Troubleshooting
This topic provides troubleshooting information, including information about error messages and frequently asked questions related to PATROL for IBM DB2.
How do I configure WinRM?
You can use one of the following commands to configure the WinRM:
- winrm quickconfig -transport:http
- winrm quickconfig -transport:https
Note
If you are logged in on a non-Administrator account, you must either right-click the Command Prompt icon in the Start Menu and select Run as Administrator, or use the Runas command at the command prompt.
The winrm quickconfig command creates a firewall exception only for the current user profile. If the firewall profile is changed for any reason, you must run the winrm quickconfig command again to enable the firewall exception for the new profile.
WinRM automatically configures the ports that it uses. The port number might be different, depending on the version of WinRM that you install.
For WinRM 1.1:
- The default HTTP port used is 80.
- The default HTTPS port used is 443.
For WinRM 2.0 or later:
- The default HTTP port used is 5985.
- The default HTTPS port used is 5986.
The winrm quickconfig command also performs following tasks:
- Starts the WinRM service.
- Sets the WinRM service type to auto start.
- Creates a listener to accept requests on any IP address.
- Enables a firewall exception for WS-Management traffic (HTTP only).
Tip
- If WinRM reports that it is unable to verify the status of the firewall, start the firewall service and run the winrm quickconfig command again. You can stop the firewall service after configuring WinRM, if desired.
- If WinRM reports that it is unable to create a WinRM listener on HTTPS because the WinRM Server does not have a valid SSL certificate, check whether the SSL certificate is valid and ensure that it meets all requirements.
For an SSL certificate to be valid, its CN value must match the host name, it must not be expired, revoked, or self-signed, and it should be valid for server authentication.
How do I view the WinRM configuration?
You can use the following commands to display WinRM configuration details:
- For the WinRM configuration:
winrm get winrm/config - For the WinRM Client configuration:
winrm get winrm/config/client - For the WinRM Server configuration:
winrm get winrm/config/service - For Winrs configuration:
winrm get winrm/config/winrs - For listener information:
winrm enumerate winrm/config/listener - For the WinRM version details:
winrm id
Can I change the WinRM configuration as a standard user?
By default, an Administrator user has permissions to change the WinRM configuration. In addition, a standard user who is a member of administrator group can also change the WinRM configuration.
How do I start and stop the WinRM service?
You can use the following command to start and stop the WinRM service:
sc <start|stop> winrm
You can use SCM to start and stop the Windows Remote Management service (WSManagement).
How do I verify the WinRM connection for a specific remote host?
You can use the following commands to verify the WinRM connection with a remote host.
- To verify a remote host connection via HTTP or HTTPS using a domain account:
- winrm id -r:http://<hostname>:<port> -u:<domain\username> -p:<password>
- winrm id -r:https://<hostname>:<port> -u:<domain\username> -p:<password>
OR winrs -r:http://<hostname>:<port> -u:<domain\username> -p:<password><sys_command>
winrs -r:https://<hostname>:<port> -u:<domain\username> -p:<password><sys_command>
- To verify a remote host connection via HTTP or HTTPS using a local account:
- winrm id -r:http://<hostname>:<port> -u:<username> -p:<password>
- winrm id -r:https://<hostname>:<port> -u:<username> -p:<password>
OR - winrs -r:http://<hostname>:<port> -u:<username> -p:<password> <sys_command>
- winrs -r:https://<hostname>:<port> -u:<username> -p:<password> <sys_command>
Note
<sys_command> refers to any Microsoft Windows operating system command, such as DIR or SYSTEMINFO.
How do I resolve connectivity issues for the WinRM command?
You might encounter one of the following scenarios while verifying the remote host connection with the winrm command.
Scenario 1
WinRM displays the following error message:
The client cannot connect to the remote host specified in the request. Verify that the service on the remote host is running and is accepting requests. You may use the following command to analyze the state of the WinRM service and to configure the service, if necessary: "winrm quickconfig".
To resolve the issue
- Verify that WinRM is configured properly.
- Configure WinRM again, using the winrm qc command.
- Check the status of the WinRM service on the remote host.
- Verify that the port number is valid.
Scenario 2
WinRM displays the following error message:
Logon failure: unknown user name or bad password.
To resolve the issue
- Verify that the username and password are valid.
- Verify that user name is associated with a valid domain name if a domain account is provided.
- Verify that the hostname has been added to the Trusted Host list if local credentials are provided.
- Check the Event Viewer for events related to authentication.
Scenario 3
WinRM displays the following error message:
Access is denied
To resolve the issue
- Verify that the username and password are valid.
- Verify that the user exists on the remote host.
- Verify the status of the WinRM service on the remote host.
- Verify that Kerberos and Negotiate authentications are enabled on the remote host.
Scenario 4
WinRM displays the following error message:
A security error occurred.
To resolve the issue
- Verify that the SSL certificate is valid on the remote host.
- Verify that the port number is valid.
Scenario 5
WinRM displays the following error message:
The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-Management protocol.
To resolve the issue
- Verify that the port number is valid.
- Configure the WinRM listener again.
Scenario 6
WinRM displays the following error message:
An internal error occurred.
To resolve the issue
- Verify the status of the WMI client on the remote host.
- Verify the status of the WinRM service on the remote host.
Scenario 7
WinRM displays the following error message:
The WinRM client cannot process the request because the server name cannot be resolved.
To resolve the issue
- Verify that the remote host is alive.
- Verify that the remote host is on the network, and added listed the DNS correctly.
Scenario 8
WinRM displays the following error message:
The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled.
To resolve the issue
- Verify that the firewall exception for the Windows Remote Management service is enabled.
- Verify that the machine name is valid and is can be reached over the network.
Incorrect configuration information
- Incorrect username or password
- Incorrect host or port
Remote DB2 on Windows:
Remote DB2 on UNIX:
To resolve the issue
Click No, fix the problematic field and click OK.
Cannot view data for some parameters or you would like to bring a new set of parameters
To resolve the issue
Run the DB2 Diagnostic Report by as below,
- Right click the DB2_ENVIRONMENT > KM Commands > KM Administration > DB2 Diagnostic Report.
- For each running DB2 server, a text file will be created at
$PATROL_HOME/pso/diag.
This file contains all the customer environment data which can be used to resolve the issue.
Patrol instance names contain number in the name
For example:
This is done to make the instances short as PATROL reports issues with long instance names.
To resolve the issue
- Right click the DB2_ENVIRONMENT > KM Commands > KM Administration > Define JVM Arguments
- Enter DLongInstanceMapping=true
Stop monitoring one of the configured DB2 environments
You want to stop monitoring one of the configured DB2 environments without deleting the environment from the pconfig or using Blackout.
To resolve the issue
Set disableInstance
pconfig environment variable to true. Restart the PATROL Agent. The configured environment will not be monitored.
Change default collection
The default collection is as below:
- DB2 Availability each 1 min
- DB2 Data each 10 min
- Diaglog each 5 min
If you want to change the default parameters, perform the steps as below.
Go to Administration commands from the CMA Policy.
Availability change: Change the pconfig under the DB2 environment the variable
"/PSO/DB2/<<environment name>>/collectors/availabilityCollector/Cycle" = {REPLACE =“<cycle in sec>>”}
Data change: Change the pconfig under the DB2 environment the variable:
"/PSO/DB2/<<environment name>>/collectors/dataCollector/Cycle" = {REPLACE =“<cycle in sec>>”}
Diaglog change: Change the pconfig under the DB2 environment the variable
"/PSO/DB2/<<environment name>>/collectors/diagLogCollector/Cycle" = {REPLACE =“<cycle in sec>>”}
JAVA collector process consumes high memory
The JAVA collector process consumes high memory when monitoring a large-scale DB2 server environment.
To resolve the issue
Add JVM argument Xmx512m
- Right click the DB2_ENVIRONMENT > KM Commands > KM Administration > Define JVM Arguments
- Enter Xmx512m
DB2 User does not have permissions to run the DB2 commands
To resolve the issue
- Check if the HOME Installation PATH is correct
- Check the minimal authentication needed for DB2 user:
- For Remote/Local UNIX and Windows user, SYSMON user with DATAACCESS privilege
- You can grant DATACCESS privilege to SYSMON by executing
db2 GRANT DATAACCESS ON DATABASE TO GROUP <sysmon group>
command - The user should succeed executing the following UNIX commands:
uname
df -g <DB cfg logpath file or DB_PATH of SYSIBMADM.SNAPDB file> (hp)
df -k <DB cfg logpath file or DB_PATH of SYSIBMADM.SNAPDB file> (unix not hp)
- The user should succeed executing the following Windows commands:
fsutil volume diskfree <drive>
dir <file>
type <db2 instance home>\<db2 instance name>\db2nodes.cfg
- You can grant DATACCESS privilege to SYSMON by executing
- JDBC user, SYSMON user with DATAACCESS privilege
You can grant DATACCESS privilege to SYSMON by executing
db2 GRANT DATAACCESS ON DATABASE TO GROUP <sysmon group>
command
- For Remote/Local UNIX and Windows user, SYSMON user with DATAACCESS privilege
Filter instances from the monitor environment
You want to filter instances from the monitor environment. For example, you want to only db2inst1 and db2inst2 instances.
To resolve the issue
Edit the environment by adding the required monitor instances in the Monitored DB instances field.
Filter databases from monitoring
You want to filter databases from monitoring.
To resolve the issue
Add pconfig variable and restart the PATROL agent.
"/PSO/DB2/<<environment name>>/<<DB2 instance name>>/excludedDatabases" = {REPLACE = "<< >>"}
This variable will contain a list of the databases that will not be collected. If includedDatabases
pconfig variable is defined then this pconfig variable is not relevant.
Filter partitions from monitoring
You want to filter partitions from monitoring.
To resolve the issue
Add pconfig variable and restart the PATROL agent.
"/PSO/DB2/<<environment name>>/<<DB2 instance name>>/excludedPartitions" = {REPLACE = "<< >>”}
This variable will contain a list of the partitions numbers that will not be collected. If includedPartitions
pconfig variable of the instance is defined then this pconfig variable is not relevant.
Configure SQL queries to monitor data
You need to configure SQL queries to monitor data in your database.
To resolve the issue
Add the SQL query configuration details. For example:
Field | Value |
---|---|
SQL name | test |
Instance Name | DB2 |
Database Name | SAMPLE |
SQL Query | select TOTAL_LOG_USED from SYSIBMADM.SNAPDB |
Collection time | 1 |
If the query returns a single value as stated in the example, Value monitoring attribute will be created.
Activate self-monitoring
To activate the self-monitoring of the response time of the DB2 KM running queries, right click the DB2_ENVIRONMENT > KM Commands > KM Administration > Queries Response Time
Enable PSL and JAVA debug
You can enable the debug from the TrueSight console, PATROL console, or by using PCM rulesets.
Enabling debug from the TrueSight console
Enabling JAVA debug
- In the Environment Configurations, open the Administration panel.
- In Java log level field, select Finest log level.
- Save the policy. Ensure that the changes are reflected in the pconfig variables.
Enabling PSL debug
Currently, the KM does not contain an option to activate the PSL debug by using the TrueSight console. You must use the PCM rulesets to enable PSL debug.
Enabling debug in the PATROL consoles
To enable the JAVA log debug, right click the DB2 environment > KM Commands > KM Administration > Java log level > Finest
To enable the PSL debug, right click the DB2 node > KM Commands > Debug PSL > Enable
Enabling debug by using PCM rulesets
Enabling JAVA debug
Set the log level for the DB2 Java collector by using the /PSO/DB2/<<environment name>>/javaDebugLevel
pconfig variable. Valid values are:
- 3 = Info (default)
- 4 = Fine
- 5 = Finest
Enabling PSL debug
Enable the PSL debug by using the /PSO/Default/logLevel" = { REPLACE = "<<INFO|DEBUG>> pconfig variable.
After you enable the debug by using any of the consoles, follow these steps:
- Stop the PATROL Agent
- Delete the Java folder located in
Patrol3/pso/logs
directory - Delete the PSL log file located at
<Patrol Agent>\Patrol3\log\pso-<Name of the agent:port>.kmlog
directory - Open the
pso.properties
file located atPatrol3/pso/conf/pso.properties
- Set the javaDebugLevel property to value 5 (javaDebugLevel=5)
- Set the PrintCollectionDataToDebugLog property to value 1 (PrintCollectionDataToDebugLog=1)
- Save and close the file.
- Restart the PATROL Agent
Server Socket Port still not initialized
You get the following message in your KM log file -
StartShutdownInstanceCollector:[openSocketChannel]: Server Socket Port still not initialized
This message is a warning message and it is shown after restarting Java because Java has not yet sent the port socket. You do not have an action item when such a message is shown in your logs.
Comments
Log in or register to comment.