ESAM enables the System and OpenEdge Administrators to maintain and manage security policies. Policies contain the information required by services when an ESAM client requests them. OpenEdge code and configurations need not change for ESAM to provide OpenEdge governance. By default, ESAM policies are always on and run seamlessly within each OpenEdge environment. However, the operations that use ESAM depend on the health of ESAM to properly utilize its services. System and OpenEdge Administrators should first ensure that the ESAM and OpenEdge installations were successful and check the logs for any anomalies indicating ESAM is not handling the registered clients as expected.

ESAM should be accessible to all OpenEdge components in a secure manner after the OpenEdge installation is complete. The OpenEdge components first validate the OpenEdge root install path <DLC> before utilizing the artifacts from this path.

Anonymous policy

If installation failures or administrative actions interrupt the flow of ESAM operations, built-in, anonymous policies are applied instead. When ESAM or the service contract with its clients is disrupted or malfunctioning, all the OpenEdge applications and components run on anonymous policies without disrupting the continuous operations of the OpenEdge runtime stack.

The following are some conditions under which the anonymous policy may be active:

  • ESAM is not installed correctly.
  • The OpenEdge installation is not properly registered to the ESAM registry.
  • The OpenEdge client component cannot reach ESAM or cannot obtain a valid connection.
  • A core service that attempts to validate the OpenEdge root install path <DLC> fails to do so.
  • A System Administrator unregisters an OpenEdge installation from the ESAM registry.

System Administrators must verify that ESAM is properly activated and operational by reviewing the installation and ESAM logs after an installation attempt. OpenEdge Administrators should ensure that ESAM is operational so that the intended security advantages of ESAM continue to safeguard runtime operations effectively.

Troubleshoot anonymous policy behavior

You can resolve the issues arising due to anonymous policy behavior by ensuring that:
  • ESAM is installed properly on the machine. For more information on how to troubleshoot the ESAM installation, see "Repair ESAM installation" in Troubleshoot OpenEdge installation failures.
  • The OpenEdge installation must be successfully registered with ESAM. For more information on how to troubleshoot the root install path <DLC> registration with ESAM, see "Restore OpenEdge root install path registration" in Troubleshoot OpenEdge installation failures.
  • For any other runtime issues, the OpenEdge Administrator can refer to the oesec.log file.

Error return-codes

The following table displays the return codes for potential ESAM runtime related errors:
Return codes Reason for failure Next step
2001-3999 ESAM installation issues The System Administrator must run the ESAM installer manually to resolve the ESAM installation failure.

For more information on how to invoke the ESAM installer manually, see “Repair ESAM installation” in Troubleshoot OpenEdge installation failures.
1000-1008 Validation failure The System Administrator must manually invoke the DLC registration process to resolve the failure of root install path <DLC> registration with ESAM.

For more information on how to manually register the root install path <DLC> , see “Restore OpenEdge root install path registration” in Troubleshoot OpenEdge installation failures.
4001-4003