C H A P T E R 2

SESM Troubleshooting Aids

This chapter describes tools and procedures to use to diagnose and isolate SESM installation and
configuration problems. It includes the following topics:
• Turning On Installation Logging, page 2-1
• Verifying Basic Configurations and Connections, page 2-1
• Using Java Command Line Options, page 2-3
• Using Run Time Logging and Debugging Features, page 2-3
• Isolating a Problem Area, page 2-5

Turning On Installation Logging

The log option on the installation command line turns on the installation logging feature.
• On Solaris, the following command runs the GUI mode installation and turns on logging:
solaris> sesm_sol.bin -log @ALL
Where:
@ALL indicates to log all messages, which is the recommended procedure
• On Windows, the following command runs the GUI mode installation and turns on logging:
C:\> sesm_win.exe -options -log @ALL
Where:
@ALL indicates to log all messages, which is the recommended procedure.

Verifying Basic Configurations and Connections

Use the suggestions in this section to verify basic deployment conditions. Topics are:
• Verifying Operating System Patch Levels, page 2-2
• Verifying Successful Installation and Linking of the JVM, page 2-2
• Verifying Basic SSG Configuration, page 2-2
• Verifying Connection Access Among SESM Components, page 2-3

Cisco Subscriber Edge Services Manager Troubleshooting Guide

OL-3888-02 2-1
 Chapter 2 SESM Troubleshooting Aids
Verifying Basic Configurations and Connections

Verifying Operating System Patch Levels

To display Solaris hardware platform type and operating system versions, enter:
uname -a
prtdiag -v

To determine which patches are installed on the system, examine the following directory:
/var/sadm/patches
To determine if there are any new patches and to download the new patches or patch clusters, go to:
http://sunsolve.sun.com/
To display Windows hardware platform type and operating system versions, choose:
Start > Programs > Accessories > System Tools > System Information

Verifying Successful Installation and Linking of the JVM

Note For SESM Release 3.2, JVM Version 1.4.1 or later is required.

The SESM start scripts will use the $JDK_HOME environment variable if it is set. To check if this
environment variable is set correctly, run the following command:
$JDK_HOME/bin/java -version

If the java version is displayed, then the environment variable is set correctly.
If the message ‘Undefined variable’ is displayed, then the environment variable is not set correctly. In
this case the SESM application will use the java version defined in the start script.
For the web applications, the java location is defined in install-directory/jetty/bin/start.sh. Check the
setting of the $JDK_HOME environment variable in this script and go to the location specified. Verify
the java version by running the following command:
java -version

Verifying Basic SSG Configuration

This section describes how to verify basic connectivity between SSG and a SESM web portal. To
perform these verifications, use the following command on the SSG platform:
show run

Examine the output for the following:

1. Verify that the SSG feature is enabled on the Cisco network device. Examine the output from the
show run command for the following line:
ssg enabled

2. Verify that the Cisco IOS release running on the platform contains the features you are intending to
implement. Examine the beginning of the show run output for the version information:
version 12.x.x.x

Cisco Subscriber Edge Services Manager Troubleshooting Guide

2-2 OL-3888-02
 Chapter 2 SESM Troubleshooting Aids
Using Java Command Line Options

Check the Release Notes for the Cisco Subscriber Edge Services Manager, Release 3.2 for feature
compatibility information between SESM releases and Cisco IOS SSG releases.
3. Verify that the SSG default network includes the system on which your SESM web applications are
installed. Otherwise, client requests never reach the SESM application, and the client browser
eventually times out. To display the default network setting, examine the output from the show run
command for the following line:
ssg default-network ipAddress mask

Verifying Connection Access Among SESM Components

Verify that the systems that are hosts to the SESM components have connection access to other
components in your deployment by pinging the components. Issue pings from the SESM application
system to the following systems:
• SSG platform
• RADIUS server system
• SPE database system (if used in your deployment)
For example, issue the following commands from the SESM server:
ping ssg
ping radiusserver

Where radiusserver and ssg are the DNS names or IP addresses of the RADIUS server and SSG. If any
of the pings fail, check the configuration attributes in the application MBeans to ensure that the IP
addresses or host names in the MBean attributes are accurate.

Using Java Command Line Options

The SESM application startup scripts execute the java command. You can specify any Java command
line option when you run the SESM application startup scripts.
To specify Java options, use -jvm as an option on the startup script command line. For example, you
might add the following to the command line when you execute SESM application startup scripts:
-jvm -Djava.compiler=NONE

Using Run Time Logging and Debugging Features

The SESM log files can help troubleshoot SESM applications and deployments. By changing the
configuration of the logging and debugging mechanisms, you can change the amount of detail reported
and specify message filtering. Two of the log files have debugging mechanisms in addition to the logging
features.
All SESM applications use the same logging and debugging features. However, the settings for these
features are configured individually for each application.

Cisco Subscriber Edge Services Manager Troubleshooting Guide

OL-3888-02 2-3
 Chapter 2 SESM Troubleshooting Aids
Using Run Time Logging and Debugging Features

Log File Descriptions

The log files associated with SESM applications are:
• Jetty HTTP Request log—Contains incoming HTTP requests. You can use this log file to analyze
volume and traffic patterns for the web server.
• Jetty log—Contains logging and debugging messages from Jetty. The logging messages record the
startup of the Jetty server and all ongoing activity, such as errors trapped by the Jetty server and
HTTP errors. If the SESM application fails to start, look at this log. Make sure you monitor this log
file for illegal HTTP requests that might indicate attempts to subvert the web server. If you enable
debugging, the log file also includes more detailed debugging messages.
• Application log—Contains logging and debugging messages from the SESM application. The
logging tool logs SESM web application activity. The debugging mechanism produces messages
useful to developers in debugging applications.
You can configure all three of these logs for each SESM portal application and for CDAT. RDP uses only
the application log.

Log File Configuration

The installed default configuration places all log files for an application into the logs subdirectory under
the application home directory. For example:
SESMinstallDir
nwsp
logs

If the logs directory does not exist, it is created at application runtime.

Table 2-1 shows the MBeans that configure the log files, including the level of verbosity in the logs,
message filtering, debugging, file location, and file management.

Table 2-1 Configuring the Log Files

Log Type MBean Name Filename Attribute Default Log Filename

Request log Server MBean RequestLog date.request.log
Jetty log Log MBean filename date.jetty.log
Debug MBean
Application log Logger MBean logFile date.application.log

For explanations of the attributes in these MBeans, see the Logging and Debugging Applications chapter
in the Cisco Subscriber Edge Services Manager Application Management Guide. To change values of
the logging attributes, use the SESM Application Manager. The Application Manager includes an
operational scenario for Logging.

Cisco Subscriber Edge Services Manager Troubleshooting Guide

2-4 OL-3888-02
Chapter 2 SESM Troubleshooting Aids
Isolating a Problem Area

Isolating a Problem Area

This section shows procedures for analyzing and isolating the causes of problems in SESM deployments.
The section includes two procedures:
• Identifying the Problem Area in SESM Web Portals (Figure 2-1)
• Identifying the Problem Area in RDP (Figure 2-2)

Cisco Subscriber Edge Services Manager Troubleshooting Guide

OL-3888-02 2-5
 Chapter 2 SESM Troubleshooting Aids
Isolating a Problem Area

Figure 2-1 Identifying the Problem Area in SESM Web Portals

Start

XYZ does Web

application, RDP
not work
with SESM RDP, or
CDAT
?

SESM web application 7

RDP
Don't Does
Check it with know No
the NWSP it work
with NWSP
application
? Get copies
1
Get copies 1 of the 6
of the configuration
configuration Yes files, log Escalate to
files, log files, and the Cisco
files, and application TAC
application code. Obtain
code. Obtain license
license number.
RADIUS
number.
Are 4
6 the tool
No Does RADIUS SPE No Check the
Escalate to authentication bar buttons SPE
the Cisco or LDAP appearing as
work mode configuration
TAC ? expected
? ?

Yes Yes
Yes
2
Check the
SSG Does the Yes Does
configuration service list service logon
appear work
? ?

No No
3
Check the
RADIUS
and SSG RADIUS RADIUS
configuration or LDAP
Get copies
1
in the mode
nwsp.xml ? of the
file configuration
Check the files, log Use CDAT
SPE SSG files, and to check the
application subscriber
Check the
4 configuration
code. Obtain profile
SPE license
configuration number.

6
Use CDAT
5 Escalate to
to check the the Cisco
TAC
59610

subscriber
profile

1 See Using Run Time Logging and Debugging Features, page 2-3.
2 See the SSG Configuration chapter in the Cisco Subscriber Edge Services Manager Deployment
Guide.
3 See the descriptions for the SSG MBean and the AAA MBean in the Cisco Subscriber Edge
Services Manager Web Portal Guide.
4 See the descriptions for the SPE MBeans (the Connection and Directory MBeans) in the Cisco
Subscriber Edge Services Manager Web Portal Guide.

Cisco Subscriber Edge Services Manager Troubleshooting Guide

2-6 OL-3888-02
Chapter 2 SESM Troubleshooting Aids
Isolating a Problem Area

5 Use CDAT to make sure the subscriber is subscribed to services and has the proper privileges to
access those services.
6 See Your Configuration and Log Files, page A-3 and Obtaining Technical Assistance, page ix.
7 See Identifying the Problem Area in RDP, page 2-7.

Figure 2-2 Identifying the Problem Area in RDP

1 7
Get copies
of the Escalate to
configuration the Cisco
and log files. TAC
Obtain license
number.
Yes
2
Do Check that
RDP Does Yes No services are
RDP PPP work auto services
work being added
? by the RDP
?

No

Does
3
PPP work Yes Is the Yes Turn off
with a different RDP in proxy proxy
RADIUS mode mode
server ?
?
No No 6
4 5
Does Check the
Check the Check the Yes RADIUS
SSG directory authentication
work now server
configuration configuration configuration
?

No
5
Check the

59611
directory
configuration

1 See Log File Descriptions, page 2-4.

2 See the Cisco Subscriber Edge Services Manager RADIUS Data Proxy Guide.
3 See the Cisco Subscriber Edge Services Manager RADIUS Data Proxy Guide.
4 See the chapter “Basic SSG Configuration” in the Cisco Subscriber Edge Services Manager
Deployment Guide.
5 See the “SPE MBeans” section in the Cisco Subscriber Edge Services Manager Web Portal Guide.
6 See the client and server socket components in the RDP MBean and RADIUS Data Proxy MBean,
described in the Cisco Subscriber Edge Services Manager RADIUS Data Proxy Guide.
7 See Obtaining Technical Assistance, page ix.

Cisco Subscriber Edge Services Manager Troubleshooting Guide

OL-3888-02 2-7
 Chapter 2 SESM Troubleshooting Aids
Isolating a Problem Area

Cisco Subscriber Edge Services Manager Troubleshooting Guide

2-8 OL-3888-02