Mustgather: Collecting data for TLS problems on IBM DataPower Gateway Appliance

Troubleshooting

Problem

The following information is required for IBM Support to troubleshoot TLS problems with a IBM DataPower Gateway Appliance.

Visit the DataPower Gateway support page for more support content.

Need Help Opening a Case? See IBM Support for assistance.

Diagnosing The Problem

Step 1: Gather evidence of the current state of the appliance and its behavior

Copy/paste the following questions and provide the answers:

Provide detailed problem description, including copy of the error messages
What's the name of the DataPower service (for example, name of the MPGW) in use?
IP address of the remote endpoint where the problem is occurring.

Step 2: Setting up Log Level

*This must be done from the application domain.

Go to: WebGUI -> Control Panel -> Troubleshooting -> Logging section -> Set Log Level to "debug"

Step 3: Start Packet Capture across all interfaces to capture the issue:

*This must be done from the default domain:

Go to: WebGUI-> Control Panel -> Troubleshooting -> Packet Capture section

Interface Type: All Interfaces

Mode: Continuous

Max Size: 18000

Max Packet Size: 9000

Expression Filter: host #### (where #### is the hostname or IP address of the affected frontend client or backend server)

Log SSL Key = ON

Click Start Packet Capture

Video: How do I generate a Packet Capture

Step 4: Recreate the problem

Send a transaction to recreate the issue.

Step 5: Stop the Packet Capture

Go to: WebGUI -> Control Panel -> Troubleshooting -> Stop Packet Capture.

Download the packet capture - temporary:///capture.pcap

Download the SSL Key file - logtemp:///sslkeyfile.log

Step 6: Generate an Error Report

WebGUI -> Control Panel -> Troubleshooting -> Reporting Section -> click 'Generate Error Report'

Download the error-report from the temporary directory.

Look for a file with the pattern error-report.{appliance serial number}.{YYYYMMDDHHMMSSSSS}EST.txt.gz.

Video: How do I Generate an Error Report from WebGUI and CLI

Step 7: Upload the files to the IBM Datapower support case -

https://www.secure.ecurep.ibm.com/app/upload_sf

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"SSL","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"All versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Product Synonym

SSL;TLS

Was this topic helpful?

Document Information

Modified date:
14 November 2022

UID

ibm10732633

Tips