Common issues

You might encounter common issues during the deployment and usage of IBM® Security Privileged Identity Manager in the IBM Security Privileged Identity Manager Virtual Appliance. For more information, see the following common issues and workaround sections.

Data store configuration fails

Check the configuration of the database system.

On the Log Retrieval and Configuration page, click the Appliance tab and check the Identity, Single Sign-On and Session Recording data store configuration, Server System Out, and Server Messages.

Directory Server Configuration fails

Check the configuration of the directory server.

On the Log Retrieval and Configuration page, click the Appliance tab and check the directory server configuration, Server System Out, and Server Messages.

Unable to access the virtual appliance console

Make sure that the network configuration link IP, Subnet Mast, DNS, and Gateway are correct.

High Disk Usage Notification on Dashboard

Reduce the setting for the Maximum size for log file rotation and Maximum number of historical log files.

Reduce the trace level from the command-line interface.

Clean the log files from Manage > Maintenance > Log Retrieval and Configuration.

Unable to access credentials by using AccessAgent on client system

Make sure that the virtual appliance host name is registered with DNS or updated in the client system hosts file.

Restart the client system.

Make sure that the time in the client system where AccessAgent is installed and the time in the IBM Security Privileged Identity Manager Virtual Appliance are synchronized.

Test connection or reconciliation operation failed by using Identity and Credential Vault administration console

Restart by using the Server control dashboard widget with the option Others(Full restart). If the operation still fails, restart the virtual appliance.

Unable to access Identity and Credential Vault Administration console

Check the Middleware and Server Monitor dashboard widget to verify the status of the Identity server, Directory server, and Identity data store. Then, take the appropriate action.

See the log files for more details.

Unable to access Single Sign-on and Session Recorder Administration console

Check the Middleware and Server Monitor dashboard widget to verify the status of the Single Sign-On server and Single Sign-On data store. Then, take the appropriate action.

See the log files for more details.

Unable to access Session Recorder Replay console (if activated)

Check the Middleware and Server Monitor dashboard widget to verify the status of the Session Recording server and Session Recording data store. Then, take the appropriate action.

See the log files for more details.

For any other unrecoverable issues

Generate a support file by using the command-line interface or the virtual appliance console for the IBM Support Team.

CLI
ispimva.example.com> support 
ispimva.example.com:support> create
ispimva.example.com:support> download 
1: ispim_1.0.1.1_20130925-014609_ispimva.example.com.zip 
2: ispim_1.0.1.1_20130925-015645_ispimva.example.com.zip 
Enter index: 1 
Insert a USB drive into the USB port on the appliance. 
Enter 'YES' to confirm: YES
Console
  1. Log on to the IBM Security Privileged Identity Manager Virtual Appliance console.
  2. Select Manage > System Settings > Support Files.
  3. Click new to create a new file.
  4. Click download to save a copy of the support file.

Unable to connect the IBM Security Privileged Identity Manager Server even with the correct host name

To resolve this issue, add the certificate to the client.
  1. Log on with Administrator privileges on the client computer.
  2. Start a web browser and go to the HTTPS URL for the IBM Security Privileged Identity Manager Server https://hostname where host name is the name of the computer that has the IBM Security Privileged Identity Manager Virtual Appliance Server.
  3. In the web browser, export the security certificates to a file.
  4. Complete the following instructions:
    1. On the Microsoft Internet Explorer, click File > Properties.
    2. Click Certificates.
    3. Click the Certification Path tab.
    4. Click the Details tab.
    5. For each certificate marked with a red X in the certificate hierarchy, do the following actions.
      1. Click View Certificate.
      2. Click Details.
      3. Click Copy to File.
      4. Follow the instructions in the wizard with the following considerations:
        • When the Export format page is displayed, select the DER encode binary x.509 (CER) format.
        • Save the certificates on your local computer. For example: webhost.cer.
  5. Copy the CER files to the following location: aa_home\SessionRecorder

    aa_home is the AccessAgent installation directory. For example: C:\Program Files\IBM\ISAM ESSO\AA\.

  6. Restart the computer where AccessAgent is installed.
Parent topic: Troubleshooting and support