|
| Sun ONE Portal Server 6.0 Deployment Guide |
Appendix A Troubleshooting Your Portal Deployment
This appendix describes how to troubleshoot Sun™ ONE Portal Server and Sun™ ONE Portal Server, Secure Remote Access.
This appendix contains the following sections:
Troubleshooting Sun ONE Portal Server
This sections contains troubleshooting information for core Portal Server.
UNIX Processes
For the portal to be functioning properly, check that the following root-owned processes are running. Use the ps command to see this output.
Directory Server:
/ns-slapd -D /usr/ldap/slapd-server -i /usr/ldap/slapd-server/logs/pid
Identity Server:
/opt/SUNWam/bin/doUnix -c 8946
Portal Server:
./uxwdog -d /opt/SUNWam/servers/https-server/config
ns-httpd -d /opt/SUNWam/servers/https-server/config
ns-httpd -d /opt/SUNWam/servers/https-server/config
Admin Web Server (optional, but usually running):
./uxwdog -d /opt/SUNWam/servers/https-admserv/config
ns-httpd -d /opt/SUNWam/servers/https-admserv/config
ns-httpd -d /opt/SUNWam/servers/https-admserv/config
Log Files
Examine the following log files for errors.
Web Server (errors and access):
/opt/SUNWam/servers/https-server/logs
Directory Server:
/var/opt/SUNWam/logs
Recovering the Search Database
The Search database maintains recoverable transaction logs. Thus, under normal circumstances, you do not have to do anything to recover the database. Recovery from errors and transient conditions such as a full disk are straight forward. If desired, maintain Search database archives and restore from an archive in case you lost the entire database. In this scenario, you would copy the archive to the original database to recover it.
To recover the database, first stop all processes accessing the database, including the Portal Server instance. Then use the rdmgr -R command to recover.
Stopping and Starting Portal Server
Use the following commands to stop and start the portal and its associated processes. You do not need to stop the server to restart it. If you start a server that is already running, the server is stopped and restarted.
To Stop and Start Portal Server
To stop Portal Server, type:
/etc/init.d/amserver stop
To start Portal Server, type:
/etc/init.d/amserver start
To start multiple instances of Portal Server, type:
/etc/init.d/amserver startall
Working with the Display Profile
If you need to troubleshoot the XML contents of your portal's display profile, it is useful to extract it to a file for examination. At some point in the troubleshooting process, it might be useful to reload the display profile.
To Extract the Display Profile
- Log in as administrator.
- Use the dpadmin command to extract the display profile. For example:
./dpadmin list -u "uid=amAdmin,ou=People,o=sesta.com,o=isp" -w password -d "o=sesta.com,o=isp" > /tmp/displayxml
This examples puts the contents of the display profile into the /tmp/displayxml file.
To Reload the Display Profile
- Log in as administrator.
- Use the dpadmin command to reload the display profile. For example:
./dpadmin modify -u "uid=amAdmin,ou=People,o=sesta.com,o=isp" -w password -d "o=sesta.com,o=isp" /tmp/updated_displayxml
This examples reloads the contents of the display profile from the /tmp/updated_displayxml file.
High CPU Utilization for Portal Server Instance
When using the Cisco Content Services Switch, you might see a very high CPU utilization on the Portal Server instance with Sun™ ONE Web Server error file showing the following message every five seconds.
[20/Jan/2003:16:53:36] failure ( 5926): Error accepting connection -5928, oserr=130 (Connect aborted)
The cause of this error is a "sticky bit" setting within the Cisco Content Services Switch that is causing these errors. These load balancers periodically ping the servers (every five seconds) to verify that they are alive. After turning off the "sticky bit" setting, which disables the ping to the server every 5 seconds, the errors will no longer show up in Web Server.
To Configure a Sun ONE Portal Server Instance to Use an HTTP Proxy
If the Portal Server software is installed on a host that cannot directly access certain portions of the Internet or your intranet, you can receive errors. For example, when using the SampleSimpleWebService provider, you might see the following error when the proxy has not been configured:
java.net.UnknownHostException: services.xmethods.net
To configure usage of an HTTP proxy for a Portal Server instance:
- Change directories to the directory server base directory containing the configuration for the instance.
cd /BaseDir/SUNWam/servers/https-servername/config
- Edit the jvm12.conf file within this directory and add the following lines:
http.proxyHost=proxy_host
http.proxyPort=proxy_port
http.nonProxyHosts=portal_host
where proxy_host is the fully-qualified domain name of the proxy host, proxy_port is the port on which the proxy is run, and portal_host is the fully qualified domain name of the portal host.
Troubleshooting Sun ONE Portal Server, Secure Remote Access
This section describes how to capture information that Sun ONE support personnel need to troubleshoot problems in your deployment.
Introduction to shooter
The shooter tool captures all the information that the development and support team will require to troubleshoot problems in your deployment of the Sun ONE Portal Server, Secure Remote Access. You can also run this tool on a Portal Server machine.
This tool captures the following data:
- Installation type - Determines if the installation has Portal Server, Portal Server with Secure Remote Access support, or Portal Server with Secure Remote Access
- System configuration related information - Determines the host, domain, operating system, version, CPU type and speed, clock speed, and memory available
- Processors, processor sets, and the Secure Remote Access processes bound to them
- Secure Remote Access installation log
- The platform.conf file(s)
- The settings in the gateway script such as the JVM™ settings including heap usage, and library path
- Gateway service settings
- Tuning settings in various files used for configuring Sun™ ONE Identity Server, Sun™ ONE Directory Server, and Sun ONE Web Server
- Output of the Java™ garbage collection
- A memory or process footprint while the gateway was being used
- Formatted debug log files
- Rewriter rulesets
Note This tool collects information only for the instance of the gateway that you specified during installation.
Using shooter
The shooter tool includes five files as described below.
shooter.sh
This is the main script. Run this script after a test or just before starting a test on the Secure Remote Access installation.
To run shooter, type:
./shooter.sh
This tool collects data under a temporary folder and displays the folder name.
gctool.pl
This script collects and formats the garbage collection output from the JVM.
To run gctool, start the gateway, and type the following to redirect the output to this script and allow collection throughout the test.
/etc/init.d/gateway -n default start | gctool.pl
Note Before running gctool, ensure that you include -verbose:gc in the gateway script in the "CMD" section. Along with the other VM parameters mentioned in "To Edit the Gateway Script", the line in the gateway script resembles the following:
-server -verbose:gc -Xms1G -Xmx2G -XX:+OverrideDefaultLibthread -XX:ThreadStackSize=128 -XX:MaxPermSize=128M -XX:PermSize=128M -XX:MaxNewSize=256M -XX:NewSize=256M
At the end of the test period, run shooter to collect the output of gctool along with other data.
memfoot.sh
This script tracks the memory footprint of a process. Start this script after starting the gateway and allow it to run during the duration of the test. The largest process with the given name or PID is tracked after every specified number of seconds.
To run memfoot, type:
./memfoot java 60
The output of this script is a time-stamped process status file. The shooter tool collects this output along with the rest of the data.
uniq.pl
This script is used internally by shooter to find unique lines and their count. The advantage over the system uniq script is that it finds non-adjacent unique lines.
GWDump.class
This class is called internally by shooter to obtain the gateway settings in the administration console.
Secure Remote Access Log Files
Examine the following log files for errors.
Gateway:
/var/opt/SUNWam/logs/srapGateway_gateway_hostname_gateway_profile_name
NetFile:
/var/opt/SUNWam/logs/srapNetFile
Netlet:
/var/opt/SUNWam/logs/srapGateway_gateway_hostname_gateway_profile_name