Collect data for ISAM: WebSEAL (SPNEGO issues)
When WebSEAL does not start because of a SPNEGO issue, we might need to collect data for problem determination.
When directed by IBM Support, collect the SPNEGO diagnostic data when WebSEAL does not start.Steps
- Turn on trace for each process by removing the # on the last line of the /opt/pdweb/etc/routing file. The last three lines of the routing file are shown:
# # Route to a per-process text file #*:*.9:TEXTFILE.10.1000:/var/pdweb/log/trace__%ld.trace.log:644:ivmgr:ivmgr This will create a file in '/var/pdweb/log/trace __%ld.trace.log'Ensure that enough disk space is available in the /var directory. If WebSEAL is started with the pdweb_start command, there are two traces with different pids.- Start WebSEAL to recreate the issue.
- Turn off trace for each process by replacing the # at the beginning of the last line of the /opt/pdweb/etc/routing file.
- Collect the following files:
- Webseald-instance_name.conf
- msg__webseald-instance_name.log
- trace_pid.trace.log
- The krb5.conf file if WebSEAL is on AIX®, Linux®, or Solaris
- The Keytab file if WebSEAL is on AIX, Linux, or Solaris
- ldap.conf for WebSEAL
- Activedir_ldap.conf if Active Directory is the user registry
- Collect the following information:
- The output of the pdversion command on the WebSEAL server system
- If WebSEAL is on AIX, Linux, or Solaris: kinit output when we use the keytab file
- The ktpass command that is issued to create the keytab file
- Active Directory Server version
- Archive the data and send to support as directed by IBM Support.
Parent topic: Web security server not starting