Layer7 Identity Management

How to troubleshoot Connector Server

By Andrew_Nguyen posted 04-19-2016 10:47 AM

  

Try to access the IAM Connector Server UI on HTTP://JCS_HOST:20080/main

Credentials to Connector Server UI:

Default username: Admin

Password: <Should be same password as provisioning manager>

 

 

If you can't access that site please attempt the following.

1) Stop the Java Connector Server service

 

2) Create a backup folder under ..\Connector Server\Data\ and copy the following folders into it:

..\Connector Server\Data\activemq

..\Connector Server\data\cache

..\Connector Server\data\derby

..\Connector Server\data\port

 

3) Create a backup folder under ..\Connector Server\jcs\data\jdbm\ and copy the following folders into it:

..\Connector Server\jcs\data\jdbm\etasa

..\Connector Server\jcs\data\jdbm\SA Configuration

 

4) Restart the Java Connector Server service (this will also recreate all of the above moved folders which will rebuild the filesystem DBs in use).

 

5) Once the JCS is fully up try to access the IAM Connector Server UI again

 

6) If you have any custom OSGi bundles that were previously deployed you can re-deploy them

 

7) Retest access of the endpoints from the Provisioning Manager

1 comment
7 views

Comments

12-15-2017 08:05 PM

Andrew,

 

I had a similar issue where one of the two (2) IAMCS servers was not starting the underlying TCP 20410/20411 network services.   The IAMCS management console would attempt to load but fail on one server, but was working fine on the other server.

 

 

 

To assist with the root discover, I requested both folders of the Connector Server to be zipped and uploaded to a CA Support Ticket.  

 

I used the WinMerge tool to view any deltas.   The property files for embedded service accounts and hashes appeared fine.   There were many delta under the data folders however.    

 

To help isolate the issue, I copied the working IAMCS connector to a sandbox.   I renamed my latest r14.1 ConnectorServer to a different name, then extracted the non-working version to the same folder structure.

 

 

I had to make one update, to ensure this "copied version" would start, due to a dependence on the im_ccs (CCS service starting).    Update the server_ccs.properties file with my sandbox CCS service password hash.

 

 

After I did that step, I could monitor the startup of the IAMCS (jcs) with no issues, and ensure that port TCP 20410/20411 was working fine.   Using netstat -an | findstr 20410

 

 

 

However, when I switched to the "non-working" IAMCS Connector Server folder.   I performed the same steps, but the TCP 20410/20411 would not start up in a LISTEN mode.    I reviewed the logs for any error message that would assist, but was unsuccessful in finding the root cause.

 

 

I was deciding to start copying folders from the "working version" to the "non-working version" to help isolate the delta to a possible corrupt file.

 

But before I started that effort, I did find your tech note, and it rang a bell with how we may address challenges with the JMS queue with JBOSS/Wildfly servers upon startup.

 

 

I performed your steps with MOVE operations instead of copy, however.

 

 

 

Restarted the IAMCS services, monitored with MS Sysinternal Process Explorer Tool, to watch it create network connections.

 

 

 

Success!!!

 

 

Thanks Andrew!

 

 

 

-A.