Sunday, June 22, 2014

Introduction to Troubleshooting


This is my attempt to start a troubleshooting topic for Centrify Server Suite.  I use the word 'attempt' because people have two attitudes when it comes to problem solving.
  • The wrong way (e.g. brute force):  I was tasked to do something (get from point A to point B) and suddenly I had an issue, so I use anything I can (help, Google, etc) to find references to the problem, attempt many approaches until I fix it and I move on.
    We've all used the wrong way.  The problem lies in that the issue I had wasn't relevant to the bigger goal I want to accomplish, so I pay very little or no attention.  All I want is to get from A to B.
  • The right way (e.g. understand the issue, find the root cause, solve it so it does not happen again):  Here you go to the documentation, try to understand how things work, determine the issue and implement a mechanism that stops it from happening again (even if it means rethinking how to get from A to B, or maybe determining that the journey is not from A to B, but from A to D).
    The right way is typically used when there's value to what we're doing or that we'll be stuck doing this work, so we might as well learn to do it well.

Troubleshooting Ground Rules

  • We will try to use "the right way"
  • We will summarize the problem just in case you want to solve it the "wrong way"
  • There is no structure, the troubleshooting topics will be selected at random.
  • We will try to keep things simple, but sometimes we'll go deep and show you some logs :)
  • Same rules of the blog:  no Express, no Deployment Manager, no Classic zones.

What do you need to know to be an effective Centrify SME 

  1. You need to know the basic security principles and security controls:  Centrify for Servers is a Security product it deals with Authentication, Authorization and Auditing.  You need to understand why you're doing what you're doing.
  2. You need to understand Active Directory:   I can't stress this enough.  If you only know about UNIX, Linux or Mac OS X you are missing  60 to 70% of the knowledge needed to be an effective Centrify subject-matter-expert.  If you have any doubts about these terms:  LDAP, Kerberos, Group Policy, Sites and Services, Domain Controllers, DNS, Global Catalog, FSMA Roles, SRV Records, Replication, UPN, SPN, sAMAccountName, PKI, SysVol, Built-in groups, Domain Trusts, Forest, Domain, Site, etc.
  3. Basic understanding of TCP/IP including DNS, TCP/UDP ports, Ephemeral Ports
  4. Understand Kerberos (you don't need to become an expert).
  5. Do not pretend that Windows does not exist.
  6. If you are supporting Linux/UNIX, know at least a base level of what you're doing.
  7. Know what the UNIX  Name Server Switch (NSS) and Pluggable Authentication Modules (PAM) frameworks are about.
  8. For User Suite:  Read a Mac Admin Book, Read about federation standards (federation <> authentication), Office 365, etc.

My Advice

The best advice I can give you when it comes to troubleshooting is to always step back and ask yourself (without any implementation details) - "what is it that I want to accomplish?" "does it make sense?"
If you are trying to do something and you don't know WHY you're doing it - you are in trouble.
Also, recognizing competency gaps is important; if you don't have a grasp on the knowledge outlined above you may be in over your head;  the good thing is that we can always learn.

To find troubleshooting topics, follow the category bar.

Good Luck!!

No comments:

Post a Comment