDI_Install_Directory>/lwi/logs directory. Compress the logs directory and provide it to IBM Support for review.
Return to top of page
Return to top of page
| [How to Collect WebService related information |
Questions to Answer:
1. If available, provided the WSDL file and ComplexType jar.
2. When using an Axis component, collect axis logs as documented below.
3. Can it be confirmed that the request works with a 3rd party client (For example, SOAPUI)
How to Collect axis logs:
- When dealing with any of the Axis components, the following loggers can be appended to the <SDI_Solution_Directory>/etc/log4j.properties file to collect independent Axis log files.
-
########## FILE APPENDER FOR AXIS2 WEBSERVICE TRANSACTIONS log4j.appender.AXIS2=org.apache.log4j.FileAppender log4j.appender.AXIS2.File=logs/axis2.log log4j.appender.AXIS2.layout=org.apache.log4j.PatternLayout log4j.appender.AXIS2.layout.ConversionPattern=%d{ISO8601} %-5p [%c] - %m%n log4j.appender.AXIS2.Append=false log4j.logger.org.apache.commons.httpclient=INFO, AXIS2 log4j.logger.org.apache.axis2.enterprise=INFO, AXIS2 log4j.logger.httpclient.wire.header=INFO, AXIS2 log4j.logger.httpclient=DEBUG, AXIS2 ########## FILE APPENDER FOR AXIS WEBSERVICE TRANSACTIONS log4j.appender.AXIS=org.apache.log4j.FileAppender log4j.appender.AXIS.File=logs/axis.log log4j.appender.AXIS.layout=org.apache.log4j.PatternLayout log4j.appender.AXIS.layout.ConversionPattern=%d{ISO8601} %-5p [%c] - %m%n log4j.appender.AXIS.Append=false log4j.logger.org.apache.axis=DEBUG, AXIS log4j.logger.org.apache.axis.encoding=INFO, AXIS log4j.logger.org.apache.axis.utils=INFO, AXIS log4j.logger.org.apache.axis.message=INFO, AXIS
| [How to Collect Password plug-in Information |
- Is the outage affecting all user password changes?
- Which Password plug-in is involved?
- Which Password Store is used LDAP, MQe, or Other?
Collect the following items from the plug-in Installation:
- pwd_plugin/*/pwsync.props
- pwd_plugin/*/proxy.log
- pwd_plugin/*/plugin.log
- pwd_plugin/*/proxy.stdout.log
If the problem is related to LDAPStore SSL connectivity, re-create the issue and gather an SSL by using the following modifications:
- Modify 'pwd_plugin\bin\startProxy.{bat/sh}' to include the '-Djavax.net.debug=true' parameter. For example, on a Windows installation the change would resemble the following:
start "JavaProxy" /B "%TDI_JAVA_PROGRAM%" -Djavax.net.debug=true -cp "%PWS_CLASSPATH%" -DproxyConfigFile="%PWS_CONFIG_FILE%" -Xrs com.ibm.di.plugin.proxy.Proxy >"%PROXY_ERR_LOG%" 2>&1 - The SSL tracing is directed to the 'JavaProxy' command where 'pwsync_admin' has been executed.
- Collect and provide the content of the 'JavaProxy' window IBM Support
Return to top of page
| [How to collect Java OOM Information |
A OOM (Out of Memory) or related issue like a performance problem, javacore, heap dump can be unique. Since a memory problem does not necessarily mean a memory leak, we need to examine the solution. First, provide the SDI config file (xml) and the debug version of the ibmdi.log of when the error occurred. Then, continue to the Java heap memory dump section.
Java Heap memory dump, Garbage Collection, and System core:
To investigate OOM issues, we want to review how the JVM uses memory at the time of failure.
To do so, we ask you follow these instructions to adjust the JVM heap, and collect a Garbage Collection (GC) log of the JVM.
I. Set the JVM MIN and MAX heap size for the SDI Server.
If SDI is ran with 'ibmdisrv'
-
- Edit the ibmdisrv.bat file found in the SDI Install Directory.
- Add the JVM options (-Xms512M -Xmx1024M) to the line which starts with "%TDI_JAVA_PROGRAM%"
- Place the options before the -classpath (or -cp) value found in the ibmdisrv.bat (.sh)
If SDI is ran as a Windows Service
- The JVM options should be added to the 'jvmcmdline' parameter found in the ibmdiservice.props file associated with the Windows Service.
For example, jvmcmdoptions=-Xms512M -Xmx1024M
II. Enable GC logging in the JVM
Garbage Collection (GC) can be used to determine the heap used by the SDI Server. Follow the exact directions found in step #1 of this section to add the following parameters to the SDI Server.
- -verbose:gc -Xverbosegclog:/tmp/verbosegc.log,10,1000
Once Items I & II are complete, provide the 'javacore.txt, heapdump.phd, Snap.trc, and verbosegc.log' to IBM Support
Return to top of page
| [How to Collect Federated Directory Server Information |
Questions to Answer:
- For FDS
- Review known issues in the IBM Documentation
2. For the FDS plug-in for ISAM issues,
- Review known issues in the IBM Documentation
- Enable ISAM Registry Direct logging IBM technote #21976574
3. Collect the following items:
- Directory <Solution_Directory>/LDAPSync
- Directory <Solution_Directory>/configs
Return to top of page
| [How to Collect Config Editor Information |
Refer to technote #1983474
Return to top of page
| [Featured Technotes |
| Recommended Fixes |
| Fixes listed by version |
Return to top of page
| [Online Self-Help Resources |
|
Return to top of page
| Upload Data to IBM Support |
Return to top of page
[{"Product":{"code":"SSCQGF","label":"Tivoli Directory Integrator"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"General","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.1;7.0;7.1;7.1.1;7.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
05 October 2023
UID
swg27045664