Symantec Access Management

  • Private Community
Back to discussions
Expand all | Collapse all

smps log not getting updated

  • 1.  smps log not getting updated

    Posted Jun 15, 2016 09:45 PM

    Hi All, 

     

        We recently configured SiteMinder 12.5 on RHEL 6.6 machine (after OS upgrade from RHEL 5.11 to RHEL 6.6) and interestingly there are no errors getting logged in smps and smtracedefault logs after the configuration for the recent 2 servers.

     

      We have been configuring the same SiteMinder version on many OS upgraded RHEL 6.6 machines in past 2 months having identical configuration. We always used to observe the same generic errors logged even after the fresh install.

     

    For the recent 2 machines, smps.log logged the smpolicysrv process start and after then it is no more logging anything (file size is 0 everyday) and smtracedefault not logging any error at all. No auto-restarts logged ib smexec log either. This situation looks too good to be of any use and I suspect there could be an underlying issue. Wondering if anyone had incurred this situation ever.  



  • 2.  Re: smps log not getting updated

    Posted Jun 15, 2016 11:55 PM

    Hi Achyut ,

     

    What is your log rollover policy like ?

    Can you provide the content of all entries under following registry :

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig

     

    Regards,

    Ujwol



  • 3.  Re: smps log not getting updated

    Posted Jun 16, 2016 01:35 PM

    Hi Ujwol,

     

     

         Kindly provide the the path for that file in linux installation please.

     

    Thanks,

    Achut



  • 4.  Re: smps log not getting updated

    Posted Jun 16, 2016 01:42 PM

    <ps_install_path>/siteminder/registry/sm.registry



  • 5.  Re: smps log not getting updated

    Posted Jun 16, 2016 01:44 PM

    I hate when I type too fast...

     

    <ps_install_path>/ps/registry/sm.registry

     

    my apologies



  • 6.  Re: smps log not getting updated

    Posted Jun 16, 2016 02:59 PM

    Hi Samat,

     

    Thank you. My bad ! I saw that windows path and didn't notice the registry being mentioned. After configuring SiteMinder, we used to copy this sm.registry file from the already properly configured machine before starting the smpolicysrv process. I assure this registry file is correct and properly configured.

     

    Please find it's contents below:

     

    $ cat /opt/ca/siteminder/registry/sm.registry
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion=110339013
    InstallKey= {RC2}ekbR5nGvIui/7Sh7/TUG+cFkI/dPFKJveGaFhm+/EwQ=;      REG_SZ
    Label=                                    642;  REG_SZ
    Language=                                    ;  REG_SZ
    Location=                  /opt/ca/siteminder;  REG_SZ
    MasterKeyFile= /opt/ca/siteminder/bin/EncryptionKey.txt;       REG_SZ
    Update=                                 01.01;  REG_SZ
    Version=                                12.52;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Accounting=680721265
    Max Tunnel Buffer Size= 0x7fffe10;  REG_DWORD
    Tcp Idle Session Timeout= 0xa;  REG_DWORD
    Thread Pool Size=                         0x6;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Administration=876676898
    Max Tunnel Buffer Size= 0x7fffe10;  REG_DWORD
    Tcp Idle Session Timeout= 0xa;  REG_DWORD
    Thread Pool Size=                         0x6;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Authentication=673688043
    Max Tunnel Buffer Size= 0x7fffe10;  REG_DWORD
    Tcp Idle Session Timeout= 0xa;  REG_DWORD
    Thread Pool Size=                         0x6;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Authorization=166155028
    Max Tunnel Buffer Size= 0x7fffe10;  REG_DWORD
    Tcp Idle Session Timeout= 0xa;  REG_DWORD
    Thread Pool Size=                         0x8;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Crypto=886029114
    CryptoProvider=                             0;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database=469314042
    ConnectionHangwaitTime=                  0x46;  REG_DWORD
    ConnectionTimeout=                       0x41;  REG_DWORD
    LoginTimeout=                             0xf;  REG_DWORD
    OdbcBrandingLib=                 sminstallapi;  REG_SZ
    QueryTimeout=                            0x1e;  REG_DWORD
    UpdateSyncDelay=                            0;  REG_DWORD
    Version=                                  5.0;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\AdvancedAuth=511574399
    ConnectionIdleTimeout=                  0xe10;  REG_DWORD
    Data Source=            SiteMinder Adv Auth Data Source;        REG_SZ
    MaxConnections=                          0x19;  REG_DWORD
    Password=                                    ;  REG_SZ
    ProviderNamespace=                      ODBC:;  REG_SZ
    Use Default= 0x1;  REG_DWORD
    User Name= ;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\Default=835249873
    Data Source=            SiteMinder Data Source; REG_SZ
    Enabled=                                    0;  REG_DWORD
    MaxConnections=                          0x19;  REG_DWORD
    Password=                                    ;  REG_SZ
    ProviderNamespace=                      LDAP:;  REG_SZ
    User Name= ;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\Key=1004692331
    Data Source=            SiteMinder Keys Data Source;    REG_SZ
    Enabled=                                    0;  REG_DWORD
    MaxConnections=                           0x5;  REG_DWORD
    Password=                                    ;  REG_SZ
    ProviderNamespace=                      LDAP:;  REG_SZ
    Use Default= 0x1;  REG_DWORD
    User Name= ;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\Log=445926215
    Data Source=            SiteMinder Logs Data Source;    REG_SZ
    MaxConnections=                           0xf;  REG_DWORD
    Password=                                    ;  REG_SZ
    ProviderNamespace=                      TEXT:;  REG_SZ
    Use Default= 0;  REG_DWORD
    User Name= ;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\SessionServer=825532290
    Data Source=            SiteMinder Session Data Source; REG_SZ
    Enabled=                                    0;  REG_DWORD
    MaxConnections=                          0x10;  REG_DWORD
    Password=                                    ;  REG_SZ
    ProviderNamespace=                      LDAP:;  REG_SZ
    Use Default= 0;  REG_DWORD
    User Name= ;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database\Token=1031392153
    Data Source=            SiteMinder Tokens Data Source;  REG_SZ
    MaxConnections=                           0xa;  REG_DWORD
    Password=                                    ;  REG_SZ
    ProviderNamespace=                      ODBC:;  REG_SZ
    Use Default= 0;  REG_DWORD
    User Name= ;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Debug=297339848
    Console=                                    0;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds=250851840
    Namespaces=               LDAP:,ODBC:,Custom:;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\ClassFilters=863703163
    LDAP:= organization,organizationalUnit,groupOfNames,groupOfUniqueNames,group;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\DsCacheParms=447336096
    DsInfoEnabled=                            0x1;  REG_DWORD
    DsInfoMaxSizeMB=                         0x3c;  REG_DWORD
    DsInfoTimeoutSeconds=                   0xe10;  REG_DWORD
    UserPolicyCacheMaxSize=                 0x3e8;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\GroupClassFilters=856511255
    LDAP:= groupOfNames,groupOfUniqueNames,group; REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\LdapMatchUserDN=411075892
    group=                                 member;  REG_SZ
    groupOfNames=                          member;  REG_SZ
    groupOfUniqueNames=              uniqueMember;  REG_SZ
    organizationalRole=              roleOccupant;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\LDAPProvider=554314607
    EnableADEnhancedReferrals=                        0x1;  REG_DWORD
    EnableEnhancedReferrals=                          0x1;  REG_DWORD
    EnableObjectCategory=                       0;  REG_DWORD
    EnablePagingADNameSpace=                            0;  REG_DWORD
    EnableReferrals=                          0x0;  REG_DWORD
    MaxReferralHops=                          0xa;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\NamespaceProviders=435280537
    Custom:=                           smdscustom;  REG_SZ
    LDAP:=                               smdsldap;  REG_SZ
    ODBC:=                               smdsodbc;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\OrgClassFilters=608781584
    LDAP:= organization,organizationalUnit; REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\OrgResolution=608639299
    Group=                                      0;  REG_DWORD
    Role= 0;  REG_DWORD
    User= 0x1;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\PolicyClassFilters=20299376
    LDAP:= organizationalPerson,inetOrgPerson,organization,organizationalUnit,groupOfNames,groupOfUniqueNames,group;       REG_SZ
    ODBC:=                            Group, User;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\PolicyResolution=573126893
    container=                                0x5;  REG_DWORD
    DN Attribute= 0xa;  REG_DWORD
    Group=                                    0x2;  REG_DWORD
    Group Attribute= 0x8;  REG_DWORD
    groupOfNames=                             0x2;  REG_DWORD
    groupOfUniqueNames=                       0x2;  REG_DWORD
    inetOrgPerson=                            0x1;  REG_DWORD
    Org Attribute= 0x9;  REG_DWORD
    organization=                             0x5;  REG_DWORD
    organizationalPerson=                     0x1;  REG_DWORD
    organizationalRole=                       0x4;  REG_DWORD
    organizationalUnit=                       0x5;  REG_DWORD
    person=                                   0x1;  REG_DWORD
    Query=                                    0x6;  REG_DWORD
    residentialPerson=                        0x1;  REG_DWORD
    User= 0x1;  REG_DWORD
    User Attribute= 0x3;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\RoleClassFilters=509284027
    LDAP:=                     organizationalRole;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ds\UserClassFilters=89035123
    LDAP:= inetOrgPerson,organizationalPerson,person;      REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Ems=778943774
    SessionTimeout=                          0x1e;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\EventProvider=350477046
    Provider= /opt/ca/siteminder/lib/libXPSAudit.so; REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapKeyStore=336064150
    AdminDN= cn=admin,ou=Netegrity,o=smkeystore; REG_SZ
    AdminPW= {RC2}xHQ8Qo5tmhKTdqAH8lSR/wI8kvVzW4M6; REG_SZ
    Enabled=                                  0x1;  REG_DWORD
    PSRootDN=                        o=smkeystore;  REG_SZ
    Server=               10.16.200.154:17596 10.16.6.170:17596;    REG_SZ
    Use Default= 0;  REG_DWORD
    Use SSL=                                    0;  REG_DWORD
    Version=                                  5.0;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore=527993624
    AdminDN= cn=admin,ou=Netegrity,o=smpolicystore; REG_SZ
    AdminPW= {RC2}4J8fNldnR9cvVjRJDu3S4uv0W5s/p2fD; REG_SZ
    AppSdk=                                     0;  REG_DWORD
    CertDbPath= /opt/ca/siteminder/Certificatedb/cert8.db;      REG_SZ
    Enabled=                                  0x1;  REG_DWORD
    PSRootDN=                     o=smpolicystore;  REG_SZ
    Server=              10.16.200.154:17492 10.16.6.170:17492;     REG_SZ
    Use SSL=                                    0;  REG_DWORD
    Version=                                  5.0;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LdapSessionServer=380915405
    AdminDN=                                     ;  REG_SZ
    AdminPW=                                     ;  REG_SZ
    Enabled=                                    0;  REG_DWORD
    MaxConnections=                           0xa;  REG_DWORD
    Server=                                      ;  REG_SZ
    SSRootDN=                                    ;  REG_SZ
    Use Default= 0;  REG_DWORD
    Use SSL=                                    0;  REG_DWORD
    Version=                                  5.0;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\LogConfig=64331577
    BufferedTracing=                          0x1;  REG_DWORD
    FilesToKeep=                             0x64;  REG_DWORD
    LastRolloverTime=                           0;  REG_DWORD
    LogFile= /opt/ca/siteminder/log/smps.log; REG_SZ
    LogLocalTime=                             0x1;  REG_DWORD
    RolloverDays=                               0;  REG_DWORD
    RolloverInterval=                           0;  REG_DWORD
    RolloverOnStart=                          0x1;  REG_DWORD
    RolloverSize=                           0x5dc;  REG_DWORD
    RolloverTime=                                ;  REG_SZ
    TraceConfig= /opt/ca/siteminder/config/smtracedefault.txt;   REG_SZ
    TraceConfig1= /opt/ca/siteminder/config/smtracedefault.txt;   REG_SZ
    TraceConfig2=                                ;  REG_SZ
    TraceConfig3=                                ;  REG_SZ
    TraceConfig4=                                ;  REG_SZ
    TraceConsole=                               0;  REG_DWORD
    TraceDelim=                                  ;  REG_SZ
    TraceFilesToKeep=                         0xf;  REG_DWORD
    TraceFormat=                               sm;  REG_SZ
    TraceLastRolloverTime=                      0;  REG_DWORD
    TraceMode=                                  0;  REG_DWORD
    TraceOutput= /opt/ca/siteminder/log/smtracedefault.log;      REG_SZ
    TraceRolloverDays=                          0;  REG_DWORD
    TraceRolloverInterval=                      0;  REG_DWORD
    TraceRolloverOnStart=                     0x1;  REG_DWORD
    TraceRolloverSize=                       0x64;  REG_DWORD
    TraceRolloverTime=                           ;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Monitor=705871301
    Tcp Port=                              0xada1;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\ObjectStore=670149782
    AgentCmdStabilizationDuration=                    0xa;  REG_DWORD
    CacheEnabled=                             0x1;  REG_DWORD
    CacheLoadStartup=                         0x1;  REG_DWORD
    CacheSessionKey=                            0;  REG_DWORD
    DoNotAllowInvalidPolicyObjects=                     0;  REG_DWORD
    EnableKeyGeneration=                        0;  REG_DWORD
    EnableKeyUpdate=                          0x1;  REG_DWORD
    JournalDelete=                           0x39;  REG_DWORD
    JournalRefresh=                          0x39;  REG_DWORD
    KeyStoreEncryptionKey=  {RC2}L8Uj6klFCrf70T+F9mHHRHq519nMWTBZ;  REG_SZ
    KeyStoreProviderNamespace=                      LDAP:;  REG_SZ
    MaxObjects=                              0x5a;  REG_DWORD
    MaxTimeDeltaBetweenServers=                      0x3c;  REG_DWORD
    ProviderNamespace=                      LDAP:;  REG_SZ
    ServerCmdDelay=                           0xa;  REG_DWORD
    ServerCmdMsec=                            0x1;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\ObjectStore\NamespaceProviders=869449813
    LDAP:=                              smobjldap;  REG_SZ
    ODBC:=                              smobjodbc;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\PolicyServer=799315648
    Acct Tcp Port= 0xad99;  REG_DWORD
    Acct Udp Port= 0x66e;  REG_DWORD
    Adm Tcp Port= 0xad9c;  REG_DWORD
    Adm Udp Port= 0xad9c;  REG_DWORD
    Admin Enabled= 0x1;  REG_DWORD
    Admin UI Inactivity Timeout= 0;  REG_DWORD
    App Logfile= ;  REG_SZ
    App Logfile Append=                         0;  REG_DWORD
    Auth Tcp Port= 0xad9a;  REG_DWORD
    Auth Udp Port= 0x66d;  REG_DWORD
    Az Tcp Port= 0xad9b;  REG_DWORD
    Comm Log=                                   0;  REG_DWORD
    Comm Logfile= ;  REG_SZ
    Comm Logfile Append=                        0;  REG_DWORD
    Console Log= 0;  REG_DWORD
    Enable Null Value Response= 0;  REG_DWORD
    File Log=                                   0;  REG_DWORD
    Log Requests= 0;  REG_DWORD
    Log Responses= 0;  REG_DWORD
    Log Status= 0;  REG_DWORD
    Log Trace= 0;  REG_DWORD
    Max AdmComm Buffer Size= 0x7FFB4;  REG_DWORD
    Max Tunnel Buffer Size= 0x7fffe10;  REG_DWORD
    Radius Enabled= 0;  REG_DWORD
    Srv1= 0;  REG_DWORD
    Srv2= 0;  REG_DWORD
    Srv3= 0;  REG_DWORD
    Srv4= 0;  REG_DWORD
    SuspendTimeout=                         0xe10;  REG_DWORD
    Tcp Idle Session Timeout= 0xa;  REG_DWORD
    Tcp Max Server Connections= 0x2000;  REG_DWORD
    Tcp Port Enabled= 0x1;  REG_DWORD
    Thread Pool Size=                        0x20;  REG_DWORD
    PriorityThreadCount=                     0xF;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Publish=87373736
    PublishFile= /opt/ca/siteminder/log/smpublish.XML; REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports=797285480
    AffiliateFilter=                            0;  REG_DWORD
    AnonymousAuthFilter=                        0;  REG_DWORD
    AnonymousAzFilter=                          0;  REG_DWORD
    AuthFilter=                               0x1;  REG_DWORD
    AzFilter=                                 0x1;  REG_DWORD
    FilesToKeep=                              0xa;  REG_DWORD
    LastRolloverTime=                           0;  REG_DWORD
    LogAccess=                                0x1;  REG_DWORD
    LogObj=                                   0x1;  REG_DWORD
    RolloverDays=                               0;  REG_DWORD
    RolloverInterval=                           0;  REG_DWORD
    RolloverOnStart=                          0x1;  REG_DWORD
    RolloverSize=                             0xa;  REG_DWORD
    RolloverTime=                                ;  REG_SZ
    TxtLogFile= /opt/ca/siteminder/log/smaccess.log; REG_SZ
    UserAdminFilter=                          0x1;  REG_DWORD
    Worker Threads= 0x5;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Reports\NamespaceProviders=549970743
    ODBC:=                       smreportsodbclog;  REG_SZ
    SQLBulkInsertFlushInterval=                      0x3c;  REG_DWORD
    SQLBulkInsertFlushRowCount=                     0x3e8;  REG_DWORD
    SYSLOG:=                      smreportssyslog;  REG_SZ
    TEXT:=                       smreportstextlog;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\SessionServer=556251531
    MaintenancePeriod=                       0x3c;  REG_DWORD
    MaintenanceQueryTimeout=                         0x3c;  REG_DWORD
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\SessionServer\NamespaceProviders=287867832
    LDAP:=                      smssprovider_ldap;  REG_SZ
    ODBC:=                        smssprovider_db;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Tokens\CryptoCard\SerialNumberUserAttribute=390834408
    LanMan:=                                     ;  REG_SZ
    LDAP:=                                       ;  REG_SZ
    ODBC:=                                       ;  REG_SZ
    WinNT:=                                      ;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Tokens\Encotone=858122801
    A_CT= ;  REG_SZ
    A_DT= ;  REG_SZ
    B_CT= ;  REG_SZ
    B_DT= ;  REG_SZ
    C_CT= ;  REG_SZ
    C_DT= ;  REG_SZ
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Tokens\Encotone\SerialNumberUserAttribute=346380031
    LanMan:=                                     ;  REG_SZ
    LDAP:=                                       ;  REG_SZ
    ODBC:=                                       ;  REG_SZ
    WinNT:=                                      ;  REG_SZ

     

    Thanks,

    Achut



  • 7.  Re: smps log not getting updated

    Posted Jun 16, 2016 03:32 PM

    No placed to start except at the beginning...

     

    You are starting policy server with 'start-all' and as user 'smuser' (or some other non-prov account)?

     

    Can you provide output from:

    ls -l /opt/ca/siteminder/start-all

     

    Also verify that entire path to /opt/ca/siteminder/log is either owned by smuser (or equivalent) or world permissions allow write.



  • 8.  Re: smps log not getting updated

    Posted Jun 17, 2016 01:57 PM

    Hi Samat,

     

    Sorry for the delayed response. To clarify, smps.log is getting generated everyday as expected but not getting updated with anything else other than the expected logging of process stop or start logs, whenever there is a smpolicysrv process stop or start.

     

    Yes, we start policy server with 'start-all' and as 'smuser12' (belongs to smuser group), which is same ID we use to start in other functional systems as well, having the required privilges.

     

    $ ls -l /opt/ca/siteminder/start-all

    -rwxr-xr-x 1 smuser12 smuser 2225 Jun  7 14:01 /opt/ca/siteminder/start-all

    The content is verified and is same as that of the functional machine.

     

      And yes, the entire path to /logs/ca/smpolicy/logs is owned by smuser12 (smuser equivalent). We have validated the application functionality with this machine and everything seems to be working fine, but still there is unprecedented drastic consequences once we deploy production VMs using this machine as template and being exposed to live production (user) traffic. This is just been never observed before and smps.log used to be never empty.

     

    Thanks,

    Achut



  • 9.  Re: smps log not getting updated

    Posted Jun 17, 2016 02:45 PM

    OK.  Next I would do an lsof on the smpolicysrv process to verify that the smps.log file is opened by the process.  To do this, get the PID of the smpolicysrv process and enter this command on the server:

     

    lsof -p <PID>

     

    You will get a list of all open files for that process.  Yet again another sanity check.



  • 10.  Re: smps log not getting updated

    Posted Jun 17, 2016 03:36 PM

    Hi Samat,

     

    Please find the output for lsof -p <PID of smpolicysrv process>:

     

    COMMAND     PID USER   FD   TYPE             DEVICE  SIZE/OFF NODE NAME
    smpolicys 26033 smuser12  cwd DIR              253,6      4096 780290 /logs/ca/smpolicy
    smpolicys 26033 smuser12  rtd DIR              253,0      4096        2 /
    smpolicys 26033 smuser12  txt REG              253,4   1647039 7486 /opt/ca/siteminder/bin/smpolicysrv
    smpolicys 26033 smuser12  mem REG              253,4   2628589 7776 /opt/ca/siteminder/lib/libicui18n.so.49
    smpolicys 26033 smuser12  mem REG              253,4    107494 7950 /opt/ca/siteminder/lib/libsmreports.so
    smpolicys 26033 smuser12  mem REG              253,4    253755 7929 /opt/ca/siteminder/lib/libsmplatform.so
    smpolicys 26033 smuser12  mem REG              253,4    637592 7908 /opt/ca/siteminder/lib/libsmds.so
    smpolicys 26033 smuser12  mem REG              253,4     21036 7846 /opt/ca/siteminder/lib/libprldap60.so
    smpolicys 26033 smuser12  mem REG              253,4     11878 7834 /opt/ca/siteminder/lib/libplds4.so
    smpolicys 26033 smuser12  mem REG              253,0    142528 131641 /lib/ld-2.12.so
    smpolicys 26033 smuser12  mem REG              253,4     42823 7836 /opt/ca/siteminder/lib/libssldap60.so
    smpolicys 26033 smuser12  mem REG              253,4     71124 7866 /opt/ca/siteminder/lib/libsmmonapips.so
    smpolicys 26033 smuser12  mem REG              253,0     17896 151032 /lib/libdl-2.12.so
    smpolicys 26033 smuser12  mem REG              253,0     39712 151054 /lib/librt-2.12.so
    smpolicys 26033 smuser12  mem REG              253,4     62296 7896 /opt/ca/siteminder/lib/libsmjvmsupport.so
    smpolicys 26033 smuser12  mem REG              253,4     92928 7865 /opt/ca/siteminder/lib/libGCL.so
    smpolicys 26033 smuser12  mem REG              253,4    466183 7951 /opt/ca/siteminder/lib/libsmadmobj.so
    smpolicys 26033 smuser12  mem REG              253,4    253016 7955 /opt/ca/siteminder/lib/libsmvariable.so
    smpolicys 26033 smuser12  mem REG              253,4    100661 7895 /opt/ca/siteminder/lib/libsmfedconfig.so
    smpolicys 26033 smuser12  mem REG              253,4    647139 7960 /opt/ca/siteminder/lib/libsmcommonutil.so
    smpolicys 26033 smuser12  mem REG              253,4      9812 7899 /opt/ca/siteminder/lib/libsmidentity.so
    smpolicys 26033 smuser12  mem REG              253,4    235710 7956 /opt/ca/siteminder/lib/libsmconapi.so
    smpolicys 26033 smuser12  mem REG              253,4     16492 7847 /opt/ca/siteminder/lib/libplc4.so
    smpolicys 26033 smuser12  mem REG              253,4      4739 7864 /opt/ca/siteminder/lib/libfmdeploy.so
    smpolicys 26033 smuser12  mem REG              253,4     50153 7786 /opt/ca/siteminder/lib/libicuio.so.49
    smpolicys 26033 smuser12  mem REG              253,4    154230 7837 /opt/ca/siteminder/lib/libnssutil3.so
    smpolicys 26033 smuser12  mem REG              253,4     40549 7868 /opt/ca/siteminder/lib/libSmShutdownManager.so
    smpolicys 26033 smuser12  mem REG              253,4      6637 7885 /opt/ca/siteminder/lib/libJVMSupportAdapter.so
    smpolicys 26033 smuser12  mem REG              253,4     91444 7994 /opt/ca/siteminder/lib/libsmartheap_smp.so
    smpolicys 26033 smuser12  mem REG              253,4   1644225 7769 /opt/ca/siteminder/lib/libicuuc.so.49
    smpolicys 26033 smuser12  mem REG              253,4   2011709 7909 /opt/ca/siteminder/lib/libsmobj.so
    smpolicys 26033 smuser12  mem REG              253,4    497434 7962 /opt/ca/siteminder/lib/libsmi18n.so
    smpolicys 26033 smuser12  mem REG              253,4   1465438 7912 /opt/ca/siteminder/lib/libsmauth.so
    smpolicys 26033 smuser12  mem REG              253,4    684937 7888 /opt/ca/siteminder/lib/libsmaz.so
    smpolicys 26033 smuser12  mem REG              253,4    206392 7867 /opt/ca/siteminder/lib/libsmerrlog.so
    smpolicys 26033 smuser12  mem REG              253,4    422981 7937 /opt/ca/siteminder/lib/libsmradius.so
    smpolicys 26033 smuser12  mem REG              253,4    195074 7844 /opt/ca/siteminder/lib/libldap60.so
    smpolicys 26033 smuser12  mem REG              253,4    252121 7835 /opt/ca/siteminder/lib/libssl3.so
    smpolicys 26033 smuser12  mem REG              253,4    234904 7849 /opt/ca/siteminder/lib/libnspr4.so
    smpolicys 26033 smuser12  mem REG              253,4     11151 7958 /opt/ca/siteminder/lib/libsmagentfunccomponent.so
    smpolicys 26033 smuser12  mem REG              253,4      9955 7959 /opt/ca/siteminder/lib/libsmagentconmgrcomponent.so
    smpolicys 26033 smuser12  mem REG              253,4     27877 7942 /opt/ca/siteminder/lib/libsmservercomponent.so
    smpolicys 26033 smuser12  mem REG              253,4      9285 7944 /opt/ca/siteminder/lib/libsmisprotectedcomponent.so
    smpolicys 26033 smuser12  mem REG              253,4   3153123 7897 /opt/ca/siteminder/lib/libsmutilities.so
    smpolicys 26033 smuser12  mem REG              253,4  17955580 7770 /opt/ca/siteminder/lib/libicudata.so.49
    smpolicys 26033 smuser12  mem REG              253,4   5726758 7990 /opt/ca/siteminder/lib/libXPS.so
    smpolicys 26033 smuser12  mem REG              253,4    984957 7907 /opt/ca/siteminder/lib/libsmpolicyapi45.so
    smpolicys 26033 smuser12  mem REG              253,0    200024 151034 /lib/libm-2.12.so
    smpolicys 26033 smuser12  mem REG              253,0   1906308 136679 /lib/libc-2.12.so
    smpolicys 26033 smuser12  mem REG              253,4    231283 7840 /opt/ca/siteminder/lib/libsoftokn3.so
    smpolicys 26033 smuser12  mem REG              253,4     88033 7852 /opt/ca/siteminder/lib/libz.so.1
    smpolicys 26033 smuser12  mem REG              253,4    508441 7845 /opt/ca/siteminder/lib/libsqlite3.so
    smpolicys 26033 smuser12  mem REG              253,4     18979 7903 /opt/ca/siteminder/lib/libsmloginlogoutcomponent.so
    smpolicys 26033 smuser12  mem REG              253,4     10993 7891 /opt/ca/siteminder/lib/libsmisauthorizedcomponent.so
    smpolicys 26033 smuser12  mem REG              253,4     13611 7901 /opt/ca/siteminder/lib/libsmjavaapicomponent.so
    smpolicys 26033 smuser12  mem REG              253,4     10313 7796 /opt/ca/siteminder/lib/libtxmcomponent.so
    smpolicys 26033 smuser12  mem REG              253,4     13943 7971 /opt/ca/siteminder/lib/libsmfedservercomponent.so
    smpolicys 26033 smuser12  mem REG              253,4      9571 7874 /opt/ca/siteminder/lib/libsmdlpcomponent.so
    smpolicys 26033 smuser12  mem REG              253,4      9298 7953 /opt/ca/siteminder/lib/libsmgda.so
    smpolicys 26033 smuser12  mem REG              253,4      8961 7961 /opt/ca/siteminder/lib/libfipsmode.so
    smpolicys 26033 smuser12  mem REG              253,4     79412 7879 /opt/ca/siteminder/lib/libsmreportstextlog.so
    smpolicys 26033 smuser12  mem REG              253,4     77006 7933 /opt/ca/siteminder/lib/libsmprovider.so
    smpolicys 26033 smuser12  mem REG              253,4    116467 7982 /opt/ca/siteminder/lib/libIdMObjects.so
    smpolicys 26033 smuser12  mem REG              253,4     22301 7983 /opt/ca/siteminder/lib/libSPSObjects.so
    smpolicys 26033 smuser12  mem REG              253,4     20987 7977 /opt/ca/siteminder/lib/libSmCounters.so
    smpolicys 26033 smuser12  mem REG              253,4      9334 8335 /opt/ca/siteminder/lib/libsmshareddbcomponent.so
    smpolicys 26033 smuser12  mem REG              253,4   2432689 8253 /opt/ca/siteminder/CAPKI/Linux/x86/32/lib/libcaopenssl_ssl.so
    smpolicys 26033 smuser12  mem REG              253,4    483342 7813 /opt/ca/siteminder/lib/libimsds.so
    smpolicys 26033 smuser12  mem REG              253,4     16195 7807 /opt/ca/siteminder/lib/libsmimscomponent.so
    smpolicys 26033 smuser12  mem REG              253,4   4851784 8256 /opt/ca/siteminder/CAPKI/Linux/x86/32/lib/libcaopenssl_crypto.so
    smpolicys 26033 smuser12  mem REG              253,4    914300 7804 /opt/ca/siteminder/lib/libimsutil.so
    smpolicys 26033 smuser12  mem REG              253,4    173078 7993 /opt/ca/siteminder/lib/libXLogger.so
    smpolicys 26033 smuser12  mem REG              253,4    304959 7848 /opt/ca/siteminder/lib/libfreebl3.so
    smpolicys 26033 smuser12  mem REG              253,0     25596 151040 /lib/libnss_dns-2.12.so
    smpolicys 26033 smuser12  mem REG              253,4   7435288 137639 /opt/CAWily/CAWilySiteMinderManager/jre/lib/i386/server/libjvm.so
    smpolicys 26033 smuser12  mem REG              253,4   1418032 7883 /opt/ca/siteminder/lib/libsmobjldap.so
    smpolicys 26033 smuser12  mem REG              253,4     87466 7921 /opt/ca/siteminder/lib/libSmRLS.so
    smpolicys 26033 smuser12  mem REG              253,4   1003781 8259 /opt/ca/siteminder/CAPKI/Linux/x86/32/lib/libcapki.so
    smpolicys 26033 smuser12  mem REG              253,4   1604977 7808 /opt/ca/siteminder/lib/libsmobjldapims.so
    smpolicys 26033 smuser12  mem REG              253,4    451698 7988 /opt/ca/siteminder/lib/libXPSLDAP.so
    smpolicys 26033 smuser12  mem REG              253,4    476371 7898 /opt/ca/siteminder/lib/libsmtransactadapter.so
    smpolicys 26033 smuser12  mem REG              253,4    386474 7943 /opt/ca/siteminder/lib/libmigration.so
    smpolicys 26033 smuser12  mem REG              253,4    287047 7915 /opt/ca/siteminder/lib/libsmdsadapter.so
    smpolicys 26033 smuser12  mem REG              253,4    520996 7884 /opt/ca/siteminder/lib/libsmazuser.so
    smpolicys 26033 smuser12  mem REG              253,4   1277270 7985 /opt/ca/siteminder/lib/libSmObjects.so
    smpolicys 26033 smuser12  mem REG              253,0    930192 20228 /usr/lib/libstdc++.so.6.0.13
    smpolicys 26033 smuser12  mem REG              253,4   5426365 7812 /opt/ca/siteminder/lib/libsmobjims.so
    smpolicys 26033 smuser12  mem REG              253,4   1879887 7981 /opt/ca/siteminder/lib/libXPSEval.so
    smpolicys 26033 smuser12  mem REG              253,4   1665809 7880 /opt/ca/siteminder/lib/libsmobjadapter.so
    smpolicys 26033 smuser12  mem REG              253,4     79941 7890 /opt/ca/siteminder/lib/libsmauthhtml.so
    smpolicys 26033 smuser12  mem REG              253,0    103388 151052 /lib/libresolv-2.12.so
    smpolicys 26033 smuser12  mem REG              253,0     58708 151042 /lib/libnss_files-2.12.so
    smpolicys 26033 smuser12  mem REG              253,4   1499286 7892 /opt/ca/siteminder/lib/libsmtransactems2.so
    smpolicys 26033 smuser12  mem REG              253,4    170353 7947 /opt/ca/siteminder/lib/libsmdsplugin_AD.so
    smpolicys 26033 smuser12  mem REG              253,4    534971 7791 /opt/ca/siteminder/lib/libxerces-depdom.so.28
    smpolicys 26033 smuser12  mem REG              253,4    319513 7992 /opt/ca/siteminder/lib/libSmXlate.so
    smpolicys 26033 smuser12  mem REG              253,4    309723 7980 /opt/ca/siteminder/lib/libFssObjects.so
    smpolicys 26033 smuser12  mem REG              253,4   1946718 7984 /opt/ca/siteminder/lib/libFedObjects.so
    smpolicys 26033 smuser12  mem REG              253,0    131220 151050 /lib/libpthread-2.12.so
    smpolicys 26033 smuser12  mem REG              253,4    877152 12631 /opt/ca/siteminder/odbc/lib/libodbcinst.so
    smpolicys 26033 smuser12  mem REG              253,4    414544 7870 /opt/ca/siteminder/lib/libsmldapps.so
    smpolicys 26033 smuser12  mem REG              253,4    140696 7851 /opt/ca/siteminder/lib/libIntroscopeNativeDataAPI.so
    smpolicys 26033 smuser12  mem REG              253,4    307075 7989 /opt/ca/siteminder/lib/libEPMObjects.so
    smpolicys 26033 smuser12  mem REG              253,4     33706 7968 /opt/ca/siteminder/lib/libsmtransact.so
    smpolicys 26033 smuser12  mem REG              253,4    365356 7828 /opt/ca/siteminder/lib/libaceclnt.so
    smpolicys 26033 smuser12  mem REG              253,0    113912 151036 /lib/libnsl-2.12.so
    smpolicys 26033 smuser12  mem REG              253,4   1179884 7843 /opt/ca/siteminder/lib/libnss3.so
    smpolicys 26033 smuser12  mem REG              253,4      9893 7919 /opt/ca/siteminder/lib/libsmtunnelcomponent.so
    smpolicys 26033 smuser12  mem REG              253,4     12055 7927 /opt/ca/siteminder/lib/libsmdirectorycomponent.so
    smpolicys 26033 smuser12  mem REG              253,4    956748 7893 /opt/ca/siteminder/lib/libsmdsldap.so
    smpolicys 26033 smuser12  mem REG              253,4     14201 8254 /opt/ca/siteminder/CAPKI/Linux/x86/32/lib/libcapki_thread_posix.so
    smpolicys 26033 smuser12  mem REG              253,0    120672 131627 /lib/libgcc_s-4.4.7-20120601.so.1
    smpolicys 26033 smuser12  mem REG              253,4     11009 7869 /opt/ca/siteminder/lib/libsmodbccomponent.so
    smpolicys 26033 smuser12  mem REG              253,4     20631 7805 /opt/ca/siteminder/lib/libEventIntroscopeprovider.so
    smpolicys 26033 smuser12  mem REG              253,4    512493 7976 /opt/ca/siteminder/lib/libXPSAudit.so
    smpolicys 26033 smuser12  mem REG              253,4   1319476 12653 /opt/ca/siteminder/odbc/lib/libodbc.so
    smpolicys 26033 smuser12  mem REG              253,0    262024 25840 /usr/lib/libstdc++-3-libc6.2-2-2.10.0.so
    smpolicys 26033 smuser12  mem REG              253,4     73128 7978 /opt/ca/siteminder/lib/libSoaObjects.so
    smpolicys 26033 smuser12  mem REG              253,4     15617 7877 /opt/ca/siteminder/lib/libsmldapcomponent.so
    smpolicys 26033 smuser12  mem REG              253,4    144669 7842 /opt/ca/siteminder/lib/libnssdbm3.so
    smpolicys 26033 smuser12  mem REG              253,4   1528374 7878 /opt/ca/siteminder/lib/libsmauthcert.so
    smpolicys 26033 smuser12  mem REG              253,4     32371 7991 /opt/ca/siteminder/lib/libCDSObjects.so
    smpolicys 26033 smuser12  mem REG              253,4   4857935 7790 /opt/ca/siteminder/lib/libxerces-c.so.28
    smpolicys 26033 smuser12  mem REG              253,4  14516464 12630 /opt/ca/siteminder/odbc/lib/libNSicu27.so
    smpolicys 26033 smuser12  DEL REG                0,4             196612 /SYSV010416bc
    smpolicys 26033 smuser12  mem REG              253,0  99158576 23792 /usr/lib/locale/locale-archive
    smpolicys 26033 smuser12  mem REG              253,0     26058 1330 /usr/lib/gconv/gconv-modules.cache
    smpolicys 26033 smuser12  DEL REG                0,4             786447 /SYSV01042069
    smpolicys 26033 smuser12    0u CHR                1,3       0t0 3805 /dev/null
    smpolicys 26033 smuser12    1u CHR                1,3       0t0 3805 /dev/null
    smpolicys 26033 smuser12    2u CHR                1,3       0t0 3805 /dev/null
    smpolicys 26033 smuser12    3w REG              253,6         0 780335 /logs/ca/smpolicy/smps.log
    smpolicys 26033 smuser12    4w REG              253,6 102065617   780297 /logs/ca/smpolicy/smtracedefault.log
    smpolicys 26033 smuser12    5u IPv4           21787395       0t0      UDP localhost.localdomain:42247
    smpolicys 26033 smuser12    7u IPv4           21787396       0t0      UDP *:57756
    smpolicys 26033 smuser12    8u unix 0xffff880436342a80 0t0 21787401 socket
    smpolicys 26033 smuser12    9w REG              253,6       211 780338 /logs/ca/audit/xps-26033-20160615233855-1.audit
    smpolicys 26033 smuser12   10r REG              253,4     65536 8307 /opt/ca/siteminder/Certificatedb/cert8.db
    smpolicys 26033 smuser12   11r REG              253,4     16384 8308 /opt/ca/siteminder/Certificatedb/key3.db
    smpolicys 26033 smuser12   12u IPv4           21787439       0t0      TCP lvpma1985.gso.aexp.com:50214->LVPMA1018.gso.aexp.com:17492 (ESTABLISHED)
    smpolicys 26033 smuser12   13u IPv4           21787440       0t0      TCP lvpma1985.gso.aexp.com:56865->LVPMA1017.gso.aexp.com:17492 (ESTABLISHED)
    smpolicys 26033 smuser12   14u IPv4           21787514       0t0      TCP lvpma1985.gso.aexp.com:50217->LVPMA1018.gso.aexp.com:17492 (ESTABLISHED)
    smpolicys 26033 smuser12   15u IPv4           21787515       0t0      TCP lvpma1985.gso.aexp.com:54870->LVPMA1018.gso.aexp.com:17596 (ESTABLISHED)
    smpolicys 26033 smuser12   16u IPv4           21787516       0t0      TCP lvpma1985.gso.aexp.com:57432->LVPMA1017.gso.aexp.com:17596 (ESTABLISHED)
    smpolicys 26033 smuser12   17u IPv4           21787531       0t0      TCP lvpma1985.gso.aexp.com:54872->LVPMA1018.gso.aexp.com:17596 (ESTABLISHED)
    smpolicys 26033 smuser12   18w REG              253,6   5384090 780340 /logs/ca/smpolicy/smaccess.log
    smpolicys 26033 smuser12   19w REG              253,4         4 136892 /opt/CAWily/CAWilySiteMinderManager/SiteMinderManagerAgent/data/IntroscopeAPI.shm
    smpolicys 26033 smuser12   20u REG              253,4      2377 138405 /opt/CAWily/CAWilySiteMinderManager/SiteMinderManagerAgent/data/IntroscopeAPI.log
    smpolicys 26033 smuser12   21w REG              253,6     15657 780344 /logs/ca/audit/xps-26033-20160615233855-1.txn
    smpolicys 26033 smuser12   22w REG              253,6       226 780345 /logs/ca/audit/xps-26033-20160615233855-1.access
    smpolicys 26033 smuser12   23u IPv4           21789344       0t0      UDP *:44444
    smpolicys 26033 smuser12   24u IPv4           21789350       0t0      TCP *:44442 (LISTEN)
    smpolicys 26033 smuser12   25u IPv4           21789355       0t0      TCP *:44441 (LISTEN)
    smpolicys 26033 smuser12   26u IPv4           21789360       0t0      TCP *:44443 (LISTEN)
    smpolicys 26033 smuser12   27u IPv4           21789365       0t0      TCP *:44444 (LISTEN)
    smpolicys 26033 smuser12   29u IPv4           21789370       0t0      TCP localhost.localdomain:40570->localhost.localdomain:44449 (ESTABLISHED)
    smpolicys 26033 smuser12   31u IPv4           21790056       0t0      TCP lvpma1985.gso.aexp.com:33587->e3sso-ipc2mr2-vip3-ads.app.aexp.com:ldaps (ESTABLISHED)
    smpolicys 26033 smuser12   32u IPv4           21790053       0t0      TCP lvpma1985.gso.aexp.com:41581->e3sso-ipc2mr2-vip1-ads.app.aexp.com:ldaps (ESTABLISHED)
    smpolicys 26033 smuser12   33u IPv4           21790054       0t0      TCP lvpma1985.gso.aexp.com:47298->e3sso-ipc2mr2-vip4-ads.app.aexp.com:ldaps (ESTABLISHED)
    smpolicys 26033 smuser12   34u IPv4           21790055       0t0      TCP lvpma1985.gso.aexp.com:39551->e3sso-ipc2mr2-vip2-ads.app.aexp.com:ldaps (ESTABLISHED)
    smpolicys 26033 smuser12   35u IPv4           21790084       0t0      TCP lvpma1985.gso.aexp.com:41585->e3sso-ipc2mr2-vip1-ads.app.aexp.com:ldaps (ESTABLISHED)
    smpolicys 26033 smuser12   36u IPv4           21790086       0t0      TCP lvpma1985.gso.aexp.com:41586->e3sso-ipc2mr2-vip1-ads.app.aexp.com:ldaps (ESTABLISHED)
    smpolicys 26033 smuser12   37u sock                0,6       0t0 21790088 can't identify protocol
    smpolicys 26033 smuser12   38u IPv4           21790090       0t0      TCP lvpma1985.gso.aexp.com:39556->e3sso-ipc2mr2-vip2-ads.app.aexp.com:ldaps (ESTABLISHED)
    smpolicys 26033 smuser12   39u sock                0,6       0t0 21790092 can't identify protocol
    smpolicys 26033 smuser12   40u IPv4           21790147       0t0      TCP lvpma1985.gso.aexp.com:33594->e3sso-ipc2mr2-vip3-ads.app.aexp.com:ldaps (ESTABLISHED)
    smpolicys 26033 smuser12   41u IPv4           21790149       0t0      TCP lvpma1985.gso.aexp.com:33595->e3sso-ipc2mr2-vip3-ads.app.aexp.com:ldaps (ESTABLISHED)
    smpolicys 26033 smuser12   42u sock                0,6       0t0 21790151 can't identify protocol
    smpolicys 26033 smuser12   43u IPv4           21790153       0t0      TCP lvpma1985.gso.aexp.com:47310->e3sso-ipc2mr2-vip4-ads.app.aexp.com:ldaps (ESTABLISHED)
    smpolicys 26033 smuser12   44u sock                0,6       0t0 21790155 can't identify protocol

     

    Thanks,

    Achut



  • 11.  Re: smps log not getting updated

    Posted Jun 17, 2016 05:29 PM

    So I see you are logging to /logs/ca/smpolicy/smps.log but you've defined in the registry the path to be /opt/ca/siteminder/log/smps.log.  Assuming a symbolic link somewhere.  Verify the path for /opt as well as /logs is owned and writable by smuser12.  Verify the actual symbolic link is writable by smuser12.



  • 12.  Re: smps log not getting updated

    Posted Jun 17, 2016 05:59 PM

    Hi Samat,

     

    Yes, we have softlink from: /opt/ca/siteminder/log  to  /logs/ca/smpolicy/ , to ensure all logs are collected in /logs path on our servers.

     

    And in both paths, they are under smuser12 ownership and appropriate permissions.

     

    Thanks,

    Achut



  • 13.  Re: smps log not getting updated

    Posted Jun 20, 2016 06:46 PM

      Also it's way too weird that there are no logging of any handshake errors at all on this new machine, while the old one we used as a reference to configure everything on this machine has handshake errors getting logged continuously.

     

    Another newly configured machine in lower environment has been continuously logging handshake errors while there are no webagent requests at all in smaccess.log . This is even more spookier as well. Getting no conclusion regarding from where these handshake errors are arising from and tried to check from CA discussions but couldn't reach to RCA. Guidance requested for troubleshooting.

     

    [14237/4087053168][Mon Jun 20 2016 15:42:59][CServer.cpp:2138][ERROR][sm-Server-01070] Failed handshake with 139.71.220.5:55651

    [14237/4045093744][Mon Jun 20 2016 15:43:02][CServer.cpp:1966][ERROR][sm-Tunnel-00010] Bad security handshake attempt. Handshake error: 3159

    [14237/4045093744][Mon Jun 20 2016 15:43:02][CServer.cpp:1971][ERROR][sm-Tunnel-00020] Handshake error: Failed to receive client hello. Client disconnected

     

    Thanks,
    Achut



  • 14.  Re: smps log not getting updated

    Posted Jun 20, 2016 07:24 PM

    Hi Achut,

     

    I think at this point in time , this issue needs some advanced troubleshooting so would be good if you could create a CA support case.

     

    If you are available right now, I can probably have a remote session and assist you ?

     

    Regards,

     

    Ujwol Shrestha



  • 15.  Re: smps log not getting updated

    Posted Jun 20, 2016 07:31 PM

    Hello Ujwol,

     

    Sounds Perfect ! I will get a case assigned right away. Yes, I would be available for few more hours for the troubleshooting session.

     

    Thanks,
    Achut



  • 16.  Re: smps log not getting updated

    Posted Jun 20, 2016 08:00 PM

    Hi Ujwol,

     

      Have got CA case# 436963 assigned for the mentioned issues. Kindly forward the remote session details to my contact email address mentioned in the case, if currently feasible.

     

    Thanks,

    Achut



  • 17.  Re: smps log not getting updated
    Best Answer

    Posted Jun 20, 2016 10:10 PM

    Hi Achut,

     

    Thank you for your time today to troubleshoot the case, here is the summary of action we performed to confirm that the Policy server is working as expected.

     

     

    -We first restarted Policy server and ensured that the Policy server startup message is logged properly in the smps.log.

    This includes messages about Policy Server Version, TIme Zones, Ports, Policy Store details etc and the fact that how many Policy store objects are loaded from the policy store.

    As, all of these were logged , there didn't seem to be any problem logging the startup messages in the smps.log

     

     

    - Next, we tested whether Policy server is able to print the statistics message in the smps.log. For this, we first sourced the Policy server environment script (ca_ps_env.ksh) and then from the policy server bin folder executed the command :

    ./smpolicysrv -stats

     

     

    When this command was executed, it updated the smps.log with the Policy server statistics information as expected.

     

     

    - As this was a production environment , we were not able to perform any negative scenario testing to see if the Policy server is able to log error condition in the smps.log, but given the fact that Informational messages are logged with no issue, I don't see any reason why it won't be able to run the error messages.

     

     

    -For your information, Policy server log (smps.log) is designed to log only messages related to Policy server status (e.g startup, statistics, or any error condition specific to it being unable to connect to any components like policy store/user store/webagents etc.) It is not supposed to log any error messages related to user transaction like user not being authenticated/not authorized etc.

     

     

    -Next ,we verified the policy server trace log (smtracedefault.log) and it was logging in the all the user/agent transacations like IsProtected/IsAuthenticated/IsAuthorized etc. So this also didn't seem to have any issue logging in the messages. As this Policy server is currently configured with only one webagent/webserver, there were not that many request coming through. But once this is configured in your live environment and with multiple web agents, you are expected to see some failed user transactions like authentication/authorization failures etc. Bug again, as this was your production environment we weren't' able to perform any negative scenario testing.

     

     

    So ,in conclusion, as per the testing we performed during the remote session , I do not see any problem related to logging in this particular setup.

     

    As per your consent, we then finally agreed to mark this case/thread as resolved.

     

     

    Cheers,

    Ujwol Shrestha

    Ujwol's Single Sign-On Blog



  • 18.  Re: smps log not getting updated

    Posted Jun 20, 2016 10:26 PM

    Hi Ujwol,

     

    Thanks a ton for your time and quick resolution for all the posted the queries.

     

    Thanks,
    Achut



  • 19.  Re: smps log not getting updated

    Posted Jun 16, 2016 06:04 AM

    Hello,

     

    You can try to run a strace on the PS process to track system call and check why no logs are generated. Maybe not enough permissions... Are you running PS as root ? With the user that you installed with ?

     

    You can view the /var/log/messages if there is anything recorded. Do you have SE linux enabled ?

     

    Hope it helps,

    Julien.



  • 20.  Re: smps log not getting updated

    Posted Jun 16, 2016 03:37 PM

    Hi Julein,

     

      Our current server administrator is unaware of running strace and we do not have the application expert who can analyze strace output. We are running PS using privileged service ID that has privileges lesser than root user. It's the same way configured on all other functional systems. We have SE Linux disabled on our machines. Currently trying to get the messages file from our server administrator to check if anything got logged.

     

    Thanks,

    Achut