2. Agenda
– SSO architecture
– Symptoms of SSO not running or malfunctioning
– Suggested troubleshooting procedure
– Case studies
– Useful command line options
4. SSO 5.1 architecture
• Status for the actual java wrapper
• Does not reflect the status of the 4 sub systems
• IMS (https://localhost:7444/ims/STSService?wsdl)
• Lookupservice (https://localhost:7444/lookupservice/sdk)
• ROOT (vFabric) (https://localhost:7444)
• SSO-Adminserver (https://localhost:7444/sso-adminserver/sdk)
6. Symptoms of SSO not running or malfunctioning 1/3
• vCenter Server unable to start
vpxd.log:
2013-05-19T02:45:27.312-07:00 [04628 info '[SSO][CreateSsoFacade]'] [CreateUserDirectory] STS URI set to: https://vCenter.newhire.local:7444/ims/STSService?wsdl
2013-05-19T02:45:27.312-07:00 [04628 info '[SSO][CreateSsoFacade]'] [CreateUserDirectory] Admin URI set to: https://vCenter.newhire.local:7444/sso-adminserver/sdk
2013-05-19T02:45:27.312-07:00 [04628 info '[SSO][CreateSsoFacade]'] [CreateUserDirectory] Groupcheck URI set to: https://vCenter.newhire.local:7444/sso-adminserver/sdk
2013-05-19T02:45:27.555-07:00 [04628 error 'Default'] Found dangling SSL error: [0] error:00000001:lib(0):func(0):reason(1)
2013-05-19T02:45:27.555-07:00 [04628 error 'Default'] Found dangling SSL error: [1] error:00000001:lib(0):func(0):reason(1)
2013-05-19T02:45:27.555-07:00 [04628 error '[SSO][SsoFactory_CreateFacade]'] Unable to create SSO facade: vmodl.fault.SystemError.
2013-05-19T02:45:27.555-07:00 [04628 error 'vpxdvpxdMain'] [Vpxd::ServerApp::Init] Init failed: Vpx::Common::Sso::SsoFactory_CreateFacade(sslContext, ssoFacadeConstPtr)
--> Backtrace:
[…]
2013-05-19T02:45:27.556-07:00 [04628 error 'Default'] Failed to intialize VMware VirtualCenter. Shutting down...
7. Symptoms of SSO not running or malfunctioning 2/3
• No login possible in the Web Client / vSphere Client
8. Symptoms of SSO not running or malfunctioning 3/3
• Installation of dependent services failing (Inventory Service, vCenter Server, Web Client)
10. Suggested troubleshooting procedure 1/3
• Check in services.msc if the service is running
• Remember that this only referes to the wrapper and tomcat
• Check for used ports
• Look at the most recent catalina.log
• Look at the most recent localhost.log
• Look at the imsSystem.log
• Look at the config.txt
• Look at the database
11. Suggested troubleshooting procedure 2/3
Java exceptions are hard to read without being filtered for useful information
• Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception
is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Cannot open database "RSA" requested by the login. The login failed.)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:286)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:993)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:897)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:626)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:407)
at com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext.access$001(SecurityAwareClassPathXmlApplicationContext.java:27)
at com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext$1.run(SecurityAwareClassPathXmlApplicationContext.java:164)
at com.rsa.ims.security.spi.SimpleSecurityContextImpl.doAs(SimpleSecurityContextImpl.java:82)
at com.rsa.security.SecurityContext.doAs(SecurityContext.java:419)
at com.rsa.security.SecurityContext.doAsSystem(SecurityContext.java:461)
at com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext.refresh(SecurityAwareClassPathXmlApplicationContext.java:161)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:105)
at com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext.<init>(SecurityAwareClassPathXmlApplicationContext.java:90)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:126)
... 29 more
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Cannot open database "RSA" requested by the login. The login failed.)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:141)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:105)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:278)
... 57 more
12. Suggested troubleshooting procedure 3/3
• Log bundle analysis the manual way (will always read in the latest log)
• $ ls -tr catalina* | tail -n 1 | xargs awk -F "INFO " '{print $2}' | tail -n 4 | grep Starting | wc -l
Expected output would be “4”
• $ ls -tr localhost.* | tail -n 1 | xargs cat | egrep '(Caused)'
Expected output would be nothing
• $ egrep '(Caused)' imsSystem.log
Expected output would be nothing
• $ cat config.txt | grep -F db. | tail -n 11 | grep com.rsa (IMS component configuration)
• $ cat config.txt | grep -F db. | tail -n 11 | grep " db" (lookupservice db configuration)
Expected output would be matching information
14. Case studies – Normal start-up 1/3
No exceptions in catalina.log, localhost.log and imsSystem.log
catalina.log
15. Case studies – Normal start-up 2/3
localhost.log
imsSystem.log
16. Case studies – Normal start-up 3/3
IMS db configuration
$ less config.txt | grep -F db. | tail -n 11 | grep " db"
[2013-05-18 10:14:21,956 INFO StaticDataReporter com.vmware.vim.ssoconfig] db.url=jdbc:jtds:sqlserver://; serverName=;instance=VCSQL;databaseName=RSA
[2013-05-18 10:14:21,956 INFO StaticDataReporter com.vmware.vim.ssoconfig] db.user=RSA_USER
[2013-05-18 10:14:21,957 INFO StaticDataReporter com.vmware.vim.ssoconfig] db.type=Mssql
[2013-05-18 10:14:21,985 INFO StaticDataReporter com.vmware.vim.ssoconfig] db.host=VCENTER
Lookupservice db configuration
$ less config.txt | grep -F db. | tail -n 11 | grep com.rsa
[2013-05-18 10:14:21,953 INFO StaticDataReporter com.vmware.vim.ssoconfig] com.rsa.db.domain=
[2013-05-18 10:14:21,953 INFO StaticDataReporter com.vmware.vim.ssoconfig] com.rsa.db.instance=RSA
[2013-05-18 10:14:21,953 INFO StaticDataReporter com.vmware.vim.ssoconfig] com.rsa.db.type=MSSQL
[2013-05-18 10:14:21,953 INFO StaticDataReporter com.vmware.vim.ssoconfig] com.rsa.db.msserverinstance=VCSQL
[2013-05-18 10:14:21,953 INFO StaticDataReporter com.vmware.vim.ssoconfig] com.rsa.db.hostname=VCENTER
[2013-05-18 10:14:21,955 INFO StaticDataReporter com.vmware.vim.ssoconfig] com.rsa.db.port=0
17. Case studies – DB host not reachable
• $ ls catalina* | tail -n 1 | xargs awk -F "INFO " '{print $2}' | tail -n 4 | grep Starting | wc –l
0
$ ls localhost.* | tail -n 1 | xargs cat | egrep '(Caused)‘
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ims' defined in class path resource [beanRefContext.xml]:
Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class
[com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext]: Constructor threw exception; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Network error IOException: Connection refused: connect)
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext]: Constructor threw exception; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Network error IOException: Connection refused: connect)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception
is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Network error IOException: Connection refused: connect)
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Network error IOException: Connection refused: connect)
Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Network error IOException: Connection refused: connect)
Caused by: java.sql.SQLException: Network error IOException: Connection refused: connect
Caused by: java.net.ConnectException: Connection refused: connect
Caused by: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
Caused by: java.lang.reflect.InvocationTargetException
Caused by: java.lang.IllegalStateException: ComponentUtils not initialized
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.vmware.vim.lookup.impl.DbStorage]: Constructor threw exception; nested exception is
com.vmware.vim.lookup.exception.StorageException: Error executing statement
Caused by: com.vmware.vim.lookup.exception.StorageException: Error executing statement
Caused by: java.sql.SQLException: Network error IOException: Connection refused: connect
Caused by: java.net.ConnectException: Connection refused: connect
18. Case studies – RSA database offline
• $ ls catalina* | tail -n 1 | xargs awk -F "INFO " '{print $2}' | tail -n 4 | grep Starting | wc –l
0
• $ ls localhost.* | tail -n 1 | xargs cat | egrep '(Caused)‘
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ims' defined in class path resource [beanRefContext.xml]: Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext]: Constructor threw exception; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Cannot open database "RSA" requested by the login. The login failed.)
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext]: Constructor threw exception; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Cannot open database "RSA" requested by the login. The login failed.)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception
is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Cannot open database "RSA" requested by the login. The login failed.)
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Cannot open database "RSA" requested by the login. The login failed.)
Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Cannot open database "RSA" requested by the login. The login failed.)
Caused by: java.sql.SQLException: Cannot open database "RSA" requested by the login. The login failed.
Caused by: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
Caused by: java.lang.reflect.InvocationTargetException
Caused by: java.lang.IllegalStateException: ComponentUtils not initialized
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.vmware.vim.lookup.impl.DbStorage]: Constructor threw exception; nested exception is
com.vmware.vim.lookup.exception.StorageException: Error executing statement
Caused by: com.vmware.vim.lookup.exception.StorageException: Error executing statement
Caused by: java.sql.SQLException: Cannot open database "RSA" requested by the login. The login failed.
19. Case studies – Expired RSA_USER password
• $ ls catalina* | tail -n 1 | xargs awk -F "INFO " '{print $2}' | tail -n 4 | grep Starting | wc –l
0
• $ ls localhost.* | tail -n 1 | xargs cat | egrep '(Caused)‘
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ims' defined in class path resource [beanRefContext.xml]: Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext]: Constructor threw exception; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'RSA_USER'. Reason: The password of the account must be changed.)
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext]: Constructor threw exception; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'RSA_USER'. Reason: The password of the account must be changed.)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception
is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'RSA_USER'. Reason: The password of the account must be changed.)
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'RSA_USER'. Reason: The password of the account must be changed.)
Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'RSA_USER'. Reason: The password of the account must be changed.)
Caused by: java.sql.SQLException: Login failed for user 'RSA_USER'. Reason: The password of the account must be changed.
Caused by: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
Caused by: java.lang.reflect.InvocationTargetException
Caused by: java.lang.IllegalStateException: ComponentUtils not initialized
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.vmware.vim.lookup.impl.DbStorage]: Constructor threw exception; nested exception is
com.vmware.vim.lookup.exception.StorageException: Error executing statement
Caused by: com.vmware.vim.lookup.exception.StorageException: Error executing statement
Caused by: java.sql.SQLException: Login failed for user 'RSA_USER'. Reason: The password of the account must be changed.
20. Case studies – Incorrect RSA_USER password
• $ ls catalina* | tail -n 1 | xargs awk -F "INFO " '{print $2}' | tail -n 4 | grep Starting | wc –l
0
• $ ls localhost.* | tail -n 1 | xargs cat | egrep '(Caused)‘
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ims' defined in class path resource [beanRefContext.xml]: Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext]: Constructor threw exception; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'RSA_USER'.)
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.components.spring.SecurityAwareClassPathXmlApplicationContext]: Constructor threw exception; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception is
org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'RSA_USER'.)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'DatabaseMetadataBean' defined in class path resource [ims-components-common.xml]: Instantiation of bean failed; nested exception
is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'RSA_USER'.)
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.rsa.ims.common.DatabaseMetadataBean]: Constructor threw exception; nested exception is
org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'RSA_USER'.)
Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (Login failed for user 'RSA_USER'.)
Caused by: java.sql.SQLException: Login failed for user 'RSA_USER'.
Caused by: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
Caused by: java.lang.reflect.InvocationTargetException
Caused by: java.lang.IllegalStateException: ComponentUtils not initialized
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.vmware.vim.lookup.impl.DbStorage]: Constructor threw exception; nested exception is
com.vmware.vim.lookup.exception.StorageException: Error executing statement
Caused by: com.vmware.vim.lookup.exception.StorageException: Error executing statement
Caused by: java.sql.SQLException: Login failed for user 'RSA_USER'.
21. Case studies – Incorrect db information after db move
• $ ls catalina* | tail -n 1 | xargs awk -F "INFO " '{print $2}' | tail -n 4 | grep Starting | wc –l
0
• $ ls localhost.* | tail -n 1 | xargs cat | egrep '(Caused)‘
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.vmware.vim.lookup.impl.DbStorage]: Constructor threw exception; nested exception is
com.vmware.vim.lookup.exception.StorageException: Error executing statement
Caused by: com.vmware.vim.lookup.exception.StorageException: Error executing statement
Caused by: java.sql.SQLException: Unable to get information from SQL Server: VCENTER2.
• $ less config.txt | grep -F db. | tail -n 11 | grep com.rsa
[2013-05-18 11:30:10,664 INFO StaticDataReporter com.vmware.vim.ssoconfig] com.rsa.db.domain=
[2013-05-18 11:30:10,664 INFO StaticDataReporter com.vmware.vim.ssoconfig] com.rsa.db.instance=RSA
[2013-05-18 11:30:10,664 INFO StaticDataReporter com.vmware.vim.ssoconfig] com.rsa.db.type=MSSQL
[2013-05-18 11:30:10,664 INFO StaticDataReporter com.vmware.vim.ssoconfig] com.rsa.db.msserverinstance=VCSQL
[2013-05-18 11:30:10,664 INFO StaticDataReporter com.vmware.vim.ssoconfig] com.rsa.db.hostname=VCENTER
[2013-05-18 11:30:10,665 INFO StaticDataReporter com.vmware.vim.ssoconfig] com.rsa.db.port=0
• $ less config.txt | grep -F db. | tail -n 11 | grep " db“
[2013-05-18 11:30:10,665 INFO StaticDataReporter com.vmware.vim.ssoconfig] db.url=jdbc:jtds:sqlserver://;serverName=;instance=VCSQL;databaseName=RSA
[2013-05-18 11:30:10,665 INFO StaticDataReporter com.vmware.vim.ssoconfig] db.user=RSA_USER
[2013-05-18 11:30:10,665 INFO StaticDataReporter com.vmware.vim.ssoconfig] db.type=Mssql
[2013-05-18 11:30:10,665 INFO StaticDataReporter com.vmware.vim.ssoconfig] db.host=VCENTER2
22. Case studies – DC unavailable
• $ ls catalina* | tail -n 1 | xargs awk -F "INFO " '{print $2}' | tail -n 4 | grep Starting | wc –l
4
• $ ls localhost.* | tail -n 1 | xargs cat | egrep '(Caused)‘
• $ egrep '(Caused)' imsSystem.log
Caused by: javax.naming.CommunicationException: DC.newhire.local:3268 [Root exception is java.net.ConnectException: Connection timed out: connect]
Caused by: java.net.ConnectException: Connection timed out: connect
Caused by: javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldap://DC.newhire.local:3268' with 'newhireadministrator' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable
to create managed connection DC.newhire.local:3268
Caused by: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection DC.newhire.local:3268
Caused by: javax.naming.CommunicationException: DC.newhire.local:3268 [Root exception is java.net.ConnectException: Connection timed out: connect]
Caused by: java.net.ConnectException: Connection timed out: connect
Caused by: javax.naming.NamingException: getInitialContext failed. javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldap://DC.newhire.local:3268' with 'newhireadministrator' Reason:
javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection DC.newhire.local:3268 [Root exception is javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection
'ldap://DC.newhire.local:3268' with 'newhireadministrator' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection DC.newhire.local:3268]
Caused by: javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldap://DC.newhire.local:3268' with 'newhireadministrator' Reason: javax.resource.spi.ResourceAdapterInternalException:
Unable to create managed connection DC.newhire.local:3268
Caused by: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection DC.newhire.local:3268
Caused by: javax.naming.CommunicationException: DC.newhire.local:3268 [Root exception is java.net.ConnectException: Connection timed out: connect]
Caused by: java.net.ConnectException: Connection timed out: connect
24. Useful Command Line options 1/8
• Autodiscovery after installation is finished
• ssocli configure-riat -a discover-is -u admin --verbose
25. Useful Command Line options 2/8
• List identity sources (useful as this information is not collected in an SSO log bundle)
• ssocli manage-identity-sources -a list -u admin
26. Useful Command Line options 3/8
• Delete an identity source
• ssocli manage-identity-sources -a delete -u admin -g <ims.id>
27. Useful Command Line options 4/8
• Create an identity source
• ssocli manage-identity-sources -a create -u admin
28. Useful Command Line options 5/8
• Change the password for SSO admins and the SSO master password
• ssocli reset-admin-password
• ssocli manage-secrets -a change
29. Useful Command Line options 6/8
• Unlock the system after too many system changes
• ssocli manage-secrets -a recover
30. Useful Command Line options 7/8
• Testing database connectivity without SQL Management Studio
• sqlcmd -S hostnameinstance -U RSA_USER -d RSA
31. Useful Command Line options 8/8
• Silent uninstall of SSO
• msiexec /qn /x {DEC4C346-414B-4814-9BF3-CAC14154B55A} MASTER_PASSWORD
<master password>
Notas del editor
IMS and Lookupservice are dependent on database connection to be able to start.
It is not possible to edit an identity source using the command line