windows could not start the Access manager

Error:- windows could not start the Access manager instance.
Solution:- This issue occurs because of two reasons probably like when you have changed some parameter in webseal instance conf file which not valid or may not supported.
and second case would be when webseal instance logs file size exceed, once you reduce the instance log file size, issue will surely resolved.

sometime customer needs immediate solution, so always save your bandwidth by facing kind of experiences rather than doing a logs analysis and complete logs reading.

Regards
Arvind kumar

Block URL on webseal TAM 6.1

Few months back, I received customer requirement to block specific URLs through TAM webSEAL which running on virtual host junction like y.z.com, so i had just performed following steps.

Steps:- 1. Create a restricted ACL for access requiring authentication:
pdadmin> sec_master> acl create restricted
pdadmin> sec_master> acl modify restricted set group iv-admin TcmdbsvaBRrxl
pdadmin> sec_master> acl modify restricted set group webseal-servers Tgmdbsrxl
pdadmin> sec_master> acl modify restricted set user sec_master TcmdbsvaBRlrx
pdadmin> sec_master> acl modify restricted set any-other Trx
pdadmin> sec_master> acl modify restricted set unauthenticated T

2. Attach the restricted ACL to the /sapnet directory on y.z.com (entered as one line):
pdadmin sec_master> acl attach 
/WebSEAL/instance name/@vhost-y.z/sapnet restricted

Kt pass command mandatory for SPNEGO authentication on AD controller

I had faced issue during SSO integration for Salesforce application in TAM 6.1 environment.
scenario was basically to provide SPNEGO authentication for internal customer users and form based authentication to external customer users.
every steps i did perfectly in WebSEAL like junction creation, ACL and groups imply on Salesforce application. but i chased for SPNEGO authentication through webseal.
after putting some efforts, i found that i missed KTpass command on AD controller.

Command:-

ktpass -princ HTTP/apps.test.com@DOMAIN.COM –mapuser username.

 Regards
Arvind Kumar

Unable to accept request to unknown address

I had faced this error during TFIM IDP and SP partner communication.

Error:-
                                                         
Unable to accept request to unknown address, https://login.hostname.local:
9443/sps/idplogin/saml20/Login, this may be due to:                    
No configured endpoint or protocol exists that is mapped to this      
endpoint                                                              
Because this endpoint is unknown to this SPS, please validate that    
other applications such as the point of contact or partner sign-on    
servers are correctly configured for the correct endpoints.This is not
a problem with the SPS.      

Solution:- I found the solution that Service partner configuration mapped wrong.
                  vendor has configured wrong IDP URL in service provider configuration setting.
request failing because letter change in the URL  
with "Login", starting with a capital "L" and it has to be small letter.                          
                                                                       
https://login.hostname.local:9443/sps/idplogin/saml20/Login            
                                                                       
the call has to be made using login in all lower case... i.e.:        
                                                                       
https://login.athene.local:9443/sps/idplogin/saml20/login            

hope this helps.

HPDRG0201E Error code 0x31 was received from the LDAP server. Error text: "Invalid credentials".

HPDRG0201E   Error code 0x31 was received from the LDAP server. Error text: "Invalid credentials".

 Solution:  I faced this error during IBM Security access manager packages configuration.
                  found there was no "secAuthority=Default" suffix on the ldap.
                  so I have added this suffix on SAM ldap.

/opt/ibm/ldap/V6.0/sbin/idscfgsuf -I ldapdb2 -s secAuthority=Default
                      

IBM DB2 Enterperise Server Edition V9.7 not detected, install can not continue.

IBM DB2 Enterperise Server Edition V9.7 not detected, install can not continue.

error: %pre(idsldap-srv64bit63-6.3.0-0.x86_64) scripted failed, exit status 1
error: install: %pre scriptlet failed (2). skipping idsldap-srv64bit63-6.3.0.0

Description: - I faced this error when i was installing base TDS 6.3.0 version with DB2 10.1
                     

Solution: - TDS 6.3.0 does not support Db210.1 , Minimum it is required TDS level 6.3.0.21.

                

AM GLPRPL116E Replication for DN 'CN=ip:1389,CN=ip:1389,IBM-REPLICAGROUP=DEFAULT,OU=PORTAL,DC=COM' encountered a gap in the change IDs: 26 followed 24 after trying one more time but is continuing.

AM GLPRPL116E Replication for DN 'CN=ip:1389,CN=ip:1389,IBM-REPLICAGROUP=DEFAULT,OU=PORTAL,DC=COM'
encountered a gap in the change IDs: 26 followed 24 after trying one more time but is continuing.

 This error I faced when i was doing IBM TDS master- replica configuration in the environment.

Solution:- error occur because of encryption seed & salt values different on TDS servers

1 ) check the sync & salt value on both TDS server's from the below ldap command that should be the same.

ldapsearch -D <username> -w <passowrd> -h ip -p 1389 -s base -b cn=crypto,cn=localhost cn=*

if value are different, again recreated the instance and provide the same encryption seed otherwise replication will not work.