Information about the vastool status command or the vas_status.sh script output
The vastool status command which runs the /opt/quest/libexec/vas/scripts/vas_status.sh script is to provide information and the current health of the product on the system. The script was written to both assist in troubleshooting problems on a machine known to be having issues and as a constant monitoring tool to help notify when machines start having issues. It operates as look but do not touch and does not fix anything. It is efficient and is safe to run on machines in production.
All test messages are of the form:
{FAILURE|CRITICAL|WARNING|INFO}: <Unique Number> <Explanation>
For warnings and information messages returned it does not necessarily mean there is a problem.
All tests/numbers are in the comments in the first area of the script that can be viewed with a text editor.
Each message has a Knowledge Article about it. After running the script, please then search our of Knowledge Base for any messages returned:
https://support.quest.com/authentication-services/kb
The latest version of vas_status.sh is always available from:
ftp://ftp.vintela.com/vas/support/vas_status.sh.gz
If the vasclnt package is installed, the script is located at /opt/quest/libexec/vas/scripts/. Updating the script with a newer version by downloading from the above link is preferred as the script is getting regular updates. In the first of the script which can be viewed with a text editor is a history showing what has been changed/fixed/added.
Main scripting method of telling issues is return code:
0 . Success. Nothing wrong found.
1 . Warning. Something isnt how we recommend it, mis-match information, etc. ( no site for machine, wrong computer object attributes but not in a way that really breaks VAS ). This could also be something expected for normal running of the machine. For example, DB soft lock. That could just be vasd doing an update at that point in time.
2 . Failure. Most issues that breaks something in VAS.
3 . Critical. Major break, cant continue testing, major files missing/corrupt/etc.
5 . No VAS installed.
The highest error type encountered is returned. ( If a WARNING and a CRITICAL are detected, 3 is the return code ).
A successful run will end with the following:
Result: <No tests failed> (02 seconds)
A failure for example would end with somthing like this:
FAILURE: 705 vasd does not appear to be running.
Result: <Test(s) failed> (02 seconds)
When using as a monitoring tool, how often to run it is up to each company to decide. Once an hour seems common. Some are just nightly, more are every 15 minutes. It can also be scheduled to run through the Management Comsole for Unix version 2.5.
vas_status.sh script is meant to find any issue that prevents the machine from being able to authenticate a generic user.
It will not find any user-specific issues like:
1) Users userPrincipalName is not set.
2) The users name is longer then 8 characters and getting trimmed by the OS ( AIX/HP most common ).
3) The users PGID doesnt exist ( common AIX issue ).
It does find things like:
1) vasd cant resolve a DC
2) host/ object in AD moved/password changed
3) the DB is locked ( soft or hard )
The script might warn about perfectly normal behavior. For example, if vasd is in the middle of an update from AD, it might complain that vasd is unresponsive and that the database is soft locked. Thats perfectly fine, if it goes away.
If it doesnt, then the system needs to be looked at.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center