Deployment Troubleshooting - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Product name
BlueCat Integrity

Deployment events

The following events can affect deployment:

  • The server load of both Address Manager and DNS/DHCP Server. The lack of resources such as memory disk space can cause a deployment failure.
  • The datarake files related to performance and disk utilization.
  • Whether a cleanup script or backup were running simultaneously. This could cause a high load and affect the deployment indirectly.
  • Network interruptions in syslog and kernel.log (dmesg).
  • All running queries.

API deployments

If you're using APIs for deployment, consider the following:
  • Always check the API diagnostics log (/var/log/jetty/api-diagnostics.log).
  • Check the following files for the Address Manager datarake:
    • /var/log/jetty/api-diagnostics.log – API requests and answers
    • /var/log/server.log – error messages
    • /var/log/syslog – general error and warning messages
  • For full and diffential deployments, you must be logged in during the deployment. Logging out during deployment will cause the deployment to fail.
  • For selective deployments, the following will cause deployment to fail:
    • Deploying dynamic or external records
    • Deploying more than 100 records in a single API call
    • Deploying records from more than one primary
    • Moving records from one zone to another
    • Not executing a full deployment with no errors (green check mark) to a new server or when the deployment flag resets.

API error messages

  • Error message: "Unauthorized User"

    Resolution: Add the Authorization Header with a valid token collected from a login call.

  • Error message: "405 Method not allowed"

    Resolution: Check the WADL API description for the proper request type.

  • Error message: "405 Not found"

    Resolution: Use the correct method name (case sensitive).

  • Error message: "varname cannot be null"

    Resolutions: Add the missing variable in the parameter list. API calls like update() and selectiveDeploy() require payload (body) data.

Important files and folders in Address Manager


Contains XML files that are sent to DNS/DHCP Server. Unless Java is in debug mode, the files in this directory are removed after a deployment.


The Address Manager Java log. This file contains information, warnings, and errors from Java.


Contains the following variables used by Java to control deployments:
Note: The deploy.serial variable has been deprecated and is no longer available.
  • deploy.timeout.minute = 20: The default deployment timeout. The default is 20 minutes.
  • maxConcurrentDeployedServers = 20: The maximum number of servers that can be deployed simultaneously. The default is 20 and the range is 1-20.


Contains the hostname for Java and replication.

Configuration files and directories on DNS/DHCP Server


BIND’s main configuration file. It contains information regarding DNS options, views, and zone configuration files.


Contains all of the configuration files for active DNS zones.


The DHCP configuration file.


Contains the deployment XML files copied from DNS/DHCP server.


Contains the certificate keys.


Contains deployment XML files that are written and parsed as .img files.


Contains a list of views by object ID and loopback address.


Contains the BIND zone .db and .jnl files.

/validation/, /validation-dns/, /validation-dhcp/

These directories are dynamically created with configuration files, zone files, and other files which are validated before deployment. Once validation is complete, the files are removed. /validation/ is completely removed after validation and deployment.


Contains DNS/DHCP Server services.


A hash of the old deployment password.


A hash of the new deployment password.


Configures the level of detail from the commandServer, the size of the log files, and the number of archived/rolled log files.


Configures different system variables such as configuration files, log files, and various timers.

DNS/DHCP Server utilities and scripts


Provides dynamic updates to BIND and zones. nsupdate is controlled using the loopback interface: (view1) (view2) (view3)

The loopback interfaces will be mapped to views in views.state.

rndc freeze/thaw

The name server control utility used for troubleshooting deployment problems. When freezing a zone, all dynamic changes stored in the zone's journal file will be written to the zone's database file.


Runs tasks after deployment from Address Manager is complete. This script is not executed manually.


Validates the BIND configuration files. Checks named-checkconf for several conditions in the DNS zone files based on options slected when enabling zone validation. The output is placed in /var/log/check-zone.log.


Calls /usr/local/validate-dhcp to validate the syntax of the dhcpd.conf file. The output is placed in /var/log/check/dhcpd.log.


Restores and deletes the current BIND configuration files and directories:

  • /replicated/jail/named
  • /etc/rndc.conf
  • /replicated/etc/rndc.key
  • /repicated/etc/named.conf
  • /replicated/var/dns-config
  • /replicated/var/dnssec-keys

This script also provides a back up to these files.


Restores and deletes the MAC authentication distributor and DHCPD configuration files and directories:

  • /replicated/etc/mad.conf
  • /replicated/etc/madweb.conf
  • /replicated/usr/local//jetty/webapps
  • /repicated/usr/local/jetty/etc/keystore
  • /replicated/etc/dhcpd.conf
  • /replicated/etc/dhcp6s.conf
  • etc/cron.minutely
  • /replicated/etc/bcn/sophos-nac.conf

This script also provides a back up to these files.

Log files in Address Manager

  • /var/log/jetty/server.log

Log files in DNS/DHCP Server

  • /var/log/syslog
  • /var/log/commandServer.log
  • /var/log/check-bind.log
  • /var/log/check-zone.log
  • /var/log/check-dhcpd.log