SafeLinx Administrator problems

Review the questions and answers that follow for possible solutions to SafeLinx Administrator issues.

Browse the following questions and answers to help resolve SafeLinx Administrator issues.

Answers to the problems with SafeLinx Administrator include:

  1. When logged in as default SafeLinx Server administrator (admin), there is no top-level OU in the Resources tab. What do I do?
    Check:
    • That there is a connection from the SafeLinx Server to the Relational Database.
    • The base distinguished name (base dn) on the Properties window of the access manager resource. It must match the suffix that you specified when you configured your Access Manager. Check the wgated.conf file in the C:\Program Files\HCL\SafeLinx Server or /opt/hcl/SafeLinx Server (Linux) directory for the base dn attribute. This is the original value configured.
  2. When logging into the SafeLinx Administrator, I get a message "Failed to connect to the persistent data storage for configuration information." What do I do?

    The SafeLinx Server cannot connect to the configured Relational Database where it stores the configuration. If the database is local, ensure that the database instance is started and running. If the database is remote, ensure that the database instance is started and running as well as allows connectivity from the SafeLinx Server. Also verify that the configured administrator password to the database and the password stored with the SafeLinx Server are the same.

  3. Is there a way to reset a lost or forgotten password for the SafeLinx Administrator?

    To reset the password, edit the superuser.conf file in the /conf directory in the installation path for your SafeLinx Server machine. Edit the userPassword field and set it to a plain text password. HCL SafeLinx hashes the password for you so that it is not readable by others who later view the file.

    Note: In order for HCL SafeLinx to hash the password in the superuser.conf file, it needs to write out to the file again. A best practice to change the default Administrator account (admin) password is to use the File > Change Login Password feature for the SafeLinx Administrator, which will write out the password to this file.
    If, however, hand-editing is required, completing the following procedure will obscure the password after it has been changed:
    1. Edit the superuser.conf file and change the userPassword field to enable getting into the SafeLinx Administrator.
    2. Close the superuser.conf file
    3. Launch the SafeLinx Administrator and log in with the updated password.
    4. Click File > Change Login Password > and again change the default Administrator password for the admin user account. This action forces HCL SafeLinx to write to the superuser.conf file and this time when it does it hashes the password so that it is not visible.
  4. I received the message "Selected Gateway does not match the access manager to which you are logged in." What do I do?

    This problem can be a result of the SafeLinx Server (or in the message, the Gateway) having a configuration mismatch with what is stored in the datastore. The mismatch is between the value for the common name (CN) as stored in the wgated.conf file and the host name attribute stored as the Gateway identifier value in the configuration store.

    Resolving the Problem

    Either rename the Gateway identifier to match what is stored in the configuration store, or update the configuration store to match the Gateway identifier.

    To change the Gateway identifier to match what is stored in the configuration store:
    1. Edit the properties of the SafeLinx Server.
    2. Click the Gateway tab.
    3. In the Gateway identifier field, enter the host name of the SafeLinx Server as it is stored in the configuration store.
    Alternatively, the problem might also be how the SafeLinx Administrator Login Profile is configured. With the SafeLinx Administrator open, edit the Login Properties for the login account being used:
    1. Click File > Login Profiles.
    2. Select the profile that receives the warning message above. Select the account, and then click the Change button. A best practice is to use the fully qualified host name of the SafeLinx Server that is being administered. If using the IP address of the SafeLinx Server, be sure to deselect the box to perform host resolution.
  5. When logged on to the SafeLinx Administrator, nothing displays in the Tasks pane within the Resources tab. What do I do?
    Check:
    • The Refresh button. It is not active until the resources are shown in the Tasks pane.
    • To see whether the administrator ID does not have access to any resources. Click File > Access Control Lists to display the access lists for the currently logged in administrator ID. Add access control lists to the ACL profile for resources that you want this administrator ID to control.
  6. An administrator who uses an ACL profile cannot view certain resources or property fields are empty. What do I do?

    Make sure that you have an access control list profile that provides an ACL to all the resources you need. For example, make sure that the ACL profile has an ACL for Password policies, if you want to be able to set one for a user.

  7. Attributes of the SafeLinx Server or its subordinate resources are not displayed correctly when SafeLinx Servers are defined for different operating systems. What do I do?

    If SafeLinx Server objects which run on different operating systems are defined in the same data store, they are all displayed in the Tasks pane. If you log on to any of the access managers in the Tasks pane, you can see and access all the Connection Managers there. SafeLinx Server objects and their subordinate resources might display incorrectly if such objects are defined for different operating systems in the same data store. Do not attempt to edit SafeLinx Servers or their subordinate resources other than those resources for the one you are logged on to. If you do, some of their attributes might not display correctly if they run on a different operating system from the access manager you are logged on to. For this reason, do not modify the properties of cross-platform resources.

  8. Someone modified the properties of the default administrator, admin, and I cannot access the SafeLinx Server through the SafeLinx Administrator. What do I do?

    Use the command-line interface to modify properties of the administrator account to reestablish login rights. For example, to display all properties of the admin account, from a command prompt on the Windows Server enter:

    lswg -l cn=admin -X

    If the command shows that the account was locked, as <locked>1</locked>, unlock the account by entering:

    chwg -l cn=admin -a locked=0