How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I enable message level debugging for install and upgrade issues with AM (All versions)?

Last updated Jan 16, 2023

The purpose of this article is to provide information on enabling message level debug logging in the application web container; this is useful if you are experiencing install or upgrade issues with AM as you cannot enable message level debugging in AM until it is installed. Application web container debugging is also useful for startup issues and access failure issues (permissions).

2 readers recommend this article

Enabling Message level debugging in the web application container

You can enable Message level debugging in the web application container if you are experiencing issues during the install or upgrade process by setting the following JVM properties:

where WRITABLE_DIRECTORY should be replaced with the path to an existing directory such as /tmp/openam.


You must remove these JVM parameters and the WRITABLE_DIRECTORY once you have successfully configured AM and then restart the web application container. If you do not do this, your AM debug logs will be diverted to the WRITABLE_DIRECTORY instead of the standard debug directory.

Example using Apache Tomcat™ web container

You would enable Message level debugging by specifying CATALINA_OPTS settings in the file (typically located in the /tomcat/bin/ directory). If this file doesn't exist, you should create it in the same directory as the file (also typically located in the /tomcat/bin/ directory).

To enable Message level debugging, with output to the /tmp/openam directory:

  1. Add the following line to the file: export CATALINA_OPTS=""
  2. Restart the web container.

Once you have successfully configured AM, reverse these changes as follows:

  1. Remove the following line from the file: export CATALINA_OPTS=""
  2. Delete the /tmp/openam log directory.
  3. Restart the web container.

Enabling debugging for access failures in the web application container

You can enable debugging in the web application container if you are experiencing issues with access (permissions) by adding the following JVM property:,failure

For the Tomcat web container, you would add this in the same way as detailed above, that is, add the following line to the file and restart the web container:

export CATALINA_OPTS=",failure"

The output from this debugging is shown in the AM admin UI and will give a failure rule that needs adding to the Java® Permissions list. Add the identified permission and repeat; keeping adding permissions and repeating until you have resolved all the access failures.

See Also

How do I collect all the data required for troubleshooting AM and Agents (All versions)?

How do I collect JVM data for troubleshooting AM?

The System Property

Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.