Are you having connection problems between your Admin server and remote agent?

search cancel

Are you having connection problems between your Admin server and remote agent?

book

Article ID: 54876

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

The following article describes about CAM/CAFT configurations, logs and common problems and tips to troubleshoot.

Environment

Release:
Component: ETRADM

Resolution

CA Admin Options that use CAM/CAFT
- Ms Exchange Option (Exchange 5.5)
- Windows NT Option
- Unix Option
- RSA
CAM/CAFT is also installed on the ADMIN SERVER. Each of theses options require the installation of a remote agent.
Installation
- NT/W2K
  The Default folder is \Program Files\CA\SharedComponents\CAM. To locate CAM/CAFT installation folder:
  
  echo %CAI_MSQ%
  
  2 SYSTEM VARIABLES are created by CAM/CAFT installation CAI_MSQ and CAI_CAFT.
  
  Cam is installed as a Service (eTrust Admin Unicenter Message Queuing Service).
- UNIX
  Detection of previous CAM/CAFT installation MARKER FILE /etc/catngcampath.
  
  If CAM/CAFT has been previously installed a MARKER file is created and contains the installation path.
  This directory becomes the installation directory if this directory still exists.
- To check, issue this command as root from the shell
  cat /etc/catngcampath
  If the script does not find the MARKER file, it checks if CAM process is running and will try to locate the installation directory. This directory becomes the installation directory if this directory still exists.
Configuration files
- Theses are located in the root directory of CAM (See Environment variable CAI_MSQ)
- Only the file CAFTHOST.CFG is created during the installation.
- CAFTHOST.CFG - The purpose of this file is to allow connections to local host for incoming requests.
  The file cafthost.cfg contains all hosts that are authorized to submit commands.
  By default only the entry localhost is created by the setup.
  The Hostname of the Admin Server must exist in this file for each remote machine.
  
  Commands that manage this file:
  Add new entry
  cafthost-a
  
  Delete an entry
  cafthost-d
  
  List all entry
  cafthost -l
  
  Note: You don't need to recycle CAM to take care of a new entry when you use cafthost -a.
- CAM.CFG - The purpose of this file is to configure CAM/CAFT
  This file is organized by SECTION
  Change the protocol SECTION PATH
  Increase timeout SECTION CONFIG
  Routing and so on ... SECTION PATH
  
  Commands that manage this file
  
  Create the file with the current setting
  camsave persist
  
  Changing the timeout
  camconfig CONFIG 'client_hold = 3600'
  
  Save the new configuration
  camsave persist
  
  Sample of command set to modify the timeout:
  
  And the result:
  
  Listing all hosts allowed submitting commands:
There is no difference between NT and UNIX platforms. The binaries are located in %CAI_MSQ%\Bin on NT and $CAI_MSQ/bin on Unix.
Logs files
- Cam Logs are located in %CAI_MSQ%\logs on NT and $CAI_MSQ\logs on Unix.
- Caft Logs are located in %CAI_MSQ%\ftlogs on NT and $CAI_MSQ\logs on Unix.
- Files names are identical so Zip them with the FULL PATH to avoid confusion.
- Erasing the Logs:
  cam stop
  cam start -l
  -l option will erase the files in CAI_MSQ%\logs
Start/Stop CAM
- NT
  Cam is usually installed as a service:
  
  The owner of the service should be the administrator, the remote agent launched by CAFT inherits the permissions of the service owner.
  Since the 1.7, only cam.exe is started, CAFT process is started when demanded.
- UNIX
  Use the Script start in $CAI_MSQ/scripts to start CAM.
  This script also sets up the environment.
  
  To check that CAM is up:
  
  To stop CAM:
  
  On NT no CAFT process is running
  
  Tree Structure
Basic Trouble Shooting
- No remote CAFT server Running.
  
  Trying to access Unix Box from the ETA server:
- Always ensure that the NETWORK is not the root cause.
  Use the ping command on the server and client with both IP address and hostname:
  
  Ensure that CAM is up:
  
  No cam process running on Unix Side
  
  or ping the CAM server:
  D:\WINNT\system32>camping frpass00
  camping: Trying 130.119.225.6...
  
  1: camping: TTL expired (2) Message returned: Network error
  2: camping: TTL expired (2) Message returned: Network error
  3: camping: TTL expired (2) Message returned: Network error
  4: camping: TTL expired (2) Message returned: Network error frpass00: camping done, statistics:-
  Sent 4, completed 0, packet size 64 bytes.
  Timed out 4 (100%) (detected: late discard return 0, late completion 0)
  
  After restarting CAM on frpass00
  D:\WINNT\system32>camping frpass00
  camping: Trying 130.119.225.6...
  
  1: reply from frpass00, rtt 0ms
  2: reply from frpass00, rtt 0ms
  3: reply from frpass00, rtt 0ms
  4: reply from frpass00, rtt 0ms
  
  frpass00: camping done, statistics:-
  Sent 4, completed 4, packet size 64 bytes.
  Round-trip (ms) min/ave/max = 0.0/0.0/0.0.
  Timed out 0 (0%) (detected: late discard return 0, late completion 0)
  
  IF CAFT IS STILL NOT WORKING...
- Does the Box have Multiple NIC cards?
  
  NT : Ipconfig /all
  Unix : ifconfig -a (may depend on which Unix...)
- Is there a NAT DEVICE?
  Request a document that explains how the IP addresses are translated.
- Firewall
  Cam uses by default port 4104 for UDP protocol and 4105 for TCP.
  Are theses ports open?
- Access Denied Error:
  
  The Machine is reachable but the command cannot be executed.
  
  Check that the Hostname of the Admin Server exists in CAFHOST.CFG
  
  Add the Hostname of the Admin Server(gilwi02-sol9)
  
  You don't need to recycle CAM if you use the CAFTHOST command.
- Ensure that configuration files exist in CAM root dir.
  At the least, only these files are mandatory
  
  147388 -rw-r--r-- 1 root other 185 Oct 22 14:13 cafthost.cfg
  147387 -rw-r--r-- 1 root other 50 Aug 26 11:36 camclient.cfg

Feedback

thumb_up Yes

thumb_down No