Tips & Tricks: CA Access Control Debugging

Tips & Tricks: CA Access Control Debugging

Anytime you suspect you have problems with Access Control Enterprise Manager or one of its endpoints, before calling support for help, we have compiled a few tips to help accelerate the support process. Of course it is always prudent to have your server types and AC versions available to the support representative before any tickets are created.

AC Policy Fetcher Version

Running the seversion command on the policyfetcher will help validate policyfetcher binary on AC:
server-(/opt/CA/AccessControl/bin)>./seversion policyfetcher
The output will look something akin to:

CA Access Control seversion v12.54.0.624 – Display module’s version
Copyright (c) 2010 CA. All rights reserved.
Running under: Linux

File name: policyfetcher
Version :
Created : Dec 22 2010 23:26:43
OS info : i86PC
SHA1 : 864EE4AB2C7DDDF32A670921CF9B3607B088EB7D
MD5 : C63EBDD32AE9944686B89F828BB2BDC4

AC Watch Dog debugging

You can turn on the debug log for seoswd to see if this is the case.
Here is how:

  1. vi seos.ini
  2. [seoswd]
    watchdog_debug_mode = 2
    watchdog_debug_file = /tmp/watchdog.txt
  3. Start up AC.
  4. Please check the file /tmp/watchdog.txt

DH__Writer Debug mode

The DH__Writer is the service that sends updates from the endpoints back to the DMS for central data repository. In the event policies or events are out of sync between the DMS and the DH, you can place the DH__Writer in debug mode to help deliviate by doing the following:

  1. Stop DH__WRITER via sepmd -k DH__WRITER
  2. Create a file in …/polices/DH__WRITER/ called pmd_debug_level with just the number “2” in it.
  3. Start DH__WRITER via sepmd -S DH__WRITERA new debug log will be created called pmd_debug. Let this run for a while
    and then send the file in along with the sepmd -L for the DH__WRITER.

Quick Check of DH__Database

To run a quick check on the DH__ database follow these steps:

  1. secons -s
  2. cd /opt/CA/AccessControl/policies/Dh__
  3. dhmgr -e -l -f dh__.txt
  4. Upload the output file from the dhmgr command to the CA Support ticket.In conclusion, supplying as much information for the support representative can help move along an ordinarily slow process.

Questions, comments or concerns? Feel free to reach out to us below or at IDMWORKS