I have to maintain a legacy workflow app still running with XpertIvy 3.9. The users of the application are synchronized from our MS Active Directory.

Recently I got reports that some users are not able to connect to the WebApp. What can I do to verify and trace the ActiveDirectory user synchronization?

asked 01.05.2019 at 03:02

SupportIvyTeam's gravatar image

SupportIvyTeam ♦♦
accept rate: 77%

Logging with Xpert.ivy 3.9

Logs in 3.9 are not written to files as you'd might expect. But stored in the SystemDatabase. Before you start analyzing any logs, you may verify the Level of logs, that will be kept in the database. To do so, run [xpertIvyInstallDir]/bin/XpertIvyServerConfig.

alt text

The LogLevel INFO should be sufficient for most ActiveDirectory analyses. Nevertheless FINER will bring more detailed results about synchronization runs that have started or ended. Save and restart the XpertIvyServer if you had to adjust the LogLevel.


Logs in the SystemDB can grow huge and either decrease the performance of the WorkflowApp or in worst case make the system inaccessible (due to the lack of disk_space). Therefore it is good practice to clean entries in the table ilog_log regulary e.g. with a cron job or schedulded task.

Analyze the JNDI import logs

With the logViewer binary : Convenient for re-usage!

  1. start the logviewer binary [xpertIvyInstallDir]/bin/LogViewer
  2. Connect to user server: using user PowerCustomer and password PowerUser : https://developer.axonivy.com/releases/ivy/3.9.latest/documents/ServerGuide/logviewer_login.htm
  3. configuration tab: add, select and apply a session
  4. configuration tab: add a filter for the category ivyteam.webapp.workflow
  5. Log Entries: inspect log entries related to JndiUserThread
  6. Optional: go back to the User tab and store your session/filter for later re-usage

alt text

With the SystemDB : fast alternative if you are unable to use the LogViewer

  1. Open the DMBS front-end that can access the system database of your server.
  2. Fire a query (see below) to select logs categorized to ivyteam.webapp.workflow
  3. Inspect LogDetailMessages


SELECT * FROM ilog_log as entry
JOIN ilog_category c on (c.CategoryId = entry.CategoryId)
WHERE c.CategoryName = 'ivyteam.webapp.workflow'
AND entry.LogDetailMessage LIKE '%JndiUser%'

alt text

Verify the applied configuration

View and verify the Active Directory configuration of your Xpert.ivy WebApp.

  1. Open the AD-Configuration: Via ivy-Webinterface >> Admin ( link in header) >> Click on the 'ivy' icon of the affected WebApp >> Deactive App >> Confirm deactivation >> Edit AAA alt text
  2. Open a simple ActiveDirectory Browser third party tool (such as JXplorer). And connect using the same URL, credentials and BaseDN (context) as configured in the ivy-Webinterface. alt text alt text

Items to verify:

  • lives the user in the import Context defined? or is it an imported user from an external AD (forest)?
  • does the LDAP Filter for users definition block the user. Is there a need to have a certain property which some users don't have?
  • is the Only import members of user group active? And if so, is the user really a member of this group?

answered 01.05.2019 at 03:14

Reguel%20Wermelinger's gravatar image

Reguel Werme... ♦♦
accept rate: 70%

edited 02.05.2019 at 02:42

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 01.05.2019 at 03:02

Seen: 1,709 times

Last updated: 02.05.2019 at 02:42