125 lines
8.7 KiB
HTML
125 lines
8.7 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Troubleshoot general EIM configuration and domain problems" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzalvtrblshoot.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2002, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2002, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzalvtrbleimwizard" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Troubleshoot general EIM configuration and domain problems</title>
|
|
</head>
|
|
<body id="rzalvtrbleimwizard"><a name="rzalvtrbleimwizard"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Troubleshoot general EIM configuration and domain problems</h1>
|
|
<div><div class="p">There are a number of general problems that you may encounter as you configure
|
|
EIM for your system, as well as problems that you may encounter as you access
|
|
an EIM domain. Use the following table to learn more about some common problems
|
|
and potential solutions that you can use to resolve these problems.
|
|
<div class="tablenoborder"><a name="rzalvtrbleimwizard__troubletable2"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="rzalvtrbleimwizard__troubletable2" frame="border" border="1" rules="all"><caption>Table 1. Common EIM configuration and domain
|
|
problems and solutions</caption><thead align="left"><tr><th align="center" valign="top" width="52.55102040816326%" id="d0e20"><strong>Possible problem</strong></th>
|
|
<th align="center" valign="top" width="47.44897959183674%" id="d0e23"><strong>Possible solutions</strong></th>
|
|
</tr>
|
|
</thead>
|
|
<tbody><tr><td align="left" valign="top" width="52.55102040816326%" headers="d0e20 ">EIM Configuration wizard appears to hang during <span class="uicontrol">Finish</span> processing.</td>
|
|
<td align="left" valign="top" width="47.44897959183674%" headers="d0e23 ">Tthe wizard may be waiting for the domain controller
|
|
to start. Verify that no errors occurred during the startup of the directory
|
|
server. For iSeries™ servers,
|
|
check the job log for the <samp class="codeph">QDIRSRV</samp> job in the <samp class="codeph">QSYSWRK</samp> subsystem.
|
|
To check the job log, follow these steps:<ol><li>In iSeries Navigator,
|
|
expand <span class="uicontrol">Work Management > Subsystems > Qsyswrk</span>.</li>
|
|
<li>Right-click <span class="uicontrol">Qdirsrv</span> and select <span class="uicontrol">Job Log</span>.</li>
|
|
</ol>
|
|
</td>
|
|
</tr>
|
|
<tr><td align="left" valign="top" width="52.55102040816326%" headers="d0e20 ">While using the EIM Configuration wizard to create a
|
|
domain on a remote system, you received the following error message: "The
|
|
parent distinguished name (DN) you entered is not valid. The DN must exist
|
|
on the remote directory server. Specify or select a new or existing parent
|
|
DN.' </td>
|
|
<td align="left" valign="top" width="47.44897959183674%" headers="d0e23 ">The parent DN specified for the remote domain does not
|
|
exist. See <a href="rzalvcnfgconfigwiz3.htm">Create and join a new remote domain</a> to learn
|
|
more about how to use the EIM Configuration wizard. Also, see the online help
|
|
for detailed information about specifying a parent DN when creating a domain.</td>
|
|
</tr>
|
|
<tr><td align="left" valign="top" width="52.55102040816326%" headers="d0e20 ">You receive a message indicating that the EIM domain
|
|
does not exist.</td>
|
|
<td align="left" valign="top" width="47.44897959183674%" headers="d0e23 ">If you have not created an EIM domain, use the EIM Configuration
|
|
wizard. This wizard creates an EIM domain for you, or enables you to configure
|
|
an existing EIM domain. If you have created an EIM domain, ensure that the
|
|
specified user is a member of an <a href="rzalveservereimauths.htm#rzalveservereimauths">EIM access control</a> group
|
|
with sufficient authority to access it.</td>
|
|
</tr>
|
|
<tr><td align="left" valign="top" width="52.55102040816326%" headers="d0e20 ">You receive a message indicating that an EIM object
|
|
(identifier, registry, association, policy association, or certificate filter)
|
|
is not found, or that you are not authorized to EIM data.</td>
|
|
<td align="left" valign="top" width="47.44897959183674%" headers="d0e23 ">Verify that the EIM object exists and whether the specified
|
|
user is a member of an <a href="rzalveservereimauths.htm#rzalveservereimauths">EIM access control</a> group
|
|
with sufficient authority to that object.</td>
|
|
</tr>
|
|
<tr><td align="left" valign="top" width="52.55102040816326%" headers="d0e20 ">When you expand the <span class="uicontrol">Identifiers</span> folder,
|
|
it takes a long time before the list of identifiers displays.</td>
|
|
<td align="left" valign="top" width="47.44897959183674%" headers="d0e23 ">This may happen if there are a large number of EIM identifiers
|
|
in the domain. To resolve this, you can customize the <span class="uicontrol">Identifiers</span> folder
|
|
view by restricting the search criteria used for displaying identifiers. To
|
|
customize the view for EIM identifiers, follow these steps: <ol><li>In iSeries Navigator,
|
|
expand <span class="uicontrol">Network > Enterprise Identity Mapping > Domain Management</span>.</li>
|
|
<li>Expand the domain in which you want to display the EIM identifiers.</li>
|
|
<li>Right-click <span class="uicontrol">Identifiers</span> and select <span class="uicontrol">Customize
|
|
this view > Include...</span>.</li>
|
|
<li>Specify the display criteria to use for generating the list of EIM identifiers
|
|
to include in the view.<div class="note"><span class="notetitle">Note:</span> You can use the asterisk (<strong>*</strong>) as a wildcard
|
|
character.</div>
|
|
</li>
|
|
<li>Click <span class="uicontrol">OK</span>.</li>
|
|
</ol>
|
|
The next time you click <span class="uicontrol">Identifiers</span>, only those
|
|
EIM identifiers that match the criteria that you specified display. </td>
|
|
</tr>
|
|
<tr><td align="left" valign="top" width="52.55102040816326%" headers="d0e20 ">While managing EIM through iSeries Navigator, you receive an error
|
|
indicating that the EIM handle is no longer valid.</td>
|
|
<td align="left" valign="top" width="47.44897959183674%" headers="d0e23 ">The connection to the domain controller has been lost.
|
|
To reconnect to the domain controller, follow these steps:<ol><li>In iSeries Navigator,
|
|
expand <span class="uicontrol">Network > Enterprise Identity Mapping > Domain Management</span>.</li>
|
|
<li>Right-click the domain that you want to work with and select <span class="uicontrol">Reconnect...</span>.</li>
|
|
<li>Specify the connection information.</li>
|
|
<li>Click <span class="uicontrol">OK</span>.</li>
|
|
</ol>
|
|
</td>
|
|
</tr>
|
|
<tr><td align="left" valign="top" width="52.55102040816326%" headers="d0e20 ">When using the Kerberos protocol for authentication
|
|
with EIM, diagnostic message <samp class="codeph">CPD3E3F</samp> is written to the job
|
|
log. </td>
|
|
<td align="left" valign="top" width="47.44897959183674%" headers="d0e23 ">This message is generated whenever authentication or
|
|
identity mapping operations fail. The diagnostic message contains both major
|
|
and minor status codes to indicate where the problem occurred. The most common
|
|
errors are documented in the message along with the recovery. Refer to the
|
|
help information associated with the diagnostic message to begin troubleshooting
|
|
the problem. You may also find it helpful to review <a href="../rzamz/rzamztroubleshoot.htm">Troubleshoot single signon configuration</a>.</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalvtrblshoot.htm" title="Use this information to learn about common problems and errors that you may encounter when you configure and use EIM as well as potential solutions for them">Troubleshoot Enterprise Identity Mapping</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |