Thursday, February 03, 2011

Learning from your mistakes


I love making mistakes.  It's probably the best teacher in this world of Identity Management. In honor of that (and before the technical content, some thoughts on making mistakes:
Never say, "oops."  Always say, "Ah, interesting."  ~Author Unknown
It's always helpful to learn from your mistakes because then your mistakes seem worthwhile. ~Garry Marshall, 'Wake Me When It's Funny'
Lost some time on my current project while NetWeaver needed to be reinstalled, no big deal since I could prototype a few things on my local environment and try and prepare for some of the challenges we knew would be coming up. Nevertheless, as soon as the server was ready, I was eager to get going.


Reconfiguring NetWeaver went through without a snag.  We even were able to observe a few things that were done differently the rebuild and documented some best practices. When things are going this well, I should know better and start concentrating on what I'm missing. There's just too many things going on for things to be going this smoothly.


We configured the JDBC Driver and then the JDBC Datasource (IDM_DataSource) which went through without a problem (and part what caused us grief before)  My "Spidey Sense" should have been going off like crazy now.


We then went in and configured the Roles and a test user.  Then we setup that same user in the Identity Store via the MMC console. Now it was time for the big test, loading the Web UI, which came up with no errors (We were also getting Access denied, service down messages from the Web UI last time around). We logged in, which was further than we got before, but we still had a problem.

We only saw the Monitoring tab.  I checked the assigned roles for the user and removed idm.monitoring.admin (my read/write role for monitoring), logged back in and still only saw monitoring.  How strange.

Did some thinking, did some Googling, read some slightly related SDN posts with no clear relation or answers and did some more thinking.

As I pondered the install process and the login process, it hit me! Turns out we were so excited that we skipped an essential step!  We never configured the JMX layer and set the Identity Store value or the Keys.ini location. (Good thing I only tried to log in and not change any passwords!)

Loaded NetWeaver Visual Administrator, navigated to the Configuration Adapter node and found the tc~idm~jmx~app node and flipped on edit mode, made the two changes and I don't even think I needed to log in again, all my tasks came up on a Web refresh.

I made a dumb mistake and got ahead of myself.  Fortunately we got it all working without too much time lost.

So what did I get from this:
  1. Always follow the documentation.  It's the best way to make sure you don't forget anything.
  2. If you're having a problem, use tools like Google and SDN.  Even a "slightly related" posting can help you brainstorm.
  3. Get another set of eyes to look things over. People from the BASIS team can be your best friends here.  Even if they've never heard of IDM, they probably know more NetWeaver than you.
  4. When all else fails, go back to #1 and RTFM, most likely you misread something!
One of the interesting things about mistakes is that a lot of people (including famous ones) make them all the time. So in honor of that, here's some more quotes:
Do not fear mistakes. You will know failure. Continue to reach out. ~Benjamin Franklin 
I've learned that mistakes can often be as good a teacher as success.  ~Jack Welch 

3 comments:

José Luis de la Mata Sacristán said...

Hi I have "access denied- service down" error...

I follow gide "Installing and configuring the Identity Management User Interface" ... Datasource and Uses in MMC console are ok but the error persists...

Any suggestion?

José Luis de la Mata Sacristán said...

Hi,

I've "access denied-service down" error... I followed "Installing and configuring the Identity Management User Interface" guide, and Datasource and MMC defined user I think thar are ok!!

Any sugestion?

Matt Pollicove said...

Jose,

Usually I've found that there's a NetWeaver / UME configuration issue somewhere. I'd suggest checking again. Good luck!