Professional Documents
Culture Documents
This chapter describes tools and procedures to use to diagnose and isolate SESM installation and
configuration problems. It includes the following topics:
• Turning On Installation Logging, page 2-1
• Verifying Basic Configurations and Connections, page 2-1
• Using Java Command Line Options, page 2-3
• Using Run Time Logging and Debugging Features, page 2-3
• Isolating a Problem Area, page 2-5
To determine which patches are installed on the system, examine the following directory:
/var/sadm/patches
To determine if there are any new patches and to download the new patches or patch clusters, go to:
http://sunsolve.sun.com/
To display Windows hardware platform type and operating system versions, choose:
Start > Programs > Accessories > System Tools > System Information
Note For SESM Release 3.2, JVM Version 1.4.1 or later is required.
The SESM start scripts will use the $JDK_HOME environment variable if it is set. To check if this
environment variable is set correctly, run the following command:
$JDK_HOME/bin/java -version
If the java version is displayed, then the environment variable is set correctly.
If the message ‘Undefined variable’ is displayed, then the environment variable is not set correctly. In
this case the SESM application will use the java version defined in the start script.
For the web applications, the java location is defined in install-directory/jetty/bin/start.sh. Check the
setting of the $JDK_HOME environment variable in this script and go to the location specified. Verify
the java version by running the following command:
java -version
2. Verify that the Cisco IOS release running on the platform contains the features you are intending to
implement. Examine the beginning of the show run output for the version information:
version 12.x.x.x
Check the Release Notes for the Cisco Subscriber Edge Services Manager, Release 3.2 for feature
compatibility information between SESM releases and Cisco IOS SSG releases.
3. Verify that the SSG default network includes the system on which your SESM web applications are
installed. Otherwise, client requests never reach the SESM application, and the client browser
eventually times out. To display the default network setting, examine the output from the show run
command for the following line:
ssg default-network ipAddress mask
Where radiusserver and ssg are the DNS names or IP addresses of the RADIUS server and SSG. If any
of the pings fail, check the configuration attributes in the application MBeans to ensure that the IP
addresses or host names in the MBean attributes are accurate.
For explanations of the attributes in these MBeans, see the Logging and Debugging Applications chapter
in the Cisco Subscriber Edge Services Manager Application Management Guide. To change values of
the logging attributes, use the SESM Application Manager. The Application Manager includes an
operational scenario for Logging.
Start
Yes Yes
Yes
2
Check the
SSG Does the Yes Does
configuration service list service logon
appear work
? ?
No No
3
Check the
RADIUS
and SSG RADIUS RADIUS
configuration or LDAP
Get copies
1
in the mode
nwsp.xml ? of the
file configuration
Check the files, log Use CDAT
SPE SSG files, and to check the
application subscriber
Check the
4 configuration
code. Obtain profile
SPE license
configuration number.
6
Use CDAT
5 Escalate to
to check the the Cisco
TAC
59610
subscriber
profile
1 See Using Run Time Logging and Debugging Features, page 2-3.
2 See the SSG Configuration chapter in the Cisco Subscriber Edge Services Manager Deployment
Guide.
3 See the descriptions for the SSG MBean and the AAA MBean in the Cisco Subscriber Edge
Services Manager Web Portal Guide.
4 See the descriptions for the SPE MBeans (the Connection and Directory MBeans) in the Cisco
Subscriber Edge Services Manager Web Portal Guide.
5 Use CDAT to make sure the subscriber is subscribed to services and has the proper privileges to
access those services.
6 See Your Configuration and Log Files, page A-3 and Obtaining Technical Assistance, page ix.
7 See Identifying the Problem Area in RDP, page 2-7.
1 7
Get copies
of the Escalate to
configuration the Cisco
and log files. TAC
Obtain license
number.
Yes
2
Do Check that
RDP Does Yes No services are
RDP PPP work auto services
work being added
? by the RDP
?
No
Does
3
PPP work Yes Is the Yes Turn off
with a different RDP in proxy proxy
RADIUS mode mode
server ?
?
No No 6
4 5
Does Check the
Check the Check the Yes RADIUS
SSG directory authentication
work now server
configuration configuration configuration
?
No
5
Check the
59611
directory
configuration