IBM FileNet P8, Version 5.2.1            

Checking Kerberos for common errors

If your Kerberos verification test fails, there are some basic things you can check before accessing the troubleshooting system.

Follow the steps in this topic before working through the Kerberos Troubleshooting section. Troubleshooting problems with Kerberos can be complex, given the number of computers and amount of software that can be involved.

Do the following steps to check your Kerberos for the most common errors.

  1. Make sure that Content Platform Engine works without Kerberos. Start Administration Console for Content Platform Engine and log on as the gcd_admin. If you cannot log on, then troubleshoot that before attempting to handle problems with Kerberos.
  2. You can find a file in installation\IBM\FileNet\ContentEngine\AuthnTest.zip that contains AuthnTest.exe. You can run this on a Windows system that has been set up with WSE. This program is a quick, lightweight way to test the Kerberos setup.
  3. If this login fails or there still does appear to be a Kerberos problem, then the problems can be broken down into whether the error seems to be generated on the client or on the Content Platform Engine. In most cases, the important part of the error will be near or at the end of the error message. For instance, if the error message returned by the client was WSE594: InitializeSecurityContext call failed with the following error message: The network path was not found, the important part of this message is The network path was not found.
  4. Turn on Kerberos debugging. On WebSphere this is done by adding a debug=true option to the KrbServiceLoginModule and turning on two JVM switches to get detailed JVM debugging info:
    -Dcom.ibm.security.jgss.debug=all
    -Dcom.ibm.security.krb5.Krb5Debug=all
    On WebLogic this is done by setting the debug option true on the authentication provider's setup. Also turn on Sun Java's Kerberos debugging by adding this JVM switch to WebLogic's startup:
    -Dsun.security.krb5.debug=true


Last updated: March 2016
p8pkerb002.htm

© Copyright IBM Corporation 2016.