Skip to main content
Spine Core common issues in the Path to Live environments

How to deal with common issues experienced by users of the Path to Live environments when using the Spine Core service. 

Dealing with common messaging issues

Firewall rules

Make sure that you have allowed traffic between IP addresses/URLs from the relevant environment page both in and out of your local firewall. If you have not allowed them, you may get rejection messages, timeouts or no response at all.

Messaging URLs

Confirm whether you are sending directly to URLs, and if so, that you are using the correct messaging URLs as provided on the relevant environment page. Check whether you are using a host file and that it has the correct entries in it.

DNS registration

Confirm that you have registered your FQDN and IP address with the NHS DNS team as this may be preventing you from receiving responses from Spine. This can be confirmed by doing a DNS lookup on the FQDN or you can email: dnsteam@nhs.net

Party key and Accredited System ID (ASID)

Confirm that the party key and/or ASID that you are sending in your message exists in the required environment. This can be done by doing a suitable LDAP search. An LDAP search can also be used to confirm which messages are registered against the endpoint. 


Perform a telnet command

A telnet command tests bidirectional communications with a remote computer. This test is used to ensure a particular server can send and receive commands.

If you are asked to telnet to a particular environment you need to find the relevant URL, IP address, port numbers and fully qualified domain names (FQDNs) of the service you're trying to connect to. These can be found on the relevant environment page

In the example below, a user has been unable to connect to LDAP in the Spine training environment. You'll need to log onto a server that has HSCN (N3) connectivity, and from a command line type the following:

$ telnet ldap.tsp.national.ncrs.nhs.uk 443

OR

$ telnet 10.200.40.136 636

 

Click 'return' to run the command
 

  • if successful, the screen is cleared and the cursor flashes - you should be prompted to enter 'CTRL+]' to disconnect
     
  • if unsuccessful, an error will be returned or the request may timeout - make a note of this error and contact your HSCN provider

Perform a DNS lookup

The DNS lookup command checks either an FQDN or IP address against the NHS DNS servers to see if they are registered. A DNS registration is required to ensure traffic can go between servers. 

If you're asked to do a DNS test in a particular environment, you will need either the FQDN or IP address of the service you're trying to connect to. In the example below, a user is querying the FQDN of the LDAP service. You'll need to log onto a server which has HSCN connectivity and type in the following command:

$ nslookup ldap.tsp.national.ncrs.nhs.uk 

OR

$ nslookup 10.200.40.136 

 

Click 'return' to run the command
 

  • if successful, you'll receive a response with the FQDN and IP address shown
     
  • if unsuccessful, an error will say the server cannot find the FQDN/IP address - contact the DNS team to register DNS name as per instructions on the relevant environment page 

 

  • some DNS services will not allow reverse lookups (searching for IP address) 

Troubleshoot LDAP issues

It is important to distinguish between the inability to connect to LDAP and unexpected results being returned.

Unable to connect to LDAP

  • confirm that the correct URL is being used for the required environment - the environment specific URLs are available on the relevant environment page
  • the LDAP URL must be allowed in and out of the local firewall, otherwise the connection will be blocked
  • the system connecting to the LDAP URLs must have a certificate, usually the same as the end point certificate, and a HSCN connection

No results or incorrect results returned

You will need to raise an incident with the Platforms support desk using the incident form (opens in a new window) or service portal (HSCN access required to access the service portal). Please provide the full LDAP search string and the environment name, combined with a description of what you expected to be returned.


Packet capture

To help us investigate a connection issue, it may be necessary to complete a packet capture showing the network traffic.

The software captures the network conversation between the Local System and the End System and helps the resolving group understand where the issue lies. If the local user is not getting as far as reaching the end system then the packet capture may show this. Users will need admin access to install suitable software, for example Wire-Shark.

This process is also known as a 'snoop'. If you do not know how to complete a packet capture/snoop, please contact your local IT support team. It may be necessary to coordinate such activity with NHS Digital to perform a full investigation. 


Demographic Spine Application (DSA) roles and activities

The Role Based Access Control (RBAC) roles and activities commonly used for DSA are outlined below.

Users should contact platforms.supportdesk@nhs.net to gain access to DSA.

Module Role Role code Activity Activity name
DSA Demographic administrator R5110 B0056 Manage work items
DSA Demographic administrator R5110 B0060 Manage NHS number information
DSA Demographic administrator R5110 B0089 Access DSA
DSA Demographic administrator R5110 B0091 Update violent patient indicator
DSA Demographic administrator R5110 B0092 Access service dependent data
DSA Demographic administrator R5110 B0093 Create work item
DSA Demographic administrator R5110 B0094 Add/delete WI NHS numbers
DSA Demographic administrator R5110 B0096 Amend patient demographics (NBO)
DSA Demographic administrator R5110 B0097 Clinical back office access
DSA Demographic administrator R5110 B0098 View patient demographics
DSA Demographic administrator R5110 B0099 Bulk update and removal
DSA Demographic administrator R5110 B0111 Create work item for CBO
DSA Demographic administrator R5110 B0620 Transfer paper records
DSA Demographic administrator R5110 B0825 Amend patient demographics (PCRBO)
DSA Demographic administrator R5110 B1610 Allocate NHS number
DSA Demographic administrator R5110 B1680 Merge
DSA Demographic administrator R5110 B1810 Run sensitive PDS data quality reports
DSA Demographic administrator R5110 B8009 GP registration
DSA Demographic supervisor R0008 B0057 Core supervisor
DSA Demographic supervisor R0008 B0059 Application maintenance
DSA Demographic supervisor R0008 B0062 System administration
DSA Demographic supervisor R0008 B0089 Access DSA
DSA Demographic supervisor R0008 B0092 Access service dependent data
DSA Demographic supervisor R0008 B0093 Create work item
DSA Demographic supervisor R0008 B0094 Add/delete WI NHS numbers
DSA Demographic supervisor R0008 B0096 Amend patient demographics (NBO)
DSA Demographic supervisor R0008 B0097 Clinical back office access
DSA Demographic supervisor R0008 B0098 View patient demographics
DSA Demographic supervisor R0008 B0825 Amend patient demographics (PCRBO)
DSA Demographic supervisor R0008 B1610 Allocate NHS number
DSA Demographic supervisor R0008 B1680 Merge
DSA Demographic supervisor R0008 B1810 Run sensitive PDS data quality reports
DSA Demographic supervisor R0008 B8009 GP registration

Summary Care Record (SCR) roles and activities

The Role Based Access Control (RBAC) roles and activities commonly used for SCR are outlined below.

Module Role Role code Activity Activity name
SCRa Clinical Practitioner R8000 B0264 Access CSA (perform patient trace)
SCRa Clinical Practitioner R8000 B0257 View non-ETP clinical data within CSA
SCRa Clinical Practitioner R8000 B0085 Claim a relationship with a patient
SCRa Clinical Practitioner R8000 B0030 Record a patient's self referral
SCRa Clinical Practitioner R8000 B0082 Legal override of consent
SCRa Clinical Practitioner R8000 B0168 View when permission could not be requested
SCRa Receptionist R8009 B0264 Access CSA (perform patient trace)
SCRa Receptionist R8009 B0030 Record a patient's self referral
Alert Viewer Privacy Officer R0001 B0016 Receive self claimed LR alerts
Alert Viewer Privacy Officer R0001 B0015 Receive legal override and emergency view alerts
GP System Clinical Practitioner R8000 B0370 View summary health records
GP System Clinical Practitioner R8000 B8029 Manage detailed health records
GP System Clinical Practitioner R8000 B0401 View patient medication
GP System Clinical Practitioner R8000 B0380 Perform detailed health record
GP System Clinical Practitioner R8000 B8028 Verify health records
GP System Clinical Practitioner R8000 B0097 Manage summary care record
GP System Clinical Practitioner R8000 B8029 Manage detailed health records
GP System Clinical Practitioner R8000 B0020 Control consent status
GP System Clinical Practitioner R8000 B0062 Local system administration
GP System Clinical Practitioner R8000 B0168 View when permission could not be requested
GP System Clinical Practitioner R8000 B0082 Legal override of consent
GP System Clinical Practitioner R8000 B0011 Analyse audit trails
GP System Systems Support R8015 B0020 Control consent status
GP System Systems Support R8015 B0380 Perform detailed health record
GP System Systems Support R8015 B0062 Local system administration
GP System Systems Support R8015 B0011 Analyse audit trails

Spine party key

The contract properties for all national service messages can be obtained from the Spine party key along with ASID information.

Spine Party Key: YES-0000806

ASIDs: vary depending on the service 

Full details can be obtained by performing a suitable LDAP search against the Spine party key. 


Logging a messaging incident

If you are experiencing an issue with Spine messaging and you've attempted the fixes above unsuccessfully, please raise an incident with the Platforms support desk using the incident form (opens in a new window) or service portal (HSCN access required to access the portal). 

Please provide as much of the following detail as possible:

  • Party key: your party key and the associated binding URL
  • ASID: the ASID you are sending
  • Message tracing information: GUID and timestamp of a message
  • Message: if possible a copy of the message that you are sending, including the headers
  • Error messages: details of any error message received and where in the process you receive them
  • Recreation steps: what you did prior to experiencing the problem and whether or not this happens consistently

Further information

Last edited: 6 October 2020 3:09 pm