Diagnosis Guide
Before calling IBM Service, make sure that you have verified that the
environment where the error occurred is correct. Consult Diagnostic procedures. This verification includes:
- Verify that the key is not in an expired state.
- Verify that the key files exist in
/spdata/sys1/keyfiles/product/host/service.
An example is
/spdata/sys1/keyfiles/ssp/c55s.ppd.pok.ibm.com/sdr
-
Verify that the data in the SP created DCE organization,
spsec_services, using the dcecp command.
-
Verify that the SP service is listed in the SP created DCE organization,
spsec-services.
-
Verify that the service has the proper principal and account in the DCE
registry.
-
Verify that the DCE servers are up and running and that network communication
with the host where the DCE registry is located is OK.
- Verify that DCE is installed and configured on the host where Per Node Key
Management is having problems.
If you are still having problems after verifying the environment, collect
the following information for the source and target hosts to send to the IBM
Support Center.
- The PSSP level installed.
- The current PSSP PTF level installed.
- The current DCE level installed.
- The current DCE PTF level installed.
- The error information from the AIX error log, obtained by issuing the
errpt command.
- Gathered information on the SP system service:
- DCE principal name of service that failed (if any).
-
DCE key file name of service that failed (if any).
- Node on which spnkeyman was running.
-
Expiration data from the DCE organization, spsec-services. Use
the dcecp command.
- Any other diagnostic actions taken that you believe contributes to the
solution of the problem or provides additional useful information for
debugging the problem.
-
The authentication method in use. Issue this command on the control
workstation:
splstdata -p
The entry "ts_auth_methods" lists the authentication methods in use.
[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]