Lotus Mobile Connect
Lotus Mobile Connect
®
Version 6.1.1
Troubleshooting Guide
Lotus Mobile Connect
®
Version 6.1.1
Troubleshooting Guide
Note
Before using this information and the product it supports, read the information in Notices.
This edition applies to version 6, release 1, modification 1 of IBM Lotus Mobile Connect (product number 5724-R20)
and to all subsequent releases and modifications until otherwise indicated in new editions.
When you send information to IBM, you grant IBM a nonexclusive right to use or distribute the information in any
way it believes appropriate without incurring any obligation to you.
© Copyright International Business Machines Corporation and others 1994, 2007. All rights reserved.
Note to U.S. Government Users — Documentation related to restricted rights — Use, duplication or disclosure is
subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp.
Contents
Chapter 1. Troubleshooting guide. . . . 1
Before you call IBM Support . . . . . . . . . 1
Locating the problem . . . . . . . . . . . 3
Installing and using the IBM Support Assistant . . . 3
Determining the version of code installed . . . . . 6
Obtaining service updates . . . . . . . . . 6
Determining the service level of the Connection
Manager . . . . . . . . . . . . . . . 6
Determining the service level of Mobility Clients . 7
Determining the service level of Gatekeeper . . . 7
Troubleshooting checklists . . . . . . . . . . 7
Mobility Client log in and password problems . . 7
Mobility Client problems . . . . . . . . . 14
Connection Manager problems . . . . . . . 18
Persistent data storage problems . . . . . . 23
Application problems . . . . . . . . . . 26
Gatekeeper problems . . . . . . . . . . 26
Determining the status of resources . . . . . . 28
Verifying Connection Manager processes . . . . 29
Verifying the portmap daemon is enabled for
automatic start-up on AIX systems . . . . . . 29
Port number information . . . . . . . . . . 30
Supported locales . . . . . . . . . . .
Using access manager logs . . . . . . . .
Using Connection Manager logs . . . . . .
Message log . . . . . . . . . . . .
Account log . . . . . . . . . . . .
Trace log . . . . . . . . . . . . .
Testing for UDP packet loss . . . . . . . .
Troubleshooting tips . . . . . . . . . .
Finding broadcast errors when using mobile access
services . . . . . . . . . . . . . . .
Determining the status of an X.25 link on AIX . .
Monitoring X.25 data flow . . . . . . .
Sending network management traps . . . . .
Trap variables . . . . . . . . . . .
Trap severity . . . . . . . . . . . .
Trap descriptions . . . . . . . . . .
.
.
.
.
.
.
.
.
32
34
34
36
37
43
44
45
.
.
.
.
.
.
.
46
46
47
47
47
48
49
Chapter 2. Notices . . . . . . . . . . 53
Trademarks .
.
.
.
.
.
.
.
.
.
.
.
.
. 55
Index . . . . . . . . . . . . . . . 57
iii
iv
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
Chapter 1. Troubleshooting guide
This guide can assist you with problems that you might experience, including
problems with installation.
This guide is designed to serve as a self-help tool to help you resolve your
problem without having to call IBM® support. If you do have to call IBM support,
this guide provides the information you will need to help your IBM service
representative better diagnose and resolve your problem.
Use this information to help determine and resolve problems with IBM Lotus®
Mobile Connect. It explains how to:
v
v
v
v
v
v
v
v
v
v
Determine the status of various resources, devices, and links
Determine the level of the code installed
Verify Connection Manager processes
Troubleshoot login and password problems or other problems with specific
symptoms
Determine what to do before calling IBM support
View messages in the message log file
Monitor packet flow
Use troubleshooting tips
Get port number and supported locale information
Get a description of trap severity codes
Use these links to consult other available troubleshooting resources:
v Service update information
v Information center
v Technotes
v Other product information (reference manuals, white papers)
In this guide, you will see the following icons:
Points out important notes to the reader.
Highlights tips for the reader.
Before you call IBM Support
Service personnel responding to a request for help might ask these questions.
v Which level of code is installed for the Connection Manager, Gatekeeper, and
Mobility Client? See Determining the version of code installed to determine the
version numbers and how to access the available software downloads.
v Have you checked to see if your network carrier has been out of service?
v Have you registered the problematic mobile unit (MAN or LLI)?
v Is this a new mobile device or has it worked before?
1
v Did the start of the problem coincide with any changes you made to hardware
or software?
If you have determined that you need IBM assistance to solve a problem, then
complete this IBM support checklist. The information in this checklist is used by
the IBM Support Center to help diagnose your problem. Print a copy of this list,
and then fill in the blanks, before contacting IBM for support.
Description of the problem and the environment
1. Problem summary:
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
2. Specify the Connection Manager version number and build date:
__________________________________________________________________________________________
See Determining the version of code installed to determine the version
number and how to access the available software downloads.
3. On what operating system is the Connection Manager running? What level of
the operating system is installed? Are any maintenance levels or fix packs
applied to the operating system?
__________________________________________________________________________________________
4. Which relational database product is installed and what version is it? Are any
fix packs installed?
__________________________________________________________________________________________
5. Is the database server located on the same physical machine as the Connection
Manager?
__________________________________________________________________________________________
6. Which DSS (directory service server or LDAP (If LDAP is used)) product does
the Connection Manager connect to and what version is it?
__________________________________________________________________________________________
7. Is the DSS server located on the same physical machine as the Connection
Manager?
__________________________________________________________________________________________
8. If the Gatekeeper is involved with this problem, what version of the
Gatekeeper is installed, and on what operating system is it running?
__________________________________________________________________________________________
9. Which device or devices are being used to connect to the Connection
Manager?
__________________________________________________________________________________________
10. Which version(s) of the Mobility Client are being used to connect to the
Connection Manager?
__________________________________________________________________________________________
11. Which operating systems are being used for the Mobility Clients?
__________________________________________________________________________________________
__________________________________________________________________________________________
12. If a modem or network card is in use, list the manufacturer, model, and
network over which it operates.
__________________________________________________________________________________________
13. List any and all error messages (if any are received) from the Mobility Client.
2
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
__________________________________________________________________________________________
__________________________________________________________________________________________
14. Steps to recreate the problem:
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
15. Describe the network environment:
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
__________________________________________________________________________________________
Locating the problem
The current state of the Connection Manager is determined by the following
components:
v
v
v
v
v
v
v
Real status of the network interfaces
X.25 link status
X.25 monitoring
Connection Manager processes
File system status
Log messages
Persistent storage
Installing and using the IBM Support Assistant
This section describes how to install, configure, and use the IBM Support Assistant
(ISA) for Lotus Mobile Connect.
Installing the Lotus Mobile Connect plug-in for ISA allows you to navigate the ISA
utility, using these tabs:
v Search lets you search various sites for Lotus Mobile Connect issues.
v Education provides web links to education materials.
v Support provides web links to support materials.
v Services lets you create problem management records (PMRs) and automatically
collect and ship problem documentation.
Considerations before you begin
v In the current implementation of ISA, you can only display PMRs that were
created using the electronic service reporting (ESR) system or using ISA.
v For electronic submission of PMRs, you must have an IBM Passport Advantage®
account. Use this account ID and password to log on and enable access to the
ESR system. To list yourself as an IBM Authorized caller in ESR, see the ESR
help information. on the Software support site.
v If you want to use ISA’s Services capability to automatically create a PMR and
send associated collected documentation, ISA and the Lotus Mobile Connect
Chapter 1. Troubleshooting guide
3
plug-in must be present and running on the Connection Manager system.
Additionally, this system must have access to the Internet to allow FTP delivery
of the associated logs.
To submit and track problems, see the Software support site.
Installation of ISA and the Lotus Mobile Connect plug-in
To install ISA:
1. Sign in using your ID and password of your IBM account and obtain the ISA
utility software package from the IBM Support Assistant site.
2. Follow the instructions in the Installation and Troubleshooting Guide, included
in the ISA package.
To install the Connection Manager plug-in:
1. Obtain the Lotus Mobile Connect ISA plug-in tar file from the Lotus Mobile
Connect support site.
2. Untar the ISA plug-in and place the resulting directory
(com.ibm.esupport.client.SSVLBW.v6) in the following location: <ISA Install
root>/plugins/
3. Start and access ISA using the instructions in the Installation and
Troubleshooting Guide included in the ISA package.
Using IBM Support Assistant
You can use the ISA Search, Education, Support, and Services functions using IBM
Support Assistant.
Using ISA Search
After you click the Search tab, you can choose to search one or more sources of
information, including:
v IBM software support documents
v IBM developerWorks®
v IBM newsgroups and forums
v Google web search
After you select one or more of the four choices, more detail might be displayed
providing additional selections.
Note: Although the search results in the left panel might reflect a large number of
hits, ISA limits displaying only the top 32 results.
Using ISA Education
You can explore IBM’s web education web sites.
Using ISA Support
You can link to the Lotus Mobile Connect Support site, product home page, news
groups, and forums.
4
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
Using ISA Service
This tab provides the capability to invoke an automated collection of system
information and subcomponent logs to provide to IBM Support staff for aid in
problem determination. An example scenario includes:
1. Click the Service tab.
2. In the Service panel, select System Information and/or IBM Lotus Mobile
Connect, then click Collect.
Note: The value you enter for the installation directory is not currently used by
the plug-in. Therefore, you can choose to enter any existing directory, for
example /tmp. After the collection completes, a summary is displayed.
3. In the left panel, click Log In (optionally Proceed to Manage Problem Reports),
then enter your IBM ID, your password, your IBM customer number, and select
the appropriate Country/Region of your support contract. Optionally, select
Remember my IBM ID, IBM Customer Number, and Country/Region.
4. Click Login.
5. In the left panel, click Submit Problem Report. The following input fields are
on the Services tab when creating a PMR:
v Select a product
v Select a component
v Select a severity level
v Short description
v Recent changes to system
v Corrective actions already taken
v Platform/Operating system
v Other relevant information
v Collector file
v Attachment
Note: You do not have to take action to attach the file that was generated in
step 2. ″Attachment″ here means any additional file you need to send
to IBM support.
6. Click Submit.
7. PMRs opened using ISA can later be managed using the List Problem Reports
link.
Additional Notes®
1. If your Connection Manager system cannot access the Internet, you can still use
ISA to collect problem documentation. In this case, manually copy the collector
output file (for example, <ISA Install root>/workspace/.metadata/
collector_050714_1514_57887.jar) to a system that has FTP access to the Internet
and FTP the file as instructed by IBM support.
2. You can access ISA from a system other than the Connection Manager system,
providing startisa.sh has been run on the Connection Manager system. This is
useful in cases where the Connection Manager system has no display screen.
3. If a technical limitation prevents you from running ISA on your Connection
Manager system, you can still download the ISA plug-in and run the support
script from a command line. The script should be run from a directory on a file
system with sufficient space to contain its output, preferably a file system that
does not impact Connection Manager performance (for example, /tmp/). The
Chapter 1. Troubleshooting guide
5
script creates a directory named lmcsupport.out in the current working
directory. You can tar the contents of that directory to submit to IBM support.
You will not have the other benefits of ISA, such as submitting PMRs, federated
searches, etc. if you choose this option.
4. Documentation is gathered only for the Connection Manager. If any logs or
traces are gathered from the Mobility Client or Gatekeeper systems, these must
be submitted to support separately.
5. ISA v3 is not yet supported. It is recommended that you extract the plug-in,
run wecmsupport.sh manually and submit wecmsupport.out to IBMsupport.
Determining the version of code installed
Each component of code that you installed has a service level version number.
You need to be able to identify the version number of the code that you installed
on each component.
Obtaining service updates
You can access the list of latest service updates or review all the information on the
Connection Manager Support site.
The Support site URL is: www.ibm.com/software/lotus/mobileconnect/support/
To download the latest service updates from the Support site, click Recommended
Maintenance in the Self-help column. You will link to a list of the most current
versions. After you have chosen the download you want, you are prompted to
register or verify your registration for downloading IBM Lotus Mobile Connect
files.
Note that for some downloads, you will also be asked to supply a download
key to access the files. This key is available for IBM licensed customers of the
product. If you do not know the download key, you may obtain it by opening a
Problem Management Record (PMR) to the IBM Support Center at (800) IBM-SERV.
Outside the United States, visit http://www.ibm.com/planetwide. To open an
electronic PMR, visit http://www.ibm.com/software/support/probsub.html. After
you have passed the verification, you will be able to download the appropriate
files.
There is a readme file or other installation instructions associated with each
download describing how to install and use it.
Determining the service level of the Connection Manager
To determine the service level of the Connection Manager on your system, issue
the following command: lswg -V |more
The output of this command will give you the software version and release as well
as the date which it was built.
Alternatively, use the Gatekeeper to display the version. Click the About tab from
the Connection Manager properties notebook.
6
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
Determining the service level of Mobility Clients
On Linux®
In the Connections window, click Help -> About.
On Microsoft® desktop Windows®
Right-click the Mobility Client icon
in the system tray, then click
About. Or click Help -> About from the Connections window in the IBM
Mobility Client folder.
On Microsoft Windows CE
Tap the Windows logo, then tap Programs -> IBM Mobility Client. Tap
Connections, then tap Help -> About at the bottom of the screen.
On Nokia Communicator devices
Tap the Menu button, then tap Tools -> About.
Determining the service level of Gatekeeper
Start the Gatekeeper, then click Help -> About, then click Version Number of the
Gatekeeper.
For more diagnostic information, open the file StdErr.txt which is located in the
.wgcfg directory relative to the user’s home directory.
Troubleshooting checklists
Use the following checklists to help you eliminate possible problem areas and find
solutions.
Some of the items in the checklists are questions that you should ask yourself
while others are items that lead you to another item or related information.
Mobility Client log in and password problems
Frequently asked questions about problems with passwords and logging in are
included in this topic.
Browse these questions, then link to the answers below.
1. I have lost my password. What do I do?
2. I have forgotten my password. How can I get it reset?
3. I have typed in my password correctly, so why am I not able to log in? The
system tells me it is the wrong password.
4. I am seeing another password prompt besides the one I usually see. What do I
do?
5. How do I change my password?
6. I get a message that the Mobility Client timed out while logging into the
Connection Manager. What do I do?
7. I tried several times to enter my password and I got a message that my account
has been locked. What do I do?
8. I see the Connect window on my screen but the progress indicators never turn
green and do not advance to 2 or 3 bars during the login. What’s wrong?
Chapter 1. Troubleshooting guide
7
9. Why can I not establish a connection when specifying a user ID with national
language characters?
Answers to Mobility Client login and passwords problems include:
1. I have lost my password. What do I do?
Connection Manager administrators use the Gatekeeper to access the User
account and perform a password reset for you. They will not be able to tell you
what your password is because it will be hidden.
It would be wise to set up Gatekeeper login accounts for Connection
Manager administrators and to set up these accounts with access control lists
that limit what resources they are able to read and modify.
2. I have forgotten my password. How can I get it reset?
Ask a Connection Manager administrator to perform a password reset.
To perform a password reset using Gatekeeper:
a. Click Find..., then type the User ID in the User ID field and click Find now.
b. Right-click the user ID in the Find Resource Results window, then click
Properties.
c. Click the Password tab, then type the password twice: once in the Enter the
new password field and again in the Confirm the new password field.
d. Click OK or Apply.
When the password is typed in, it appears as asterisks (*).
3. I have typed in my password correctly, so why am I not able to log in? The
system tells me it is the wrong password.
The immediate response to help the user get logged in would be to perform a
password reset. However, this problem might indicate a problem with the
Connection Manager, and it should be reported to the Connection Manager
administrator for further diagnosis and possible contact with the IBM Support
Center.
4. I am seeing another password prompt besides the one I usually see. What do I
do?
a. On the Attributes tab of the Mobility Client properties is a box labelled
Prompt for user ID and password. Verify whether this box is selected or
cleared.
b. Your system can be configured to ask for secondary login authentication.
Depending on how the Mobility Client is configured you might see a
secondary login window.
c. There is a parameter in the configuration file called OneButtonConnect. If
the Prompt for user ID and password box is checked and the user ID and
password have been successfully entered and saved once, this would
prevent you from seeing the login panel.
5. How do I change my password?
You must be logged in to the Connection Manager to be offered the
opportunity to change your password.
Nokia Communicator devices
Press the Menu key. Select Account → Password change.
Nokia E series devices
Press the button next to Option on the Mobility Client window. Select
Account → Password change.
8
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
Linux desktop machines
Right-click the Mobility Client icon in the Connections window, then
click Change Password....
Windows CE devices
Tap the Mobility Client icon, then tap Change Password....
Windows desktop machines
Right-click the icon in the system tray, then click Change Password....
You are prompted to type in your present password followed by the new
password twice. If the Connection Manager administrator has configured
Connection Manager to use a password profile, there might be special rules for
your password before it is accepted.
6. I get a message that the Mobility Client timed out while logging into the
Connection Manager. What do I do?
There are typically four situations:
a. The Mobility Client has a login timer which, if you do not successfully log
in to the Connection Manager before the time has elapsed, will stop the
connection attempt and issue the message.
b. Login packets are not reaching or being processed by the Connection
Manager. There could be a number of reasons for this:
v User device is in a low signal strength area.
v Problem is in the bearer network, preventing the login packets from
reaching the Connection Manager.
v Packets reach the Connection Manager, but are not processed. Perform
Connection Manager troubleshooting procedures if this reason is
suspected.
v The Connection Manager is not returning the login responses to the
Mobility Client in a timely manner, and after the client’s timer expires,
the connection attempt is stopped.
c. On some devices and laptop computers, if the Ethernet cable is unplugged,
it might be incorrectly reported to the Mobility Client that the adapter is
available, with an IP address in the range of 169.254.0.0 - 169.254.255.255.
The Mobility Client attempts to open, activate, and use this adapter for
communication with the Connection Manager, and the login attempt will
time out. If this occurs, remove the adapter from the system and attempt to
log in again. For example, Intermec 700 series devices, when plugged into
the Intermec docking station with the Ethernet cable unplugged, can
experience this behavior.
d. If you are using secondary authentication with LDAP-bind to Microsoft
Active Directory, you can experience this condition if the system password
on the Active Directory server is changed. You will receive this message
even if the password on the Active Directory server is changed back to its
original value, unless the Connection Manager is restarted.
7. I tried several times to enter my password and I got a message that my account
has been locked. What do I do?
Contact the Connection Manager administrator who will have to examine your
user account in the Gatekeeper to clear the Locked setting on the Account tab
of your user account. After this setting is cleared, you will be able to log in
again.
8. I see the Connect window on my screen but the progress indicators never turn
green and do not advance to 2 or 3 bars during the login. What’s wrong?
Chapter 1. Troubleshooting guide
9
v If the progress indicator does not show 1 green progress bar, it means that
the Mobility Client was unable to initialize or communicate with the
modem/network card. On Windows systems, the Mobility Client uses the
Microsoft TAPI (telephony application programming interface) to
communicate with modems.
v If the progress indicator shows only 1 green bar, then the Mobility Client is
successfully communicating with the modem/network card, but has not been
able to establish a connection with the physical network.
v If the progress indicator shows 2 green bars but not the third bar, then this is
an indication that a physical network connection has been made, but the
Connection Manager and the Mobility Client have been unable to negotiate a
login connection.
On Windows desktop systems, right-click the Mobility Client icon in the
system tray and click Status, then click the Statistics tab. The status window
shows the number of packets sent and received as well as the number of
bytes sent and received and the time of the current client connection. If the
packets sent count is not incrementing when you attempt to use an
application, then the traffic is not leaving the Mobility Client.
Another good test would be to determine if a ping command is successful to
the external IP address of the Connection Manager machine. If the ping
command is not successful, then the Connection Manager cannot return any
packets to the Mobility Client.
9. Why can I not establish a connection when specifying a user ID with national
language characters?
On AIX®, Linux, and Solaris systems, make sure that UTF-8 support is installed
on the Connection Manager for your operating system.
Using logs to troubleshoot login problems
Use Mobility Client trace and Connection Manager logs to troubleshoot Mobility
Client login problems.
To troubleshoot login problems on Windows:
1. On the Mobility Client system: Start -> Programs -> IBM Mobility Client ->
Connections -> Tools -> Configure Trace -> Level -> High -> OK. The trace
file is in C:\Documents and Settings\All Users\Documents\arttrace.txt. If you
are using an older version of Mobility Client, it will be in the installation
directory.
Note: The location of arttrace.txt has changed to C:\Users\Public\Documents
in Windows Vista.
2. In the Gatekeeper connected to the Connection Manager, either configure full
logging for all users or restrict logging to a specific user. By default, this log file
is wg.log. This file is located in /var/adm/ on AIX, Linux, or Solaris. On
Windows, this file is located in the installation directory under logs\.
3. Attempt to log in from the Mobility Client.
4. Review the Mobility Client trace and Connection Manager log.
|
|
In general, you will see four packets exchanged between the Mobility Client and
Connection Manager to establish the secured and encrypted tunnel. Additional
packets might be required if either the Mobility Client or Connection Manager
disagrees (negative acknowledgement or NACK) on a setting proposed by the
other. These packets are:
10
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
v Link control protocol (LCP) configuration request (Mobility Client to Connection
Manager)
v LCP configuration acknowledge (ACK) (Connection Manager to Mobility Client)
v LCP configuration request (Connection Manager to Mobility Client)
v LCP configuration ACK (Mobility Client to Connection Manager)
The trace/log excerpts below provide additional details. These excerpts are taken
from a Mobility Client connecting to a Connection Manager using system
authentication. Additional authentication packets will follow if secondary
authentication (LDAP-bind, RADIUS, or Certificate) is being used. In the case of
secondary authentication, the tunnel is established but cannot be used to route
traffic until authentication completes.
In the arttrace.txt file, find the Mobility Client version. Connecting uplevel clients
to a backlevel Connection Manager is not supported. The Connection Manager
version can be found by running lswg -V.
This excerpt is from the trace file:
Release build compiled on Sep 27 2005 - 20:30:41. (EB0.994)
CORE Microsoft Windows XP Professional version 5.1 Service Pack 1
(Build 2600). (EB0.994)
Find the Connection Manager IP address and connection port that the Mobility
Client is trying to use. This address should be routable from the Mobility Client
and the port should be open on any firewalls between the Mobility Client and
Connection Manager.
UdpPort.cpp,41: CUdpPort::CUdpPort txPort=<PORT> txtAdrr=<IP_ADDRESS> rxPort=0
(EB0.994)
Determine which IP address and port the client is bound to and listening on. This
address should be routable from the Connection Manager and the port should be
open on any firewalls between the client and the Connection Manager.
UdpPort.cpp,195: CUdpPort::connect setting bind address to <IP_ADDRESS> (EB0.8FC)
UdpPort.cpp,206: CUdpPort::connect setting bind port to <PORT> (EB0.8FC)
Determine which physical interface the client is bound to, and use operating
system or device-specific tools to ensure there are no problems with this interface.
ipdriver.cpp,1195: Message from core: eMsg_SetActiveInterface, <Name of interface>
The Mobility Client sets a host route to the Connection Manager. The routing table
can be verified by running netstat -ar on Linux and Windows 32-bit operating
systems.
route.cpp,1222: Active routing table (EB0.8FC)
Destination
Netmask
Gateway
(EB0.8FC)
Interface
Metric
Confirm that the appropriate host route to the Connection Manager exists in the
routing table. Initialization of the logon sequence follows:
ARTAPI API Message to core: eMsg_Logon (F18.810)
The outbound LCP configuration request (Mobility Client to Connection Manager)
follows:
Chapter 1. Troubleshooting guide
11
Note: If you see multiple outbound requests, but no inbound ACK/NACK, there
is probably a routing problem between the Mobility Client and Connection
Manager.
ALP LCP-Configure Request id=0x01, Outbound
<mru 1472> <magic 0x8f662700> <pcomp> <acomp>
<encrypt AES(256)/CBC> <compress PKDCL> <VJ-red> <ip-addr 10.3.3.2>
<subnet mask 255.255.255.0> <version 732 IBM Corporation/MS Windows
32-bit (02dc0206)
Microsoft Windows XP Professional version 5.1 Service Pack 1 (Build 2600)>
<Key request
nonce=bab27637bde9eda4edf94a2b080db0d1a8c87ae5c83521e383ba32cbf04bc440
peer=415254434c49454e54>
<routes : none> <WLP_TCP> <userid <user ID>>
<dns addresses : > <WLP Session ID 0x7687>
<Network InformationSpeed=100000000 Network
Name=Intel (R) PRO/1000 MT Mobile Connection - Net
Firewall Miniport Interface> <Build DataBuild
Data=5.1.1.1 20050927_2011> (EB0.994)
Hex dumps of LCP packets always begin with ″C0 21″.
WRAPR HEX dump of 1472 bytes starting at address 009F7578: (EB0.994)
0000: C0 21 ...
Inbound LCP configuration ACK (Connection Manager to Mobility Client):
ALP LCP-Configure Ack id=0x01, Inbound
<mru 1472> <magic 0x8f662700> <pcomp> <acomp>
<encrypt AES(256)/CBC> <compress PKDCL> <VJ-red> <ip-addr 10.3.3.2>
<subnet mask 255.255.255.0> <version 732 IBM Corporation/MS Windows
32-bit (02dc0206)
Microsoft Windows XP Professional version 5.1 Service Pack 1
(Build 2600)>
<routes : none> <WLP_TCP> <userid test>
<dns addresses : > <WLP Session ID 0x7687>
<Network InformationSpeed=100000000 Network
Name=Intel (R) PRO/1000 MT Mobile Connection - Net
Firewall Miniport Interface> <Build DataBuild
Data=5.1.1.1 20050927_2011> (EB0.70C)
Inbound LCP configuration request (Connection Manager to Mobility Client).
Note the authentication type here - two party key distribution protocol (that is,
system authentication). This authentication corresponds to the key exchange =
password on the Security tab of the connection profile on the Mobility Client. Note
also that the routes that are pushed down to the Mobility Client tell the Mobility
Client which IP addresses can be reached over the virtual interface and will be
added to the operating system routing table.
ALP LCP-Configure Request id=0x01, Inbound
<magic 0x344d79b8> <pcomp> <acomp> <encrypt AES(256)/CBC>
<compress PKDCL> <auth TPKDP Plaintext/SHA>
<VJ-red> <ip-addr 10.3.3.1>
<subnet mask 255.255.255.0> <routes : Dest
Address: 9.9.9.9 Mask: 255.255.255.255 Dest
Address: 10.3.3.0 Mask: 255.255.255.0 > <version
732 IBM Corporation/LINUX (02dc020f)> <WLP Session ID 0x7687>
<Transport Profile Compression=FALSE, Balance Fragments=TRUE,
Header Reduction=FALSE, Packet Joining=FALSE, IP Forwarding=TRUE,
TCP Opt=TRUE, Network MTU=1472, IP Stack MTU=1448, TCP Initial RTT=3,
TCP ACK Delay=0, WLP Transmit Delay=100, LCP Echo Interval=20,
TCP Opt TTL=10001, TCP Window=0, TCP Burst Rate=5,
TCP Max Retransmits=3>
<session key
12
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
74a1fde3ea504d8ef11b606a01ce2a2a3f29b435b4b7e560b4dae6cd4e95a39a66244b59394ab0a5>
< Key auth=844113a40b257464925803e206febfd85f48c5a2
key=993eb29d793bbdbb4fafe724fdc5bcb2a84291d32950b27b>
(EB0.70C)
Outbound LCP configuration ACK (Mobility Client to Connection Manager):
14:08:06 ALP LCP-Configure Ack id=0x01, Outbound
<magic 0x344d79b8> <pcomp> <acomp> <encrypt AES(256)/CBC>
<compress PKDCL> <auth TPKDP Plaintext/SHA> <VJ-red> <ip-addr 10.3.3.1>
<subnet mask 255.255.255.0> <routes : Dest
Address: 9.9.9.9 Mask: 255.255.255.255 Dest Address: 10.3.3.0
Mask: 255.255.255.0 >
<version 732 IBM Corporation/LINUX (02dc0206f) <WLP Session ID 0x7687>
<Transport Profile Compression=FALSE, Balance Fragments=TRUE,
Header Reduction=FALSE, Packet Joining=FALSE, IP Forwarding=TRUE,
TCP Opt=TRUE, Network MTU=1472, IP Stack MTU=1448, TCP Initial RTT=3,
TCP ACK Delay=0, WLP Transmit Delay=100, LCP Echo Interval=20,
TCP Opt TTL=10001, TCP Window=0, TCP Burst Rate=5, TCP Max Retransmits=3>
<session key
74a1fde3ea504d8ef11b606a01ce2a2a3f29b435b4b7e560b4dae6cd4e95a39a66244b59394
ab0a5>
<Authentication auth=16887f3f72b951ea56c30465cd6403bc0daa507e>
(EB0.70C)
LCP handshaking is complete. This message shows the Connection Manager and
Mobility Client virtual (MNI) addresses, respectively:
DATAMGR Now logged onto gateway 10.3.3.1 with local ip=10.3.3.2,
subnet=255.255.255.0 (EB0.70C)
The secured and encrypted tunnel between the client and server is completely
initialized after you see this message:
DATAMGR Gratuitous ARP Received (EB0.F4C)
Routes are then added to the routing table based on the MNI definition:
DATAMGR Adding route: Destination = 9.9.9.9 Mask = 255.255.255.255 (EB0.F4C)
DATAMGR Adding route: Destination = 10.3.3.0 Mask = 255.255.255.0 (EB0.F4C)
From the wg.log file on the Connection Manager, as on the client, you can identify
the LCP packets by the first two bytes of the hex dump:
UdpPort: received data from <client real IP address> port <client MNC port> (1472)
on port <server MNC port>
0000: c0 21 . . .
The LCP packet enters the queue for processing:
WLP: queueing LCP packet from device <client real IP address>:<client MNC port>
for processing
Creating the active session table entry for this Mobility Client:
First occurence of device <client real IP address>:<client MNC port> in the system creating an account for it
. . . database calls follow . . .
The DHCP subsystem assigns the client an IP address:
DHCP_System::assign: (entry)
DHCP_System::assign: (return), rc=0
Transport profile processing begins. See the Technote on Determining the transport
profile used in a session for details.
Chapter 1. Troubleshooting guide
13
WLP_Session::setTransportProfile: (entry)
The initial configuration request processed by the Connection Manager with ″id 1″
corresponds to ″id=0x01″ in the Mobility Client trace:
[<user Id> (client real IP address>:<client MNC port>)] PPP-FSM: rconfreq - received
CONFREQ with id1
The Connection Manager reviews each requested setting for the connection, either
ACKs or NACKs, and sends the response to the Mobility Client:
[<user ID>(<client real IP address>:<client MNC port>)] PPP-LCP: lcp_reqci received MRU
PPP-LCP: lcp_reqci - received MRU-value 1472
PPP-LCP: lcp_reqci - ACK
...
PPP-LCP: lcp_reqci - ACK
PPP-LCP: lcp_reqci - returning CONFACK.
...
WLP: delivering WLP data (256) to account
<user ID>(client real IP address>:<client MNC port>)
ip-lan0::deliver: (entry)
ip-lan0: delivering packet (256)
0000: c0 21 . . .
The Connection Manager sends its configuration request:
PPP-LCP: fsm_sconfreq - sending Configure-Request, id 1
The Connection Manager then receives the configuration acknowledgement
(CONFACK) from the Mobility Client:
PPP-LCP: fsm_rconfack - received id 1
And indicates that the connection is complete (Mobility Client virtual IP/MNI
address):
Trap: ’AG: connection established’ (10.3.3.2/ip-lan)
The active session database is then updated and database calls follow.
Mobility Client problems
Frequently asked questions not related to login problems with Mobility Clients are
included in this topic.
Browse these questions, then link to the answers below.
1. What does a red X over the Mobility Client icon mean?
2. What happens to my Mobility Client connection when I have no signal and I
am connected/logged in to the Connection Manager?
3. What happens to my Mobility Client connection when I go out-of-range of my
network?
4. I can log on using the Mobility Client, but my applications do not seem to
work. What’s wrong?
5. Why can’t I connect to the Connection Manager?
6. Why can’t I connect to the network? (This could mean the physical network
or it could mean you cannot log in to the Connection Manager.)
7. What does the message ″The IBM Connection Manager has terminated your
connection″ mean?
8. What does ″The IBM Connection Manager has terminated your connection
because another user has logged in with the same userid″ mean?
14
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
9. Why did I get a popup message indicating the configuration of the client does
not match that of the Connection Manager?
10. I see a message that says the host is unreachable or unknown. What do I do?
11. Mobility Client packets are being dropped. What do I do?
Answers to the problems with the Mobility Client include:
1. What does a red X over the Mobility Client icon mean?
This symbol
is the Network out-of-range indicator or the Network
congestion indicator. This icon is shown on top of the Mobility Client icon in
the Microsoft Windows system tray. If you are using the client and have
moved into an area where the network cannot be reached or is congested, it
causes a delay in network traffic. When the situation clears, the red icon will
disappear.
2. What happens to my Mobility Client connection when I have no signal and I
am connected/logged in to the Connection Manager?
The Mobility Client connection can be thought of as having two parts. The
first part is the physical network connection you have from your device to
your company network. The second part is the connection between the
Mobility Client and the Connection Manager. If you lost your signal to the
physical network, the virtual connection between the Mobility Client and the
Connection Manager is maintained. If your device comes back into an area of
network coverage again, then you can simply resume your activity.
The way in which the Mobility Client is able to resume this activity is based
in part on the type of connection you have to your network. One situation
where you would not be able to resume normal activity would be if you
remained out-of-range for a long enough period of time where the Connection
Manager logs you off due to inactivity. This amount of time is configurable on
the Connection Manager and can also be turned off.
3. What happens to my Mobility Client connection when I go out-of-range of my
network?
It depends on how your current connection to the Connection Manager is
configured and what interfaces are defined, but when you roam out-of-range
of your network, the Mobility Client receives an out-of-range event indication
(device and operating system dependent) which causes the client to suspend
that interface for data transfer. If you are configured to have another network
interface and it is in range, the Mobility Client would roam to that interface,
make it active and use it. The Mobility Client waits for your network device
to signal that it is back in range and the client resumes the connection. The
Mobility Client lets the user arrange multiple network interfaces in a priority
list that determines which networks are used first when they are in range. For
a more complete discussion of cross-network roaming, see Using the Mobility
Client in the Mobility Client for Windows User’s Guide. There is also a Technical
Note (Technote) that discusses roaming at Mobility Client roaming features.
4. I can log on using the Mobility Client, but my applications do not seem to
work. What is wrong?
a. If you are using a desktop Windows device, open a command prompt and
issue the ipconfig command. Make sure that the adapter has an IP address
assigned.
The output can be interpreted as follows:
Chapter 1. Troubleshooting guide
15
Connection-specific DNS Suffix
This will likely be your company domain.
IP Address
The IP address supplied by the Connection Manager.
It is important that this address be valid and have come from the
DHCP address pool defined in the Connection Manager. If this
address does not come from the DHCP pool or is not a valid
address, then this is the reason for the problem.
Subnet Mask
This is the subnet mask which should come from your Connection
Manager’s DHCP pool configuration.
Default Gateway
This is the IP address of the router where the IP traffic is sent first.
For the Mobility Client this field might be valid if it is blank.
b. Issue a ping command against the mobile network interface (MNI) address
of the Connection Manager. The MNI address is available from the
Connection Manager administrator. If you are able to ping the MNI, then
you have shown that a good connection exists between the device and the
Connection Manager.
c. Another visual indication to see whether IP packets are flowing is to use
the Mobility Client status information. On Windows desktop systems,
right-click the Mobility Client icon in the system tray and click Status, then
click the Statistics tab. The status window shows the number of packets
sent and received, as well as the number of bytes sent and received and
the time of the current client connection. If the packets-sent count is not
increasing when you attempt to use an application, then the traffic is not
leaving the Mobility Client. Check the Mobility Client configuration for
errors.
d. If the packets-sent count is increasing but the received count is not
increasing, then the packets might be reaching the Connection Manager
but not returning. Perform Connection Manager debug procedures.
5. Why can’t I connect to the Connection Manager?
a. How many green bars are displayed on the Connect window during the
login attempt? Use this window to determine where the problem might be.
If it is possible, determine the signal strength of the modem. If the modem
signal strength is low, then this could be a reason why you are unable to
login.
v A blue bar means that the Mobility Client has not successfully contacted
that level yet
v 1 green bar = Connected to modem/network card
v 2 green bars = Connected to the network
v 3 green bars = Connected to the Connection Manager
Some Microsoft Windows Updates rename the network adapter. When the
network adapter is renamed, Mobility Client cannot connect. In these
cases, delete the connection and recreate a new connection.
b. Is the IP address of the Connection Manager correct in the Mobility Client
connection properties?
To verify, from the Mobility Client Connections window, right-click the
connection you are using. Click Properties and click the Networks tab,
then click the Properties button.
16
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
On the Ports tab, check the port numbers to make sure they are correct.
8889 is the default value for UDP ports. Check with the Connection
Manager administrator to make sure this is accurate.
6. Why can’t I connect to the network? (This could mean the physical network
or it could mean you cannot log in to the Connection Manager.)
You need to determine if you are having connectivity problems with the
bearer network or if the connectivity problem is with the Connection Manager.
Look at the Mobility Client Connect window when attempting to log in. The
green bars assist you in making the determination if you are accessing the
network or not. If the Connect window has at least 2 green bars, then you are
reaching your network but are unable to log in to the Connection Manager. If
this is the case, use procedures for troubleshooting login problems to the
Connection Manager.
7. What does the message ″The Connection Manager has terminated your
connection″ mean?
This message can be displayed for several reasons:
v The Connection Manager has terminated your connection. Another Mobility
Client has logged on with the same user ID.
v The Connection Manager has terminated your session because it has been
idle for too long.
v Your connection has been terminated by the Connection Manager
administrator. The administrator has logged you off the Connection
Manager.
8. What does ″The Connection Manager has terminated your connection because
another user has logged in with the same user ID″ mean?
The Connection Manager allows this situation to occur. If you are already
logged in and you want to log in using another device or from a different
location but did not log off the first device, the Connection Manager lets you
log in using the second device.
If another user also used the same user ID and password that you used to log
in, that person would be allowed to access the network and your original
connection would be severed and the message displayed.
9. Why did I get a message indicating the configuration of the client does not
match that of the Connection Manager?
The messages reads: The Connection Manager has terminated your
connection. Please check your client options like compression for a possible
mismatch with the Connection Manager options.
The connection profile on the Connection Manager sets options like minimum
allowable encryption levels and compression.
This error is a general indication that any of these conditions are mismatched
between the Connection Manager connection profile and the Mobility Client
connection properties:
v Insufficient encryption strength set on the Mobility Client
v Compression is not selected on Mobility Client, but is set to mandatory on
the Connection Manager
v Different encryption key distribution settings
Check the Mobility Client properties and the properties of the connection
profile used for the MNC through which the Mobility Client connects to make
sure the options match.
10. I see a message that says the host is unreachable or unknown. What do I do?
Chapter 1. Troubleshooting guide
17
On Windows XP, Windows 2000 and Windows Vista, there are DNS or host
name resolution issues when you cannot make an IP connection to a remote
host using the host name.
Set the primary DNS on your system, then make sure advanced TCP/IP
settings are accurate.
a. Click Start –> Settings –> Control Panel, then double-click System.
b. On the System Properties panel, click Network Identification, then click
Properties.
c. On the Identification Changes panel, click More. Enter the Primary DNS
suffix.
d. Make sure the Change primary DNS suffix when domain membership
changes box is cleared.
e. Click OK. If prompted to, restart your system.
f. Open the Network Connections folder (on Windows 2000, click Start –>
Settings –> Network Dial and Dial-up Connections), then right-click the
LAN connection you are using and click Properties.
g. Click Internet Protocol (TCP/IP), click Properties, then click Advanced.
h. Click the DNS tab. Select Append primary and connection specific DNS
suffixes.
i. Select Append parent suffixes of the primary DNS suffix.
j. Enter the DNS suffix in the DNS suffix for this connection field.
k. Click OK. If these steps do not resolve the problem, check how to Tweak
DNS Errors Caching in Windows 2000 / XP on the speed guide.net web
site.
11. Mobility Client packets are being dropped. What do I do?
Use the account log file (wg.acct) to look for “resyncs” in the file to show
where a packet was dropped. This file is located in /var/adm/ on AIX, Linux,
or Solaris. On Windows, this file is located in the installation directory under
logs\. Although the account file is useful for troubleshooting, it is not a valid
source of information for contesting billing. For example, it is not a reliable
proof that you had only 250 packets transferred despite your bill for 450
packets.
|
|
|
Connection Manager problems
Frequently asked questions about problems with the Connection Manager are
included in this topic.
Browse these questions, then link to the answers below.
1. How do I make sure the corequisite software is installed and running
properly?
2. What are the file names of the log files and where are they located?
3. How do I reset the log files?
4. Can I set the maximum size of the log files?
5. What should I check when Connection Manager logging stops?
6. How do I set the trace for an individual Mobility Client?
7. How can I validate that traffic is routable between the Connection Manager
and the Mobility Client?
8. How can I validate that IP traffic is routable between the enterprise
application server and the Mobility Client?
18
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
|
|
9. What should I check when the Connection Manager fails to establish a virtual
circuit (X.25)?
10. What should I check when the initial configuration of the access manager fails
or is cancelled?
11. What should I check when the Connection Manager does not start?
12. What should I do when the Connection Manager startup seems to be slow?
13. On AIX systems, what do I do when all or some groups of mobile devices fail
to connect to the Connection Manager?
14. I cannot establish a connection from the Mobility Client. What should I check?
15. The wg_acct command stops running after an extended period of time. What
do I do?
16. On Windows systems after disabling the Connection Manager network
connection, the Connection Manager does not operate. What do I do?
Answers to the problems with the Connection Manager include:
1. How do I make sure the corequisite software is installed and running
properly?
a. Issue the netstat command: netstat -an |grep <port #>
If you want to issue the command for a TCP-based server, then the port
must be in LISTEN state. If the server is UDP-based then, the port will be
BOUND.
By default, the directory service server (DSS or LDAP) listens on port 389.
DB2®, if it is on a different machine than Connection Manager, listens on
port 50000.
|
|
|
|
|
Note: On Windows systems, issue the netstat -an command and then
review its output to determine the state of the TCP- and UDP-based
ports.
b. Issue the telnet command: Telnet <remote host> <remote port>
This will make a TCP-based connection to the remote application. If all is
well, you will see nothing in the display. You might see a message that the
″connection is established.″
The Telnet application might or might not be allowed into a Connection
Manager. Check with the administrator of the Connection Manager
machine to see if telnet is allowed by your Connection Manager machine.
c. Check the process list on the remote host for running applications (DB2,
slapd for LDAP):
1) For the Connection Manager: ps -ef |grep wgated and/or ps -ef |grep
wgattachd
2) For the DSS (LDAP): ps -ef |grep slapd
3) For the DB2 database: ps -ef |grep db2
Note: On Windows systems, press Ctrl+Alt+Delete and then select Task
Manager to review the Processes tab.
d. Use a software-based network analyzer like Ethereal (www.ethereal.com)
to observe the packet flows between Connection Manager and its
environment.
2. What are the file names of the log files and where are they located?
Connection Manager log file locations and file names are configurable using
the Gatekeeper.
Chapter 1. Troubleshooting guide
19
The default file names are:
v wg.log - Message log
v wg.trace - Individual users’ trace log
v wgmgrd.log - Access manager trace log
v wg.acct - Accounting and billing log (when the Connection Manager is not
configured to use relational database for storing accounting records)
These files are located in /var/adm/ on AIX, Linux, or Solaris. On Windows,
these files are located in the installation directory under logs\.
3. How do I reset the log files?
The message, trace, or accounting log files can be reset using the Gatekeeper.
On the Resources tab, right-click the Connection Manager resource, then click
Reset Log Files. Choose to reset All files or just specific files.
Resetting log files will date/time stamp the current file in the format of
wg.<logfilename>.$yy.mm.dd.hh.mm.ss.
Message, accounting, and trace log files can also be reset from the command
line using the command:
|
|
chwg
chwg
chwg
chwg
-r
-r
-r
-r
log to reset the message log file
acct to reset the accounting and billing log file
trace to reset the trace log file
all to reset all of the files
If you will be collecting a new log for IBM Support, perform a reset prior to
recreating any problem.
4. Can I set the maximum size of the log files?
You can only set the maximum size of the message log file (wg.log). Click the
Logging tab on a Connection Manager, then enter the maximum size of the
message log file in MB. When the maximum file size is reached, the file is
renamed in the form wg.log.bak.$date.
The logging subsystem checks for available space and automatically reduces
the logging level as the file system nears capacity. An SNMP trap is fired
(120284 WARNING for the accounting log) as the log level is automatically
reduced.
Store log and trace files in their own file system. These files are located in
/var/adm/ on AIX, Linux, or Solaris. On Windows, these files are located in
the installation directory under logs\. Use the operating system
documentation to help you carry this task out.
5. What should I check when Connection Manager logging stops?
Check the size of the log files. Some operating systems have limitations on file
sizes. If logging stops, reset the log files.
6. How do I set the trace for an individual Mobility Client?
In some cases it is necessary to have a trace log for a specific Mobility Client.
Use Gatekeeper to activate the trace. Edit the User properties, click the
Account tab, then click the Start trace box.
To read the resulting wg.trace file, use the wg_trc command. This command is
fully documented in the IBM Lotus Mobile Connect Command Reference..
7. How can I validate that traffic is routable between the Connection Manager
and the Mobility Client?
If the Mobility Client times out while trying to log on to the Connection
Manager, validate that User Datagram Protocol (UDP) traffic is routable
between the two:
|
|
|
20
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
a. Disconnect the Mobility Client from the Connection Manager and stop the
Connection Manager.
b. Ping the Connection Manager after establishing a physical network
connection. Since many firewalls, including desktop firewalls, filter ping
and UDP, use wcecho to verify that the UDP path between the Mobility
Client and Connection Manager is not obstructed by a firewall rule:
1) Start the UNIX® echo server for UDP, set it to your MNC’s port
number (8889 by default) and verify that the echod daemon is running
by issuing the command: netstat -an | grep 8889
|
|
|
Note: For Windows systems, you must first download the Utilities for
Subsystem for UNIX-based Applications package before you can
install the echo server.
2) Establish the physical network connection on the client machine.
3) Execute wcecho.exe, found in your Mobility Client install directory,
and target the echod daemon running on the Connection Manager
machine: wcecho -c 2 -i 1000 -p For example,
C:\PROGRA~1\IBM\MOBILI~1>wcecho -c 2 -i 1000 -p 8889 hcaix123
WCECHO hcaix123: (9.42.96.140) 64 data bytes via UDP port 8889
64 bytes from 9.42.96.140: seq=1 time=0 ms
64 bytes from 9.42.96.140: seq=2 time=0 ms
-----hcaix123 WCECHO statistics----2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0/0/0 ms
Once the wcecho test is successful, then stop the echod server and
restart the Connection Manager and verify the MNC is running
On the Connection manager machine issue netstat -an |grep |more
[hcaix123]:root:/>netstat -an |grep 8889 |more
udp4
0
0 *.8889
*.*
[hcaix123]:root:/>
8. How can I validate that IP traffic is routable between an enterprise application
server and the Mobility Client?
If an application times out while trying to execute its transaction, validate that
IP traffic is routable between the enterprise application server and the
Mobility Client.
a. First determine if name resolution is required and, if so, is it working:
1) Ping the destination host by IP address.
2) Ping the destination host by host name and see if an IP address is
returned.
If the ping by IP address works but ping by host name does not, then
add your enterprise domain name system (DNS) to the mobile network
interface (MNI) properties on the Connection Manager and reconnect
the Mobility Client.
b. Does the Mobility Client’s IP stack have a route table entry to direct the
traffic into the Connection Manager system?
On Windows systems, use the commands route print or netstat -nr and,
on Windows CE, use the program artroute.exe which is found in the
Mobility Client’s install directory. The route table needs entries to cover
DNS and the destination application server.
c. Does the destination server have a return route into the MNI on the
Connection Manager? For example, if your destination application server
has an IP address of 10.120.15.20 and the Connection Manager’s MNI
address is 192.168.10.1, can you issue a ping from the destination server to
Chapter 1. Troubleshooting guide
21
the MNI address and get a positive response back? If not, then the
network routers need to be updated to be able to route IP traffic to the
MNI address.
If you are not using network address translation (NAT), then the enterprise
routing infrastructure must be aware of your mobile network definition.
Add routes where appropriate. The syntax varies depending upon
platform but is generally: route add netmask gateway
d. If you are using Connection Manager network address translator (NAT) on
your MNIs, did you publish the NAT address using the operating system’s
arp command? For example,
root@gw79:/#>arp -a
wxp1e99.raleigh.ibm.com (9.42.96.99) at 0:6:29:6c:9d:e2 [ethernet]
permanent published stored in bucket 6
A common mistake is not using the correct media access control (MAC)
address. The MAC address must be that of the network interface card
(NIC) connected to the destination network. Check firewall filters to ensure
that the firewalls are not filtering out the application packets.
9. What should I check when the Connection Manager fails to establish a virtual
circuit (X.25)?
v Make sure the IP address and subnet mask are correct for the MNI.
v Ensure good connectivity to the wired LAN side: If the mobile access
service must resolve host names for mobile devices and Mobility Clients, it
relies on a domain name server (DNS). Applications can timeout while
waiting for the DNS query results. The mobile device or Mobility Client
might reach the premature conclusion that the connection cannot be made.
In fact, it is taking too long to look up the host name to determine who the
user wanted to contact. To avoid this problem, establish a host table on the
Mobility Client; to avoid confusion with host names, use IP addresses.
v Check to see if the network provider is experiencing problems.
10. What should I check when the initial configuration of the access manager fails
or is cancelled?
Check all directory service parameters. On the Connection Manager system,
review the wgated.conf file. On AIX or Solaris systems, this file is in
/opt/IBM/ConnectionManager. On Windows systems, this file is in \Program
Files\IBM\Connection Manager. On Linux systems, the file is in
/opt/ibm/ConnectionManager/wgated.conf. Delete this file then restart the
Gatekeeper to configure the access manager again.
11. What should I check when the Connection Manager does not start?
Check all directory service parameters. The Connection Manager’s parameters
default to those of the access manager. The currently logged in administrator’s
ID and password might be different from those for the access manager.
|
|
12. What should I do when the Connection Manager startup seems to be slow?
Activate all message log levels, then monitor messages in the wg.log file to
determine if you have an X.25 problem. Your calls could be timing out or it
could be a domain name system (DNS) problem (taking too long to resolve
the host name, or experiencing a lookup failure).
13. On AIX systems, what do I do when all or some groups of mobile devices fail
to connect to the Connection Manager?
Start by checking underlying devices: X.25, TCP, TTY, or ISDN:
v Use x25status, lsdev, and x25mon to verify X.25 connections
v Use netstat -a to verify TCP connections
22
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
v For X.25-based RDNs, verify incoming traffic at the X.25 level, using
x25status and x25mon
v Monitor modem activity if you are using TTY- and ISDN-based RDNs
|
|
|
|
|
|
|
|
Activate the message log and review wg.log for non-zero numeric return
codes. These files are located in /var/adm/ on AIX, Linux, or Solaris. On
Windows, these files are located in the installation directory under logs\.
14. I cannot establish a connection from the Mobility Client. What should I
check?
Mobility Client operation depends on the network provider. Check:
v Is there a validation problem? Are the user and/or mobile device defined to
the Gatekeeper? Is the password correct?
v Does the Mobility Client’s IP address match one on an MNI subnet? If
using DHCP, is there an address available?
v Use the tail command to display the account log file and ensure that data is
arriving from the Mobility Client.
v Ensure that the mobile access services has established communications with
the network provider.
v Check the status display on the Mobility Client to see if it is receiving any
packets. If so, there should be a message indicating a problem. If not, there
might be a configuration error.
v If the mobile device uses a connection that displays signal strength and
battery strength, check these values.
15. The wg_acct command stops running after an extended period of time. What
do I do?
When the Connection Manager is configured to use a database for accounting
and billing data, and the wg_acct command is used with the -f flag to display
the accounting data, the wg_acct command can stop running. This problem
does not affect the integrity of the accounting and billing data nor does it
affect the running of Connection Manager or access manager processes. No
action is required after the problem occurs and the wg_acct command can be
restarted. This problem has been observed only on AIX 5.1.
16. On Windows systems after disabling the Connection Manager network
connection, the Connection Manager does not operate. What do I do?
Enable the network connection, then restart the Connection Manager. To
enable the network connection, click Start → Settings → Network Connections.
Right-click the Connection manager, then click Enable. Then, restart the
Connection Manager.
Persistent data storage problems
Frequently asked questions about problems with persistent data storage are
included in this topic.
Browse these questions, then link to the answers below.
1. When does Connection Manager communicate with the relational database?
2. How do I troubleshoot DB2 problems?
3. What do I do with error messages or read and write traps that indicate there is
not enough space to create the DB2 database or that the database directory is
not found?
4. What do I do when error message code -4400 is seen in wgmgrd.log file?
Chapter 1. Troubleshooting guide
23
5. What do I do when this error message is seen in wg.log [IBM][CLI Driver]
SQL30081N A communic ation error has been detected. Communication
protocol being used: "TCP/IP". Communication API being used: "SOCKETS".
Location where the error was detected: " 127.0.0.1". Communication
function detecting the error: "connect". Protocol sp ecific error
code(s): "79", "*", "*". SQLSTATE=08001
6. What do I do with the DB2 error message ″The transaction log for database is
full″?
7. ActiveSession database errors exist in wg.log, even though the ActiveSession
database is running and accessible to other applications. What do I do?
8. When does Connection Manager communicate with the directory service
(LDAP)?
9. How do I troubleshoot DSS (LDAP) problems?
Answers to the problems with the persistent data storage include:
1. When does Connection Manager communicate with the relational database?
Connection Manager communicates with the relational database when:
v The wgated process initializes.
v A user’s session changes state.
v Connection Manager configuration changes are made.
v User records are changed or added.
v The wgated process terminates.
2. How do I troubleshoot DB2 problems?
a. To determine the level of DB2, use the command:
v AIX: su - ldapdb2 -c ″db2level″
v Red Hat Linux: rpm -qa |grep db2
v Windows: start the DB2 Command Line Processor to see the version
information for DB2.
b. If the DB2 server is a remote installation, ping the DB2 server from
Connection Manager machine.
c. Review <DB2 server>/etc/services to confirm server instance ports. For
example, db2cwgdb or db2iwgdb.
d. See the Technote on DB2 connection problems on Connection Manager
systems.
e. On the DB2 server machine, issue the command su - <server instance ID>
and invoke the DB2 shell: stop/start db2. Then, list the database directory
and list the node directory.
3. What do I do with error messages or read and write traps that indicate there is
not enough space to create the DB2 database or that the database directory is
not found?
Check that the home directory has at least 50 MB available space. The home
directory is the base directory plus the instance ID. For example, if you are
using the instance ID of wgdb and the base directory is /home, the home
directory is /home/wgdb.
4. What do I do when error message code -4400 is seen in wgmgrd.log file?
The DB2 configuration script requires that the root user have the necessary
group memberships to match the groups of the DB2 instance ID. Make sure
that the root ID is a member of the instance ID’s primary group.
5. What do I do when this error message is seen in wg.log [IBM][CLI Driver]
SQL30081N A communic ation error has been detected. Communication
24
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
protocol being used: "TCP/IP". Communication API being used: "SOCKETS".
Location where the error was detected: " 127.0.0.1". Communication
function detecting the error: "connect". Protocol sp ecific error
code(s): "79", "*", "*". SQLSTATE=08001?
Stop the Connection Manager and wait for the DB2 instance to start completely.
To verify that the DB2 instance has automatically started after a reboot, use the
command netstat -na to display that the instance connection port is listening.
Then, start the Connection Manager.
6. What do I do with the DB2 error message ″The transaction log for database is
full″?
Check that the file system has enough available space. If sufficient space is
available, increase the log file size. Use the command db2 update db cfg for
database database_name using logfilsiz log_file_size, where database_name
is the name of the database and log_file_size is the size of the log file that is
larger than what you currently have defined.
7. ActiveSession database errors exist in wg.log, even though the ActiveSession
database is running and accessible to other applications. What do I do?
In Gatekeeper, stop the Connection Manager, then open the Connection
Manager properties. Click the Session database tab and do the following:
a. Add an extra character to both the Database administrative ID and
Password of database administrative ID fields.
b. Click Apply.
c. Verify that the values for wpsstoredbadminid and wpsstoredbadminpw are
now present in wgated.conf. (Note: the value for wpsstoredbadminpw is
encrypted.)
d. Go back to Gatekeeper and remove the extra character that you added to
both fields in step 1.
e. Click Apply.
f. Take note of the value for Database Name in the Session database
properties.
g. Edit wgated.conf and add a line (replacing db_name_from_sess_db_prop
with the value from step 6): wpsstoredbname =
db_name_from_sess_db_prop
h. Verify that all three values are there. Save and close wgated.conf.
i. Start Connection Manager.
8. When does Connection Manager communicate with the directory service server
(DSS) using the lightweight directory access protocol (LDAP)?
Connection Manager communicates with the directory service when:
v The wgated process initializes.
v A user’s session changes state.
v Connection Manager configuration changes are made.
v User records are changed or added.
v The wgated process terminates.
9. How do I troubleshoot LDAP problems?
a. Ping the directory service server from Connection Manager
b. Point an HTTP browser to <ldap host>/ldap and try to login with the DSS
user ID and password used in the access manager configuration.
c. Review the <LDAP server>/etc/slapd32.conf file to confirm the values for
server port, ibm-sladpPort and ibm-slapdErrorLog.
Chapter 1. Troubleshooting guide
25
d. Review the ibm-slapdErrorLog file. By default, it is located in
/tmp/slapd.errors. Connect using an LDAP administrative browser like
DMT (Directory Management Tool) or Softerra.
e. To verify that LDAP is running correctly, use a native LDAP command,
such as ldapsearch. Enter ldapsearch -? to return the command syntax. A
sample command would look like: ldapsearch -h <ldap server> -D <admin
dn> -w <admin pwd> -b <suffix> ’(objectclass=*)’
Application problems
Frequently asked questions about problems with applications are included in this
topic.
Browse these questions, then link to the answers below.
1. Applications do not respond and there is packet loss. What do I do?
2. Application connections, such as Lotus Sametime®, seem to disconnect
unexpectedly. What do I do?
Answers to the problems with applications include:
1. Applications do not respond and there is packet loss. What do I do?
You might need to tune your network for performance. Make sure that settings
between the Connection Manager and the Mobility Client match and are
optimized for your network. For example, match MNC settings such as
network MTU and TCP retransmit time-to-live and connection profile settings
such as compression algorithm, protocol header reduction, TCP protocol
optimization, and fragmentation. See Tuning Connection Manager for more
detail.
2. Application connections, such as Lotus Sametime, seem to disconnect
unexpectedly. What do I do?
Try using the Keepalive Interval with an initial value of 10 seconds for a 1xRTT
or GPRS network. For other connections, such as WLAN or broadband, try
setting the value to 15 seconds.
This value will vary up or down depending on the network address translation
(NAT) and firewall characteristics of your ISP or network service provider. The
setting for your network requires trial and error to determine the correct value.
Inbound voice call handling on some devices can be affected by active data
connections such as that used by the Mobility Client. Connections which are
defined to use the network interface ″Automatically Connect″ will usually
allow inbound voice calls to occur provided data is not being sent at the time
the call is received. Be aware that the Keepalive setting, which causes the client
to send Keepalive packets at configured intervals, can prevent the phone from
receiving inbound voice calls. The probability that the Keepalive packets will
interfere with inbound voice calls increases as the configured Keepalive interval
decreases.
Gatekeeper problems
Frequently asked questions about problems with Gatekeeper are included in this
topic.
Browse these questions, then link to the answers below.
1. When logged in as default Connection Manager administrator (gkadmin), there
is no top-level OU in the Resources tab. What do I do?
26
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
|
|
|
2. When logged in to the Gatekeeper, nothing displays in the left pane on the
Resources tab. What do I do?
3. An administrator using an ACL profile cannot view certain resources or
property fields are empty. What do I do?
4. Attributes of the Connection Manager or its subordinate resources are
displayed incorrectly when Connection Managers are defined for different
operating systems. What do I do?
5. Someone has modified the properties of the default administrator, gkadmin,
and I can no longer gain access to the Connection Manager through the
Gatekeeper. What do I do?
Answers to the problems with Gatekeeper include:
1. When logged in as default Connection Manager administrator (gkadmin), there
is no top-level OU in the Resources tab. What do I do?
2.
3.
4.
|
|
|
|
|
|
5.
Check:
v That the directory service server is running.
v The base distinguished name (base dn) on the Properties window of the
access manager resource. It must match the suffix you specified when you
configured your directory service server.
When logged in to the Gatekeeper, nothing displays in the left pane on the
Resources tab. What do I do?
Check:
v The Refresh button. It is not active until the resources are completely shown
in the left pane.
v To see if the administrator ID does not have access to any resources. Click
File –> Access Control Lists to display the access lists for the currently
logged in administrator ID. Add access control lists to the ACL profile for
resources that you want this administrator ID to control.
An administrator using an ACL profile cannot view certain resources or
property fields are empty. What do I do?
Make sure you have an access control list profile that provides an ACL to all
the resources you need. For example, make sure the ACL profile has an ACL
for Password policies, if you want to be able to set one for a user.
Attributes of the Connection Manager or its subordinate resources are not
displayed correctly when Connection Managers are defined for different
operating systems. What do I do?
If Connection Manager objects which run on different operating systems are
defined in the same datastore, they are all displayed in the left pane. If you log
in to any of the access managers in the left pane, you can see and access all the
Connection Managers there. Connection Manager objects and their subordinate
resources might display incorrectly if such objects are defined for different
operating systems in the same datastore. If you attempt to edit Connection
Managers or their subordinate resources other than those for the one you are
logged into, some of their attributes might not display correctly if they run on a
different operating system from the access manager you are logged into. For
this reason, you should not modify the properties of cross-platform resources.
Someone has modified the properties of the default administrator, gkadmin,
and I cannot access the Connection Manager through the Gatekeeper. What do
I do?
Use the command line interface to modify properties of the administrator
account to reestablish login rights. For example, to display all properties of the
gkadmin account, from a command prompt on the Windows Server enter:
Chapter 1. Troubleshooting guide
27
lswg -l cn=gkadmin -X
If the command shows that the account has been locked, as
<locked>1</locked>, unlock the account by entering:
chwg -l cn=gkadmin -a locked=0
|
|
|
|
Determining the status of resources
To check the actual status of the network interface, use the IP netstat and
ifconfig commands.
The netstat command provides the names of all network interfaces together with
addressing and statistical information. The ifconfig command shows the current
parameters of a specified network interface.
1. The netstat command provides the names of all network interfaces together
with addressing and statistical information. To list all network interfaces, from
the Connection Manager command line, enter:
netstat -i
An example on an AIX system is shown in Figure 1.
An example on a Linux or Solaris system is shown in Figure 2.
Name
lo0
lo0
mn0
mn0
mn1*
mn1*
mn2*
mn2*
mn3*
mn3*
Mtu
1536
1536
4096
4096
4096
4096
4096
4096
4096
4096
Network
<Link>
127
<Link>
8.54.56
<Link>
193.99.234.
<Link>
193.99.234.
<Link>
193.99.234.
Address
Ipkts
Ierrs Opkts
Oerrs Coll
23339
0
23339
0
0
loopback
23339
0
23339
0
0
7146
0
8497
0
0
8.54.56.2
7146
0
8497
0
0
20
0
21
0
0
193.99.234.65
20
0
21
0
0
8
0
8
0
0
193.99.234.129
8
0
8
0
0
4
0
4
0
0
193.99.234.193
4
0
4
0
0
Figure 1. Sample output of netstat command showing status of the network interface - AIX
In Figure 1, network interface mn1 uses IP address 193.99.234.65 and a
maximum packet size of 4096. On this interface 20 IP packets have been
received and 21 sent, with no I/O errors. The asterisk character (*) following
the network name indicates that the network is inactive. In its current inactive
state, the mn1 interface cannot send and receive packets.
Figure 2. Sample output of netstat command showing status of the network interface - Linux or Solaris
2. To show the current parameters of a specified network interface, from the
Connection Manager command line on UNIX-based systems, enter:
ifconfig mn0
On Windows systems, enter:
ipconfig mn0
28
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
An example on an AIX system is shown in Figure 3.
An example on a Linux or Solaris system is shown in Figure 4.
mn0: flags=60<NOTRAILERS,RUNNING>
inet 193.99.234.65 netmask 0xffffffc0
Figure 3. Sample output of ifconfig command - AIX
In Figure 3, network interface mn1 is using network mask 0xffffffc0. The “0x”
prefix indicates hexadecimal format; the equivalent dotted-decimal notation is
255.255.255.192.
Figure 4. Sample output of ifconfig command - Linux or Solaris
Verifying Connection Manager processes
Learn the names of the processes that Connection Manager starts and how to list
them for your operating system.
When you start the Connection Manager on AIX, Linux, or Solaris systems, there is
one instance of the wgated process and one instance of the wgattachd process that
are initiated. The wgated process performs the functions of the Connection
Manager, such as monitoring the status of network devices, transmitting data, and
updating log files. The wgattachd process monitors the wgated process and restarts
it if it fails.
When you start the Connection Manager on Windows systems, the wgattachd
daemon is installed as a Windows service. Click Control Panel -> Administrative
Tools -> Services to verify this.
To list the running Connection Manager processes, issue this command on
UNIX-based systems:
ps -e | grep wga
To list the running Connection Manager processes on Windows systems, press
Ctrl+Alt+Delete, select Task Manager, and view the Processes tab.
You should see one instance of the wgated process and one of the wgattachd
process on AIX, Linux, Windows, and Solaris systems. If you do not see these
instances, shut down then restart the Connection Manager.
Verifying the portmap daemon is enabled for automatic start-up on AIX
systems
Verifying the portmap daemon is enabled for automatic start-up on AIX systems.
Chapter 1. Troubleshooting guide
29
To verify that the portmap daemon will start automatically when the system unit is
started:
1. Log on as root and edit the /etc/rc.tcpip file.
2. Locate the portmap entry, which will contain start /usr/sbin/portmap.
3. Make sure that the “#” does not start the beginning of the portmap entry. (The
# in column 1 indicates that the line is only a comment and is not to be
executed.)
4. Save and close the file.
You can also start portmap from the command line. Note that if the system unit is
restarted, you must add the portmap entry to /etc/rc.tcpip for portmap to start
automatically.
To start portmap from a command line:
# startsrc -s portmap
Port number information
This topic lists the port numbers required for use by the Connection Manager and
instructions about changing them.
The Connection Manager and access manager are installed on the same system and
require a port for communication with the Gatekeeper.
9555
Communication between Gatekeeper and access manager
9559
Communication between Gatekeeper and access manager using SSL
To change these port numbers, first update the /etc/services file, then:
AIX
Refresh the inetd daemon by entering refresh -s inetd.
Linux (using xinetd daemon)
Refresh the inetd daemon by typing kill -SIGUSR2 `ps -e | grep xinetd
| awk ’{print $1}’`.
Linux (using inetd daemon) or Solaris
Refresh the inetd daemon by typing kill -HUP `ps -e | grep inetd | awk
’{print $1}’`.
Windows
Not available.
There are other default ports on which the Connection Manager listens. To change
these port numbers, use the Gatekeeper to edit the Connection Manager, mobile
access services, or messaging services properties.
These ports include:
Table 1. Ports on which the Connection Manager listens
30
Port number
and protocol
Component using
80 - TCP
v HTTP access services Internet side of
Connection Manager
v Mobility clients using
from HTTP clients and
client-less model)
Mobility clients.
v Mobile access
Intranet side to HTTP
services
proxy
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
Direction
Comment
Depends on location of
HTTP proxy, web, or
application server
Table 1. Ports on which the Connection Manager listens (continued)
Port number
and protocol
Component using
Direction
Comment
443 - TCP
v HTTP access services Internet side of
Connection Manager
v Mobility clients
from HTTP clients and
(client-less model)
Mobility clients.
v Mobile access
Intranet side to HTTP
services
proxy
Depends on location of
HTTP proxy, web, or
application server
1645 or 1812 UDP
RADIUS authentication Bidirectional – Intranet
messages
side of Connection
Manager
Used in conjunction
with the device resolver
or with third-party
RADIUS authentication
servers
1646 or 1813 UDP
RADIUS accounting
messages
Bidirectional – Internet
side of Connection
Manager
Used in conjunction
with the device resolver
or with third-party
RADIUS authentication
servers
9557 - TCP
Connection Manager
No firewall implication
Used between the
Connection Manager
and the wg_monitor
utility
14356 - TCP
Connection Manager
Depends on location of
subordinate nodes – If
the nodes are inside the
DMZ, there is no
firewall implication,
otherwise it is the
Intranet side of
Connection Manager
Subordinate node in a
cluster listens to receive
incoming requests from
a principal node –
inactive by default
8888 - UDP
Mobile access services
Bidirectional
Used between Mobility
Client and Connection
Manager to change
client password
8889 - TCP
and UDP
Mobile access services
Bidirectional – Internet IP-based receive
and Intranet side of
Connection Manager,
unless specifically set to
bind to an IP address
on one side or the other
9551 - TCP
RPC configuration port
Bidirectional
The Connection
Manager listens for
dynamic configuration
requests and is secured
using RPC-based
authentication, as if the
portmapd was used.
9553 - TCP
RPC broadcast port
Bidirectional
The Connection
Manager listens for
dynamic broadcast
requests and is secured
using RPC-based
authentication, as if the
portmapd was used.
Chapter 1. Troubleshooting guide
31
Table 1. Ports on which the Connection Manager listens (continued)
Port number
and protocol
Component using
Direction
Comment
9610 - TCP
Mobile access services
Bidirectional
Listener for third-party
RADIUS authentication
requests from Mobility
Clients
13131 - TCP
Messaging services
Bidirectional – Intranet
side of Connection
Manager
Send/receive port for
messaging services API
traffic
13132 - TCP
Messaging services
Bidirectional – Intranet
side of Connection
Manager
Secure send/receive
port for messaging
services API traffic
Supported locales
This topic describes which national language locales are supported and which
locales are used by default.
On Windows systems, only UTF-8 locales are supported. The national language
support is installed automatically with the single run-time package. Command line
utilities are currently restricted to English only.
When you use the Gatekeeper to log into the Connection Manager, information is
exchanged on the language to be used for the session. The Gatekeeper requests a
language depending on the locale it is using and the Connection Manager
responds with the locale that will be used, either the locale requested or English.
The Connection Manager uses a default locale for each language. To use a
language other than English, the operating system that the Connection Manager is
running on must support the default locale that the Connection Manager uses for
the language and the message catalogue must be installed for that locale. The
English UTF-8 locale is required for all languages and the localized UTF-8 locale is
required for each non-English language that will be used if you want to use
national language characters in user IDs or passwords.
The default locale for each language includes:
Table 2. Supported locales
Language
Character encoding for
AIX
Character encoding for
Linux
Character encoding for
Solaris
UTF-8 EN_US
ISO-8859-1en_US
UTF-8 en_US.utf8
ISO-8859-1en_US
UTF-8 en_US.UTF-8
ISO-8859-1en_US
UTF-8 FR_FR
ISO-8859-15 fr_FR
UTF-8 fr_FR.utf8
ISO-8859-15 fr_FR
UTF-8 fr_FR.UTF-8
ISO-8859-15 fr
Brazilian
Portuguese UTF-8 PT_BR
ISO-8859-1 pt_BR
UTF-8 pt_BR.utf8
ISO-8859-1 pt_BR
UTF-8 pt_BR.UTF-8
ISO-8859-1 pt_BR
UTF-8 es_ES.utf8
ISO-8859-15 es_ES
UTF-8 es_ES.UTF-8
ISO-8859-15 es
English
French
Spanish
UTF-8 ES_ES
ISO-8859-15 es_ES
32
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
Table 2. Supported locales (continued)
Language
Character encoding for
AIX
Japanese
Character encoding for
Linux
Character encoding for
Solaris
UTF-8 ja_JP.utf8
UTF-8 JA_JP
EUC ja_JP
UTF-8 ja_JP.UTF-8
EUC ja
Korean
Simplified
Chinese
Traditional
Chinese
UTF-8 KO_KR
EUC ko_KR
UTF-8 ko_KR.utf8
EUC ko
UTF-8 ko.UTF-8
EUC ko_KR
UTF-8 ZH_CN
GB2312 Zh_CN
UTF-8 Zh_CN.utf8
GB2312 zh
UTF-8 zh.UTF-8
GB2312 zh_CN.gb2312
UTF-8 ZH_TW
BIG5 Zh_TW
UTF-8 Zh_TW.utf8
BIG5 zh_TW.BIG5
UTF-8 zh.UTF-8
BIG5 zh_TW.big5
UTF-8 DE_DE
ISO-8859-15 de_DE
UTF-8 de_DE.utf8
ISO-8859-15 de_DE
UTF-8 de_DE.UTF-8
ISO-8859-15 de
UTF-8 IT_IT
ISO-8859-15 it_IT
UTF-8 it_IT.utf8
ISO-8859-15 it_IT
UTF-8 it_IT.UTF-8
ISO-8859-15 it
German
Italian
For AIX, the message catalogues are installed as separate packages. You must
install support for a locale before you can install the message catalogue for that
locale. It is best to install using smitty under ″Install and Update from ALL
Available Software″ and select the message catalogues you want to install.
For Linux and Solaris, NLS support for all languages is installed automatically
with the single run-time package.
Other locales are supported if you are running commands in a console. These
locales include:
Table 3. Additional locales for command line usage
Language / character
encoding
Support for AIX
Support for Linux
Support for Solaris
English ASCII
—
C
C
English IBM-850
En_US
—
—
French IBM-850
Fr_FR
—
—
Spanish IBM-850
Es_ES
—
—
Japanese SJIS
Ja_JP
ja_JP.ujis
ja_JP.PCK
Korean IBM-949
Ko_KR
—
—
Traditional Chinese
EUC
zh_TW
—
—
Simplified Chinese
EUC
zh_CN
—
—
Italian IBM-850
It_IT
—
—
Japanese EUC
ja_JP.euc
Chapter 1. Troubleshooting guide
33
Using access manager logs
The access manager and the secure access manager have files that log messages
about the communication between the Connection Manager and the access
manager and also between the Gatekeeper and access manager. Note that the
access manager passwords are in-the-clear in the message log file when the
operation being performed involves a password change.
The access manager message log file is wgmgrd.log. To view this files, log in as
root to the access manager system. These files are located in /var/adm/ on AIX,
Linux, or Solaris. On Windows, these files are located in the installation directory
under logs\. To change the default location:
1. Double-click the Access Manager in the left pane on the Resources tab.
2. Click the Logging tab.
3. Edit the Log file field for the location of the access manager log or the SSL log
file for the location of the secure access manager.
You can reset the log files to rename the old files and begin new ones. The
renamed files have the day’s date appended to the log file name. In the case of
more than one reset on a given day, a timestamp is appended to the filename. To
reset the log files:
1. Right-click the Access Manager in the left pane on the Resources tab.
2. Click Reset log files.
3. Choose whether to reset all files or individual files.
On the Connection Manager for Windows only, if another Gatekeeper session is
attached during the reset process, that session will continue logging to the backup
copy of the log file, rather than reset wgmgrd.log file. Also, the backup copy
cannot be deleted from the file system until all other Gatekeeper sessions have
ended.
Using Connection Manager logs
The Connection Manager stores troubleshooting information in message, account,
and trace logs.
Connection Manager logs are stored in files or, in the case of accounting and
billing information, a relational database or a file. All Connection Manager logs
stored in files are viewed using the Gatekeeper. Each log is viewable separately. An
administrator can only view logs if the administrator ID has an additional access
enabled by an ACL profile with at least Read-only access to the Connection
Manager.
The log files and their default file names are:
Message
Stores messages for a single Connection Manager. The default file is
wg.log. This file is located in /var/adm/ on AIX, Linux, or Solaris. On
Windows this file is located in C:\Program Files\IBM\Connection
Manager\Connection Manager\logs\.
|
|
|
|
Account
Stores account records, such as for an MNI or SMS clients. The account log
shows what activity is occurring on the Connection Manager by showing
the number of packets transferred outbound from the Connection Manager
34
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
and inbound from the mobile device. When configured to use a file, the
default file is wg.acct. This file is located in /var/adm/ on AIX, Linux, or
Solaris. On Windows this file is located in C:\Program
Files\IBM\Connection Manager\Connection Manager\logs\.
|
|
|
See “Account log” on page 37 for more information.
Trace
|
|
|
All packet data transmitted to and received from a Mobility Client can be
stored in the mobile access services trace file. The default file name is
wg.trace. This file is located in /var/adm/ on AIX, Linux, or Solaris. On
Windows this file is located in C:\Program Files\IBM\Connection
Manager\Connection Manager\logs\.
Note that the trace log contains a trace of all packet data for Mobility Clients that
have the trace turned on. The message log can be filtered to contain specific levels
of logging information or specific devices or user IDs.
You should maintain your message, account, and trace logs regularly. Your
business needs dictate whether you keep historical records as well as how often
you start new records. For database records, this means archiving and purging
records. To purge accounting and billing records, use the -p parameter with the
wg_acct command. See “Account log” on page 37 for more information. After
purging records, you can reclaim disk space.
For log files, you should reset (rename the old files and begin new ones) them
regularly using Gatekeeper:
1. Double-click the Connection Manager in the Resources tab.
2. Right-click the Connection Manager in the right pane and select Reset files.
3. Choose whether to reset all files or individual files.
Alternatively, you can use the Connection Manager command line to reset all log
files. Enter chwg -r acct | trace | log | all
If message, account, or trace information is not stored in a file, as expected, there
might not be sufficient storage available in the file system.
To check the file system on AIX, enter:
df
to produce this output:
Filesystem
/dev/hd4
/dev/hd9var
/dev/hd2
/dev/hd3
/dev/hd1
Total KB
8192
16384
253952
8192
4096
free %used
1980
75%
5868
64%
30252
88%
6016
26%
1012
75%
iused %iused Mounted on
749
36% /
105
2% /var
13338
21% /usr
53
2% /tmp
71
6% /home
Figure 5. Sample output of df command listing file system usage - AIX
Check the /var file system. If it is full, make space available to allow the
Connection Manager to write to the log file.
If necessary, compress or back up the old files before deleting them. If active
processes have opened the files, terminate the processes to release the files. For
example, if you are using the tail command to display the log file, terminate the
tail process before you work with the file.
Chapter 1. Troubleshooting guide
35
Message log
When problems occur, check the message log file for error messages first.
Messages generated by the Connection Manager are stored in the message log file.
The log file contains plain ASCII text.
You can control the level of detail that is logged by specifying the types of
messages using Gatekeeper:
Debug
Data used for problem analysis
Error
Messages about unexpected events on which you need to take action
Log
General information messages
Status Dump of status information, such as packet rates, byte rates, and system
load
TCP-Lite
Messages about data using the TCP-Lite transport
Trace-IP
Hexadecimal dump of only IP-related data packets
Trace-data
Hexadecimal dump of data packets
Warning
Messages about events on which you might or might not need to take
action
To specify message types for logging:
1. In the left pane, right-click the Connection Manager for which you want to
specify message logging and click Properties.
2. Click the Logging tab to view the current settings for messages.
3. Use the check boxes or the All or None buttons to change the message types
that are logged.
4. Click OK.
You can set the maximum size of the message log file. Click the Logging tab on a
Connection Manager, then enter the maximum size of the message log file in MB.
When the maximum file size is reached, the file is renamed in the form wg.log.bak.
You can specify the allowable number of backup files that are saved. Also on the
Logging tab, enter the number of backup files allowed, up to a maximum of 10
files. If you specify zero (0), no files are backed up. When the maximum file size is
reached, the file is truncated to 0 bytes, then logging continues at the beginning of
the message log file.
To troubleshoot a problem with a specific account, restrict message logging to
display only an individual user ID or device: Also on the Logging tab, click
Restrict what is logged and choose between Log only one user or Log only one
device, then specify the user or device.
Note:
1. Initial log statements, such as data logged before a login session is
complete, will not get logged.
36
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
2. Very low level port data, such as X.25 line data or dial-TCP frames are
not logged because neither the device, typed key, or account values are
known.
3. If a device roams to a different IP address, then the new session is not
logged because the device key (IP address) no longer matches.
4. If a device is connected through an MNI that uses network address
translation (NAT) or an external DHCP server with NAT, then the NAT
address is the one that must be specified and not the device’s IP address.
Account log
Check the account log file for records concerning individual accounts.
To set whether accounting records are recorded using Gatekeeper, click the
Accounting and billing tab on a MNI or messaging services properties notebook.
Select the Packet check box.
For an MNI, you can control the level of account records logged by selecting all
log levels or none, or one or more log levels.
If you want to store accounting records in a file or database, you must:
1. In Gatekeeper, right-click the Connection Manager and select Properties. On
the Accounting and billing tab, make sure that the Write Accounting and
billing records check box is selected. Then select the appropriate radio button
to save accounting records to either the local file system or to a database.
2. In Gatekeeper, right-click the MNI and select Properties. Use the Accounting
and billing tab to select the desired level of account logging from the following
list. If you select None, then account logging is disabled.
Login Events that occur when Mobility Clients establish a connection to
mobile access services.
Logout
Events that occur when Mobility Clients disconnect from mobile access
services.
Connect
Events that occur when a Mobility Client negotiates a dial-up
connection with a modem on the mobile access services. On a initial
dial-up session with the mobile access services, the Mobility Client’s
physical connection is established, then login is established.
Disconnect
Events that occur when a dial-up connection is disconnected from a
modem on the mobile access services.
Packet Data that records and accounts for each packet. By default, this log
level is turned off.
Session
Data that records the duration of a session from login to logout.
Hold
Data that records when Mobility Clients are in short-hold mode and
physical connections are dropped, but login connections are
maintained.
You can stop account logging on an individual MNI or for an entire Connection
Manager. To stop account logging for an MNI, click the Accounting and billing
tab on an MNI, then click None. To stop account logging for a Connection
Chapter 1. Troubleshooting guide
37
Manager, click the Accounting and billing tab on a Connection Manager, then
click Write accounting and billing records to the following.
After you clear the Write accounting and billing records to the following check
box, you can still modify the relational database configuration or modify the path
of the file.
Using the wg_acct command
Display the account records using the wg_acct command.
In addition to using the Gatekeeper to view logs, you can use the command
wg_acct to access and display the account records in a number of different formats
and filtered according to criteria based on the flags passed to the command line.
Note that most commands require the command wg_acct -T pkt to see the
Mobility Client traffic.
When filtering packets, make sure that Packet is selected in the Accounting mode
field of the Accounting and billing tab of the mobile network interface (MNI).
Purpose
Access and display the account records in a number of different formats and
filtered according to criteria based on the flags passed.
When filtering packets, make sure that Packet is selected in the Accounting mode
field of the Accounting and billing tab of the mobile network interface (MNI) in
Gatekeeper.
Note that this utility displays columns headers only in English. When using the
wg_acct utility and a locale other than English on AIX and Solaris platforms,
switch to a UTF-8 locale on the command line. If you do not use a UTF-8 locale,
then the output does not display correctly when using the command line to
display the account records. The wg_acct utility does not support non-English user
IDs on Linux distributions.
Syntax
wg_acct
-c MNCType
-C
-d
-e End
-f
-F OutFileName
FileName
-h
-I
-l Count
-m MobileClient
-M MobileMask
-n
-o OtherDevice
-O OtherMask
-p Days
38
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
-P Platform
-s Start
-S
-t
-T
failedlogin|login|logout|connect|disc|session|hold|natmaps|roam|pkt|smspkt
-u Userid
Description
Use the wg_acct command to access and display the account records in a number
of different formats and filtered according to criteria based on the flags passed.
When you run wg_acct, it generates column headers on the first line, followed a
line-by-line detailed output of every packet in the record. The column headers are:
Direction
From the database perspective, X’00’ indicates packets are inbound from
the mobile device (mobile origination) and X’01’ indicates packets are
outbound to the mobile device (Connection Manager origination). From the
command line perspective, a left arrow indicates that packets are inbound
and a right arrow indicates that packets are outbound.
#Pkts
The total number of packets for the particular direction
IP
The size of unaltered, original IP packet
Red
Packet size after IP header reduction, if any.
Comp Packet size after compression, if any.
Cryp
Packet size after encryption, if any.
Fram
Packet size after any necessary protocol framing
Sent
Size of transmitted packet after appropriate reduction, compression,
encryption, or framing
Note that most commands require the flag wg_acct -T pkt to see the Mobility
Client traffic.
Enter wg_acct -? to list the usage statement.
Flags
-c MNCType
Filters packets for packets on a given MNC. Valid values for MNCType
include MNC type identifiers, such as ip-lan, sms, ardis-tcp or
dataradio-msc. For example: wg_acct -c sms
-C
Generates a compressed format by reducing the number of columns, such
as the timestamp and user ID columns.
-d
Generates a summary based on the IP addresses of all connected Mobility
Clients or mobile devices.
-e End End time for packet filter as specified by timestamps, the format of which
is yymmdd[.hhmmss].
-f
Does not stop at end-of-file or end of database records, but continues
running and displaying new entries as they occur (similar to tail -f).
Chapter 1. Troubleshooting guide
39
-F OutFileName
Direct output to OutFileName. An output file created with the -F flag
cannot be used as input for the FileName flag.
FileName
Read input from FileName, other than default. This parameter is only
available when storing accounting and billing records in a file and is
ignored when using a relational database. This file is located in
/var/adm/ on AIX, Linux, or Solaris. On Windows this file is located in
C:\Program Files\IBM\Connection Manager\logs.
|
|
|
-h
Does not generate the column header line or the packet total summary
lines. When you run wg_acct, it generates column headers on the first line
and packet total summary lines at the end of the output. Use this flag to
suppress the column headers and packet total summary lines.
-I
Displays connection information obtained at login for the WLP version,
Mobility Client version, platform type, and platform description. The string
N/A is inserted when the client does not provide the information. This flag
must be used in conjunction with flag -T login.
-l Count
Skips the first Count-1 records and begins processing input at packet record
number Count, where Count is an integer.
-m MobileClient
Filters packets for a given IP address, where MobileClient equals a
dotted-decimal IP address (Note: This is the VPN address assigned by the
Connection Manager for the session) or host name (Note: This assumes
that the hostname can be resolved into an IP address via DNS or local
hosts file).
-M MobileMask
Filters packets from all addresses that are within a subnet (MobileMask).
This flag is only used with -m flag and lets you apply a subnet mask to
the IP address as specified in the -m flag.
-n
Reverse the current packet filter to display only packets that would have
been ignored. This flag works in conjunction with other flags excluding the
-T flag. Using the -n flag by itself or only with the -T flag has an undefined
result.
-o OtherDevice
Filters packets for the IP address on the other end of the packet, where
OtherDevice equals a dotted-decimal IP address or host name. For example,
if you want to see all packets going to or coming from 38.38.130.9, you
could specify -o 38.38.130.9.
-O OtherMask
Filters packets from all addresses that are within a subnet. This option is
only used with the -o flag and lets you apply a subnet mask (OtherMask) to
the IP address as specified in the -o flag.
-p Days
Purge database records that are older than the specified days parameter.
For example, specify wg_acct -p 90 to delete all records older than 90 days
or specify wg_acct -p 0 to delete all records in all tables. Combine the p
parameter with the T parameter to specify the packet type to delete. For
example, specify wg_acct -p 30 -T pkt to delete all records older than 30
days in the WLP data packet table or specify wg_acct -p 0 -T session to
delete all session records.
40
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
-P Platform
Filter packets to display only login records from a given platform type.
Combine the P parameter with the T parameter to specify the packet type
to display.
1 - Reserved
2 - Reserved
3 - MAC
4
5
6
7
8
9
-
Reserved
Reserved
Windows 32-bit
Windows CE
Reserved
Reserved
10 - Reserved
11 - Reserved
12 - Reserved
13 - Reserved
14 - Reserved
15 - Linux
-s Start
Start time for packet filter as specified by timestamps, the format of which
is yymmdd[.hhmmss].
-S
Does not check the version. The Connection Manager inserts a version
record into the log at start-up to indicate the format. If wg_acct checks this
format and does not understand it, the command does not execute. Use
this flag to skip the version check and execute the command.
-t
Generates only a summary. Instead of generating a line-by-line detailed
output of every packet in the file, this flag generates a summary of the
number of bytes transmitted/received, compression, header reduction,
encryption etc.
-T [failedlogin | login | logout | connect | disc | session | hold | natmaps |
pkt | smspkt | roam]
Filters packets based on type (default = pkt). If you use more than one -T
flag, only the last one is used.
-T failedlogin
Filters only packets resulting from a Mobility Client’s failed login
attempts. For each failed login attempt the following information is
displayed: Date/Time, User, IP Address, MNC, Device and Event
-T login
Filters only packets resulting when a Mobility Client establishes a
connection to mobile access services. For each login attempt the
following information is displayed: Date/Time, User, IP Address,
MNC, Device and Event
-T logout
Filters only packets resulting when a Mobility Client disconnects
from mobile access services. For each logout the following
information is displayed: Date/Time, User, IP Address, MNC,
Device, Event Duration, PktIn, PktOut, BytIn, BytOut, DscPkt,
RxmtPkt, DscByte and RxmtByt (Dsc = discard, Rxmt = retransmit)
Chapter 1. Troubleshooting guide
41
-T connect
Filters packets containing data resulting from the Mobility Client’s
connection to mobile access services. Displays records generated
when a dial-up or http MNC based session is moved out of a
short-hold state and resumed. The following information is
displayed: Date/Time, User, IP Address, MNC, Device and Event
-T disc
Filters only packets that result from the disconnection of a dial-up
connection from a modem on the mobile access services. Displays
records generated when a dialup or http MNC session is moved
into a short hold state. The following information is displayed:
Date/Time, User, IP Address, MNC, Device, Event Duration, PktIn,
PktOut, BytIn and BytOut
-T session
Filters packets that record the duration of a session from login to
logout. Displays records generated by all session related events
(login/logout/roam/keyrotation). The following information is
displayed: Date/Time, User, IP Address, MNC, Device, Event
Duration, PktIn, PktOut, BytIn, BytOut, DscPkt, RxmtPkt, DscByte
and RxmtByt (Dsc = discard, Rxmt = retransmit)
-T hold
Filters only packets generated when physical connections for
Mobility Clients in short-hold mode are dropped while their login
connections are maintained. Displays records generated by HOLD
state due to drop in line driver to mobile network. This is valid for
mobitex/datatac only.
-T natmaps
Displays records showing the physical and virtual endpoints of
application level traffic running across the Connection Manager’s
network address translator resources. Applies only in the case
where network address translator resources have been defined. The
following information is displayed: Mobile Address, Mobile Port,
NAT Address, NAT Port, DstAddress, DSTPort User and
Date/Time
-T pkt Filters only IP packet traffic. Each IP packet generates an
accounting record containing information about what was done to
the packet, sizes, etc. Displays records showing where the packet
was going, what effects encryption and compression had on the
size and what size was actually sent over the air. The following
information is displayed: Date/Time, MNC, Device, IP, Red, Comp,
Cryp, Fram, Sent, Other Device and Mobile Client
-T smspkt
Filters only SMS message packet traffic. Displays records similar to
pkt except it lists PPG related message accounting information. The
following information is displayed: Date/Time, Bearer, MType,
Data, Client and Destination
-T roam
Filters only packets generated by Mobility Client roaming events.
When the Mobility Client sends a request to the Connection
Manager to roam from one interface to another, the Connection
Manager determines if the request is valid, and if so, it generates a
roam record. Displays records generated when a session is roamed
42
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
to a new device. The following information is displayed:
Date/Time, User, IP Address, MNC, Device, Event, Duration,
PktIn, PktOut, BytIn and BytOut
-u UserID
Filters packets for the given user ID. By default, an exact distinguished
name comparison is performed, unless wildcard characters (’*’) are used. If
wildcards are used, be sure to enclose the user ID in double quotes (″″).
For example, -u ″*any*″ will filter on all user IDs containing the string
″any″.
Note: UserID is the users full distinguished name, for example:
wg_acct -u uid=sunny,o=ibm,c=us
Examples
1. To delete all records older than 90 days:
wg_acct -p 90
2. To delete all records in all tables:
wg_acct -p 0
3. To delete all records older than 30 days in the WLP data packet table:
wg_acct -p 30 -T pkt
4. To delete all session records.
wg_acct -p 0 -T session
5. To filter packets for a given type, such as logout packets:
wg_acct -T logout
6. To filter packets for a user ID:
wg_acct -u uid=sunny,o=ibm,c=us
where uid=sunny,o=ibm,c=us is the full distinguished name of the user
7. To filter packets for an IP address or host name:
wg_acct -m lachrymose
where lachrymose is the host name of the Mobility Client
8. To filter packets for a subnet:
wg_acct -M 255.255.255.0
where 255.255.255.0 is the subnet mask.
9. To filter packets for an MNC type:
wg_acct -c sms
where sms is the MNC type identifier
10. To filter packets beginning at a particular minute on a given date:
wg_acct -s 021218.131300
where the start time is 1:13 PM on December 18, 2002
Trace log
You can log individual users’ IP/PPP level of trace information.
By default, tracing is turned off. To start tracing, use the Gatekeeper to display the
properties of the user you want to trace, then click Start trace on the Account tab.
To stop tracing, clear the Start trace check box.
To view trace logs, you must be logged in as root.
Chapter 1. Troubleshooting guide
43
Important: Set tracing off during normal operation. Because all traffic is recorded
without encryption, tracing should not be turned on without the knowledge of the
person using the user ID which is being traced.
Testing for UDP packet loss
Use the wcecho utility to test for UDP packet loss between the Mobility Client and
the Connection Manager.
For Mobility Clients using the Linux or desktop Windows systems, the wcecho
utility is a user datagram protocol (UDP)-based ping program that lets you test for
UDP packet loss. The Connection Manager system must have the UDP echo service
enabled. The wcecho utility is only available in English.
Note: For Windows systems, you must download the Utilities for Subsystem for
UNIX-based Applications package before you can install the echo server.
Enable the UDP echo service on the Connection Manager, then run the wcecho
utility:
1. Stop the Connection Manager.
2. Change the echo service to allow traffic to flow on the same port as the
Mobility Client. Modify the /etc/services file and set the line: echo 7/udp to
echo 8889/udp.
Note: Use the port number you have configured for mobile access services. By
default, that port is 8889.
3. Modify the Internet daemon being used: xinet or inet.
AIX
Modify the file /etc/inetd.conf and remove the comment mark (#) on
the line that begins with #echo dgram udp. Then, refresh the daemon by
running: refresh -s inetd .
Linux Using xinetd, modify /etc/xinetd.d/echo-udp to enable it and send
SIGUSR1 or SIGUSR2 to the xinetd process. Using inetd, modify the file
/etc/inetd.conf and remove the comment mark (#) on the line that
begins with #echo dgram udp. Then, send SIGUSR1 to the inetd process.
Solaris
Modify the file /etc/inetd.conf and remove the comment mark (#) on
the line that begins with #echo dgram udp. Then, send SIGUSR1 to the
inetd process.
Windows
Make sure that you have the Windows operating system component
Simple TCP/IP Services running. To install Simple TCP/IP Services:
a. From Add/Remove Programs, click Add/Remove Windows
Components.
b. Click Networking Services, then click Details.
c. Select Simple TCP/IP Services, click OK, then click Next.
d. Select the operating system installation CD location, click Next, then
click Finish.
4. On the Mobility Client from the installation directory, run the wcecho
command using the syntax that you want.
44
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
Syntax for wcecho utility
wcecho host
-c count
-i wait
-p port
-s size
Flags for wcecho
-c count
Determines the number of packets to send
host
Determines the dotted-decimal IP address or host name of the Connection
Manager.
-i wait
Determines the amount of time in milliseconds to wait between sending
packets.
-p port Determines the port number on which to send the packets.
-s size Determines the size of the packet to send.
Troubleshooting tips
These are common hints that can help you troubleshoot problems with the
Connection Manager.
v In some cases, loss of network connectivity between the Connection Manager
and the DB2 server requires that the Connection Manager be stopped , then
restarted. For example, when the database management system (DBMS) does not
automatically reestablish a connection to the database when connectivity is
restored, restart the Connection Manager.
v If you need to reconfigure your directory service server (DSS) database using
LDAP, shut down the Connection Manager, reconfigure the directory service
database, then enter mkwg -Z. Log in using the Gatekeeper and reconfigure
your resources. The mkwg -Z command forces the Connection Manager to check
the DB2 configuration and LDAP schema and update them if required. It also
updates the list of installed components.
v Pings from a Mobility Client can be misleading: they can time-out and return a
negative response because, by the time the packets eventually return, the ping is
no longer listening. To make sure there is enough time to traverse the network,
enter ping -w <milliseconds>, where milliseconds is the number of milliseconds.
v A power-saving modem can cause the mobile access services to stop delivering
packets if the modem sleeps. If the network provider server tries to contact the
Mobility Client and the modem is at the beginning of a two-minute sleep
interval, the server waits until its timeout period elapses (typically less than two
minutes), then concludes that the Mobility Client could not be reached.
v Signal strength is not always a reliable predictor of coverage. On Windows
systems, the Mobility Client tool bar provides a relative strength indicator and
an in-or-out-of-range detector; however, these two readings do not always
correlate.
v When using DB2 Version 8.1, increasing numbers of defunct DB2 processes can
accumulate for both the Connection Manager DB2 instance and the LDAP DB2
instance. The Connection Manager is not responsible for these defunct processes
which are owned by the DB2 db2fmcd (Fault Manager) process. Restarting the
Chapter 1. Troubleshooting guide
45
Connection Manager does not clear up the defunct processes. Stopping and
restarting the DB2 Fault Manager can clear up the current defunct processes but
new ones will begin to accumulate after the DB2 Fault Manager restarts. This
problem has been addressed in DB2 8.1 Fixpak 4.
v To view the packet flow through the Connection Manager, use the wg_monitor
utility.
wg_monitor [-s <refresh rate>]
[-g <gateway>]
[-p <port>]
See the Administrator’s Guide for more information about using this command.
v See www.ibm.com/software/lotus/mobileconnect/support/ for the latest
information and Technotes for the Connection Manager.
Finding broadcast errors when using mobile access services
Broadcast errors are typically missed message transmissions or extra message
transmissions.
Causes for apparently missed messages can include:
v Mobility Client is out-of-range, or the modem or mobile device is turned off.
Broadcast data is sent only once and not automatically sent again after a failure
to acknowledge
v The mobile device is assigned to the address for another radio network
v The manually created “all users” group is not up-to-date (Dataradio only)
v Loss or corruption of configurable address on mobile device
v Message originator specified incorrect value for Category of Message. The
Category of Message determines whether the message is written to the user’s
screen or to one of the ports that a user application is monitoring.
v The message originator was not authorized
v Mismatch between the group addresses in the mobile access services and those
in the network provider’s list
Causes for extra messages are:
v Message originator specified multiple groups, and the network had a mobile
user who was a member of each group
v Message originator who specified both group AllRnc300 (which has Dataradio
additions) and a Dataradio group name
v A radio data network (RDN) had multiple connections to the same mobile access
services
Check the error log to see if a message could be sent to anyone. Broadcasts that
can transmit to at least one group are considered successful. Only failed attempts
at sending a message to any group are logged as errors (for example, incorrect
group name, nonexistent RDN, nonexistent Category of Message, unauthorized
message originator).
Determining the status of an X.25 link on AIX
You can query the status of the X.25 link used by the Connection Manager.
When troubleshooting a problem, you can query the status of the X.25 link used by
the Connection Manager, such as an X.25 adapter or an X.25 connection.
46
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
lsdev
Query the status of an X.25 adapter
x25mon Monitor X.25 data flow.
x25status
Determine the status of an X.25 link.
Monitoring X.25 data flow
Use the x25mon command to determine what information is flowing between an
X.25 adapter and the network line.
Use this command:
x25mon -f -n sx25a0
to generate this output:
x25mon: started at Sat May 23 10:27:15 1998
Command issued : x25mon -f -n sx25a0
10:27:16 sx25a0 FR 0 INFO 3 0 1
6
1008A04D4900000000EEEEFFFF000015C030
33746531B04B0 4065FB4500B527282FB19481E359840A9F64D894E5AD4F445CE00217214D
E88C1972889B8A 5C060A922C0F0 AAD1DBDCFC8C527E
10:27:16 sx25a0 FS 0 RR
3 0 7
10:27:16 sx25a0 FS 0 INFO 1 0 7
1
100821
10:27:16 sx25a0 FR 0 INFO 3 0 2
7
1007EA4D4900000000EEEEFFFF000015C030
33746531B02FC 806AE8D0843DCE0701A74FEB9CC6D4ACDD1517CCDE1A65095580EDC711D9
525EC31B8CBDBDC1162C4973D7E
10:27:16 sx25a0 FS 0 RR
3 0 0
10:27:16 sx25a0 FS 0 INFO 1 0 0
2
1007C1
10:27:16 sx25a0 FS 0 INFO 1 0 0
3
10082A485215010100EEEEFFFF0000003133
15C0303374653 110C9CF006BF41EA78883F6E9BF4B58A5FF71FF5FAF13832DC7C91DFEFD7
307243D3CC4227E
10:27:16 sx25a0 FR 0 INFO 3 0 4
0
1008C1
10:27:16 sx25a0 FS 0 RR
3 0 1
Figure 6. Sample output of x25mon command showing send and receive data flow
The output shows the data packets transmitted at the X.25 HDLC level. The
identifier FR (frame received) in the third column identifies a received data packet.
A hex dump of this packet starts in column 10. The identifier FS (frame sent) in
column 3 identifies a packet sent.
Sending network management traps
You can configure the Connection Manager to send traps to a Tivoli® NetView®
network management station.
You can configure the Connection Manager to send traps when different events
occur, such as the starting or stopping of the Connection Manager. These traps are
logged by your simple network management protocol (SNMP) management
station.
To enable the sending of traps to the Tivoli NetView management station, you
must give the host name of the network management station when you create the
Connection Manager. You must also prepare the Tivoli NetView program to receive
traps from the Connection Manager.
Trap variables
The Connection Manager supports version 1 SNMP traps.
Chapter 1. Troubleshooting guide
47
The Connection Manager object identifier (OID) is 1.3.6.1.4.1.2.6.102.*, where * is
the Code documented in Table 4 on page 49. The Connection Manager does not
support a management information base (MIB) query.
All of the traps generated by the Connection Manager consist of five parameters or
variables of type string.
Variable 1
Describes the event causing the trap.
Variable 2
A specific address of the referenced device. This address can be an IP
address, a combination of several addressing parameters, or can be blank if
addressing does not apply.
When this variable is an IP address, it relates directly to the ActvKey field
in the ActiveSessionAttribute table. Note that the IP address (ActvKey) is
the private (Connection Manager-assigned) IP address.
Variables 3 and 4
Trap-dependent additional information or blank.
When variable 3 is a device name, it relates directly to the DevKey field in
the ActiveSessionAttribute table. Note that the device name (DevKey) is
the public (carrier’s) IP address. When variable 4 is a network interface, it
relates directly to the MNC field in the ActiveSessionAttribute table.
Variable 5
Timestamp in plain ASCII, because the standard timestamp of the SNMP
packet is coded.
When this variable is a timestamp, it relates directly to the
LoginTimeStamp field in the ActiveSessionAttribute table.
Trap severity
A severity code is added below each trap. The severity code is not included in the
trap; it is added when the NetView trap daemon is configured. The following
describes each severity code:
CLEARED
Establishment of a normal status
INDETERMINATE
Informational messages
WARNING
Possible system errors
MINOR
Low-priority error; for example, failure in an end system
CRITICAL
Medium-priority error; for example, failure of a component between a
central system and an end system
MAJOR
High-priority error; for example, failure of a central key component
48
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
Trap descriptions
The tables in this section describe each trap.
Note:
1. The origin of the trap is denoted by the first two letters of the first
variable. Traps sent by the Connection Manager use AG.
2. The 120390 and 120391 traps are for completeness and not necessarily
used in the current implementations of trap-generating components.
Table 4. Formats and descriptions of Connection Manager traps
Code / Severity
Variables
120265 CLEARED
1.
″AG: startup″
2. Host name of gateway server
Description
Connection Manager software is
starting.
3. (blank)
4. (blank)
5. Timestamp
120266 MAJOR
1. ″AG: shutdown″
2. Host name of gateway server
Connection Manager software is
terminating.
3. (blank)
4. (blank)
5. Timestamp
120267 CLEARED
1. ″AG: connection open″
2. IP address/netspec. info
3. Device name
Transition CLOSED->OPEN The
mobile device now has the option to
establish a connection.
4. Network/interface[/fleet]
5. Timestamp
120268
1. ″AG: connection established″
INDETERMINATE
2. IP address/netspec. info
3. Device name
Transition OPEN/(SHORT)HOLD>CONNECTED The mobile device is
now logged on.
4. Network/interface[/fleet]
5. Timestamp
120269
1. ″AG: connection terminated″
INDETERMINATE
2. IP address/netspec. info
3. Device name
Transition CONNECTED/
(SHORT)HOLD->OPEN The mobile
device is now logged off.
4. Network/interface[/fleet]
5. Timestamp
120270 MINOR
1. ″AG: connection dropped″
2. IP address/netspec. info
Transition OPEN / CONNECTED /
(SHORT)HOLD-> CLOSED
3. Device name
4. Network/interface[/fleet]
5. Timestamp
120271 WARNING 1. ″AG: connection on hold″
Transition CONNECTED->HOLD
2. IP address/netspec. info
3. Device name
4. Network/interface[/fleet]
5. Timestamp
Chapter 1. Troubleshooting guide
49
Table 4. Formats and descriptions of Connection Manager traps (continued)
Code / Severity
Variables
120272 WARNING 1. ″AG: connection on short hold″
2. IP address/netspec. info
Description
Transition CONNECTED->
SHORT_HOLD.
3. Device name
4. Network/interface[/fleet]
5. Timestamp
120273
1. ″AG: connection deleted″
INDETERMINATE
2. IP address/netspec. info
A connection was removed from the
Connection Manager.
3. Device name
4. Network/interface[/fleet]
5. Timestamp
120274
1. ″AG: connection created″
INDETERMINATE
2. IP address/netspec. info
A new connection was added to the
Connection Manager.
3. Device name
4. Network/interface[/fleet]
5. Timestamp
120275 MINOR
1. ″AG: authentication failed″
2. IP address/netspec. info
An authentication error was made
during the logon procedure.
3. Device name
4. Network/interface[/fleet]
5. Timestamp
120276 MINOR
1. ″AG: protocol error″
2. IP address/netspec. info
An error occurred in the PPP
protocol.
3. Device name
4. Network/interface[/fleet]
5. Timestamp
120277 MINOR
1. ″AG: invalid data management″
2. IP address/netspec. info
3. Device name
A client login session has refused a
data management option set by the
Connection Manager.
4. Network/interface
5. Timestamp
120288 WARNING 1. ″AG: mnc failed to connect″
2. MNC name
3. Target carrier address
An MNC could not make a
connection to the network carrier or
message center.
4. (blank)
5. Timestamp
120289
1. ″AG: connection established″
INDETERMINATE
2. IP address/netspec. info
3. Device name
4. Network/interface[/fleet]
5. Timestamp
50
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
The mobile session has roamed to a
new device.
Table 4. Formats and descriptions of Connection Manager traps (continued)
Code / Severity
Variables
Description
120320 MAJOR
1. ″AG: connect failed″
The messaging servicesfailed to
connect to backend application server.
2. Host name of gateway server
3. (blank)
4. (blank)
5. Timestamp
120321 WARNING 1. ″AG: device authentication failure″
2. Host name of gateway server
3. (blank)
The messaging client device failed
authentication with the messaging
services.
4. (blank)
5. Timestamp
120322 CRITICAL
1. ″AG: Messaging services - deadlock detected,
restarting gateway″
2. ″Deadlock detected by messaging gateway. Saving
queued messages and restarting Connection
Manager.″
3. (blank)
When messaging services detect that
the Connection Manager has become
deadlocked, it saves queued messages
to the database, generates a core file
for debugging, restarts the
Connection Manager, and resumes
sending the queued messages.
4. (blank)
5. Timestamp
120390 MINOR
1. ″AG: error″
Other errors
2. Host name of gateway server
3. Errortext 1
4. Errortext 2
5. Timestamp
120391 WARNING 1. ″AG: warning″
Other warnings
2. Host name of gateway server
3. Warningtext 1
4. Warningtext 2
5. Timestamp
Chapter 1. Troubleshooting guide
51
52
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
Chapter 2. Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in
other countries. Consult your local IBM representative for information on the
products and services currently available in your area. Any reference to an IBM
product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product,
program, or service that does not infringe any IBM intellectual property right may
be used instead. However, it is the user’s responsibility to evaluate and verify the
operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not give you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504–1785
USA
For license inquiries regarding double-byte (DBCS) information, contact the IBM
Intellectual Property Department in your country or send inquiries, in writing, to:
IBM World Trade Asia Corporation
Licensing
2-31 Roppongi 3-chome, Minato-ku
Tokyo 106, Japan
The following paragraph does not apply to the United Kingdom or any other
country where such provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS
PUBLICATION ″AS IS″ WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or
implied warranties in certain transactions, therefore, this statement may not apply
to you.
This information could include technical inaccuracies or typographical errors.
Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this IBM
product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.
53
Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:
v IBM Corporation
v P.O. Box 12195
v 3039 Cornwallis Road
v Research Triangle Park, NC 27709-2195
v USA
Such information may be available, subject to appropriate terms and conditions,
including in some cases, payment of a fee.
The licensed program described in this document and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement or any equivalent agreement
between us.
Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating environments may
vary significantly. Some measurements may have been made on development-level
systems and there is no guarantee that these measurements will be the same on
generally available systems. Furthermore, some measurement may have been
estimated through extrapolation. Actual results may vary. Users of this document
should verify the applicable data for their specific environment.
All statements regarding IBM’s future direction or intent are subject to change or
withdrawal without notice, and represent goals and objectives only.
This information contains examples of data and reports used in daily business
operations. To illustrate them as completely as possible, the examples include the
names of individuals, companies, brands, and products. All of these names are
fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE: This information contains sample application programs in
source language, which illustrates programming techniques on various operating
platforms. You may copy, modify, and distribute these sample programs in any
form without payment to IBM, for the purposes of developing, using, marketing or
distributing application programs conforming to the application programming
interface for the operating platform for which the sample programs are written.
These examples have not been thoroughly tested under all conditions. IBM,
therefore, cannot guarantee or imply reliability, serviceability, or function of these
programs. You may copy, modify, and distribute these sample programs in any
form without payment to IBM for the purposes of developing, using, marketing, or
distributing application programs conforming to IBM’s application programming
interfaces.
If you are viewing this information softcopy, the photographs and color
illustrations may not appear.
The software included herein contains PPP Magic Number routines licensed by
Carnegie Mellon University.
54
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
The software included herein contains derivatives of the RSA Data Security, Inc.
MD5 Message-Digest Algorithm. This technology is licensed from RSA Data
Security, Inc.
SNMP++ Toolkit aided in the development of the Connection Manager’s Network
Management Support. SNMP++ Toolkit is copyright© 1999 Hewlett-Packard
Company.
Trademarks
The following terms are trademarks or registered trademarks of International
Business Machines Corporation in the United States, or other countries, or both:
AIX
DB2
developerWorks
IBM
Lotus
NetView
Passport Advantage
Sametime
Tivoli
Adobe, Acrobat, Portable Document Format (PDF), and PostScript are either
registered trademarks or trademarks of Adobe Systems Incorporated in the United
States, other countries, or both.
Linux is a registered trademark of Linus Torvalds in the United States, other
countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United
States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Other company, product, or service names might be trademarks or service marks
of others.
Chapter 2. Notices
55
56
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
Index
A
access manager
logging files 34
port used 30
account log file
using 37
using wg_acct command to display
records 38
alerts, network management 47
application troubleshooting checklist 26
B
before you call IBM Support
broadcast errors 46
M
directory service
troubleshooting checklist 23
displaying account records 38
downloads 6
message log file 36
MIB (management information base)
query 48
MNC
filter packets for 39
Mobility Client
determining service level of 7
filtering packets for 40
log in and password problems 7
login problems 10
troubleshooting checklist 14
monitoring X.25 data flow 47
E
enabling the portmap daemon
encoding, character 32
error
broadcast 46
message log file 34
recovery 1
30
1
C
change password port 30
character encoding 32
checklist
application 26
Connection Manager 18
data storage 23
Gatekeeper 26
Mobility Client 14
checklists 7
code
determining Connection Manager
determining Gatekeeper 7
determining Mobility Clients 7
determining version installed 6
commands
ifconfig 28
ipconfig 28
netstat 28
ps axw 29
startsrc 30
wg_acct 38
x25status 46
Connection Manager
determining service level of 6
logging 34
ports used 30
troubleshooting checklist 18
verifying processes 29
connection, status of X.25 link 46
N
files, using logs 34
filtering account records 38
finding broadcast errors 46
national language support 32
netstat 28
network management, sending traps 47
network providers, troubleshooting 1
notices 53
numbers, default port 30
G
Gatekeeper
determining service level of 7
troubleshooting checklist 26
generate accounting record summary
globalization 32
6
H
45
I
IBM Support Assistant
installing 3
ifconfig 28
IP-LAN send/receive port
ipconfig 28
30
K
keepalive
26
L
28
O
39
obtaining service updates 6
OID (object identifier) 48
P
hints and tips
D
data storage troubleshooting
checklist 23
DB2 troubleshooting 23
default port numbers 30
delete
accounting records 43
determining code version 6
determining the status of resources
F
legal notices 53
lightweight directory access protocol
(LDAP)
troubleshooting checklist 23
locales, supported 32
locating the problem 3
log in and password problems 7
logging files
types of 34
using access manager 34
using Connection Manager 34
packet
filtering account records 40
password
port, change 30
problems with 7
persistent data storage
troubleshooting 23
portmap daemon 30
ports numbers used 30
problem determination 1
processes, verifying Connection
Manager 29
purge accounting records 40, 41
R
records, displaying account 38
reset logs 35
resources, determining the status of 28
roaming trap 50
S
service level
Connection Manager 6
determining version of code
Gatekeeper 7
Mobility Clients 7
6
57
service updates 6
services file, updating for port number
changes 30
severity code 48
simple network management protocol
(SNMP) traps 47
supported locales 32
T
trace
log file, using 34
starting 43
trademarks 55
traps
description of 49
network management 47
severity 48
variables 48
troubleshooting 10
troubleshooting checklist
application 26
Connection Manager 18
data storage 23
Gatekeeper 26
Mobility Client 14
troubleshooting checklists 7
troubleshooting problems 1
troubleshooting tips 45
U
updates, service
6
V
verifying Connection Manager
processes 29
version
Connection Manager 6
determining code installed 6
Gatekeeper 7
Mobility Clients 7
W
wg_acct 38
wg_acct command 38
wgated process 29
wgattachd process 29
X
X.25 link
monitoring data flow 47
verifying installation 46
58
Lotus Mobile Connect: Lotus Mobile Connect Troubleshooting Guide
Printed in USA
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising