Troubleshooting general EIM configuration and domain problems
There are a number of general problems that you may encounter as you configure EIM for your system, as well as problems that you may encounter as you access an EIM domain. Review the following table to learn more about some common problems and potential solutions that you can use to resolve these problems.
Possible problem | Possible solutions |
---|---|
EIM Configuration wizard appears to hang during Finish processing. | Tthe wizard may be waiting for the domain controller
to start. Verify that no errors occurred during the startup of the
directory server. For IBM® i platforms,
check the job log for the QDIRSRV job in the QSYSWRK subsystem.
To check the job log, follow these steps:
|
While using the EIM Configuration wizard to create a domain on a remote system, you received the following error message: "The parent distinguished name (DN) you entered is not valid. The DN must exist on the remote directory server. Specify or select a new or existing parent DN.' | The parent DN specified for the remote domain does not exist. See Creating and joining a new remote domain to learn more about how to use the EIM Configuration wizard. Also, see the online help for detailed information about specifying a parent DN when creating a domain. |
You receive a message indicating that the EIM domain does not exist. | If you have not created an EIM domain, use the EIM Configuration wizard. This wizard creates an EIM domain for you, or enables you to configure an existing EIM domain. If you have created an EIM domain, ensure that the specified user is a member of an EIM access control group with sufficient authority to access it. |
You receive a message indicating that an EIM object (identifier, registry, association, policy association, or certificate filter) is not found, or that you are not authorized to EIM data. | Verify that the EIM object exists and whether the specified user is a member of an EIM access control group with sufficient authority to that object. |
While managing EIM through IBM Navigator for i, you receive an error indicating that the EIM handle is no longer valid. | The connection to the domain controller has
been lost. To reconnect to the domain controller, follow these steps:
|
When using the Kerberos protocol for authentication
with EIM, diagnostic message CPD3E3F is written to
the job log. |
This message is generated whenever authentication or identity mapping operations fail. The diagnostic message contains both major and minor status codes to indicate where the problem occurred. The most common errors are documented in the message along with the recovery. Refer to the help information associated with the diagnostic message to begin troubleshooting the problem. You may also find it helpful to review Troubleshoot single sign-on configuration. |