Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 355

2 Select Enabled for File Logging and Echo to Console.
3 In the Component File Logger Levels section, set Application and Liberty to a debug level.
4 Click OK, update the Identity Server, then update the Access Gateway.
5 After enabling and applying the changes, duplicate the issue once more to add specific details
to the log file for the issue.
If the error is the 100101044 error, look at the log file on the Embedded Service Provider for
the error code
If the error is the 100101043 error, look at the log file on the Identity Server for the error code.
On Linux, look at the
6 (Conditional) To view the log files from the Administration Console, click Auditing > General
Logging, then select the file and download it.
7 (Conditional) To view the log files on the device, change to the
On Linux, change to the

 On Windows Server 2003, change to the
directory.
On Windows Server 2008, change to the

directory.
logs
Below are a few typical entries illustrating the most common problems. They are from the
file of the Embedded Service Provider:
catalina.out
"The Embedded Service Provider Cannot Resolve the Base URL of the Identity Server" on

page 355
"Trusted Roots Are Not Imported into the Appropriate Trusted Root Containers" on page 356

"The Server Certificate Has an Invalid Subject Name" on page 356

The Embedded Service Provider Cannot Resolve the Base URL of the Identity Server
When the Embedded Service Provider cannot resolve the DNS name of the Identity Server, the
metadata cannot be loaded and a hostname error is logged. In the following entries, the Embedded
Service Provider cannot resolve the
<amLogEntry> 2009-08-06T16:24:56Z INFO NIDS Application: AM#500105024:
AMDEVICEID#esp-09C720981EEE4EB4: AMAUTHID#2CA1168DF7343A42C7879
E707C51A03C: ESP is requesting metadata from IDP https://
idpcluster.lab.novell.com/nidp/idff/metadata </amLogEntry>
<amLogEntry> 2009-08-06T16:24:56Z SEVERE NIDS IDFF: AM#100106001:
AMDEVICEID#esp-09C720981EEE4EB4: Unable to load metadata for Embedded
Service Provider: https://idpcluster.lab.novell.com/nidp/idff/
metadata, error: AM#300101046: AMDEVICEID#esp-09C720981EEE4EB4::
to connect to a url with an unresolvable host name
</amLogEntry>
<amLogEntry> 2009-08-06T16:24:56Z INFO NIDS Application: AM#500105039:
AMDEVICEID#esp-09C720981EEE4EB4: AMAUTHID#2CA1168DF7343A42C7879
E707C51A03C: Error on session id 2CA1168DF7343A42C7879E707C51A03C,
error 100101044-esp-09C720981EEE4EB4, Unable to authenticate.
AM#100101044: AMDEVICEID#esp-09C720981EEE4EB4:: Embedded Provider
failed to load Identity Provider metadata </amLogEntry>
file, and on Windows, look at the
catalina.out
/var/opt/novell/tomcat5/logs
/Program Files/Novell/Tomcat/logs
/Program Files (x86)/Novell/Tomcat/
idpcluster.lab.novell.com
Troubleshooting the Identity Server and Authentication 355
file.
stdout.log
directory.
log
directory.
name of the Identity Server.
Attempted