Unsupported content

 

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Troubleshooting BMC Atrium Single Sign-On problems

This topic describes the common problems faced in BMC Atrium Single Sign-On and BAO integration. 

Re-registering agents in BMC Atrium Single Sign-On after an upgrade

When you upgrade BMC Atrium Single Sign-On to any later version, sometimes the integration fails and the following error message is displayed. Re-register the agents in BMC Atrium Single Sign-On again.

BMCSSG1757E: Integration with Atrium SSO is failing. Please contact the product's support team for help with resolving this integration problem (BMCSSG1766E: Local Atrium SSO certificate does not match remote server certificate. Agent may need to be re-integrated with Atrium SSO server.)

Important

You must shut down the BMC Atrium Orchestrator server before re-registering agents.

If you are registering agents on a new BMC Atrium Single Sign-On server, you must manually edit the context.xml file in the repository directory to point to the new BMC Atrium Single Sign-On server URL. 

Perform the following steps to re-register agents by using the command line interface (see the parameter table below for details) :

  1. Go to BMC Atrium SSO Admin Console and click Agent Details.  
  2. Select the check boxes against the BAO agents and click Delete.
  3. Remove the ${ao_home}/tomcat/atssoAgents directory.
    • For the repository, this is $<REPO_HOME>/tomcat/atssoAgents
    • For the CDP, this is $<CDP_HOME>/tomcat/atssoAgents
  4. Go to the command prompt and run the following command:

    <AOComponent Install Folder>\jvm\bin\java" -jar "<AO ComponentInstall Folder>\webagent\deployer\deployer.jar" 
    --install --container-type tomcatv7 
    --atrium-sso-url <https://customers-sso-instance:port/atriumsso>
    --web-app-url <https://url-to-AO-component> or <https://url-to-AO-Load-Balancer>
    --notify-url <https://url-to-AO-component>
    --web-app-logout-uri /logout 
    --container-base-dir "<AO ComponentInstall Folder>\tomcat" 
    --admin-name <amadmin>
    --admin-pwd <ampassword> 
    --jvm-truststore "<AOComponent Install Folder>\jvm\lib\security\cacerts" 
    --jvm-truststore-password changeit 
    --truststore "<AO Component InstallFolder>\tomcat\conf\.keystore" 
    --truststore-password changeit 
    --not-enforced-uri-file "<AO Component Install Folder>\excludedURLs"

    Note

    The command should all be on one line (no new lines inserted) as in shown in this example:

    <AOComponent Install Folder>\jvm\bin\java" -jar "<AO ComponentInstall Folder>\webagent\deployer\deployer.jar" --install --container-type tomcatv7 --atrium-sso-url <https://customers-sso-instance:port/atriumsso> --web-app-url <https://url-to-AO-component> or <https://url-to-AO-Load-Balancer> --notify-url <https://url-to-AO-component> --web-app-logout-uri /logout --container-base-dir "<AO ComponentInstall Folder>\tomcat" --admin-name <amadmin>--admin-pwd <ampassword> --jvm-truststore "<AOComponent Install Folder>\jvm\lib\security\cacerts" --jvm-truststore-password changeit --truststore "<AO Component InstallFolder>\tomcat\conf\.keystore" --truststore-password changeit --not-enforced-uri-file "<AO Component Install Folder>\excludedURLs"


    Sample command for the repository:

    C:\Program Files\BMC Software\BAO\repo\jvm\bin\java" -jar "C:\Program Files\BMC Software\BAO\repo\webagent\deployer\deployer.jar" 
    --install --container-type tomcatv7 
    --atrium-sso-url https://<fqdn for sso server>:8443/atriumsso 
    --web-app-url https://<fqdn for your component>:28080/baorepo or <https://url-to-AO-Load-Balancer>
    --notify-url <https://<fqdn for your component>:28080/baorepo
    --web-app-logout-uri "/logout" 
    --container-base-dir "C:\Program Files\BMC Software\BAO\repo\tomcat" 
    --admin-name amadmin --admin-pwd <sso admin password>
    --jvm-truststore "C:\Program Files\BMC Software\BAO\repo\jvm\lib\security\cacerts" 
    --jvm-truststore-password changeit 
    --truststore "C:\Program Files\BMC Software\BAO\repo\tomcat\conf\.keystore" 
    --truststore-password changeit 
    --not-enforced-uri-file "C:\Program Files\BMC Software\BAO\repo\excludedURLs"

    Note

    The command should all be on one line (no new lines inserted) in shown in this sample command:

    C:\Program Files\BMC Software\BAO\repo\jvm\bin\java" -jar "C:\Program Files\BMC Software\BAO\repo\webagent\deployer\deployer.jar" --install --container-type tomcatv7 --atrium-sso-url https://<fqdn for sso server>:8443/atriumsso --web-app-url https://<fqdn for your component>:28080/baorepo baorepo  or <https://url-to-AO-Load-Balancer> --notify-url <https://<fqdn for your component>:28080/baorepo --web-app-logout-uri "/logout" --container-base-dir "C:\Program Files\BMC Software\BAO\repo\tomcat" --admin-name amadmin --admin-pwd <sso admin password> --jvm-truststore "C:\Program Files\BMC Software\BAO\repo\jvm\lib\security\cacerts" --jvm-truststore-password changeit --truststore "C:\Program Files\BMC Software\BAO\repo\tomcat\conf\.keystore" --truststore-password changeit --not-enforced-uri-file "C:\Program Files\BMC Software\BAO\repo\excludedURLs"

    Note

    If you have manually deleted the CDP agent from BMC Atrium Single Sign-On, you need to manually create the excludeURLs file with the following values:

    /baocdp/orca*
    /baocdp/ws*
    /baocdp/atsso*
    /baocdp/rest* 

    While re-registering the CDP agent, specify the excludedURLs file path in the command.

    Sample command for the CDP:

    C:\Program Files\BMC Software\BAO\CDP\jvm\bin\java" -jar "C:\Program Files\BMC Software\BAO\CDP\webagent\deployer\deployer.jar" 
    --install --container-type tomcatv7 
    --atrium-sso-url https://<fqdn for sso server>:8443/atriumsso 
    --web-app-url https://<fqdn for your component>:38080/baocdp or <https://url-to-AO-Load-Balancer>
    --notify-url <https://<fqdn for your component>:38080/baocdp 
    --web-app-logout-uri "/logout" 
    --container-base-dir "C:\Program Files\BMC Software\BAO\CDP\tomcat" 
    --admin-name amadmin --admin-pwd <sso admin password>
    --jvm-truststore "C:\Program Files\BMC Software\BAO\CDP\jvm\lib\security\cacerts" 
    --jvm-truststore-password changeit 
    --truststore "C:\Program Files\BMC Software\BAO\CDP\tomcat\conf\.keystore" 
    --truststore-password changeit
    --not-enforced-uri-file "C:\Program Files\BMC Software\BAO\CDP\excludedURLs"

    Note

    The command should all be on one line (no new lines inserted) as in shown in this sample command:

    C:\Program Files\BMC Software\BAO\CDP\jvm\bin\java" -jar "C:\Program Files\BMC Software\BAO\CDP\webagent\deployer\deployer.jar" --install --container-type tomcatv7 --atrium-sso-url https://<fqdn for sso server>:8443/atriumsso --web-app-url https://<fqdn for your component>:38080/baocdp  or <https://url-to-AO-Load-Balancer> --web-app-url https://<fqdn for your component>:38080/baocdp --web-app-logout-uri "/logout" --container-base-dir "C:\Program Files\BMC Software\BAO\CDP\tomcat" --admin-name amadmin --admin-pwd <sso admin password> --jvm-truststore "C:\Program Files\BMC Software\BAO\CDP\jvm\lib\security\cacerts" --jvm-truststore-password changeit --truststore "C:\Program Files\BMC Software\BAO\CDP\tomcat\conf\.keystore" --truststore-password changeit --not-enforced-uri-file "C:\Program Files\BMC Software\BAO\CDP\excludedURLs"

    Sample command for the graphing server:

    C:\Program Files\BMC Software\BAO\CDP\jvm\bin\java" -jar "C:\Program Files\BMC Software\BAO\CDP\webagent\deployer\deployer.jar" 
    --install --container-type tomcatv7 
    --atrium-sso-url https://<fqdn for sso server>:8443/atriumsso 
    --web-app-url https://<fqdn for your component>:38080/baograph or <https://url-to-AO-Load-Balancer>
    --notify-url <https://<fqdn for your component>:38080/baograph
    --web-app-logout-uri "/logout" 
    --container-base-dir "C:\Program Files\BMC Software\BAO\CDP\tomcat" 
    --admin-name amadmin --admin-pwd <sso admin password>
    --jvm-truststore "C:\Program Files\BMC Software\BAO\CDP\jvm\lib\security\cacerts" 
    --jvm-truststore-password changeit 
    --truststore "C:\Program Files\BMC Software\BAO\CDP\tomcat\conf\.keystore" 
    --truststore-password changeit
    --not-enforced-uri-file "C:\Program Files\BMC Software\BAO\CDP\conf\excludedURLs"

    Note

    The command should all be on one line (no new lines inserted) as in shown in this sample command:

    C:\Program Files\BMC Software\BAO\CDP\jvm\bin\java" -jar "C:\Program Files\BMC Software\BAO\CDP\webagent\deployer\deployer.jar" --install --container-type tomcatv7 --atrium-sso-url https://<fqdn for sso server>:8443/atriumsso --web-app-url https://<fqdn for your component>:38080/baograph or <https://url-to-AO-Load-Balancer> --notify-url <https://<fqdn for your component>:38080/baograph --web-app-logout-uri "/logout" --container-base-dir "C:\Program Files\BMC Software\BAO\CDP\tomcat" --admin-name amadmin --admin-pwd <sso admin password> --jvm-truststore "C:\Program Files\BMC Software\BAO\CDP\jvm\lib\security\cacerts" --jvm-truststore-password changeit --truststore "C:\Program Files\BMC Software\BAO\CDP\tomcat\conf\.keystore" --truststore-password changeit --not-enforced-uri-file "C:\Program Files\BMC Software\BAO\CDP\conf\excludedURLs"

    Sample command for the OCP (installed with the CDP):

    C:\Program Files\BMC Software\BAO\CDP\jvm\bin\java" -jar "C:\Program Files\BMC Software\BAO\CDP\webagent\deployer\deployer.jar" 
    --install --container-type tomcatv7 
    --atrium-sso-url https://<fqdn for sso server>:8443/atriumsso 
    --web-app-url https://<fqdn for your component>:38080/baoocp or <https://url-to-AO-Load-Balancer>
    --notify-url <https://<fqdn for your component>:38080/baocdp
    --web-app-logout-uri "/logout" 
    --container-base-dir "C:\Program Files\BMC Software\BAO\CDP\tomcat" 
    --admin-name amadmin --admin-pwd <sso admin password>
    --jvm-truststore "C:\Program Files\BMC Software\BAO\CDP\jvm\lib\security\cacerts" 
    --jvm-truststore-password changeit 
    --truststore "C:\Program Files\BMC Software\BAO\CDP\tomcat\conf\.keystore" 
    --truststore-password changeit
    --not-enforced-uri-file "C:\Program Files\BMC Software\BAO\CDP\conf\excludedURLs"

    Note

    The command should all be on one line (no new lines inserted) as in shown in this sample command:

    C:\Program Files\BMC Software\BAO\CDP\jvm\bin\java" -jar "C:\Program Files\BMC Software\BAO\CDP\webagent\deployer\deployer.jar" --install --container-type tomcatv7 --atrium-sso-url https://<fqdn for sso server>:8443/atriumsso --web-app-url https://<fqdn for your component>:38080/baoocp or <https://url-to-AO-Load-Balancer> --notify-url <https://<fqdn for your component>:38080/baoocp --web-app-logout-uri "/logout" --container-base-dir "C:\Program Files\BMC Software\BAO\CDP\tomcat" --admin-name amadmin --admin-pwd <sso admin password> --jvm-truststore "C:\Program Files\BMC Software\BAO\CDP\jvm\lib\security\cacerts" --jvm-truststore-password changeit --truststore "C:\Program Files\BMC Software\BAO\CDP\tomcat\conf\.keystore" --truststore-password changeit --not-enforced-uri-file "C:\Program Files\BMC Software\BAO\CDP\conf\excludedURLs"

    Sample command for the OCP (standalone installation):

    C:\Program Files\BMC Software\BAO\OCP\jvm\bin\java" -jar "C:\Program Files\BMC Software\BAO\OCP\webagent\deployer\deployer.jar" --install --container-type tomcatv7
    --atrium-sso-url https://<fqdn for sso server>:8443/atriumsso
    --web-app-url https://<fqdn for your component>:38080/baoocp or <https://url-to-AO-Load-Balancer>
    --notify-url <https://<fqdn for your component>:38080/baoocp
    --web-app-logout-uri "/logout"
    --container-base-dir "C:\Program Files\BMC Software\BAO\OCP\tomcat"
    --admin-name amadmin --admin-pwd <sso admin password>
    --jvm-truststore "C:\Program Files\BMC Software\BAO\OCP\jvm\lib\security\cacerts"
    --jvm-truststore-password changeit
    --truststore "C:\Program Files\BMC Software\BAO\OCP\tomcat\conf\.keystore"
    --truststore-password changeit 

    Note

    The command should all be on one line (no new lines inserted) as shown in this sample command: 

    C:\Program Files\BMC Software\BAO\OCP\jvm\bin\java" -jar "C:\Program Files\BMC Software\BAO\OCP\webagent\deployer\deployer.jar" --install --container-type tomcatv7 --atrium-sso-url https://<fqdn for sso server>:8443/atriumsso --web-app-url https://<fqdn for your component>:38080/baoocp or <https://url-to-AO-Load-Balancer> --notify-url <https://<fqdn for your component>:38080/baoocp --web-app-logout-uri "/logout" --container-base-dir "C:\Program Files\BMC Software\BAO\OCP\tomcat" --admin-name amadmin --admin-pwd <sso admin password> --jvm-truststore "C:\Program Files\BMC Software\BAO\OCP\jvm\lib\security\cacerts" --jvm-truststore-password changeit --truststore "C:\Program Files\BMC Software\BAO\OCP\tomcat\conf\.keystore" --truststore-password changeit 
  5. Restart BMC Atrium Orchestrator peers. 

Registration command parameters 

ParameterDefinitionRequired
container-typeType of Web server used to host BMC Atrium Orchestrator.Yes
atrium-sso-urlAddress of the Atrium SSO instance.Yes
web-app-urlAddress of BMC Atrium Orchestrator or of the load balancer.Yes
web-app-logout-uriThe URL where the application is directed upon user logout.Yes
container-base-dirThe Web server home directory.Yes
admin-nameThe SSO admin user name.Yes
admin-pwdThe SSO admin password.Yes
jvm-truststoreThe truststore location.Yes
jvm-truststore-passwordThe truststore password.Yes
not-enforced-uri-fileThe file that Atrium SSO uses to store the data that goes in its NotEnforcedURI table.Required for the repository.
notify-urlThe BMC Atrium Orchestrator address if web-app-url specifies a load balancer.Required if web-app-url specifies a load balancer.

Note

You can verify that agents were re-registered by logging into Atrium Single Sign-On, clicking Agent Details, and checking that the agents are listed.

Registering agents on a new BMC Atrium Single Sign-On server

If you are registering agents on a new BMC Atrium Single Sign-On server, you must manually edit the context.xml file in the repository directory to point to the new BMC Atrium Single Sign-On server URL. 

To change the BMC Atrium Single Sign-On URL:

  1. Go to <AO_HOME>/tomcat/conf/context.xml.
  2. Look for the com.bmc.ao.sso.ATRIUM_SSO_SERVER_URL property and provide the URL to the BMC Atrium Single Sign-On server, which you want to connect to the repository. 

For more information, see Knowledge Base article KA000029966.

Checking that the CDP can communicate with BMC Atrium Single Sign-On

The CDP should be able to communicate with BMC Atrium Single Sign-On if the SSO port is accessible. You can use telenet to check the port connection. 

The telenet command format is similar to the following:

telnet <SSOserver> <SSOportnumber> 

For more information about using telenet, see  Using telnet to check port access

Problem starting BAO when BAO and Atrium SSO are installed on the same server

If BAO and Atrium SSO are installed on the same server and BAO fails to start, ensure that the Atrium SSO service is running before starting the BAO service.

  1. Start the Atrium SSO service (see Starting and stopping product components and services).
  2. Log into the Atrium SSO console to ensure that it is running.
  3. Start the BAO service (see Starting and stopping product components and services).
  4. Log into BAO (see Logging into Grid Manager and Repository Manager).

BMC Atrium Orchestrator peer does not start after installation or BMC Atrium Orchestrator does not run properly

The symptoms may be that BAO fails to register with BMC Atrium Single Sign-On or that peers take several hours to start. This may be due to inadequate system entropy.
See the BMC Atrium Single Sign-On Prerequisites for installation page for more information. You can also find information in Knowledge Article Actions fail in Atrium Orchestrator due to low system entropy KA000066336.

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Peter Lowater

    I see now the sample as been changed to add the "--not-enforced-uri-file" option but the file is only present on a Repo install.

    It would be better to have an example for Repo and a sample for CDP so there is no confusion

    Jul 17, 2014 08:01
    1. Shweta Hardikar

      Changed the repo and cdp samples.

      Sep 04, 2014 01:15