Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Self-help Guide
This self-help guide provides recommendations and guidelines on how you can troubleshoot the SWIFT environment.
20 January 2012
Self-help Guide
Table of Content
Table of Contents
1 The SWIFT environment in a nutshell ....................................................................................3
1.1 1.2 Introduction .............................................................................................................................3 Message flows ........................................................................................................................4 1.2.1 SWIFTNet FIN using a FIN CBT through an Alliance Gateway ......................................... 4 1.2.2 Accessing a SWIFTNet Browse service from an Alliance WebStation ............................... 5 1.2.3 An Alliance WebStation / Alliance WebPlatform Browse connected to an Alliance Gateway ............................................................................................................................................ 5 Regular activities .....................................................................................................................6 2.1.1 Daily activities ..................................................................................................................... 6 2.1.2 Weekly activities ................................................................................................................. 6 2.1.3 Monthly activities ................................................................................................................ 6 2.1.4 Mid-Year activities .............................................................................................................. 6 Best practices ..........................................................................................................................6 2.2.1 For a system upgrade ......................................................................................................... 6 2.2.2 For resilience ...................................................................................................................... 7 FIN CBT ..................................................................................................................................8 Alliance WebStation ................................................................................................................9 Customer network .................................................................................................................10 Alliance Gateway ..................................................................................................................13 SWIFTNet Link ......................................................................................................................14 Connection between SWIFTNet Link and the VPN box .......................................................15 5XT VPN box ........................................................................................................................16 SSG5 VPN box (Alliance Connect) .......................................................................................18 Connection between SWIFTNet Link and the HSM box .......................................................20 HSM box ...............................................................................................................................21 Alliance WebPlatform ............................................................................................................24 PKI & Online Operations Manager ........................................................................................25 RMA ......................................................................................................................................25 Methodology ..........................................................................................................................26 Collecting evidences .............................................................................................................27 4.2.1 Alliance Access/Entry ....................................................................................................... 27 4.2.2 Alliance WebStation ......................................................................................................... 27 4.2.3 Alliance Gateway .............................................................................................................. 27 4.2.4 SWIFTNet Link ................................................................................................................. 28 4.2.5 The HSM box .................................................................................................................... 28 4.2.6 Alliance WebPlatform ....................................................................................................... 29 Organization ..........................................................................................................................30 Services ................................................................................................................................30
2.2
Troubleshooting .......................................................................................................................8
3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13
20 January 2012
Self-help Guide
1
1.1
2.
3.
4.
5. 6.
7.
8.
9.
20 January 2012
Self-help Guide
1.2
Message flows
Introduction
Four message flows for typical SWIFTNet services are described below. The diagram illustrates each message flow.
1.2.1
2.
3.
4.
20 January 2012
Self-help Guide
5.
The VPN box has established IPsec tunnels with the SWIFTNet central systems through the MV-SIPN network. These tunnels are established over physical lines between your premises and the MV-SIPN Backbone Access Points. The SWIFTNet central systems are connected to the FIN application servers at SWIFT, which send back a SWIFTNet FIN response to the initial FIN CBT. When a FIN ACK response message is received, you are assured that the FIN application will deliver the original message to the intended receiver. On the other hand, a NAK message indicates that an error occurred and that the message cannot be delivered to the intended receiver.
6. 7.
1.2.2
2. 3.
1.2.3
20 January 2012
Self-help Guide
2
2.1
2.1.1
2.1.2
Weekly activities
Check the SWIFTNet Link connectivity after a weekend when SWIFTNet maintenance activities are performed (see www.swift.com/support for the planning of the full year) Check the connection to the HSM box by performing the SwHSMSelfTest command Archive the Alliance Gateway logs and journals Archive and backup the Alliance Access and Entry messages and events
2.1.3
Monthly activities
Restart SWIFTNet Link and Alliance Gateway, in order to ensure that the processes that use certificates are stopped. By performing this restart, the certificates can be renewed the next time that they are used to log on. Open all the PKI certificates at least once. Use the CertInfo command (see SWIFTNet Link 7.0 - Operations Guide - Certificate Management for SWIFTNet Link on the SWIFTNet Link on User handbook online) Back up all the PKI certificates after you have opened them. Use SNL_BackUp.pl command to backup files for a specific SNL instance and use SwHSMBackupRestore.pl command to backup all SWIFTNet PKI certificates & SSL certificate contained within the HSM box. Test the unused spare VPN box (see the VPN box section in this guide) Check the correct functioning of your fallback connectivity.
2.1.4
Mid-Year activities
2.2
2.2.1
Best practices
For a system upgrade
Before installation
Take a full system backup Note the version of the operating system and patches Read the release letter and check the operating system release and patch levels Check the Knowledge Base for any known issues
After installation
Take a full system backup
20 January 2012
Self-help Guide
Back up all the PKI certificates after you have opened them. Use the SNL_BackUp.pl command (see SWIFTNet Link 7.0 - Operations Guide - Backup/Restore for SWIFTNet Link on User handbook online) Run the swiftnet status, command and save the output in a new reference file. Do this when the SWIFTNet Link is running.
2.2.2
For resilience
Building a resilient infrastructure can be done by duplicating the components in various configurations. Your prime site should not contain any single point of failure. This ensures that you can continue the operation in case of a failure of a component, instead of having to wait until the component has been replaced. See the SWIFTNet Resilience Guide for the possible configurations. Back up all the PKI certificates after you have opened them. For critical operations, SWIFT recommends that you build a disaster site to continue the operation after a major problem in the prime site. It should be possible to switch to the disaster site in 2 hours and to start the processing of the business traffic in 4 hours after a prime site failure. The disaster site should be kept upto-date and the fail-over procedures should be tested twice per year. Alternatively, you can also spread the operations over two sites that are simultaneously active. Procedures to re-route the traffic to one site in order to cope with a site failure should also be tested twice per year. Special care should be taken on the organisational aspects and on the usage of PKI certificates in recovery scenarios.
20 January 2012
Self-help Guide
Troubleshooting
3
3.1
Troubleshooting
FIN CBT
FIN CBT - Table of symptoms
Symptom Unable to login to FIN Investigation 1. FIN logical error received, for example, L33 or S33 (Login or Select sequence number error) 2. FIN CBT error Action Correct the error according to the error description and send another Login. See SWIFT Knowledge Base FIN Error Codes and the FIN error codes for Login, Select and Abort Check the error message and the related events. Correct the problem (for example, disk space error) and send another Login. See the FIN CBT documentation from the vendor. Check the events in the CBT and check the connectivity to the next component. Continue with the SWIFTNet Link section in this guide or with the customer network section in case an Alliance Gateway is used. This problem may occur due to an intervention at SWIFT. We recommend that you activate the Auto Re-connect feature, in order to minimise the duration of the disconnection. See SWIFT Knowledge Base FIN Error Codes, and SWIFTNet FIN errors See SWIFTNet Link error codes SWIFTNet FIN errors In case of frequent aborts, check the FIN CBT connectivity to SWIFTNet. Continue with the SWIFTNet Link section in this guide or with the customer network section in case an Alliance Gateway is used. NAKed messages are kept in a message correction queue for manual correction. Check the FIN error code in field 405 of the NAK message. The message can be corrected and can then be re-sent later on. See SWIFT User Handbook FIN Error Codes Ensure that all the FIN Logical
1.
APC or FIN abort error received in the CBT logs, for example, A90
2.
SWIFTNet FIN protocol errors in the CBT logs, for example, FS012, SA100, SS100
Message format errors, for example, T13 or H20 (Text error or Header error)
1.
20 January 2012
Self-help Guide
Troubleshooting
Investigation
Check the system specifications with the recommended sizing See SWIFTNet Connectivity Packs
3.2
Alliance WebStation
Alliance WebStation - Table of symptoms
Symptom Unable to log on to a stand-alone Alliance WebStation Investigation 1. Problem with the authentication of the user on the HSM Action Check whether the cables are correctly connected, and whether the HSM is correctly inserted. See Alliance WebStation User Guide - Daily logon procedure. Verify whether the certificate is still valid, and recover the certificate if necessary (Security Officer profile required). See Alliance WebStation User Guide - Recovering Your User Certificate Use the Online Check Link tool or run the command testtcp.bat. See Alliance WebStation User Guide - Verifying the connection to SWIFTNet In case of failure, check the connection between SWIFTNet Link and the VPN box. The SWIFTNet user or the Alliance Gateway operator is not properly defined. Check whether the entered user name is an enabled SWIFTNet user. Check whether the certificate that is linked to the user is still valid at SNL level, and recover the certificate if necessary. See Alliance Gateway Operations Guide - The SWIFTNet Users module: Managing certificates used by SWIFTNet users Otherwise, continue with the SWIFTNet Link section in this guide. Check whether the entered user name is a valid and an enabled Alliance Gateway operator. Check whether the entered password is
2.
1.
SwGUI.203.007: Logon failed. Click on More Info... Sw.04.002: Could not create the security context Sag:System.001.001: Operator is not entitled to perform the operation
20 January 2012
Self-help Guide
Troubleshooting
Symptom
Investigation
Action correct. See Alliance Gateway Operations Guide - The Operators module
2.
SwGUI.203.010: The connection with the SAG is lost or cannot be established Web Server unreachable
There is a problem with the connectivity to Alliance Gateway. See the customer network section and the SWIFTNet Link section in this guide. Run checkip <URL><port> TCP See the SWIFT CheckIP User Guide. Contact the service provider for the correct URL and for information about the port number Check the validity of the certificate in the standard browser configuration and in the preferences. Recover the certificate if needed (Security Officer profile required) See Alliance WebStation User Guide - Managing SWIFTNet Users, Browse Users, and Message Routing Rules Run checkip <HTTP proxy IP address><HTTP listening port> TCP See SWIFT CheckIP User Guide In case of failure, verify the settings of your browser, then check the customer network components and the status of the HTTPS proxy. See Alliance Gateway Operations Guide - Configuring Browse Traffic Contact the service provider in order to request the activation of the user on the service
1.
2.
3.
4.
3.3
Customer network
Customer network - Table of symptoms
Symptom Connection problem between Alliance Gateway and a vendor product, the FIN CBT or Alliance WebStation Investigation 1. Connectivity with the applications that are based on Remote API (RA) Action On the RA host: Run sag_system saguser <username> -sagpwd <passwd> - status system See Alliance Gateway Remote API Operations Guide - Remote Administration of SAG on User
20 January 2012
10
Self-help Guide
Troubleshooting
Symptom
Investigation
Action handbook online. In case of failure: - Run ping <SAG host> in order to check the connectivity at IP level, and check the firewall configuration - Run telnet <SAG host> <SAG port> and verify whether the listening port exists for the hostname that is provided in the sagta_ra.cfg. See Alliance Gateway Security Guide - Security Configurations and the SWIFTNet Network Configuration Tables Guide Alliance Gateway customers on the User handbook online. Check whether the SAG bootstrap is started See Alliance Gateway Operations Guide - The Alliance Gateway Bootstrap Check whether the IP address, the port number and the SSL mode are correctly configured on both the RA host and the SAG host See Alliance Gateway Remote API Operations Guide Configuring Remote API on User handbook online. If the command is successful, then the problem could be intermittent Check the dynamic parameters of the firewall See SWIFTNet Network Configuration Tables Guide Alliance Gateway customers on User handbook online Check the logs of the network components between RA and SAG, for dropped packets
2.
Run ping tests from the SAG host to the Queue Manager host from the application host to the Queue Manager host In case of failure, check the network components between the application host and the SAG. Check the log files of the components for any dropped packet. See Alliance Gateway Security Guide - Security Configurations,
20 January 2012
11
Self-help Guide
Troubleshooting
Symptom
Investigation
Action and the SWIFTNet Network Configuration Tables Guide Alliance Gateway customers on User handbook online. Check the configurations of the components MQHA on the SAG computer Queue Manager and queues MQ configuration in the application software the SSL mode that is used See Alliance Gateway MQ Host Adapter Configuration Guide. Run a complete connectivity test Run mq_test_connect after you have configured the SAG and the MQ series appropriately See Alliance Gateway MQ Host Adapter Configuration Guide Testing Connectivity with mq_test_connect. Also see the documentation about the configuration of the vendor product.
3.
Check the WebStation configuration Run WebStationConfig.exe, and check whether the configuration corresponds with the SAG configuration. See Alliance WebStation Installation Guide - Configuring Alliance WebStation on User handbook online Check the connectivity Run ping <SAG host> Run checkip <SAG host> <RAHA port> <TCP> See SWIFT CheckIP User Guide In case of failure, verify whether the network components between SAB and SAG are correctly configured. Also verify that no dropped packets are observed in the components log files. See Alliance Gateway Security Guide - Security Configurations and the SWIFTNet Network Configuration Tables Guide Alliance Gateway customers on User handbook online.
20 January 2012
12
Self-help Guide
Troubleshooting
3.4
Alliance Gateway
Alliance Gateway - Table of symptoms
Symptom Messages are not received in the server application Investigation Event Journal reports: Sag:APL-I 9 Server unreachable or Sag: APL-I 50 Request time-out Action Check whether the server that is identified for this Message Partner is still running. Check the network components between the server application and the SAG for dropped packets. Restart the server application in order to reconnect to the SAG. If unsuccessful, continue with the SWIFTNet Link section and the customer network section in this guide Use the SAG admin GUI or run sag_system saguser <username> -sagpwd <passwd> - status Overview See Alliance Gateway Operations Guide - Using the sag_system Tool If a number of activated subsystems are not started, then restart the subsystems by using the SAG Admin GUI or by launching the command sag_system -- start Check if the configuration is correct See Alliance Gateway Operations Guide - Using SAG commands and tools Send a test message with default parameters, by running sag_test_connect snuser <username> -snpwd <password> -fileact See Alliance Gateway Operations Guide - Checking an Alliance Gateway Connection (sag_test_connect) See the SWIFTNet Link section in this guide 2. Rejection by the counterparty Files can be rejected by your counterparty (for example, because of insufficient disk space). Contact your counterparty and agree on appropriate actions. Check the definition of the
1.
The monitoring application reports that files were rejected or that files failed
Local Authentication
20 January 2012
13
Self-help Guide
Troubleshooting
Action Message Partner, and the configuration of the application. See Alliance Gateway Operations Guide The Application Interface module
3.5
SWIFTNet Link
Prerequisite
Before you further investigate SWIFTNet Link, you should run the selftest command. This command will check whether the SNL subsystems are running, whether you have connectivity to SWIFTNet, and whether you can send a test message to the SWIFTNet central systems by using your SWIFTNet Link certificate. The output of the command must be: SWIFTNet Subsystems: Up IP Connectivity Test: Success InterAct Test : Success Heartbeat Test: Success If the selftest command fails:
If IP Connectivity Test is not successful, then investigate the connection between SWIFTNet Link and the VPN box Look at the selftest log, which you can find in the log directory. Investigate further as mentioned below.
Errors: TPESYSTEM Local domain is down. Or: selftest resulted in SWIFTNet Subsystems: Not Up
1.
20 January 2012
14
Self-help Guide
Troubleshooting
Symptom
Investigation
Action components between SNL and the VPN box for dropped packets. In case of failure, make sure that the network components between SNL and the VPN box are correctly configured See SWIFTNet Network Configuration Tables Guide on User handbook online. Also see the section Connection between SNL and the VPN box in this guide
Errors: Security kernel initialization resulted in error. Or: selftest resulted in InterAct Test failed
3.
Run certlist and check the expiry date of your SWIFTNet user. Recover the certificate if expired. If your SNL certificate is expired, then a SWIFT offline intervention will be required (Tip 35582) See SWIFTNet Link Operations Guide - Certificate Management for SWIFTNet Link on User handbook online
4.
Certificate password
Run CertInfo u <profile> -p <password> Recover the certificate if the password is lost. See SWIFTNet Link Operations Guide - Certificate Management for SWIFTNet Link on User handbook online
3.6
20 January 2012
15
Self-help Guide
Troubleshooting
Symptom
Investigation
Action ping 149.134.255.253 If no problems are found in the network components, then look at the state of your VPN box: see the VPN box section in this guide If the command is successful, then the problem could be intermittent Check the dynamic parameters of the firewall (for example, the session idle timeout must be minimum 1 hour) See SWIFTNet Network Configuration Tables Guide - Principles on User handbook online Check the logs of the network components for dropped packets
Note
To reduce complexity, SWIFT strongly recommends that you have the SNL host and the VPN boxes in the same location (see the recommended configuration that is described in the Network Access Control Guidelines).
3.7
2.
20 January 2012
16
Self-help Guide
Troubleshooting
Symptom
Investigation
Action
4.
Dual-I
5.
Dial-up
Spare VPN box The spare dial-up VPN box should be regularly tested, to ensure that it remains operational. Connect the box to the electrical supply, with no other cables, and verify the LED status as indicated below
1.
ISDN connectivity
Check whether the power is on: must be red If one or more LEDs are blinking, then the device has encountered an error: Reset the ISDN Terminal Adapter by unplugging and reconnecting the power cable. Check whether this solves the problem Reset the VPN box: unplug the power cable and then plug it in again If none of the ISDN LEDs light up, then verify that the ISDN cable is correctly plugged in Execute the swiftnet dialtest command, in order to verify whether all the telephone numbers that are configured in the VPN box can be dialled 2. PSTN connectivity Check the PSTN modem
20 January 2012
17
Self-help Guide
Troubleshooting
Symptom
Investigation
Action
If the modem cannot successfully establish a connection (CD blinking red, the LED with the number corresponds with the selected bandwidth): Verify that your telephone cable is correctly plugged in Test the telephone line Reset your modem Reset your VPN box: unplug the power cable and then plug it in again Execute the swiftnet dialtest command, in order to verify whether all the telephone numbers that are configured in the VPN box can be dialled
3.8
2.
3.
Bronze/Silver/Gold
20 January 2012
18
Self-help Guide
Troubleshooting
Action 1. Allow connectivity to SWIFT public IP addressing range from its source IP address to destination IP address 149.134.0.0/16 (range 149.134.0.0 to 149.134.255.255). 2. Open the following ports: UDP/IKE 500, UDP/NAT-T 4500, and ESP IP protocol 50. 1) Contact your Internet Service Provider (ISP) and make certain these IP addresses and ports are not being blocked. 2) Logon to the WebGUI from your SNL (https://149.134.255.252) and check the alarms. 3) Download the Connectivity Test Tool from the Knowledge Base (see Tip 3000419) and run the tool, as mentioned in the document Tip 3000419 The tool can now be downloaded from swift.com at the following link. http://www.swift.com/products/alliance_connect_ bronze http://www.swift.com/products/alliance_connect_ silver
2.
1.
2.
LED status
Before enrolment
Customers may not implement network equipment along the length of both direct connections between the 2 VPN boxes. 2. The standard distance between VPN boxes is 3 meters, which is a fully supported configuration. 3. Configurations that have a distance of more than 100 meters or that have layer 2 networking devices (or both) may work, but SWIFT does not support these configurations. Other configurations may work but SWIFT does not support them. Primary VPN box (labeled A) Power : green solid Status : green blinking port 0/0 TX/RX/RX : green blinking link port 0/0: green solid port 0/2 TX/RX : off link port 0/2: off port 0/3 TX/RX : green blinking link port 0/3: green solid port 0/6 TX/RX : short blinking after connection is made link port 0/6: green solid Secondary/ backup VPN box (labeled B) Power : green solid Status : green blinking port 0/1 TX/RX : green blinking link port 0/1: green solid port 0/2 TX/RX : off link port 0/2: Off port 0/3 TX/RX : green blinking link port 0/3: green solid port 0/6 TX/RX : short blinking after connection is made
20 January 2012
19
Self-help Guide
Troubleshooting
Symptom
Action link port 0/6: green solid link ports should show activity (blinking green) Primary VPN box (labeled A) Power : green solid Status : green blinking port 0/0 TX/RX/RX : green blinking link port 0/0: green solid port 0/2 TX/RX : green blinking link port 0/2: green solid port 0/3 TX/RX : green blinking link port 0/3: green solid port 0/6 TX/RX : short blinking after connection is made link port 0/6: green solid Secondary/ backup VPN box (labeled B) Power : green solid Status : amber blinking port 0/1 TX/RX : green blinking link port 0/1: green solid port 0/2 TX/RX : green blinking link port 0/2: green solid port 0/3 TX/RX : green blinking link port 0/3: green solid port 0/6 TX/RX : short blinking after connection is made link port 0/6: green solid Please make certain speed setting is set properly, as mentioned in Tip 3000688 Tip 3000625
VPN box freeze Requirement to change from static IP to DHCP for backup VPN box
Speed/duplex setting When you change your IP configuration to DHCP the IP address does not seem to be updated.
3.9
20 January 2012
20
Self-help Guide
Troubleshooting
Symptom
Investigation
Action network interface show If the settings are not correct, then follow the instructions in the SWIFTNet Link 7.0 - HSM Operations Guide
3.10
HSM box
HSM box - Table of symptoms
Symptom User profile is locked Investigation The user profile that is present on the HSM box becomes locked after five unsuccessful logon attempts to a certificate. Action If the user can obtain the current password, then the admin account, or any other user with the admin role, can use the unlock option. Unlocking the partition restores the working state of the partition for the current password. See Hardware Security Module Operations Guide - Section 3.13 - Unlock Partitions on User handbook online. If the user cannot get the current password, then the partition must be initialised and the profile must be recreated by using the CA secrets. Note: This requires PED operations. See Hardware Security Module Operations Guide - Section 3.12 Initialise partition on User handbook online If a timeout occurs before you have completed a PED operation, then you must follow these instructions: 1. Press and hold the CLEAR button on the PED for at least five seconds. 2. In the message dialog box, click OK. The PED receives the task instruction from the HSM box, and you can start the sequence of PED operations again. For the procedure, see Hardware Security Module Operations Guide - Section 2 HSM Box Configuration and Administration. The PED must also be reset by using the power switch that is located on the side of the PED. If password is known: This procedure can be applied if the password is known. This command requires use of the PIN Entry Device. Before issuing this command, you must have the Security Officer PIN Entry Device key, and access to the primary HSM box. This command can only be performed on the primary node.
The partition on the HSM box is locked after five consecutive unsuccessful login attempts to a certificate and caused customer not able to login
20 January 2012
21
Self-help Guide
Troubleshooting
Symptom
Investigation
Action
Double-click the SWIFTNet Link icon on the Windows desktop or browse to the the SWIFTNet Link swiftnet\bin directory on UNIX.
Type the command: Syntax: perl SwHSMManagePartitions.pl -U -h <HSM Box IP address> -p <Partition Name SWIFTNet user profile> Example: SwHSMManagePartitions.pl -U -h 149.134.5.3 -p HSM1:PNYBB01 If password is not known: A user with the HSM admin account can not reset the partition password. If the password is lost, you must re-initialise the partition and set up the user for recovery. You must have access to the HSM box before issuing this command. This command can only be performed on the primary node. The command requires both PIN Entry Device keys: Security Officer PIN Entry Device key, and User PIN Entry Device key.
Double-click the SWIFTNet Link icon on the Windows desktop or browse to the the SWIFTNet Link swiftnet\bin directory on UNIX.
Type the command: Syntax: perl SwHSMManagePartitions.pl -R -h <HSM box ip address> -p <Partition Name SWIFTNet user profile> [-i<HSM Username>]
20 January 2012
22
Self-help Guide
Troubleshooting
Symptom
Investigation
Action Example: perl SwHSMManagePartitions.pl -R -h 149.134.5.3 -p HSM2:PNYBB01 or with Admin password: perl SwHSMManagePartitions.pl -R -h 149.134.5.3 -p HSM2:PNYBB01 -i bsmith Setup for recovery and recover SWIFTNet user profile after reinitialisation
After you have re-initialised the partition, you must recover the profile back on to the partition. You must perform the setup for recovery procedure on Alliance Gateway or Alliance Starter Set using Alliace Webstation.
Procedure Log on as Security Officer SWIFTNet user using Alliance WebStation on the Alliance Starter Set or Allliance Gateway. Browse to the certificate you need to set up for recovery using the Users Module. Right-click the certificate and select the Setup for Recovery command from the pop-up menu. When the Certificate tab is re-displayed, click on the Activation Secrets arrow and write down the new reference number and authorisation code displayed. Log off. Log on as Administrator - Gateway Operator. Go to SWIFTNet users module and click the Certificates tab. Right-click the certificate that was setup for recovery and choose the Recover command from the popup menu. If the certificate is not visible, right-click in the blank area and select Recover. Fill in all the details required including the authorisation code, reference number, certificate name, and recover it on the partition. The certificate can be given a new profile name and password chosen by the customer.
20 January 2012
23
Self-help Guide
Troubleshooting
Investigation
Action For details, please refer to Tip 2147226 1. Check if NTLS services is running on the HSM box Run swiftnet status -T -v to see the service status of the HSM. If it is down or partial, use the SwHSMManageServices.pl to restart the HSM services (including ntls). 2. Is the server has more than 1 IP address or the IP address has changed? If it is, you will need to re-register the SNLto the HSM Cluster by using the SwHSMWiz GUI For details, please refer to Tip 2094230
HSM status is down but HSMServiceStatus is up or no partitions are enabled in SwHSMSelfTest result
Run the command: perl SwHSMActivate.pl -a h <<IP ADDRESS OF THE HSM BOX>> For details, please refer to Tip 2146133
3.11
Alliance WebPlatform
Alliance WebPlatform - Table of symptoms
Symptom Login page cannot be down and display "JavaScript is disabled, please enable and reload this page" Login page cannot be loaded and display "Internet Explorer cannot display the webpage" Investigation Page cannot be loaded with JavaScript disabled Action Go to Internet Explorer -> Tools -> Internet Options -> Security Settings -> Scripting -> Active Scripting and enable it if it is not enabled.
Check if the WebPlatform service has started or not. Windows: Administrative Tools -> Services -> Alliance WebPlatform SWP01 to check if the service has started or not UNIX: run the command "swp_bootstrap status" to check if the bootstrap of WebPlatform has started or not. If not, start it by issuing the command "swp_bootstrap start"
20 January 2012
24
Self-help Guide
Troubleshooting
3.12
3.13
RMA
The RMA service is a standard SWIFTNet Store-and-Forward InterAct service. For an explanation of the possible error codes, see the SWIFTNet Link Error codes - Detailed Codes Returned by SNL API. For errors related to the Alliance RMA application, see the Alliance Access/Entry section of this guide. For errors related to the Alliance WebPlatform RMA application, see the Alliance WebPlatfrom section of this guide.
20 January 2012
25
Self-help Guide
Reporting a problem
4
4.1
Reporting a problem
Methodology
Introduction
A persistent problem that cannot be resolved by the troubleshooting guidelines can be reported to the SWIFT Customer Service Centre.
Register on swift.com
To access the SWIFTSupport service, you must first register yourself on swift.com. Registration will allow you to access our specialised online services such as the knowledge base, case manager, documentation, ordering, and billing information. See SWIFTSupport services further in this guide.
by e-mail to support@swift.com. Mention the case number in the subject of the e-mail by the Dropbox service that is available on swift.com/support or through the SWIFTNet Portal by the sendsupportinfo command, directly from your SWIFTNet Link host.
Syntax: swiftnet sendsupportinfo [-d <dir>] -a <case number> <dir> is the name of the directory where the diagnostic files are copied or located. This parameter is optional. If this parameter is not specified, then the command will use the default directory (Windows: %SWNET_HOME%\log\supportinfo, UNIX: $SWNET_HOME/log/supportinfo). <case number> is the number of the case for which the evidences are being sent. This parameter is mandatory in order to be able to link the evidences to the correct case in the case manager application.
20 January 2012
26
Self-help Guide
Reporting a problem
4.2
4.2.1
Collecting evidences
Alliance Access/Entry
Alliance Access/Entry - Table of evidences
Where? UNIX Collect log and configuration information * SAA support information Run saa_supportinfo -output <directory> -from <From_datetime> -to <To_datetime> from $ALLIANCE/common/bin/ Log files can be collected in the $ALLIANCE/support/<directory> Example: saa_supportinfo -from 20110622T0100 -to 20110623T0200 Run saa_supportinfo -output <directory> -from <From_datetime> -to <To_datetime> from %ALLIANCE%\bin Log files can be collected in the %ALLIANCE%\support\<directory> Example: saa_supportinfo -from 20110622T0100 -to 20110623T0200 Where? Windows
Note
* These are the minimum evidences that you must provide to SWIFTSupport when you report a case.
4.2.2
Alliance WebStation
Alliance WebStation - Table of evidences
Where? Windows Collect log information * WebStation log file Result of a connection test to SWIFT SWIFTAlliance\WebStation\log\log.txt Run testtcp.bat on a stand-alone SAB The result is in <installation directory>\WebStation\log\testtcp.txt
Collect configuration information diagnostic.xml diagnostic.txt Run diagnostic.bat The result is in Diagnostic.xml and diagnostic.txt, which are in <installation directory>\WebStation\log\
Note
* These are the minimum evidences that you must provide to SWIFTSupport when you report a case.
4.2.3
Alliance Gateway
Alliance Gateway - Table of evidences
Where? UNIX Collect log and configuration information * Run sag_supportinfo -output <directory> -from <YYYYMMDDTHHMM> -to <YYYYMMDDTHHMM> The log information can be Run sag_supportinfo -output <directory> -from <YYYYMMDDTHHMM> -to <YYYYMMDDTHHMM> The log information can be retrieved Where? Windows
20 January 2012
27
Self-help Guide
Reporting a problem
Where? UNIX Collect log and configuration information * retrieved in <installation directory>/Gateway/support/
Where? Windows
in <installation directory>\Gateway\support\
Note
* These are the minimum evidences that you must provide to SWIFTSupport when you report a case.
4.2.4
SWIFTNet Link
SWIFTNet Link - Table of evidences
Where? UNIX Collect log and configuration information * Collect SNL log and configuration files Run snl_supportinfo -output <directory> -from <YYYYMMDDTHHMM> -to <YYYYMMDDTHHMM> Run selftest Selftest.log is in $SWNET_LOG_PATH/ compress the content of the $SWNET_LOG_PATH directory compress the content of the $SWNET_HOME/log directory Run snl_supportinfo -output <directory> -from <YYYYMMDDTHHMM> -to <YYYYMMDDTHHMM> Where? Windows
selftest.log
Run selftest Selftest.log is in %SWNET_LOG_PATH%/ compress the content of the %SWNET_LOG_PATH% directory compress the content of the %SWNET_HOME%\log directory
Note
* These are the minimum evidences that you must provide to SWIFTSupport when you report a case.
4.2.5
HSMSelfTest.log
Collect configuration information HSM configuration Run swiftnet getconfig T -v Redirect the output into a file Run swiftnet getconfig T v Redirect the output into a file
20 January 2012
28
Self-help Guide
Reporting a problem
Note
* These are the minimum evidences that you must provide to SWIFTSupport when you report a case.
4.2.6
Alliance WebPlatform
Alliance WebPlatform - Table of evidences
Where? UNIX Collect log and configuration information * Support information of WebPlatform Run swp_supportinfo -output <directory> -from <YYYYMMDDTHHMM> -to <YYYYMMDDTHHMM> Run swp_supportinfo -output <directory> -from <YYYYMMDDTHHMM> -to <YYYYMMDDTHHMM> Where? Windows
From the installation directory <SWP_INSTALL_PATH>/bin WebPlatform logs Run swp_readlog -output <file_pathname> -startdate <YYYYMMDD> -starttime <HH:MM:SS> -stopdate <YYYYMMDD> -stoptime <HH:MMLSS>
From the installation directory <SWP_INSTALL_PATH>\bin Run swp_readlog -output <file_pathname> -startdate <YYYYMMDD> -starttime <HH:MM:SS> -stopdate <YYYYMMDD> -stoptime <HH:MMLSS>
Note
* These are the minimum evidences that you must provide to SWIFTSupport when you report a case.
20 January 2012
29
Self-help Guide
SWIFTSupport services
5
5.1
SWIFTSupport services
Organization
Worldwide support
SWIFT offers to its customers a worldwide support delivered by a group of expert analysts. This service covers administrative, operational and technical matters. The SWIFT Customer Service Centres (CSCs) are open 24 hours a day, seven days a week. Our key communication channel for support is our website www.swift.com/support, which offers an integrated set of support services. You can also contact a support analyst by telephone, for critical situations or for additional information. Europe Americas Asia Japan +31 71 582 28 22 +1 540 825 60 56 +852 2 852 87 77 +81 3 5223 74 56
5.2
Services
My profile
My profile allows you to configure your access to the support services and to maintain your information. Information such as updates to the BIC data, contact data, the billing profile, the shipping profile and your operational profile, must be maintained online through My profile.
Knowledge base
The Knowledge base provides information about known problems and their solutions. It also includes frequently asked questions, suggestions, and technical documents. The information is organised in the form of tips.
Case manager
The Case manager allows customers to report a technical problem or a query to the SWIFT CSC. For each entry, a case number is assigned. Electronic updates are provided by the support staff. You have a complete overview of all cases with up-to-date status information.
Download centre
Licensed customers automatically receive SWIFT software product releases and patches on CD. In addition, some patches and maintenance releases are also available on the Download centre, where they can be easily downloaded and installed.
Operational status
SWIFT continues to improve the availability of its network and its systems. If a major outage occurs on critical services, then information is directly provided on the operational status. This allows customers to understand the situation and to take appropriate actions.
Documentation
General documentation about SWIFT products and SWIFT services is provided on our website. The documentation can be viewed online and can be downloaded for printing purposes or for further processing. The SWIFT software product documentation is also provided on the software product CD that is sent to licensed customers.
Billing information
This service describes the rules of SWIFT for billing and invoices. You can access the billing information for your company until 12 months in the past and you can also download it.
20 January 2012
30
Self-help Guide
SWIFTSupport services
Translation service
This service provides a real-time, multi-lingual translation of swift.com. The pages are translated by software that is configured with SWIFT-specific terminology. The English version of the web site remains the only official and legally binding version.
BIC Online
BIC Online allows you to perform a quick lookup for the latest information in the BIC Directory.
20 January 2012
31
Self-help Guide
SWIFTSupport services
Legal Notices
Copyright
SWIFT 2012. All rights reserved. You may copy this publication within your organisation. Any such copy must include these legal notices.
Confidentiality
This publication may contain SWIFT or third-party confidential information. Do not disclose this publication outside your organisation without the prior written consent of SWIFT.
Disclaimer
SWIFT supplies this publication for information purposes only. The information in this publication may change from time to time. You must always refer to the latest available version.
Translations
The English version of SWIFT documentation is the only official version.
Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT: SWIFT, the SWIFT logo, Sibos, SWIFTNet, SWIFTReady, and Accord. Other product, service, or company names in this publication are trade names, trademarks, or registered trademarks of their respective owners.
20 January 2012
32