E
dit
A
ttach
P
rintable
r13 - 2022-08-01 - 17:50:13 -
MichaelRowe
You are here:
TWiki
>
Deployment Web
>
DeploymentTroubleshooting
>
IntegrationsTroubleshooting
>
IntegrationsTroubleshootingSmartCard
>
IntegrationsTroubleshootingSmartCardDebug
<div id="header-title" style="padding: 10px 15px; border-width:1px; border-style:solid; border-color:#FFD28C; background-image: url(<nop>https://jazz.net/wiki/pub/Deployment/WebPreferences/TLASE.jpg); background-size: cover; font-size:120%"> ---+!! How to Enable Debug Trace for Smart Card issues? <img src="" alt="" width="50" height="50" align="right"> %DKGRAY% Authors: Main.ZeeshanChoudhry <br> Build basis: IBM Rational Team Concert 3.x, 4.x, 5.x, 6.x, and IBM Engineering Workflow Management 7.x %ENDCOLOR%</div></sticky> <!-- Page contents top of page on right hand side in box --> <sticky><div style="float:right; border-width:1px; border-style:solid; border-color:#DFDFDF; background-color:#F6F6F6; margin:0 0 15px 15px; padding: 0 15px 0 15px;"> %TOC{title="Page contents"}% </div></sticky> <sticky><div style="margin:15px;"></sticky> This article explains what debug trace you need to enable for the client and server to troubleshoot the Smart Card log-in issues with IBM Engineering Workflow Management (EWM). You are required to enable trace for IBM EWM Eclipse client, IBM EWM server, and IBM WebSphere. After enabling the below trace, user can reproduce the issue and then collect all the logs so that support can analyze them and find the root cause of the problem. * Eclipse .log * ccm.log * jts.log * SystemOut.log Its is preferred you collect ISALITE data from the server machine so you collect all the logs from the Rational Team Concert server including configuration files and IBM WebSphere logs. ---++ *Please note, some debug options on this page are no longer supported. It is advisable to open a Support Case if you are having issues beyond what is described here.* ---++ Debug Trace for IBM Engineering Workflow Management Eclipse Client. Enable the Eclipse client debugging as follows: 1. Find *logging.properties* (located within the same directory as the eclipse.ini). If not present, create one. for 5.x Clients: <verbatim> .level = INFO handlers = java.util.logging.FileHandler, java.util.logging.ConsoleHandler java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter java.util.logging.ConsoleHandler.level = ALL com.ibm.team.repository.transport.auth.Tracer.level = ALL com.ibm.team.repository.transport.client.ClientHttpUtil.level = ALL httpclient.wire.header.level = FINEST httpclient.wire.content.level = FINEST httpclient.wire.level = FINEST httpclient.level = FINEST org.apache.commons.httpclient.level=FINEST </verbatim> for 6.x Clients: <verbatim> com.ibm.team.repository.transport.auth.Tracer.level=ALL com.ibm.team.repository.transport.client.RemoteTeamServer.level=ALL org.apache.http.level = FINEST </verbatim> for 7.x Clients: <verbatim> com.ibm.team.repository.transport.auth.Tracer.level=ALL com.ibm.team.repository.transport.client.RemoteTeamServer.level=ALL org.apache.http.level = FINEST </verbatim> 2. In *eclipse.ini* modify the end of the file to include the following debug settings: <verbatim> -Djavax.net.debug=all -Djava.util.logging.config.file=<exact path to>logging.properties </verbatim> * *NOTE*: Where the "exact path to" is replaced with C:\Program Files\IBM\TeamConcert\ or wherever the application is installed on your host that contains the logging.properties file. * *NOTE*: If the path to the logging.properties file has spaces, you can try to change "Program Files" to "Progra1" or use (for example) C:\IBM\logging.properties * *NOTE*: If the customer is using hardware keystores (crypto cards), please also add the following entry in addition to the debug settings above to the eclipse.ini: <verbatim> -Djava.security.debug=pkcs11impl </verbatim> 3. Restart Eclipse client so the Settings added can be taken into effect. In combination with above settings , You should also enable the [[https://jazz.net/wiki/bin/view/Deployment/IntegrationsTroubleshootingSmartCardDebug#Debug_Trace_for_IBM_Rational_AN2][debug tracing for the IBM Engineering Workflow Management Server]] and if needed [[https://jazz.net/wiki/bin/view/Deployment/IntegrationsTroubleshootingSmartCardDebug#Debug_Trace_for_IBM_WebSphere][debug tracing for IBM WebSphere]] ---++ Debug Trace for IBM Engineering Workflow Management Eclipse Client SSL Handshake. Enable the below tracing to get information about SSL Handshake between IBM Rational Team Concert (RTC) Eclipse client and RTC server. It will give you more information when you need to know which one of the smart card's certificates is being used for authentication. 1. Inside your \workspace\.metadata folder rename the existing .log file to get a clean file. If at all possible use a new Eclipse Workspace for this test. 2. Launch the EWM Eclipse client. 3. In Eclipse menu bar go to Windows > Preferences > Run/Debug > Console > Make sure that 'Limit console output' is unchecked. ( This is Important). 4. Close the "Preferences" window using "Apply" and then click OK. 5. In the Eclipse menu bar, go to Run -> Run Configurations 6. Select "Eclipse Application" form the list and then press the "New" button. 7. In the next window, click the "Arguments" tab and inside the "VM Arguments" box, append the following option: <verbatim> -Djavax.net.debug=true </verbatim> Make sure you have a white space between each of the options in "VM Arguments" box. 8. If that line has -Djavax.net.debug=all in there, remove this option. 9. Press "Apply" and then "Run" to start the new Eclipse instance to reproduce the problem. If you get an error about a port being in use, close all the windows and start over from step 1. 10. In the runtime Eclipse environment that you launched in step 9, Create a new RTC Repository connection. 11. Log in using that new RTC repository connection created in step 10, selecting your desired certificate from smart card and note the name of the certificate you selected. 12. When you see the login has failed you can close/exit the runtime Eclipse environment you launched in step 9. 13. In the first Eclipse window select all the text from the "Console view" using a right click on Console view -> Select All and Paste this into a new text file. The "Console view" output is captured from the first Eclipse instance which you used to launch the new runtime Eclipse environment. 14. Inside your \workspace\.metadata folder get the newly created .log file for investigation. You can correlate the above trace and .log information with all the other traces for a complete picture. ---++ Debug Trace for IBM Engineering Workflow Management Server. Enable the debug trace for the following for server: ( CCM and JTS application) Prior to versions 7.0.1 SR1 / 7.0.2 SR2: 1. In the *log4j.properties* file of the CCM application, add the following lines: log4j.properties file is location in <verbatim><Jazz Install Dir>\server\conf\ccm</verbatim> <verbatim> log4j.logger.com.ibm.team.repository.internal.service.auth.impl.IssueAuthToken=DEBUG log4j.logger.com.ibm.team.repository.internal.service.auth.impl.JAuthHandler=DEBUG </verbatim> 2. In the *log4j.properties* file of the JTS application, add the following lines: log4j.properties file is location in<verbatim><Jazz Install Dir>\server\conf\jts</verbatim> <verbatim> log4j.logger.com.ibm.team.repository.internal.service.auth.impl.IssueAuthToken=DEBUG log4j.logger.com.ibm.team.repository.internal.service.auth.impl.JAuthHandler=DEBUG </verbatim> For versions 7.0.1 SR1 / 7.0.2 SR2 and beyond: 1. In the *log4j2.xml* file of the CCM application, add the following lines: log4j2.xml file is location in <verbatim><Jazz Install Dir>\server\conf\ccm</verbatim> <verbatim> <loger name="com.ibm.team.repository.internal.service.auth.impl.IssueAuthToken" level="DEBUG"/> <loger name="com.ibm.team.repository.internal.service.auth.impl.JAuthHandler" level="DEBUG"/> </verbatim> 2. In the *log4j2.xml* file of the JTS application, add the following lines: log4j2.xml file is location in<verbatim><Jazz Install Dir>\server\conf\jts</verbatim> <verbatim> <loger name="com.ibm.team.repository.internal.service.auth.impl.IssueAuthToken" level="DEBUG"/> <loger name="com.ibm.team.repository.internal.service.auth.impl.JAuthHandler" level="DEBUG"/> </verbatim> 3. Reload the log4j properties using ?internal=true so the log4j properties are taken into account. <verbatim> https://<HOST>:<PORT>/ccm/admin?internal=true#action=com.ibm.team.repository.admin.reloadLoggingSettings https://<HOST>:<PORT>/jts/admin?internal=true#action=com.ibm.team.repository.admin.reloadLoggingSettings </verbatim> ---++ Debug Trace for IBM WebSphere <img src=https://jazz.net/wiki/pub/Deployment/WebPreferences/uc16.png> *CAUTION*: These traces that you enable should be removed as soon as you have reproduced the problem and collected the trace. This debug trace cause a lot of noise in the WebSphere logs. 1. In the WebSphere Application Server (WAS) Admin Console, navigate to <verbatim> "Servers" -> "Server Types" -> "WebSphere application servers" -> <server name> </verbatim> 2. Under "Server Infrastructure", expand <verbatim> "Java and Process Management" -> "Process definition" -> "Java Virtual Machine" </verbatim> 3. Add the following to the end of the Generic JVM Arguments box, save to the master config, and restart the server for it to take hold <verbatim> -Djavax.net.debug=ssl,handshake,data,trustmanager </verbatim> 4. This will add debug trace of the SSL handshake to <verbatim> <Websphere installation>/<AppServer>/profiles/<profile name>/logs/<server name>/SystemOut.log </verbatim> ---+++++!! Related topics: [[DeploymentWebHome][Deployment web home]], [[DeploymentWebHome][Deployment web home]] ---+++++!! External links: * [[https://www.ibm.com][IBM]] ---+++++!! Additional contributors: Main.TWikiUser, Main.TWikiUser <sticky></div></sticky>
E
dit
|
A
ttach
|
P
rintable
|
V
iew topic
|
Backlinks:
We
b
,
A
l
l Webs
|
H
istory
: r13
<
r12
<
r11
<
r10
<
r9
|
M
ore topic actions
Deployment
Deployment web
Planning and design
Installing and upgrading
Migrating and evolving
Integrating
Administering
Monitoring
Troubleshooting
Community information and contribution guidelines
Create new topic
Topic list
Search
Advanced search
Notify
RSS
Atom
Changes
Statistics
Web preferences
NOTE: Please use the Sandbox web for testing
Status icon key:
To do
Under construction
New
Updated
Constant change
None - stable page
Smaller versions of status icons for inline text:
Copyright © by IBM and non-IBM contributing authors. All material on this collaboration platform is the property of the contributing authors.
Contributions are governed by our
Terms of Use.
Please read the following
disclaimer
.
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more
here
.