14.8 Issues on Federated Servers

14.8.1 Permission Denied

After doing a distributed search, check the extended status page to view the search status. If the search is not successful, check the following possible causes:

  • The data source server administrator might have disabled data federation on the data source server. To enable data federation on the data source server, see Step 3 in Allowing Access to an Authorized Requestor Server.

  • The data source server administrator might have disabled the authorized requestor server for data federation. Ensure that the authorized requestor server is enabled in the data source server. For more information, see Allowing Access to an Authorized Requestor Server.

  • The role that you used to connect might not have the Search Data Targets permission.

14.8.2 Connection Down

  • Network issues in your organization.

  • Change Guardian servers or Change Guardian services might be down.

  • Connection might have time-out.

  • The IP address or the port number of the data source server has changed, but the authorized requestor configuration might not be updated.

14.8.3 Unable to View Raw Data

The Proxy group that is assigned to the authorized requestor might not have the view all events permission to view the raw data.

14.8.4 Problems While Adding Data Source

The authorized requestor server and the data source server might not be communicating with each other. Ensure that the firewall and NAT are set up properly to allow communication in both directions. Ping both ways to test.

14.8.5 Some Events Are Only Visible from the Local System

You might not be able to view the events from the data source servers for one of the following reasons:

  • The trial license might have expired. You must purchase an enterprise license to reactivate this feature to view events from the data source servers.

  • The user who has logged in to the authorized requestor has one set of permissions on the local data, such as view all data, view system events, security filter settings, and the search proxy group has another set of permissions, possibly more restrictive. Therefore, certain types of data, such as raw data, system events, and PCI events, might be returned only from the local system and not the data source server.

14.8.6 Cannot Run Reports on the Data Source Servers

The trial license might have expired. You must purchase an enterprise license to reactivate this feature to run reports from the data source servers.

14.8.7 Different Users Get Different Results

Different users might have different security filters or other permissions and therefore get different results from a distributed search.

14.8.8 Cannot Set the Administrator Role as the Search Proxy Role

This is by design, for security reasons. Because the data viewing rights for the administrator are unrestricted, it is not desirable to allow the administrator role to be the search proxy role.

14.8.9 Error Logs

You can also determine the cause of a search failure by examining the log file on the authorized requestor server. The default location for the log file is /var/opt/novell/Change Guardian/log. For example, you might see one of the following messages:

Invalid console host name 10.0.0.1 
Error sending target request to console host 10.0.0.1
Error getting certificate for console host 10.0.0.1 
Authentication credentials in request to opt-in to console 10.0.0.2 were rejected 
Request to opt-in to console 10.0.0.2 was not authorized 
Error sending target request to console host 10.0.0.1