Skip Headers
Oracle® Fusion Middleware Troubleshooting Guide for Oracle Mobile Security Suite
Release 3.0.1

Part Number E51929-03
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

2 Oracle Mobile Security Suite Diagnostic Tool

This chapter describes the Oracle Mobile Security Suite Diagnostic tool.

The Oracle Mobile Security Suite installation on Windows includes the diagnostic tool for troubleshooting the most common issues with the suite. After installation, this tool can be found in the distribution at:

install_directory\omss\tools\OMSSDiagnosticTool.exe

This chapter contains the following sections:

2.1 Installation Location Screen

After starting the Diagnostic Tool, the Oracle Mobile Security Suite installation location is shown. Click the Diagnose button. The results can be copied and pasted into the clipboard.

Surrounding text describes omss-dt-1.png.

2.2 Sample Output from the Diagnostic Tool

The following is an example of the output produced by the diagnostic tool for an operational Oracle Mobile Security Suite. In this example Mobile Security Access Server, Mobile Security Administrative Console, Mobile Security File Server, and Mobile Security Notification Server were installed on the same machine.

Surrounding text describes diagtool2.png.

2.3 Tests for Installation Summary

The results are displayed in the window. The following tests summarize what is installed:

Test Name Output/Description

Locate where Oracle Mobile Security Suite is installed

Oracle Mobile Security Suite is installed in C:\Program Files (x86)\Oracle\OMSS.

Mobile Security Access Server Version

The version of Mobile Security Access Server installed 3.0.0.n.n

Mobile Security Administrative Console (MSAC) Version

The version of Mobile Security Administrative Console installed 3.0.0.n.n

Mobile Security File Manager Version

The version of Mobile Security File Manager installed 3.0.0.n.n

Mobile Security Notification Server Version

The version of Mobile Security Notification Server installed 3.0.0.n.n

Verifies components and supporting components installed

Python 2.7.3 is installed.

Python 2.7.3 is installed in Mobile Security Access Server

M2Crypto is installed.

M2Crypto is installed in Mobile Security Access Server


2.4 Tests for Mobile Security Access Server

The following tests are performed for Mobile Security Access Server:

Name Output/Description

Verify Server Name is in DNS:

Found Server Name "bmaxdev.test.example.com" in httpd.conf file.

Successfully resolved server name present in httpd config file bmaxdev.test.example.com

Identify ports used by Mobile Security Access Server:

Port 80 found in httpd.conf file.

Port 80 is currently used by Mobile Security Access Server.

Port 443 found in httpd.conf file.

Port 443 is currently used by Mobile Security Access Server.

Identify server certificates:

Found SSL certificate "conf/ssl/bmaxdev.test.example.com-2k.pfx.pem" in the httpd.conf file.

Found SSL certificate key "conf/ssl/bmaxdev.test.example.com-2k.pfx.key" in the httpd.conf file.

Found SSL CA certificate chain "conf/ssl/devCA-FULL-Chain.cer" in the httpd.conf file.

Found SSL certificate file "conf/ssl/bmaxdev.test.example.com-2k.pfx.pem" in the Mobile Security Access Server installed location.

Found SSL certificate key file "conf/ssl/bmaxdev.test.example.com-2k.pfx.key" in the Mobile Security Access Server installed location.

Found SSL CA certificate chain file "conf/ssl/devCA-FULL-Chain.cer" in the BMAX installed location.

Identify Subject Alternative Names in certificate:

Subject Name found: bmaxdev.test.example.com

Subject Alternative Name found: bmaxdev.test.example.com

Subject Alternative Name found: *.example.prod

Subject Alternative Name found: *.example.dev

Subject Alternative Name found: *.cod.example.dev

Subject Alternative Name found: *.mw3.example.dev

Validate the subject name in the certificate is in DNS

Successfully resolved server name present in the subject property of certificate: bmaxdev.test.example.com

Match Server Name with certificate used by Mobile Security Access Server:

Successfully resolved server name:bmaxdev.test.example.com in the subject name and alternative subject name of certificate

Server name is present in the subject or subject alt name property of the certificate.

Displays if certificate is in Windows Certificate store

Mobile Security Access Server is not configured using CAPI

Show Certificate validation dates:

certificate valid from: May 28 06:45:45 2012 GMT

certificate valid to: May 28 06:45:45 2014 GMT

Verify that Mobile Security Access Server is running

Service "OMSS" found in the system and running successfully

Test Mobile Security Access Server:

Server name is present in the subject or subject alt name property of the certificate.

Service "OMSS" found in the system and running successfully.

Successfully accessed URL "http://bmaxdev.test.example.com/bmaxhealthcheck"

Successfully accessed URL "https://bmaxdev.test.example.com/bmaxhealthcheck"

Successfully accessed URL "https://bmaxdev.test.example.com:443/bmaxhealthcheck"

Report authentication configuration:

Primary auth type: KINIT. Backup auth type: KINIT

Primary auth type: OTP. Backup auth type: KINIT

Primary auth type: PKINIT. Backup auth type: TLP

Primary auth type: OAM. Backup auth type: OAM

Verify that KRB5 environment: Environment variable KRB5_CONF exists and value is:
C:\Program Files (x86)\Oracle\OMSS

\Program Files (x86)\Oracle\OMSS\gateway\conf\krb5.conf

Display the secure token expiration duration in minutes.

SToken expiry duration: 580

Verify Kerberos Realm/Active Directory domain, Forest and domain functional levels of each controller in the domain. Indicates if the domain controller is a Global Catalog for Active Directory. The version of Windows for the domain controller, and the Active Directory site Mobile Security Access Server will access:

Found Domain Name " bitzermobile.dev" in the krb5.conf file.

192.168.100.61

192.168.100.60

Successfully resolved domain name present krb5 config file: bitzermobile.dev

Domain Mode: Windows2003Domain

Forest Name: bitzermobile.dev

Domain Controller Name: b-devdc1.bitzermobile.dev IP Address: 192.168.100.60 GC: Y

Domain Controller OS Version: Windows Server 2008 R2 Standard

Domain Controller Site Name: Default-First-Site-Name

Domain Controller Name: b-devdc2.bitzermobile.dev IP Address: 192.168.100.61 GC: Y

Domain Controller OS Version: Windows Server 2008 R2 Standard

Domain Controller Site Name: Default-First-Site-Name

Display the Radius servers when Radius is configured in Mobile Security Access Server:

RADIUS Authentication server: win-rsa

Default realm:

Displays information on the integration between Mobile Security Access Server and Mobile Security Administrative Console:

Cron job bmax_updater summary: bmax_updater 7/30/2013 4:49:00 PM Ready

ECP service url: https://bmaxdev.test.example.com:443/ecp/ecpservice


Sample output is as follows:

Surrounding text describes diagtool3.png.

2.5 Tests for Mobile Security Administrative Console

The following test are performed for the Mobile Security Administrative Console:

Name Output/Description

Database used by Mobile Security Administrative Console

Microsoft SQL server is used in this example: The mssql database is used for Mobile Security Administrative Console.

Company Name and ID assigned by Oracle:

Company Name: Your Company

Company ID: 2308481841

SQL Server information:

SQL Server host name: devsql.bitzermobile.dev\sql1

SQL Server schema name: dbo

SQL Server instance name: sql1

SQL Server port number:

Note: No port means default port used (1443)

SQL service authentication type: win

Mobile Security Administrative Console Admin application database name

lattice_bmaxdev_24_107

Mobile Security Administrative Console reporting application database name

reporting_bmaxdev_24_107

Mobile Security Administrative Console audit application database name

audit_bmaxdev_24_107

SQL service authentication method used by Mobile Security Administrative Console:

In this example windows authentication was used:

SQL service authentication type: win

Reports on scheduled tasks that run and their status:

Cron job dashboard_summary summary: dashboard_summary 7/30/2013 5:28:00 PM Ready

Cron job map_latlong summary: map_latlong 7/30/2013 5:33:00 PM Ready

Cron job container_inactivity_action summary: container_inactivity_action 7/30/2013 5:13:00 PM Ready

Indicates if LDAP mapping to Mobile Security Administrative Console groups is enabled:

LDAP Group Sync is enabled

LDAP domain name: bitzermobile.dev

Specifies the Control Group used to register devices when LDAP Sync is enabled

LDAP control group: Mobile Users

Displays the credentials that are used to access LDAP when LDAP Sync is enabled.

LDAP user name: user1@example.dev

Displays the Mobile Security Administrative Console access groups:

System Admin group: Bitzer_system_admin

Company admin group: Bitzer_company_admin

Helpdesk group: Bitzer_helpdesk

Display background tasks and status:

Cron job ad_sync summary: ad_sync 7/30/2013 4:40:00 PM Ready

Certificate provision is enabled

Cron job container_provisioning summary: container_provisioning 7/30/2013 4:39:00 PM Ready


Here is sample output for the Mobile Security Administrative Console from the diagnostic tool:

Surrounding text describes diagtool4.png.

2.6 Tests for Mobile Security File Manager and Notification Server

The following tests are performed for Mobile Security File Manager and Mobile Security Notification Server:

Name Output/Description

Mobile Security Notification Server and Mobile Security File Manager configuration:

Mobile Security Notification Server url: https://bmaxdev.test.example.com:8443/bns

Mobile Security Notification Server uid: bmaxservice@bitzermobile.dev

Mobile Security File Manager server url: https://bmaxdev.test.example.com:8443

Mobile Security File Manager is installed.

Mobile Security Notification Server is installed.

State of servers running or stopped

Service "Oracle Application Server" found in the system and running successfully

Ports used by servers

HTTP port of Oracle Application Server:8080

HTTPS port of Oracle Application Server: 8443

Public Certificates used for SSL operations

Found SSL certificate "C:\Program Files (x86)\Oracle\OMSS\as\conf\ssl\bmax3-dev-gateway-cert.pfx.pem" in the server.xml file.

Found SSL certificate file "C:\Program Files (x86)\Oracle\OMSS\as\conf\ssl\bmax3-dev-gateway-cert.pfx.pem" in the Oracle Application Server installed location.

Found SSL certificate key file

Private Keys used for SSL operations

"C:\Program Files (x86)\Oracle\OMSS\as\conf\ssl\bmax3-dev-gateway-cert.pfx.key" in the server.xml file.

Found SSL certificate key file "C:\Program Files (x86)\Oracle\OMSS\as\conf\ssl\bmax3-dev-gateway-cert.pfx.key" in the Oracle Application Server installed location

Certificate chain used for server

Found SSL CA chain certificate file "C:\Program Files (x86)\Oracle\OMSS\as\conf\ssl\bitzerdev-CAchain.pem" in the Oracle Application Server installed location

Found SSL CA chain certificate file "C:\Example\OMSS\as\conf\ssl\bitzerdev-CAchain.pem" in the server.xml file.

Database used for Mobile Security Notification Server is MSSQL

Microsoft SQL server is used in this example: "mssql" database is used for Mobile Security Notification Server

Mobile Security Notification Server SQL Server information

Database is used for Mobile Security Notification Server: MSSQL

Database host name: devsql.example.dev

Database port number:

Database name: bns_bmaxdev_24_107

Database instance name: sql1

Note: No port means default port used (1443)

Windows authentication was selected

Mobile Security Notification Server service account

Mobile Security Notification Server Service user name: bmaxservice@bitzermobile.dev