IBM Tivoli Monitoring, Version 6.3

Cannot log on to the portal server

If you are unable to successfully log on to the portal server to start your Tivoli® Enterprise Portal work session, review the symptoms and corrective actions to remedy the problem.

The following table provides resolutions for problems logging in to the Tivoli Enterprise Portal Server.

Table 1. Cannot log in to the Tivoli Enterprise Portal Server
Problem	Corrective action and solution
User authorization failed -OR- `KFWITM215E: Unable to process logon request`	Ensure that the user ID and password are correct. (The user ID must use 10 or fewer ASCII characters and contain no spaces. The name is limited to 8 characters if user authentication is at the hub monitoring server and uses RACF® security for z/OS.) Verify that the monitoring server has started. Define the user in the portal server. Configure the TEPS or TEPS2 data sources. If security validation is active on the hub monitoring server, make sure the user ID is defined to the security system. For more information on security validation see the IBM Tivoli Monitoring Installation and Setup Guide or IBM Tivoli OMEGAMON XE and Tivoli Management Services on z/OS: Common Planning and Configuration Guide.
`KFWITM010I: Tivoli Enterprise Portal Server not ready.` -OR- `KFWITM402E: Communication with the Tivoli Enterprise Server could not be established.`	Wait for the portal server to establish connection. To determine whether or not the portal server is ready for portal client logon, search the portal server trace log for this text string: `Waiting for requests`. If that string is not found, the portal server has not completed initialization. Portal server initialization can take as long as 20 minutes. To view the trace log, open Manage Tivoli Monitoring Services, right-click the portal server, and select Advanced > View trace log Recycle the portal server. For more information see The portal server does not start or stops responding.
If the status bar displays the Validating User Credentials message continuously, the monitoring server stopped. -OR- The message `TEP has lost communication with TEMS` displays continuously. -OR- `KFWITM008W The Tivoli Enterprise Portal Server has lost contact with the Tivoli Enterprise Monitoring Server.`	If you are an administrator, restart the monitoring server. Otherwise, notify an administrator and wait for the monitoring server to be restarted.
Portal client cannot connect to the portal server because of firewall configuration. -OR- `KFWITM392E: Internal error occurred during logon.`	By default the portal client connects to the portal server on port 1920 or 15001. Open the blocked port or reassign ports accordingly. For environments with multiple interfaces reconfigure the portal server to specify a specific interface by following the instruction below. On Windows: Use `ipconfig /all` to verify the current network interface configuration. Start the Manage Tivoli Monitoring Services and right-click the TEPS entry, and choose Advanced > Set network interface. Enter the correct IP address here. On UNIX or Linux: Use `ifconfig -a` to verify the current network interface configuration. Edit the agent *.ini file and add `KDEB_INTERFACELIST=IP_address`, where IP_address is the correct address. For more information see "Controlling port number assignments" in the IBM Tivoli Monitoring Installation and Setup Guide.
The portal server cannot initialize because of a DB2® shutdown. -OR- `KFWITM009I: The Tivoli Enterprise Portal Server is still being initialized and is not ready for communications.`	Start DB2 or wait for DB2 to finish initializing. If you receive message `KFWITM009I` you can look at the most recent trace log to verify that the portal server is initialized by searching for the text string `Waiting for requests. Startup completed`.
If the Tivoli Enterprise Portal Server connection to LDAP is lost.	When the portal server is configured to authenticate against the LDAP server (with optionally enabled Single Sign-On capability), if you lose the portal server to LDAP connection, this will cause any log in attempt to fail with error code KFWITM393E: "User ID or password is invalid". This authentication failure will be reported for any user, including the default administrative user "sysadmin", and not only for users defined in the LDAP repository. Re-establish the connection to LDAP. As soon as the portal server to LDAP connection is re-established, you can log in to the Tivoli Enterprise Portal. If there is still a problem connecting with LDAP, de-configure LDAP authentication. If the LDAP connection is broken and the normal procedure to switch off LDAP-based authentication does not work, the following steps need to be performed: For AIX® and Linux systems, stop the portal server with the ./itmcmd agent stop cq command invoked from the installation directory. Run the ./disableLDAPRepository.sh script from candle_home/arch/iw/scripts, where arch is the system architecture, for example "li6263" or "aix533." Reconfigure the portal server and disable LDAP authentication using the ./itmcmd config -A cq command invoked from the installation directory. Start the portal server with the ./itmcmd agent start cq command invoked from installation directory. The portal server authentication through the monitoring server is now enabled. If the monitoring server was also configured to use LDAP and the reason for this procedure being applied is LDAP being out of service, ensure you also change the monitoring server configuration to not authenticate through LDAP, following steps from the monitoring server configuration help. For Windows systems, stop the portal server service using the Manage Tivoli Enterprise Monitoring Services application. \ Run the `disableLDAPRepository.bat` script from `candle_home\CNPSJ\scripts`. Reconfigure the portal server using the Manage Tivoli Enterprise Monitoring Services application and disable the "Validate User with LDAP" option. Start the portal server service using the Manage Tivoli Enterprise Monitoring Services application. The portal server authentication through the monitoring server is now enabled. If the monitoring server was also configured to use LDAP and the reason for this procedure being applied is LDAP being out of service, ensure you also change the monitoring server configuration to not authenticate through LDAP, following the steps from the monitoring server configuration help.

Feedback