KB - Look for Kerberos log messages

Affects product

  • Airlock Gateway

Question or problem

To investigate into Kerberos issues, start with the log messages described below.

Procedure-related prerequisites

  • You need to be logged in as admin in the Airlock Gateway Configuration Center.

Instruction

  • Test preparation on Airlock Gateway:
  • 1.
    Go to: Application Firewall >> Reverse Proxy.
  • 2.
    Edit the Web application's mapping.
  • 3.
    Set the Operational mode to Integration.
  • 4.
    Click on the Activate button.
  • The configuration has been updated successfully.
  • Test preparation - reproduce the issue:
  • 1.
    After changing the Operational mode in Airlock Gateway to Integration, try to reproduce the issue.
  • The issue could be reproduced.
  • Test execution and verification:
  • 1.
    Go to: Log & Report >> Log Viewer.
  • 2.
    Click on Open to load saved searches.
  • 3.
    Select the saved search Logs - All Airlock Logs.
  • 4.
    Enter the search string below in the search field:
  • log_id:(WR-SG-SUMMARY or WR-SG-REJECT* or WR-SG-CAPI* or WR-SG-KERB*)
  • 5.
    Start the investigation with this search string.
  • 6.
    Verify the following:
  • There are no log messages with the log id WR-SG-SUMMARY the action below:
    rejected
    blocked
    There are no log messages with a log id starting with the names below describe a problem with Kerberos:
    WR-SG-REJECT
    WR-SG-KERB
    WR-SG-CAPI
  • There are no log messages indicating a Kerberos problem.