IBM Lotus Mobile Connect server software
is largely autonomic in its handling and recovery of error conditions.
Occasionally, rare timing sequences can lead to unrecoverable system
errors, such as a dead locked process. Monitoring techniques
such as the end-to-end probe architecture can provide early detection,
otherwise, these types of problems are ultimately detected by client users
in the form of log in timeouts and manual intervention is required.
If this type of problem occurs, the wgated process should be terminated
with a signal 11 to force it to core and restart. On AIX, it is important
to allocate enough file system space in the root file system to contain
a complete core image, approximately 300 MB, and enable full core dumps
in operating system configuration.
Should a problem occur, such as a dead-lock
or core dump, it is essential to IBM support that the appropriate information
is gathered prior to recovery. To this end, there are a couple of
UNIX® shell scripts that can extract information from a core or running
process. They require that the dbx debugger is installed on the
AIX system. The debugger is part of the base installation package
but is not installed by default.
Use the following tips to help troubleshoot
- Primary authentication / Session
negotiation. Primary authentication, key exchange, and session parameter
negotiation are handled in the Wireless Link Protocol (WLP) subsystem of
the Connection Manager. This subsystem is multithreaded (
self-optimizing based on hardware ) and separate from the main VPN processing
threads. It runs its own threads due to the latency added
by referencing external entities, such as the configuration store, active
session table, and the cycles required to generate encryption keys.
All log messages related WLP processing have a prefix of WLP or LCP.
Session negotiation failures are typically logged as WARN level messages.
SNMP traps are generated on authentication failures or failures
involving communications with external applications.
- Secondary authentication. All
secondary authentication requests are processed by the authentication subsystem.
All log messages generated by this subsystem have the prefix AUTH.
If client users have problems during the GINA login phase,
the wg.log file will contain detailed information on why access is being
SNMP traps are generated for communications and authentication failures.
It is possible for Lotus Mobile Connect to lock an account prior
to it being locked in the remote directory server. This feature
is made by design and is controlled through use of password profiles.
- Troubleshooting and support guide.
Detailed information relating to problem determination can be found
in the Lotus Mobile Connect Information Center. The Troubleshooting
Guide is a self-help tool containing common errors, messages, and SNMP
- coreit. Designed be run using
a cron job, this shell script detects Lotus Mobile Connect core files,
extracts information, and archives data to help with problem determination.
It can also send e-mail alerts to a list of administrators. You
can obtain the script from IBM Level 2 Support.
- dumpthreads.sh. This shell script
is used to extract debug information from a running process or a core file.
The script dumps out stack information for all threads in
the wgated process. You can obtain the script from IBM Level 2 Support.