16.13 Troubleshooting

Action: Administrator must install CA certificate for the server certificate used by AA server in MFA server.

To install CA certificate, copy the CA certificate to the location /usr/share/pki/trust/anchors.

Action: Administrator must install CA certificate for the server certificate used by MFA server in MFA agent.

To install CA certificate, copy the CA certificate to the path /usr/share/pki/trust/anchors. By default, MFA server uses eDirectory certificate and the CA certificate is installed on all MFA agents.

To verify the status of the MFA server, run the following commands:

systemctl status mfa-server.service

systemctl status microfocus-umc-backend.service

systemctl status apache2.service

mfa-server-cli print-config

To verify the status of the MFA agent, run the following commands:

systemctl status mfa-agent.service

systemctl status microfocus-umc-backend.service

mfa-agent-cli print-config

To verify the status of the UMC server, run the following commands:

systemctl status microfocus-umc-server.service

umcServiceHealth -a

Action: Administrator must restart the mfa service on the MFA servers where the configuration changes are not reflecting.

To restart the MFA service, run the command systemctl restart mfa-server.service.

Action: Post Transfer ID migration, if the UMC server is not available, perform the steps provided in UMC Unavailable on the Target Server of the Migration Tool Administration Guide.

When UMC server is available, configure the MFA server.

Action: To resolve this issue, enter “\” followed by the parameter value.

For example, mfa-server-cli policy-config --event=\$xyz