The following options allow you to view the status of multiple devices and identify the devices that are not healthy.
If your Access Manager components are not behaving as expected, check the system to see if any of the components have configuration or network problems.
In Administration Console Dashboard, click Troubleshooting > Configuration.
All the options should be empty, except Cached Access Gateway Configurations (see Step 4) and Current Access Gateway Configurations (see Step 5).
If any option contains an entry, clear it.
Select the appropriate action from the following table:
|
Option |
Description and Action |
|---|---|
|
Device Pending with No Commands |
Shows the devices that are in the pending state, even when all commands have successfully executed. Before deleting the device from this list, check its Command Status. If the device has any commands listed, select the commands, then delete them. Wait a few minutes. If the device remains in a pending state, return to this troubleshooting page. Find the device in the list, then click Remove. Administration Console clears the pending state. |
|
Other Known Device Manager Servers |
If a secondary Administration Console is in a non-reporting state, perhaps caused by hardware failure, its configuration needs to be removed from the primary Administration Console. As long as it is part of the configuration, other Access Manager devices try to contact it. If you cannot remove it by running the uninstall script on the secondary Administration Console, you can remove it by using this troubleshooting page. Click Remove next to the console that is in the non-reporting state. All references to the secondary Administration Console are removed from the configuration database. |
|
Access Gateways with Corrupt Protected Resource Data |
If you modify the configuration for a protected resource, update Access Gateway with the changes, then review the configuration for the protected resource and the changes have not been applied, the configuration for the protected resource is corrupted. Click Repair next to the protected resource that has a corrupted configuration. You should then be able to modify its configuration, and when you update Access Gateway, the changes should be applied and saved. |
|
Access Gateways with Duplicate Protected Resource Data |
After an upgrade, if you get errors related to invalid content for policy enforcement lists, you need to correct them. The invalid elements that do not have an associated resource data element are listed in this section. Click Repair. |
|
Access Gateways with Protected Resources Referencing Nonexistent Policies |
Protected resources have problems when policies are deleted before their references to the protected resources are removed. If you have protected resources in this condition, they are listed in this section. Click the Repair button to remove these references. Then verify that your protected resources have the correct policies enabled. Click Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Protected Resources, then change to the Policy View. |
|
Access Gateways with Invalid Alert Profile References |
You can create XML validation errors on your Access Gateway Appliance if you start to create an alert profile (click Access Gateways > Edit > Alerts > New), but you do not finish the process. The incomplete alert profile does not appear in the configuration for Access Gateway, so you cannot delete it. If such a profile exists, it appears in the Access Gateways with Invalid Alert Profile References list. Click Remove. You should then be able to modify its configuration, and when you update Access Gateway, the changes should be applied and saved. |
|
Devices with Corrupt Data Store Entries |
If an empty value is written to an XML attribute, the device with this invalid configuration appears in this list. Click Repair to rewrite the invalid attribute values. |
Click Access Gateways > Update > OK.
(Optional) Verify that all members of an Access Gateway cluster have the same configuration in the cache:
Click Troubleshooting > Configuration.
Scroll to the Cached Access Gateway Configuration option.
Click View next to the cluster configuration or next to an individual Access Gateway.
This option allows you to view Access Gateway configuration that is currently residing in browser cache. If Access Gateway belongs to a cluster, you can view the cached configuration for the cluster as well as the cached configuration for each member. The + and - buttons allow you to expand and collapse individual configurations. The configuration is displayed in XML format
To search for particular configuration parameters, you need to copy and paste the text into a text editor.
(Conditional) Select Access Gateway in the Current Access Gateway Configurations section, then click Re-push Current Configuration.
The Version page displays all the installed components along with their currently running version. Use this page to verify that you have updated all components to the latest compatible versions.
All components of the same type should be of the same version. If you have components that display multiple versions, identify the components that need to be upgraded and upgrade them to the newer version.
All components need to be running versions that are compatible with each other.
To view the current version of all Access Manager devices:
In Administration Console Dashboard, click Troubleshooting.
Click Version.
A list of the devices with their version information is displayed. If a device also has an Embedded Service Provider, the version of the Embedded Service Provider is also displayed.
The User Sessions page helps you to find users logged into your system and also helps to terminate their sessions if required. It displays the active user details for each Identity Server. You can search for a user with the user ID and terminate the sessions.
In Administration Console Dashboard, click Troubleshooting > User Sessions.
Specify the user ID and click Search. If a match is found, it lists the IP address of Identity Server and its sessions.
Click Terminate Sessions to terminate the sessions of the specific user.
NOTE:User details are fetched once per administration session. The last updated date is displayed. To refresh the data, click Refresh.
For more information about user sessions, see Section 32.3.28, Terminating an Existing Authenticated User from Identity Server.
The Policies page displays the policies that are in an unusable state because of configuration errors.
In Administration Console Dashboard, click Troubleshooting > Policies.
If you have configured a policy without defining a valid rule for it, the policy appears in this list.
Select the policy, then click Remove.
The System Alerts page displays how many unacknowledged alerts have been generated for all the devices imported into this Administration Console.
In Administration Console Dashboard, click Alerts.
To acknowledge and clear the alerts for a device, select the name of the server, then click Acknowledge Alerts.
The following columns display information about the alerts for each server.
|
Column |
Description |
|---|---|
|
Server Name |
Specifies the name of the server receiving alerts. Click the server name to view more information about an alert before acknowledging it. |
|
Severe |
Indicates how many severe alerts have been sent to the server. |
|
Warning |
Indicates how many warning alerts have been sent to the server. |
|
Informational |
Indicates how many informational alerts have been sent to the server. |