Connection Manager Errors
Any errors that the Connection Manager produces are passed back to KClient and written to the system log. These will then be displayed by KClient in a message box. This example is caused by the system administrator creating a /etc/nologin file with the contents:
System locked for software upgrade.
Errors that arise when using the administration functions via a web browser are handled in two ways:
In the latter case the error is reported to the to the system log.
Here is the list of errors that can occur.
| Example Error message | Platform | Cause | Remedy |
|---|---|---|---|
| Cannot find server program '/usr/local/kcml/kcml' | All | The Connection Manager attempted to execute a copy of KCML that does not exist | Make sure that the kcml file exists at the specified location in the <kweb_services> section of kconf.xml |
| Access to '/usr/local/kcml/kcml' not allowed | Unix | The file permissions on the kcml executable do not allow you to run the program | Use chmod and chown to set the correct permissions on kcml |
| ERROR: Access denied. Problem finding service 'Sales' | All | The KClient Connection specified a service called Sales which does not exist in kconf.xml | Check spelling of the service name in the KClient connection, or add the service to kconf.xml |
| ERROR: Access denied. Problem setting service 'Sales' | All | The service's environment section tried to load an include file which doesn't exist | Check that the file exists or the pathname in kconf.xml is correct. |
| ERROR: Access denied for client '11.22.33.44' | All | A connection was made from a machine with an IP address of 11.22.33.44, but this address was not allowed by the valid clients access control list. | Add the 11.22.33.44 address to the valid clients section, or add the pattern 11.22.33.* to allow the subnet. |
| ERROR: Access denied for user 'fred' | All | A user, called fred, attempted to login but was not allowed by the valid users access control list. | Add user fred to the valid users access control list. |
| ERROR: Access denied to service 'Sales' for user 'fred' | All | A user, called fred, attempted to login to the Sales service but was not allowed by the the services's private valid users access control list. | Add user fred to the valid users access control list for service Sales. |
| ERROR: Access to service 'Sales' denied for client '11.22.33.44' | All | A connection to service Sales was made from a machine with an IP address of 11.22.33.44, but this address was not allowed by the the services's private valid client access control list. | Add the address 11.22.33.44 or pattern 11.22.33.* to the valid clients access control list for service Sales. |
| ERROR: KClient access to service 'Sales' is not allowed | All | The connection property of service Sales has been set to false | Set the <connection> property to true |
| Cannot access home directory | Unix | The user's home directory does not exist or it has bad file permissions | Check home directory is spelt correctly in the account properties. Check the directory exists. Change the ownership or permissions of the home directory using chown or chmod. |
| Access Denied | Unix | The user's home directory doesn't contain a .kcmlLogin file | Use the Look up user name links or create a .kcmlLogin file manually |
| System locked by /etc/nologin | Unix | The root super-user as locked the system with an empty /etc/nologin file | Wait until the system has been unlocked |
| There have been too many unsuccessful login attempts | AIX | The user's account has been disabled because they have consecutively failed to login too many times. | Have the system administrator reset the account |
| Your account has been locked | AIX | The user's account have been disabled by the system administrator | Have the system administrator unlock the account |
| You are not allowed to login at this time | AIX | The account is only allowed to login at certain times | Only login when you are allowed to |
| Cannot open PAM configuration file '/etc/pam.d/kcc'. Users may not be able to login on port 790 | Linux | Missing PAM configuration file | Need to create a set of authentication rules for PAM |
| Failed to initialise PAM for service 'kcc' ... | AIX 5.3, HPUX 11, Linux, Solaris | PAM failed to start up, probably due to a error in its configuration files. | Check the syslog for errors from the PAM library. Check the OTHER rule in /etc/pam.conf, or for Linux /etc/pam.d/other. Make sure that only the super-user, root, has write access to /etc/pam.conf |
| Access to /admin is not allowed. WEBADMIN is false|not set. | All | Access to the admininistration functions is disabled because WEBADMIN has not been set to true | Setting WEBADMIN to true in the general section of kconf.xml will allow all users to see the administration functions. Alternatively it can either be set in the admin users or valid users sections so that access to the administration functions is restricted to a trusted set of users. Note that only admin users can make changes; a valid user has read-only access. |
| Unable to log into hostname. The system is too busy. | AIX5, Linux, HPUX 11 | The -w switch is being used to balance system load, and the server's system load has not dropped below the minLoad value after maxRetry attempts. | Increase the minLoad, maxRetry or delay values. |
| SOAP Error for URL 'Sales/stockInfo': Failed to change to user 'fred' | Unix | The stockInfo SOAP service has been setup to execute as user fred, however the Connection Manager was unable to assume this user's identity | Check that the user account is valid, for example use this account to login a KClient session. |
| SOAP Error for URL 'Sales/stockInfo': Access to service 'Sales' for user 'fred' is not allowed | 6.20, 6.40: Unix 6.65+: All | The Sales service has a stockInfo SOAP interface whose is executed as user fred, but this user ID is not in the service's valid users access control list | Change the SOAP service's user ID to a user that exists in the service's access control list or, add user fred to the service's access control list |
| Unknown client connected on '11.22.33.44' | All | The Connection Manager was unable to determine the type of client program that established the connection | Can be caused by failing to configure KClient correctly. Make sure KClient defines the 'Connect to Service' property |
| Username 'fred' or password incorrect, connected from '11.22.33.44' | All | User ID 'fred' does not exist or the password is incorrect. Incorrect password database configuration. | Check that a user has the correct username & password. Can also be caused by incorrect PAM configuration. Check that the /etc directory is readable by group and everyone, 0755 permissions. For AIX5.3+, HP-UX11 & Solaris, check that /etc/pam.conf can be read by everyone, write access should only be available to the root super-user, 0644 permissions. |
| KClient connecting from 11.22.33.44 does not support switching to SSL/TLS | Unix | The connection policy requires KClient to switch to SSL, but the client does not have that capability | Upgrade to KClient 6.90 or 7.0 |