Sun Java System Portal Server 7.1 Deployment Planning Guide

Troubleshooting Secure Remote Access

This section describes how to capture information that Portal Server support personnel need to troubleshoot problems in your deployment.

To Check Secure Remote Access Status

Use the following command to check the status of Secure Remote Access:

get-sra-status -u amadmin -f /tmp/pwdfile

The following response is returned:

on

To Enable Secure Remote Access After Installation

Use the following psadmin cli command to enable the Secure Remote Access core after installation:

portal-server7.1-base/bin/psadmin switch-sra-status -u amadmin -f /tmp/pwdfile

The following response is returned:

on

To List the Secure Remote Access Instance

Use the following psadmin command to list the Secure Remote Access Instance:

portal-server7.1-base/bin/psadmin list-sra-instances -u amadmin -f /tmp/pwdfile -t gateway.

The following is displayed:

default:hostname.pstest.com|ip-address

To Start Secure Remote Access Instance

Use the following psadmin cli command to start the Secure Remote Access instance:

portal-server7.1-base/bin/psadmin start-sra-instance -u amadmin -f /tmp/passwd -N default -t gateway

The following is displayed:

For gateway-profile default, Secure Remote Access is not provisioned for any portal. Please run psadmin provision-sra for gateway-profile default or modify enableSRAForPortal.xml file for gateway-profile default and upload using amadmin before attempting to start the sra-instance.

To Provision Secure Remote Access Instance

Use the following psadmin cli command to provision a Secure Remote Access instance:

psadmin provision-sra -u amadmin -f /tmp/passwd -p portal1 --gateway-profile default --enable

To setup Non-authenticated URL List for Secure Remote Access

Edit the non authenticate URL list:

Edit a copy of the file, portalserver7.1_base/export/request/enableSRAforPortal.xml with correct values.

Note –

Edit the enableSRAforPortal.xml file to enable the unathenticated access to the portal desktop and to apply the default rewriter rules.

To enable the unauthenticated access to the Portal desktop, edit sunPortalGatewayNonAuthenticatedURLPath.
To apply the default rewriter rules edit, sunPortalGatewayDomainsAndRulesets.

Use the following command:

amadmin -u uid=amAdmin,ou=People,dc=pstest,dc=com -w password --data /opt/SUNWportal/export/request/enableSRAforPortal.xml --verbose --continue

Debugging the Gateway

To Check the Gateway Process

Use the following command to see if the gateway process is running:

/usr/ucb/ps -auxww | grep SRAP

The following response is displayed:

/usr/jdk/entsys-j2se/bin/java -Dgateway.profilename=default ... -Dgateway.notification.url=notification -Dgateway.keybase=/etc/opt/SUNWportal/cert/default -Dgateway.pass=/etc/opt/SUNWportal/cert/default/.jsspass -Dgateway.nickname=/etc/opt/SUNWportal/cert/default/.nickname -DLOG_COMPATMODE=Off -Djava.util.logging.config.file=/opt/SUNWam/lib/LogConfig.properties -Dcom.sun.portal.log.config.file=/etc/opt/SUNWportal/platform.conf.default -Dconf.suffix=default -Dserver.name=default -DSRAP_CONFIG_DIR=/etc/opt/SUNWportal com.sun.portal.netlet.eproxy.EProxy &

To Use Debugging

To turn debugging on or off, you set the level of debugging or set it to off. The following steps describe what to do.

You can enable to following debug options:
- debug.com.sun.portal.rewriter.original.level
- debug.com.sun.portal.level
- debug.com.sun.portal.rewriter.rulesetinfo.level
- debug.com.sun.portal.rewriter.uriinfo.level
com.iplanet.services.debug.level=FINEST
The debug levels are:
- OFF – No debug messages are logged.
- Severe – Only serious errors are logged in the debug file. Rewriter usually stops functioning when such errors occur.
- WARNING – Is a message level indicating a potential problem.
- FINEST - Indicates a highly detailed tracing message.

Secure Remote Access Log Files

Examine the following log files for errors.

/var/opt/SUNWportal/logs/sra/default/*log