Troubleshooting problems with deployment

You can troubleshoot common problems when deploying the patterns in the IBM® SOA Policy Gateway Pattern.

Failure to connect to DataPower during deployment

Try the following solutions:

Troubleshooting failure of Mutual Authentication client authentication

Try the following solutions:

Troubleshooting failure of server authentication

Try the following solutions:

Troubleshooting an error for the domain already existing

Try the following solution:

Troubleshooting a port overlap error for the sample application

If one of the sample services is unavailable, check if the ports in your domain conflict with other domains.
Try the following solutions:
  • Sign into DataPower and switch to the sample domain. Then, open the Control Panel and click the XML Firewall icon. Check that the XML Firewalls are all in Up state.
  • Search for HTTP Front Side Handler. Check that the single HTTP Front Side handler is in Up state.

Troubleshooting the failure to connect to an SCP

Try the following solutions:

Troubleshooting the failure to retrieve the DomainZipFile.zip file from SCP or debug missing artifacts

Try the following solutions:

Troubleshooting promotion failure

There are many problems that can arise in a promotion including failure to connect to Governance Master during deployment.
Try the following solutions:
  • Check the parameters:
    • Check the user of the Governance Master WSRRCELL.
    • Check the password for the user of the Governance Master WSRR Cell.
    • Check the host name of the WSRR Governance Master Cell.
    • Check the CELL name of the WSRR Governance Master Cell.
  • Check the signer certificate exchange:
    • Go to the Cell Default Trust Store of the Governance Master cell and make sure that there is a certificate entry for the Dmgr or the Standalone server of the runtime environment, SOA Policy Gateway Basic Runtime or SOA Policy Gateway Advanced Runtime, exist.
    • Go to each Runtime Environment, SOA Policy Gateway Basic Runtime or SOA Policy Gateway Advanced Runtime, and check the CellDefaultTrust store (for the ND environment case) or the NodeDefaultTrustStore (for WSRR Standalone servers) to make sure that there is a certificate for the Dmgr of the Governance Master.
    • Export the LTPA keys from both cells using the same password, and check that they are the same (for example, the bytes).
  • Make sure that the promotion properties file contains server sections with the appropriate host and port, and user and password information. This Information can be found in the ServiceRegistry console for the Governance Master:
    • Go to the GovernanceMasterDMgrHost or ServiceRegistry and switch to the Configurations perspective. In the Actions section, find Promotion and open the promotion properties file. For each environment there should be XML elements for each server in the staging WSRR node or cluster. If a production cluster or node exists, there should be server:port entries for each, and in addition there should be user and password information.
  • Check that the Service Version and SOAP Endpoint both have Classification for staging and Production.
    • In the Service Registry Console, select the SOA Governance perspective. Open the Service Version, and select the Classifications tab. Staging and Production must be enabled.

Troubleshooting customized CLI failures

Try the following solutions:

Troubleshooting SSL failures due to missing DataPower certificates

If the correct hostname for your DataPower Certificates directory was not provided in the DomainZipFile.zip file, the script packages will fail to connect to the WSRR Server if Mutual or Server Authentication is enabled on the DataPower host.

Troubleshooting WSRR/DataPower connection issues

If you see that the status of the WSDL in a Web Service Proxy is in Down or Synchronizing state that never changes to Okay, check the following:
  1. Check that the Crypto Certificate is valid for the WSRR Server (WSRRSVR).
  2. Check that DataPower has the correct DNS set up to recognize the Hostname of the WSRR Server or Dmgr.
  3. If the DNS is incorrect, a temporary work around is to change the URL in the WSRR Server definition to point directly to the IP by substituting the IP for the HostName in the URL.
  4. Go to the WSRR Subscription and do a manual synchronize:
    1. Check the default.log for errors related to the connectivity of the WSRR Server.
  5. Make sure that the certificates required match those in the Identification Credentials for the Crypto Profile of the DataPower Appliances XMLManagement Interface SSL Proxy Profile.

Concept Concept

Feedback

Timestamp icon Last updated: Thursday, 3 July 2014
http://publib.boulder.ibm.com/infocenter/prodconn/v1r0m0/topic/com.ibm.scenarios.soawdpwsrr.doc/topics/csoa2_troubleshoot_deployment.htm