37.1 Checking for Potential Configuration Problems

If your Access Manager components are not running as you have configured them to run, you might want to check the system to see if any of the components have configuration or network problems.

  1. In the Administration Console, click Access Manager > Auditing > Troubleshooting > Configuration.

  2. All of the options should be empty, except the Cached Access Gateway Configurations option (see Step 4). If an option contains an entry, you need to clear it. Select the appropriate action from the following table:

    Option

    Description and Action

    Device Pending with No Commands

    If you have a device that remains in the pending state, even when all commands have successfully executed, that device appears in this list. Before deleting the device from this list, check its Command Status. If the device has any commands listed, select them, then delete them. Wait a few minutes. If the device remains in a pending state, return to this troubleshooting page. Find the device in the list, then click Remove. The Administration Console clears the pending state.

    Other Known Device Manager Servers

    If a secondary Administration Console is in a non-reporting state, perhaps caused by hardware failure, its configuration needs to be removed from the primary Administration Console. As long as it is part of the configuration, other Access Manager devices try to contact it. If you cannot remove it by running the uninstall script on the secondary Administration Console, you can remove it by using this troubleshooting page. Click the Remove button next to the console that is in the non-reporting state. All references to the secondary Administration Console are removed from the configuration database.

    Access Gateways with Incomplete Proxy Configuration

    If you start to configure a reverse proxy, but you fail to complete the process by configuring a proxy service and selecting an IP address and port, the file used to update the Access Gateway contains an invalid configuration. You can return to the Access Gateway, and either delete the partial configuration or complete it. These actions create a valid configuration that can then be used to update the server. Or, click the Remove button next to the proxy that has an incomplete configuration. This removes the invalid reverse proxy configuration.

    Access Gateways with Corrupt Protected Resource Data

    If you modify the configuration for a protected resource, update the Access Gateway with the changes, then review the configuration for the protected resource and the changes have not been applied, the configuration for the protected resource is corrupted. Click the Repair button next to the protected resource that has a corrupted configuration. You should then be able to modify its configuration, and when you update the Access Gateway, the changes should be applied and saved.

    Access Gateways with Duplicate Protected Resource Data

    After an upgrade, if you get errors related to invalid content for policy enforcement lists, you need to correct them. The invalid elements that do not have an associated resource data element are listed in this section. Click the Repair button to remove them.

    Access Gateways with Protected Resources Referencing Nonexistent Policies

    Protected resources have problems when policies are deleted before their references to the protected resources are removed. If you have protected resources in this condition, they are listed in this section. Click the Repair button to remove these references. Then verify that your protected resources have the correct policies enabled. Click Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Protected Resources, then change to the Policy View.

    Access Gateways with Invalid Alert Profile References

    You can create XML validation errors on your Linux Access Gateway if you start to create an alert profile (click Access Gateways > Edit > Alerts > New), but you do not finish the process. The incomplete alert profile does not appear in the configuration for the Access Gateway, so you cannot delete it. If such a profile exists, it appears in the Access Gateways with Invalid Alert Profile References list. Click the Remove button by the invalid profile. You should then be able to modify its configuration, and when you update the Access Gateway, the changes should be applied and saved.

  3. When you have finished repairing or deleting invalid Access Gateway configurations, click the Access Gateways link, then click Update > OK.

  4. (Optional) To verify that all members of an Access Gateway cluster have the same configuration in cache, click Auditing > Troubleshooting > Configuration.

  5. Scroll to the Cached Access Gateway Configuration option, then click View next to the cluster configuration or next to an individual Access Gateway.

    This option allows you to view the Access Gateway configuration that is currently residing in browser cache. If the Access Gateway belongs to a cluster, you can view the cached configuration for the cluster as well as the cached configuration for each member. The + and - buttons allow you to expand and collapse individual configurations. The configuration is displayed in XML format

    To search for particular configuration parameters, you need to copy and paste the text into a text editor.