Tech Tip : CA Single Sign-On :: Policy server :: Enable policy server trace from registry

Discussion created by rahjo01.1 Employee on Jun 23, 2015

##### Tip Description


If for some reason you are not able to access your smconsole and you would like to have the policy server trace logs enabled ,you can use the  sm.registry (unix) to set to tracing on .


##### Provided Steps (example provided is for Policy server on Unix to note same applies on Windows by modifying the registry through for the same entries)


- running the following commands without setting the trace on from Registry "smpolicysrv -starttrace" and "smpolicysrv -stoptrace" will not have any effect.

- modify the sm.registry file to enable the tracing (requires a restart of the Policy) as follows


Under the "HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig=23250113" section, Modify the TraceConfig key by copying the value of the "TraceConfig1=" to it to

enable the trace .



Before (trace Disabled)



your two keys should be as follows

    TraceConfig=                                 ;  REG_SZ

    TraceConfig1= /usr/local/nete/siteminder/config/smtracedefault.txt;   REG_SZ


After ( Trace Enabled)


and now after copying the value of TraceConfig1= to TraceConfig= ,should be as follows

    TraceConfig=/usr/local/nete/siteminder/config/smtracedefault.txt;  REG_SZ

    TraceConfig1=/usr/local/nete/siteminder/config/smtracedefault.txt;   REG_SZ



After modifying the sm.registry file, you would need to re-start the Policy Server.