Chat now with support
Chat with Support

Identity Manager Data Governance Edition 8.1.1 - Deployment Guide

Introduction Data Governance Edition system requirements Install One Identity Manager Data Governance Edition Deploy Data Governance Edition components Post installation configuration Authentication using service accounts and managed domains Working with managed hosts and agents Upgrade Data Governance Edition Remove Data Governance Edition Troubleshooting Appendix: NetApp managed host deployment Appendix: EMC managed host deployment Appendix: SharePoint managed host deployment

Uninstall Resource Activity database

Using your preferred database management tool, manually remove the Data Governance Resource Activity database.

Troubleshooting

The following troubleshooting tips are provided to assist you in deploying and configuring Data Governance Edition:

Additional troubleshooting tips may be found in the following guides:

  • One Identity Manager Data Governance User Guide: Troubleshooting tips related to the day-to-day administration of Data Governance Edition
  • One Identity Manager Data Governance IT Shop Resource Access Requests Guide: Troubleshooting tips related to self-service resource access requests and share creation requests.

Data Governance Edition logs

The first place to look when you run into an issue with Data Governance Edition is the logs. The Data Governance Edition logs available are:

Data Governance configuration wizard log

Log name: Data Governance Configuration Wizard.exe.dlog

The Data Governance configuration wizard log is stored as a Trace log document (dlog) in the users AppData directory. For example: C:\Users\MyName.MyDomain\AppData\Local\One Identity\One Identity Manager\Data Governance Configuration Wizard\.

Used for capturing errors encountered while using the Data Governance Configuration wizard to deploy the Data Governance service and create the Resource Activity database.

Data Governance server log

Log name: DataGovernanceEdition.Service.exe.dlog

NOTE: The Data Governance server maintains rolling log files based on settings found in the DataGovernanceEdition.Service.exe.config file, therefore there may be multiple server log files in the Data Governance service installation directory. The first log file is the active log and is being maintained by the server. When this log file reaches a specified size, it is renamed (a number is appended to the name) and a new file is started with the original name.

NOTE: By default, the logging level is set to INFO. To change the logging level to get detailed logging:

  1. Locate the DataGovernanceEdition.Service.exe.config file in the Data Governance service installation directory.
  2. Open the configuration file and edit the following setting:

    <rules>

    <logger name="*" minlevel="INFO" writeTo="logfile">

  3. Change INFO to DEBUG to get detailed logging.
  4. Save the file.

The server log is stored as a Trace log document (.dlog) in the Data Governance service installation directory. For example: %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Server\.

Used for capturing the following information:

  • Data Governance service communication
  • Group resolution and group expansion
  • Agent lease expiration information
  • Points Of Interest (POI) collection information
  • Resource activity updates
  • Security changes made on a resource from the Manager
  • Incoming web service calls related to Data Governance Edition from the One Identity Manager web site

NOTE: In previous versions of Data Governance Edition, individual server log files were generated. Starting with Data Governance Edition version 7.0.2, the logging information from all of these server logs are now available in this single server log file.

Server logs can be viewed as described below:

  • In the Manager, use the Get All Logs task to export the server log to a specified location. From that location, double-click the log file to view the log in the Log Viewer. For more information, see Getting server logs.
  • From the Data Governance service machine, double-click the log file or right-click and select Open to view the log in the Log Viewer.
Applications and Services event logs

Severity error level events and audit events are written to the Applications and Services event logs on the Data Governance server under the "Data Governance" node.

  • Severity error level errors have a "Source" of "Data Governance Edition".
  • Audit events contain information on operations run by the server (such as security changes) and have a "Source" of "Data Governance Audit".
Data Governance agent deployment logs

Log name: <Agent name>_Agent.log

The agent deployment logs are stored as text files in the Agent Deployment Logs folder in the Data Governance service installation directory. For example: %ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Server\Agent Deployment Logs\.

Used for capturing the agent deployment process for each individual agent. There is a separate agent deployment log for each agent installed in your Data Governance Edition deployment.

Agent deployment logs can be viewed as described below:

  • In the Manager, use the Get All Logs task to export the agent deployment logs to a specified location. From that location, double-click the log file to view the log. For more information, see Getting server logs.
  • From the Data Governance service machine, double-click the log file or right-click and select Open to view the log.
Data Governance agent logs

Log name: DataGovernance.Agent.exe.dlog

NOTE: By default, the logging level is set to INFO. To change the logging level to get detailed logging:

  1. Locate the agent's dlog.config file on the host computer in the agent installation directory (%ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Agent Services\<Agent instance directory>\dlog.config).
  2. Open the configuration file and edit the following setting:

    <rules>

    <logger name="*" minlevel="INFO" writeTo="logfile">

  3. Change INFO to DEBUG to get detailed logging.
  4. Save the file.

    No agent restart is required.

An agent log is stored as a Trace log document (.dlog) in a subfolder on the host computer in the agent installation folder. For example:

%ProgramFiles%\One Identity\One Identity Manager Data Governance Edition\Agent Services\DGE_<DeploymentName>_<HostDnsName>\.

Used for logging communications, synchronization processes and data transfers between the Data Governance server and the agent.

Agent logs can be viewed as described below:

  • From the Manager, use the Export agent log task to export the selected agent log to a specified location. From that location, double-click the log file to view the log in the Log Viewer. For more information, see Exporting agent log.
  • From the agent machine, double-click the log file or right-click and select Open to view the log in the Log Viewer.
Web client logs

The Web client log files are located in the following directory: C:\inetpub\wwwroot\IdentityManager\App_Data\Logs.

This directory contains a series of log files all named with a time stamp.

Errors encountered with the web client IT Shop are recorded to the web client logs.

The best way to get the proper log is to replicate the issue and take the file with the greatest timestamp.

Job server logs

The default URL for a Job Server log is: http://JobServerHost:1880/Log

Often when you have errors with Active Directory synchronization or report execution you can find clues in the One Identity Manager Job Server logs. In addition, errors encountered with the process chains used to process resource access requests in the IT Shop are recorded in the Job Server logs.

With a default configuration, you can browse these logs by launching a web browser and navigating to a specific URL on the computer hosting the Job Server.

Manager client log

Log name: QAM.Client.Log.dlog

If experiencing issues with Data Governance Edition inside the Manager client, enable the Data Governance Edition client side logging to determine if the issue is related to the user interface rather than the Data Governance server.

NOTE: By default, the logging level is set to INFO. To change the logging level to get detailed logging:

  1. Locate the Data Governance Edition client log configuration file (%ProgramFiles%\One Identity\One Identity Manager\QAM.Client.Log.config).
  2. Open the configuration file and edit the following setting:

    <rules>

    <logger name="*" minlevel="INFO" writeTo="logfile">

  3. Change INFO to DEBUG to get detailed logging.
  4. Save the file.

The Manager client log files are located in the user profile directory:

C:\Users\<Your User Name>\AppData\Local\One Identity\One Identity Manager\Manager

NOTE: To enable the latest LogView logging for the Manager client, modify the Manager configuration file (%ProgramFiles%\One Identity\One Identity Manager\Manager.exe.config) as follows:

Comment out the following:

<include file="${basedir}/globallog.config" ignoreErrors="true"/>

Add the following:

<include file="${basedir}/QAM.Client.Log.config" ignoreErrors="true"/>

Exporting agent log

From the Agents view in the Manager, you can export the agent log for the selected agents to a location of your choosing. The log files are exported through a background operation and will exist once the background operation has completed. The export operation can be viewed in the Background operations view.

To export an agent log

  1. In the Navigation view, select Data Governance | Agents.
  2. In the Agents view (right pane), select the required agents.
  3. Select Export agent log from the Tasks view or right-click menu.
  4. In the Browse for folder dialog, select the location where the exported logs are to be stored.

    A compressed zip file is created in the location specified. Clicking this zip file displays a trace log document for the selected agents.

  5. Double-click the .dlog file to display the log viewer to view an agent's log entries.
Related Documents