2/15/2016

Knownissuesandsolutions

Known issuesandsolutions
Determineifanissueyouarehavinghasafixoraworkaround.

TroubleshootingPIPserverconnections
Totroubleshootconnectionerrors,ensurethatruntimetracingforthePIPsisenabled.
1.Inthelocalmanagementinterface,clickSecureMobileSettings>Manage>Runtime
Parameters>RuntimeTracing.
2.IntheTracingSpecificationfield,typethetracingspecificationsforthePIPs:
ForJNDI(LDAPPIP)
com.tivoli.am.rba.pip.LdapPIP=FINE
javax.naming.*=FINE
ForJDBC(DatabasePIP)
com.tivoli.am.rba.pip.JdbcPIP=FINE
java.sql.*=FINE
Note:AtracelevelofFINEprovidesgeneraltrace,methodentry,exit,andreturnvalues.For
moredetailedinformation,considerusingFINERorFINESTasthetracelevel.
3.ClickSave.

RemovalofaserverconnectiondefinedforaPIPcausesaproblem
Aproblemwithapolicyinformationpoint(PIP)canbecausedby:
Deletingaserverconnection,especiallyifitisdefinedbyaPIPandbeingusedtoreturnattributes
inapolicyorriskscore.
UpdatingtheJNDIIDorhostnameofaserverconnectionafteritwasalreadyreferencedinaPIP
definition.
Updatinganyoftheserverconnectionpropertiesthatarenotvalidafteritwasalreadyreferenced
inaPIPdefinition.
Solution:
Reviewthelistofserverconnectionstodeterminewhetheranyweredeleted,andrecreateanydeleted
serverconnections.
EnsurethatthePIPspecifiesthecorrectserverconnection:
1.Inthelocalmanagementinterface,clickSecureMobileSettings.
2.UnderPolicy,clickInformationPoints.
3.SelecttheserverconnectionPIPandclickModify.
4.IntheConnectiontab,locatetheServerConnectionfieldanddeterminewhetheritcontainsthe
correctserverconnection.
5.Updatetheserverconnection,ifnecessary.

EnablingCompatibilityViewinInternetExplorer9returnstheBrowsernot
Supportedmessage
TheIBMSecurityAccessManagerappliancedoesnotsupportthebrowseroperatinginthismode.The
followingmessageisdisplayedinthelocalmanagementinterface:
BrowsernotSupported.TheIBMSecurityAccessManagerappliancedoes
notsupportthisbrowser.
Thefollowingbrowsersarecurrentlysupported:
InternetExplorer9orlater
https://www01.ibm.com/support/knowledgecenter/SSPREK_8.0.1.3/com.ibm.isamw.doc/trouble/concept/con_appliance_issues_sol.html

1/9

2/15/2016

Knownissuesandsolutions

Firefox17.0orlater
GoogleChrome27.0orlater
Solution:
TheappliancedoesnotsupportInternetExploreriftheCompatibilityViewisturnedon.Ensurethatthe
CompatibilityViewinInternetExploreristurnedoff.TheCompatibilityViewoptionisundertheTools
menuintheInternetExplorerbrowser.

Helppagecontentdoesnotdisplay
WhenyouclicktheHelplinkfromtheapplianceuserinterfaceinMicrosoftInternetExplorerversion9.0
orlater,thetopiccontentmightnotdisplay.
Solution:
EnsurethattheCompatibilityViewinInternetExploreristurnedon.TheCompatibilityViewoptionis
undertheToolsmenuintheInternetExplorerbrowser.TheHelpSystemsupportscompatibilitymode.

WebSEALsendsclientcertificatebydefault
TheisamcfgtoolcanconfigureaWebSEALorWebReverseProxyinstancetouseclientcertificate
authenticationtotheruntime.Theruntimecanbeconfiguredtooptionallyacceptclientcertificates.
Whenconfiguredinthismode,WebSEALortheWebReverseProxysendsaclientcertificateregardless
ofwhetheracertificatelabelisspecifiedintheconfiguration.
Solution:
Ifyourequireclientcertificateauthentication,ensurethatavalidclientcertificateisspecifiedinthessl
keyfilelabelentryofthe[rtsscluser:<clustername>]stanza.Ifyoudonotrequireclient
certificateauthentication,eitherdisabletheoptionalacceptanceofclientcertificatesorspecifyaninvalid
clientcertificatelabelinthesslkeyfilelabelentryofthe[rtsscluser:<clustername>]
stanza.ThismethodensuresthatWebSEALdoesnotsendaclientcertificate.

Ajunctionerroroccurswhenaduplicatednorcertificatelabelisdetected
TheisamcfgtoolimportstheAccessManagerservercertificatetotheWebSEALorWebReverseProxy
keystorewhenitusesanSSLconnection.Ifanentryexistsinthiskeystorewiththesamednorthesame
certificatelabel,anerrorcanoccurwhenitcreatesthejunctiontotheAccessManagerserver.
Solution:
YoumustmanuallyexportthecertificatethatispresentedbytheruntimeandimportittotheWebSEAL
keydatabaseasasignercertificate.Thejunctionthenbecomesaccessible.

WebGatewayAppliancefailstoconnecttotheauthorizationserviceendpoint
WhentheapplianceisconfiguredinFIPSandNISTSP800131Acompliantmode,theRBAEAS
configuredinthePOCWebGatewayAppliancefailstoconnecttotheauthorizationserviceendpoint.
ThisfailurecausestheRBAflowtofail.Thisissuealsoaffectsthepingcallthatisissuedregularly.The
connectionfailsbecausetheauthorizationserviceEASusesSSLv2,whichisnotsupportedbythe
appliancewhenitoperatesintheNISTSP800131Astrictcompliantmode.
Solution:
1.Intheappliancelocalmanagementinterface,selectReverseProxySettings><yourinstance>
>Manage>Configuration>Editconfigurationfile.TheAdvancedConfigurationFileEditor
opens.
2.Addtheparametertotheexistingstanza.
[rtsscluster:cluster1]
gskattrname=enum:438:1
3.ClickSave.
4.Deploythechanges.
https://www01.ibm.com/support/knowledgecenter/SSPREK_8.0.1.3/com.ibm.isamw.doc/trouble/concept/con_appliance_issues_sol.html

2/9

2/15/2016

Knownissuesandsolutions

5.Restarttheinstance.

OnWindowsoperatingsystems,youcannotusebasicauthenticationfor
WebSEALfromIBMSecurityAccessManagerforWeb
WebSEALdoesnotstartproperlyifyourconfigurationmeetsalloftheseconditions:
Windowsoperatingsystem
WebSEALfromIBMSecurityAccessManagerforWeb7.0.0.2
BasicauthenticationisconfiguredintheWebSEALconfigurationfilewithbasicauthuser
andbasicauthpasswdentriesinthe[rtsscluster:cluster1]stanza
Solution:
Toworkaroundthisissue,configurecertificateauthenticationforWebSEAL.SeetheWebSEAL
administrationinformation.
IfyouareusingtheisamcfgtooltoconfigureWebSEAL,besuretoselectcertificateauthenticationfor
theauthenticationmethodresponse.

IncorrectlyformattedFORMorJSONdataincustomattributescausespolicy
failure
IfapolicycontainsacustomattributewithincorrectFORMorJSONdata,thepolicyfailsandtheuseris
notpermittedtoaccesstheresource.Specifically,allofthefollowingconditionsapply:
TheWebSEALconfigurationfilecontainsapostdataentryinthe[azndecisioninfo]
stanza.
The<postdataname>valueforthepostdataentryisnotformattedproperly.For
example,thedateformatisnotcorrect.
The.datatypeentryinthe[userattributedefinitions]stanzaforthisazn
decisioninfoattributeisatypeotherthanstring.
Solution:
Ensurethatyouspecifythecorrectformatforthedata.Forexample:
Validdateformatis:yyyymmddzzzzzz
Forexample:2013052006:00
Validtimeformatis:hh:mm:sszzzzzz
Forexample:13:12:3606:00

Databaserollsbackwithanerrorwhenyouattempttoremovealargequantity
ofrecordsfromaDB2runtimedatabase
WhenyoutrytodeletemanydevicefingerprintsorusersessiondatarecordsfromanexternalDB2
runtimedatabase,thefollowingerrormightoccur:
Erroroccurred.Thedatabasewasrolledbacktothepreviousversion.
Thetransactionlogforthedatabaseisfull.SQLCODE=964,SQLSTATE=57011
Solution:
Increasethelogcapacitybycompletingthefollowingactions:
Increasethenumberofprimaryandsecondarytransactionlogfiles.
Increasethesizeofeachtransactionlog.
Forinformationabouttheavailabletransactionlogconfigurationparameters,seetheDB2
documentation.

Aclusterconfigurationupdatefailstodeployandgeneratesatimeouterror
https://www01.ibm.com/support/knowledgecenter/SSPREK_8.0.1.3/com.ibm.isamw.doc/trouble/concept/con_appliance_issues_sol.html

3/9

2/15/2016

Knownissuesandsolutions

message
Anupdatetotheclusterconfiguration,suchastheExternalReferenceEntityIPaddressorFirstPort
value,mightfailtodeployintheallottedtime.Thefollowingerrormessageisprintedintheeventlog:
WGASY0007EThependingchangesfailedtodeploywithintheallottedtime.
Solution:
Increasethewga.cmd.timeoutvalue.Inthelocalmanagementinterface,selectManageSystem
Settings>SystemSettings>AdvancedTuningParameters.Addaparameterthatiscalled
wga.cmd.timeoutandsetthetimeoutvalueinseconds.Thedefaultvalueis300seconds.

TheIBMSecurityAccessManagerforMobilecookiesarenotremovedwhena
userlogsoutbyusingnonstandardjunctionnameorcookienames
TheIBMSecurityAccessManagerforMobileruntimesetscookiesforattributecollectionpurposes.The
isamcfgtoolconfiguresaWebSEALorWebReverseProxyconfigurationoptiontocleanthesecookies
uponsessiontermination.ItusestheIBMSecurityAccessManagerforMobileadvancedconfigurationto
determinewhichcookievaluestoclear.
Solution:
WhenthejunctionnameattributeCollection.serviceLocationorcookiename
attributeCollection.cookieNameintheadvancedconfigurationchanges,youmustrunthe
isamcfgtoolsothatthesechangesarepickedup.

Accesstokensarenotclearedinafailedresourceownerpasswordcredential
flow
Theaccesstokensthataregeneratedfromresourceownerpasswordcredentialflowarenotclearedwhen
resourceownerpasswordvalidationfails.Thesetokensmustberemovedsothatmalicioususerscannot
usetheresourceownerpasswordcredentialflowtofillupthetokencachebyusingapublicclient.
Solution:
Inthepremappingrule,makeavalidaterequesttotheuserdirectorywiththeusernameandpassword
thatyouwanttoverify.Thismethodstopstheresourceownerpasswordcredentialflowbeforeit
generatestheaccesstokeniftheusernameandpasswordverificationfails.
Formoreinformation,seeOAuthmappingrulemethodsintheConfigurationGuide.

Theonetimepasswordvaluecannotbevalidated
Policiesthatpermitonetimepasswordobligationsmightresultinanerroriftheuserwhomadethe
accessrequestdidnotsetasecretkeyontheselfcaresecretkeypage.
Solution:Toensurethatuserswhoencounterthiserroraredirectedtocreatetheirsecretkey,editthe
error_could_not_validate_otp.htmlfileandaddalinkthatopenstheselfcaresecretkeypage
at/sps/mga/user/mgmt/html/otp/otp.html.Forexample,addthefollowinglink:
<a"href="/sps/mga/user/mgmt/html/otp/otp.html">
GenerateyourSecretKey..</a>

Attributescauseerrorswhenhashedin
attributeCollection.attributesHashEnabled
IntheAdvancedConfigurationsettings,anyattributethatusesamatcherotherthantheexactmatcher
causesanerrorifitishashed.
Solution:Donothashthefollowingattributeswiththe
attributeCollection.attributesHashEnabledsettingofAdvancedConfiguration:
ipAddress
https://www01.ibm.com/support/knowledgecenter/SSPREK_8.0.1.3/com.ibm.isamw.doc/trouble/concept/con_appliance_issues_sol.html

4/9

2/15/2016

Knownissuesandsolutions

geoLocation
accessTime

PolicieswithX.500names
IfyourLDAProotDNissecauthority=default,youcanusethe=(equal)operatoronlyinpolicies
thatuseX.500namesuserDNandgroupsDN.

DatabaseMaintenancepanelreturnsaretrievalerror
ThefollowingerrormessagereturnsintheDatabaseMaintenancepanelafterthelocationoftheruntime
databaseischangedfromLocaltotheclustertoRemotetotheclusterintheClusterConfiguration
panel:
SystemErrorFBTRBA091ETheretrievalfailedbecausetheresourcecannotbefound.
Solution:Completethefollowingstepstorestartthelocalmanagementinterface:
1.Useansshsessiontoaccessthelocalmanagementinterface.
2.Loginastheadministrator.
3.TypelmiandpressEnter.
4.TyperestartandpressEnter.
5.TypeexitandpressEnter.

IPaddressesaregrantedaccessdespitetheirIPreputations
DespitetheirIPreputationclassifications,IPaddressesaregrantedaccess.Whentheappliancecannot
resolvethedomainnameforthelicenseserver,theIPreputationdatabasecannotupdate.WhentheIP
reputationdatabasecannotupdate,iteithercontainsinaccurateIPreputationdataornoIPreputation
data.
YouknowthattheIPreputationdatabasecannotcontactthelicenseserverwhenallIPaddressesare
grantedaccessdespitetheirIPreputations.Ifthefollowingconditionsaretrue,theIPreputationpolicy
informationpoint(PIP)mightreturnanincorrectreputation:
AnadministratorwritesapolicythatdeniesaccessbasedonIPreputation.
Thedatabasecannotcontactthelicenseserver.
Solution:Configuredirectaccesstothelicenseserverorindirectaccesstothelicenseserver.Seethe
Administratingtopicsaboutthelicenseserverformoreinformation.

ErrormessageisreturnedwhenIBMsolidDBisusedtodeployanexternal
runtimedatabase
WhenyoudeployanexternalruntimedatabasewithIBMsolidDB,isam_mobile_soliddb.sql
attemptstocreateaduplicateindexontheRBA_USER_DEVICEtable.Thefollowingerrormessageis
returned:
SOLIDTableError13199:Duplicateindexdefinition
Solution:Ignorethiserrormessage.Investigateanyothererrormessagesaboutthedeploymentofthe
runtimedatabase.

Cannotexportandimportatemplatepagefileinthesamesession
Ifyouexportatemplatepagefileandimmediatelytrytoimportafile,noactionoccurs,andthefileisnot
imported.
Solution:Afteryouexportafile,refreshthebrowserbeforeyoutrytoimportafile.

Authenticationaliasmessageinstartuplog
Thefollowingmessagemightbedisplayedintheruntimeserverstartuplog:
IJ2CA8050I:Anauthenticationaliasshouldbeusedinsteadofdefininga
https://www01.ibm.com/support/knowledgecenter/SSPREK_8.0.1.3/com.ibm.isamw.doc/trouble/concept/con_appliance_issues_sol.html

5/9

2/15/2016

Knownissuesandsolutions

usernameandpasswordoncom.ibm.ws.jdbc.dataSourceconfig/properties0
Solution:Ignorethismessage.

Creatingaccesscontrolpoliciesduringswitchbetweendaylightsavingtime
andstandardtime
Ifyoucreateanaccesscontrolpolicywhentheapplianceclockswitchesfromdaylightsavingtime(DST)
tostandardtime(ST),thepolicymightnotworkasyouexpect.Forexample:
1.Createanaccesscontrolpolicyat1:45amontheSundaywhenDSTreturnstoST.
2.Modifythepolicyat2:15amDST,whichis1:15amSTandwithin1hourofthecreatingthe
policy.Thepolicythatyoucreatedinstep1isusedbecauseitisnewer(morerecentlycreated)
thanthemodifiedpolicyinstep2.
Solution:Tocorrectthisissue,modifyandrepublishthepolicythatyouwanttouseafter1:45am
standardtime.

FilterstopsworkingafterchangingaparameterontheAdvancedConfiguration
panel
YoucanfilterthedatadisplayedontheAdvancedConfigurationpanel.Afteryouchangeaparameter
andclicktheChangebutton,thefilterisnolongerappliedtothedisplayeddata.
Solution:ClickEnternexttothefilterfieldtoreapplythefilter.

Reverseproxyuserpasswordpageisinaccessible
Afterauthenticatingwiththeauthenticationmechanisms,thereverseproxyuserpasswordchangepage
(/pkmspasswd)becomesinaccessible.
Solution:Thispageisworkingasdesigned.Thereverseproxymakesthispageinaccessibleforusers
whoareauthenticatedwiththeExternalAuthenticationInterface(EAI).Theauthenticationservicerelies
onEAItoestablishtheauthenticatedsession.

Databasefailovercapabilitiesvaryduringaclusterupgrade
Thedistributedsessioncache,runtimedatabase,andconfigurationdatabasehavedifferentfailover
capabilitiesduringclusterupgrades.
Table1.
Database
Distributed
session
cache

Behaviour
Iftheprimarymasterfails,failovergoestosecondarymaster.Changes
aredoneinthesecondarymasterandreconciliationoccurswhen
primarymasterisrestored.

Runtime
database
Configuration
database

Iftheprimarymasterfails,thereisnofailovertothesecondarymaster.
Nochangesarepossibleontheprimaryorsecondarymasteruntilthe
primarymasterisbackonline.

Issue1
Whenahighavailabilityclusterisactive,asituationexistsduringthefirmwareupgradeontheprimary
nodewheretheconfigurationdatabaseisreadonly.
Areadonlydatabasepreventstheupgradeprocessfromwritingtotheconfigurationdatabasewhen
creatingnewtables,modifyingschemaofexistingtables,andinsertingorupdatingrowsontables.
Thereasonthedatabaseontheprimarynodebecomesreadonlyisthefirmwareupgraderequiresthe
appliancetoberebooted.Duringareboot,thehighavailabilitycontrollerswitchesthesecondarymaster
tobereadwriteandactasthetemporaryprimarymaster.
Whentheprimarynoderebootsandthedatabasestarts:
1.Itrecognizesthatthesecondarynodeisincontrolandstartsinreadonlymode.
2.Theapplianceclustermanagerincludesabackgroundthreadwhichwilleventuallyswitchthe
primarynodetoresumeitsroleastheprimarymasterdatabase.
3.Thedatabaseontheprimarynodebecomeswriteable.
https://www01.ibm.com/support/knowledgecenter/SSPREK_8.0.1.3/com.ibm.isamw.doc/trouble/concept/con_appliance_issues_sol.html

6/9

2/15/2016

Knownissuesandsolutions

However,duringanupgrade,thedatabaseupgradescriptsareexecutedbeforetheprimarydatabase
hasbecomewriteable.
Issue2
Forthedistributedsessioncacheandruntimedatabase,asituationexistswherechangestothe
secondarydatabasesarenotreflectedintheprimarydatabaseafterthecompletionofacluster
upgrade.
Solution:
ToaddressIssue1,maketheclusterasinglemasterclusterforthedurationofthefirmwareupgrade:
1.Onthemasternode,usetheClusterConfigurationpaneltoremovesecondarysettingsand
anotherhighavailabilityclustermemberifapplicable.DonotchangethePrimarysetting.
2.Waitfortheclustertosynchronize.
3.Uploadandinstallthefirmware.pkgontheprimarynodeappliance.
4.Restarttheappliance.
5.Uploadandinstallthefirmware.pkgtootherclustermemberappliances.
6.Rebooteachclustermemberappliance.
7.Onthemasternode,usetheClusterConfigurationpaneltosethighavailabilityclustermembers
backtotheoriginalsettings.Waitfortheclustertosynchronize.
Theappliancefirmwareshavenowbeenupgradedandtheclusterisoperational.
ToaddressIssue2,stoptraffictotheclusterbeforestartingtheupgrade.

Erroroccursafterswitchingtheruntimedatabaseintheappliance
AfteryouswitchtheruntimedatabasefromlocaltoremoteanddeployingthependingchangesinIBM
SecurityAccessManagerforMobile,SQLrelatedruntimeerrorsoccurintheappliance.
Solution:Restarttheruntime.
1.Inthelocalmanagementinterface,selectSecureMobileSettings>RuntimeParameters>
RuntimeStatus.
2.ClickRestartAllClusteredRuntimes.

ErrorcodedoesnotdisplayfortypemismatchofRESTfulPIP
Themessage.logcontainsanerrormessagewithoutanerrorcodewhentheresponsetypedoesnot
matchtheRESTfulwebservicetype.Inthemessagelog,youmightseemessageswithoutanerrorcode
fromcom.tivoli.am.rba.pip.RestPIP.
ThisproblemoccursduringRESTfulPIPconfigurationif:
Youmanuallytypearesponsetypeinsteadofselectingapredefinedtype.
ThetypethatyouentereddoesnotmatchthetypereceivedfromtheRESTfulwebservice.
Solution:
CorrecttheRESTfulPIPconfigurationinthelocalmanagementinterface.
VerifythattheresponsetypeyouspecifyiscorrectforthePIP.
Wheneverpossible,selectapredefinedtypefromthelistinsteadoftypingtheresponsetype.

FirmwareversionandLastupdateinformationnotdisplayedinUpdateHistory
andOverviewsection
FirmwareinformationisnotdisplayedintheUpdateHistorysectionoftheuserinterface.Informationon
LastupdateisnotdisplayedintheOverviewsectionoftheuserinterface.Thisisthecaseforfirmware
upgradesandfixpacks.
ThefirmwareversioncanbedeterminedusingtheFirmwareSettingsuserinterfaceontheappliance.
Todeterminethefirmwareversion:
1.Logontotheapplianceastheadministrator.
2.ClickManageSystemSettings>FirmwareSettings.Theactivepartitionisreported.The
Detailscolumnincludesthefirmwareversion.
https://www01.ibm.com/support/knowledgecenter/SSPREK_8.0.1.3/com.ibm.isamw.doc/trouble/concept/con_appliance_issues_sol.html

7/9

2/15/2016

Knownissuesandsolutions

Alternatively,youcanverifythefirmwareversionfromManageSystemSettings>Updatesand
Licensing>Overview.
InformationonLastupdatenotdisplayingisaknownlimitation.
Defaultcomponentportnumberusage
Whenyouassignportnumbersduringinstallationorconfiguration,donotuseportnumbersalready
assignedtoothercomponents.Youmightseeunpredictablebehaviorifthesameportnumberis
assignedtomultiplecomponents.
ThisisimportantwhenSecurityAccessManagerforWebandSecurityAccessManagerforMobileare
activatedonthesameappliance.
Solution:Considerthefollowingsituation:
IfyousetupexternalWebSEALserversaspartoftheclusterconfiguration,donotassignport
9080totheclusterconfigurationiftheSupportinternalandexternalclientsoptionisselected.Port
9080isthedefaultportassignedtoWebSphereApplicationServer.
Thefollowingtableliststhedefaultportnumbersthatyoumustbeawareofwhenconfiguring
componentsonSecurityAccessManagerforMobile,withSecurityAccessManagerforWebonthesame
appliance.Donotassignthemtoothercomponents.
Component

Portnumber

WebSphereApplicationServer

9080,9443

SecurityAccessManagerPolicyServer

7135

SecurityAccessManagerAuthorizationServer

7136,7137

WebSEALlisteningport

7234

Clusterconfiguration

20202050

LDAPserver,SSLport

636

Remotesyslog

514

Localmanagementinterface(LMI)

443

WebSEALHTTPS

443

LDAPserver,nonSSLport

389

WebSEALHTTP

80

Deployrequestfails
AcalltotheDeploythependingconfigurationchangeswebservice(pending_changes/deploy)
mightfail.
AcalltotheDeploythependingconfigurationchanges(pending_changes/deploy)webservice
returnsanHTTPInternalServerError.
Solution:Retrytheoperation.

Runtimeserverunabletoobtainfederateddirectoryinformationfromthelocal
managementinterface
Iftheruntimeservercannotcontactthelocalmanagementinterface(LMI)underthefollowing
configurationsettings,federateddirectoryuserscannotauthenticate:
Federateddirectoriesareusedforusernameandpasswordauthentication.
Resourceownerpasswordcredentials(ROPC)areusedforAPIprotection.
Auserwhoseinformationishousedinafederateddirectorycannotauthenticatethroughtheusername
andpasswordauthenticationmechanismoraccessAPIprotectiondefinitionsthatuseresourceowner
passwordcredentials.
Theruntimeserverattemptstocontactthelocalmanagementinterfaceonetimetoobtainallfederated
directoryinformationtoauthenticatefederateddirectoryusers.Iftheruntimeservercannotcontactthe
localmanagementinterfaceforanyreason,itcannotobtaintherequiredfederateddirectoryinformation
toauthenticatefederateddirectoryusers.Forexample:Ifthelocalmanagementinterfaceserverisnot
https://www01.ibm.com/support/knowledgecenter/SSPREK_8.0.1.3/com.ibm.isamw.doc/trouble/concept/con_appliance_issues_sol.html

8/9

2/15/2016

Knownissuesandsolutions

running,theruntimeservercannotobtainthenecessaryfederateddirectoryinformationtoauthenticate
usersinafederateddirectory.
Solution:Followthesestepstoensurethatthisissueisresolved:
1.Restartthelocalmanagementinterface:
a.Useansshsessiontoaccessthelocalmanagementinterface.
b.Loginastheadministrator.
c.TypelmiandpressEnter.
d.TyperestartandpressEnter.
e.TypeexitandpressEnter.
2.Restarttheruntimeserver:
a.Logintothelocalmanagementinterface.
b.SelectSecureAccessControl>Manage>RuntimeParameters>RuntimeStatus.
c.ClickRestartLocalRuntime.
3.Ensurethattheruntimeservercancommunicatewiththelocalmanagementinterfacesothatit
canobtainallofthenecessaryfederateddirectoryinformation.
Parenttopic:TroubleshootingAccessManagerforMobile

https://www01.ibm.com/support/knowledgecenter/SSPREK_8.0.1.3/com.ibm.isamw.doc/trouble/concept/con_appliance_issues_sol.html

9/9