Troubleshooting common errors and issues
| Issue | Description | Workaround | 
|---|---|---|
| Problem with handshake while using an HTTPS connection | The certificate on the BMC Helix SSO is a self-signed certificate or is signed by a trustworthy CA. | 
 | 
| BMC Helix SSO server does not start | Configuration issue during start up | Check the catalina.log (located in CATALINA_HOME/logs) for any issues related to the BMC Helix SSO web application. Check the rsso.log file (located in CATALINA_HOME/logs) for exceptions related to the database connectivity (for example, the JDBC URL or the database user login and password). Check the rsso.log file for the exceptions related to the marshalling of the configuration data. | 
| Server exception (stack trace) includes a reference to the com.bmc.arsys.api.session | Configuration issue with Mid Tier authenticator | Verify the BMC Remedy Mid Tier authenticator configuration file to define the BMC Helix SSO authentication plugin. | 
| 623 AR Error | BMC Helix SSO AREA plugin configuration issue | Check the following: General AREA configuration Configuration of the plugin server (RSSO-related info is commented) Corresponding property points to the BMC Helix SSO base URL in the rsso.cfg file. | 
| In HA mode, the server throws an exception. The stack trace includes a reference to com.bmc.rsso.sdk.token.CookieTokenManager. | BMC Helix SSO agent cannot connect to the BMC Helix SSO server to obtain a piece of configuration. | Verify the load balancer settings about the HTTP redirection (3xx status after agent request is unwanted). Correct the BMC Helix SSO server URL in the agent connection. | 
| When using SAML-based IdP, a server exception with the text, "Failed to validate … condition," is displayed in the stacktrace. Note: Stracktrace refers to the diagnostic information in the log file that indicates which Java stack was used when the exception was raised. | The times on the BMC Helix SSO server and IdP server are out of sync. | Synchronize the time across the servers. | 
| When using LDAP-based IdP, the following error is recorded in the BMC Helix SSO logs: SEVERE [LDAP: error code 4 - Sizelimit Exceeded] | The maximum number of entries that the LDAP server can process in one call is less than the number of user entries the BMC Helix SSO server requests in a single call. | To extend the default limit of 2000 of entries, increase the Page Size value for LDAP authentication. For more information about how to do this, see Configuring LDAP authentication. | 
| BMC Helix SSO logs do not include diagnostic information. | Log records with the levels of TRACE and DEBUG are filtered by the Logging level setting. | Check the logging level in the BMC Helix SSO Admin Console. Check the log configuration file (RSSOInstallFolder/WEB-INF/classes/ log4j.properties). | 
