Symantec Privileged Access Management

Hi


1) http://servercm:8080/iam/ac >> shouldn't this be HTTPS instead of HTTP ?

regards,
Mohammed Mustansir

Hi,

If you check the server.log, does it show jboss starting with "program.name: run.bat" and also a line that reads 'sun.java.command: org.jboss.Main -b 0.0.0.0'?

Are you able to access EM from a remote browser using host name?

Thanks,
Gil Figueroa

i have tried with HTTP then it does not load the page.

Neither with IP nor HTTPS.

Hi

this could be a issue with DNS..., if you are able to use localhost and not the hostname, check if the DNS is working.

regards,
Mohammed Mustansir

Try this and note the results:

1) ping servercm

2) ping ip_of_servercm (not 127.....)

Questions:

1) during installation what information related to the server was defined? Name? Ip? Loopback?

2) any recently change in server configuration? Change of iP, name....?

3) any firewall or security product on the server?




Enviado desde mi iPhone

El 23/09/2013, a las 11:57, "CA Security Global User Community (Distributed)" <CommunityAdmin@communities-mail.ca.com> escribió:

Neither with IP nor HTTPS.
Posted by:cedenoaugusto
--
CA Communities Message Boards
101827571
mb.2254757.101825031@myca-email.ca.com
https://communities.ca.com

Hi,

Did you get a chance to check the jboss server.log? Also, can you access the ENTM UI from a remote machine?

Thanks,
Gil Figueroa

Thanks a lot for your answers.


===============================================

Gilbert:

I have checked dir_jboss/server/default/server.log
There are not any entry with this words.

How can I access the ENTM UI from a remote machine?

===============================================

Mohammed ,how can I check if the DNS is working? Maybe it is the problem, because I have set adress IP manual, because automatic allocation doesn't work.

===============================================

mmarin:

1) ping servercm.
Works fine.

2) ping ip_of_servercm (not 127.....).
Works fine too.

3) during installation what information related to the server was defined? Name? Ip? Loopback?
I think was the name.

4) any recently change in server configuration? Change of iP, name....?
The name of server before install was esoftwin09, I had changed the name, and then I installed the CA Control Minder.

5) any firewall or security product on the server?
NO.

===============================================

Thanks in advance.

Regards.

Sorry for my English.

Check the file: C:\Windows\System32\Drivers\etc\hosts.



Share with us the content.



From: CA Security Global User Community (Distributed) [mailto:CommunityAdmin@communities-mail.ca.com]
Sent: Tuesday, September 24, 2013 3:24 PM
To: mb.2254757.101835516@myca-email.ca.com
Subject: [CA ControlMinder (Access Control) General Discussion] RE: I can not access the admin page Minder Control



Thanks a lot for your answers.


===============================================

Gilbert:

I have checked dir_jboss/server/default/server.log
There are not any entry with this words.

How can I access the ENTM UI from a remote machine?

===============================================

Mohammed ,how can I check if the DNS is working? Maybe it is the problem, because I have set adress IP manual, because automatic allocation doesn't work.

===============================================

mmarin:

1) ping servercm.
Works fine.

2) ping ip_of_servercm (not 127.....).
Works fine too.

3) during installation what information related to the server was defined? Name? Ip? Loopback?
I think was the name.

4) any recently change in server configuration? Change of iP, name....?
The name of server before install was esoftwin09, I had changed the name, and then I installed the CA Control Minder.

5) any firewall or security product on the server?
NO.

===============================================

Thanks in advance.

Regards.

Sorry for my English.
Posted by:cedenoaugusto
--
CA Communities Message Boards
101838056
mb.2254757.101835516@myca-email.ca.com
https://communities.ca.com

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
192.168.1.38 esoftsol01

192.168.1.91 muxzone01
192.168.1.121
esoftlnx05


Thanks.

The IP address that I had set was 192.168.1.4, and it is the same currently.

The IP address that I had set was 192.168.1.4, and it is the same currently.

Can you add the line for the server…



IP FQDN Hostname



Example:



192.168.10.1 server.domain.com server



And test again.



From: CA Security Global User Community (Distributed) [mailto:CommunityAdmin@communities-mail.ca.com]
Sent: Wednesday, September 25, 2013 8:10 AM
To: mb.2254757.101840797@myca-email.ca.com
Subject: RE: [CA ControlMinder (Access Control) General Discussion] RE: I can not ac



# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
192.168.1.38 esoftsol01
192.168.1.91 muxzone01
192.168.1.121 esoftlnx05


Thanks.
Posted by:cedenoaugusto
--
CA Communities Message Boards
101843337
mb.2254757.101840797@myca-email.ca.com
https://communities.ca.com

The server works without domain.

I wrote in hosts file: 192.168.1.4 servercm

It does not work.

Thanks.

Hi Cedenoaugusto,

It is possible that jboss was not restarted and this is why you don't see the initialization lines in the server.log.

If you restart jboss, look for lines which reference 18080 to see if these lines give a clue.

You can check the jboss-4.2.3.GA\server\default\deploy\jboss-web.deployer\server.xml file and look for

Connector URIEncoding="UTF-8" acceptCount="150" address="${jboss.bind.address}" connectionTimeout="20000" disableUploadTimeout="true" emptySessionPath="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="250" port="18080" protocol="HTTP/1.1" redirectPort="8443"/>

Also, look at the boot.log in jboss-4.2.3.FA\server\default\log for the jboss bind address used. I believe it should be 0.0.0.0

As for trying to access the server from a remote server, I mean you can try to use a web browser from another machine to connect to the ENTM. Does this work using IP or host name?

Thanks,
Gil Figueroa

Hi Cedenoaugusto,

If this was not resolved yet - can you please share with us the below:

c:\jboss-4.2.3.GA\server\default\conf\accesscontrol.properties
c:\jboss-4.2.3.GA\server\default\deploy\IdentityMinder.ear\user_console_war\META-INF\ac-environment.properties
c:\jboss-4.2.3.GA\server\default\deploy\*-ds.xml
 

Now restart your jboss service, wait 2-3 min and then try to connect to your ENTM and send us the updated:

c:\jboss-4.2.3.GA\server\default\log\boot.log
c:\jboss-4.2.3.GA\server\default\log\server.log

Kind Regards,

Amit.