Troubleshooting Secure Remote Access
This section describes how to capture information that Portal Server support personnel need to troubleshoot problems in your deployment.
To Check Secure Remote Access Status
-
Use the get-sra-status subcommand to check the status of the Secure Remote Access server:
get-sra-status -u amadmin -f /tmp/pwdfile
The following response is returned:
on
To Enable Secure Remote Access After Installation
-
Use the psadmin command to enable the Secure Remote Access server core after installation:
portal-server7.1-base/bin/psadmin switch-sra-status -u amadmin -f /tmp/pwdfile
The following response is returned:
on
To List the Secure Remote Access Instance
-
Use the following psadmin command to list the Secure Remote Access Instance:
portal-server7.1-base/bin/psadmin list-sra-instances -u amadmin -f /tmp/pwdfile -t gateway.
The following is displayed:
default:hostname.pstest.com|ip-address
To Start Secure Remote Access Instance
-
Use the following psadmin command to start the Secure Remote Access instance.
portal-server7.1-base/bin/psadmin start-sra-instance -u amadmin -f /tmp/passwd -N default -t gateway
The following is displayed:
For gateway-profile default, Secure Remote Access is not provisioned for any portal. Please run psadmin provision-sra for gateway-profile default or modify enableSRAForPortal.xml file for gateway-profile default and upload using amadmin before attempting to start the sra-instance.
To Provision a Secure Remote Access Instance
-
Use the psadmin command to provision a Secure Remote Access instance.
psadmin provision-sra -u amadmin -f /tmp/passwd -p portal1 --gateway-profile default --enable
To Set Up a Non-authenticated URL List for Secure
Remote Access
-
Edit the non-authenticated URL list:
Edit a copy of the file, portalserver7.1_base/export/request/enableSRAforPortal.xml with correct values.
Note –Edit the enableSRAforPortal.xml file to enable access to the portal desktop without authentication and to apply the default rewriter rules.
-
To enable the unauthenticated access to the Portal desktop, edit sunPortalGatewayNonAuthenticatedURLPath.
-
To apply the default rewriter rules edit, sunPortalGatewayDomainsAndRulesets.
Use the following command:
amadmin -u uid=amAdmin,ou=People,dc=pstest,dc=com -w password --data /opt/SUNWportal/export/request/enableSRAforPortal.xml --verbose --continue
-
Debugging the Gateway
To Check the Gateway Process
-
Use the following command to see if the gateway process is running:
/usr/ucb/ps -auxww | grep SRAP
The following response is displayed:
/usr/jdk/entsys-j2se/bin/java -Dgateway.profilename=default ... -Dgateway.notification.url=notification -Dgateway.keybase=/etc/opt/SUNWportal/cert/default -Dgateway.pass=/etc/opt/SUNWportal/cert/default/.jsspass -Dgateway.nickname=/etc/opt/SUNWportal/cert/default/.nickname -DLOG_COMPATMODE=Off -Djava.util.logging.config.file=/opt/SUNWam/lib/LogConfig.properties -Dcom.sun.portal.log.config.file=/etc/opt/SUNWportal/platform.conf.default -Dconf.suffix=default -Dserver.name=default -DSRAP_CONFIG_DIR=/etc/opt/SUNWportal com.sun.portal.netlet.eproxy.EProxy &
To Use Debugging
To turn debugging on or off, you set the level of debugging or set it to off.
-
Log in as root to the Gateway machine and edit the following file:
/etc/opt/SUNWportal/platform.conf.default
-
Enable the debug option.
For example:
-
debug.com.sun.portal.rewriter.original.level
-
debug.com.sun.portal.level
-
debug.com.sun.portal.rewriter.rulesetinfo.level
-
debug.com.sun.portal.rewriter.uriinfo.level
com.iplanet.services.debug.level=FINEST
The debug levels are:
-
OFF – Logs no debug messages.
-
Severe – Logs only serious errors in the debug file. Rewriter usually stops functioning when such errors occur.
-
WARNING – Logs errors that indicate a potential problem.
-
FINEST - Logs errors that indicate a highly detailed tracing message.
-
Secure Remote Access Log Files
Examine the following log files for errors.
/var/opt/SUNWportal/logs/sra/default/*log
- © 2010, Oracle Corporation and/or its affiliates