Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Appendix A. Troubleshooting: General Guidelines
This appendix describes general steps for determining the root cause of a problem, for example by querying logs and service statuses.
Note
For lists of specific problems and their solutions, see Appendix B, Troubleshooting: Solutions to Specific Problems.
What were you doing when you encountered the problem?
If you know which specific area of IdM is causing the problem, follow these links:
If this guide does not help you find and fix the problem and you proceed to file a customer case, include any notable error output that you determined using these troubleshooting procedures in the case report. See also Contacting Red Hat Technical Support.
A.1. Investigating Failures when Executing the ipa Utility
Copier lienLien copié sur presse-papiers!
Basic Troubleshooting
- Add the
--verbose(-v) option to the command. This displays debug information. - Add the
-vvoption to the command. This displays the JSON response and request.
Advanced Troubleshooting
Figure A.1, “The architecture of executing the ipa cert-show command” shows which components interact when the user uses the IdM command-line utility. Querying these components can help you investigate where the problem occurred and what caused it.
- Use the following utilities:
hostto check the DNS resolution of the IdM server or clientpingto check if the IdM server is availableiptablesto check the current firewall configuration on the IdM serverdateto check the current timencto try to connect to the required ports, as listed in Section 2.1.6, “Port Requirements”
For details on using these utilities, see their man pages. - Set the
KRB5_TRACEenvironment variable to the/dev/stdoutfile to send trace-logging output to/dev/stdout:KRB5_TRACE=/dev/stdout ipa cert-find
$ KRB5_TRACE=/dev/stdout ipa cert-findCopy to Clipboard Copied! Toggle word wrap Toggle overflow Review the Kerberos key distribution center (KDC) log:/var/log/krb5kdc.log. - Review the Apache error log:
- Enable debug level on the server: Open the
/etc/ipa/server.conffile, and add thedebug=Trueoption to the[global]section. - Restart the
httpdservice:systemctl restart httpd.service
# systemctl restart httpd.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Run the command that failed again.
- Review the
httpderror log on the server:/var/log/httpd/error_log.
Run the command with the-vvvoption to display the HTTP request and response. - Review the Apache access log:
/var/log/httpd/access_log.Review the logs for the Certificate System component:/var/log/pki/pki-ca-spawn.time_of_installation.log/var/log/pki/pki-tomcat/ca/debug/var/log/pki/pki-tomcat/ca/system/var/log/pki/pki-tomcat/ca/selftests.log- Use the # journalctl -u pki-tomcatd@pki-tomcat.service command to review the
journallog.
- Review the Directory Server access log:
/var/log/dirsrv/slapd-IPA-EXAMPLE-COM/access.
Figure A.1. The architecture of executing the ipa cert-show command
Related Information
- See Section C.2, “Identity Management Log Files and Directories” for descriptions of various Identity Management log files.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}