Troubleshooting cheat sheet - howto use STRACE to debug Access Manager issues

  • 7006048
  • 19-May-2010
  • 26-Apr-2012

Environment

Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Windows Novell Identity Server
Novell Access Manager 3.1 Access Administration
Novell Access Manager 3.1 SSLVPN Server
Novell Access Manager 3.1 Java Agents

Situation

AM 3.1 Strace cheat sheet
====================

Functionality:    STRACE is a socket/SSL tracer designed to generate LOG for Microsoft Internet Explorer. The STRACE LOG contains clear text HTTP traffic (with socket information) and encrypted/decrypted SSL data. To generate STRACE LOG for Internet Explorer, just run STRACE.CMD (in order to generate a "clean" LOG, clear the IE cache before starting navigation).

In cases where communication from the browser to Access Manager is SSL protected and the private key cannot be obtained from the customer in oder to decode the SSL traffic by using Wireshark the STRACE utility can be used on the browser client instead.
In cases where you troubleshoot browser specific issues where for example one version of the browser will work and other version is failing it can be used as well.

Log settings required to capture all relevant traffic:

LAG - need to make sure “/etc/laglogs.conf” file includes.
Note: LAG must be restarted by running “/etc/init.d/novell-vmc restart” in order to activate the new logging settings.

LOG_LEVEL=7
DEBUG_HTTP_HEADERS=1
DEBUG_SOAP_MESSAGES=0



Info to request:

1. Linux Access Gateway (LAG) Server

- /var/opt/novell/tomcat5/logs/catalina.out
- /var/log/ics_dyn.log
- /var/log/laghttpheaders


2. Browser Workstation
Obtain strace from http://www.microsoft.com/downloads/details.aspx?familyid=f5ec767f-27f2-4fb3-90a5-4bf0d5f4810a&displaylang=en,
Once installed you can run strace. Make sure to clear the IE cache before you start collecting the strace log.
Strace by default will launch Internet Explorer in where you can dupe the issue.
Once done you can close the browser which will write out the strace log file on the desktop.
The name of the logfile is containing the Internet Explorer process id. For example: STRACE_IEXPLORE_PID_5748.LOG

3. Always ask for the date and exact time steps are done so this can be used for reference when analyzing the logs.


What to look for in log files:

- Dependent on the problem you troubleshoot look at STRACE output and take a look at the clear text HTTP traffic till you locate the error you are troubleshooting.
- search for matching entry in the  LAGHTTPHeaders.
- open the ics_dyn.log file and find back the matching entry. Try and use unique indentifiers and use date and time for reference.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.