Novell Home

Solving the iManager 'Service Not Available' Message

Novell Cool Solutions: Tip
By George Iosif

Digg This - Slashdot This

Posted: 14 Jun 2006
 

3>Problem

When installing OES (Linux), including the SP2 version, in some cases (from what I can tell, when installing without eDirectory), when using iManager to administer the NetStorage service residing on the same server as iManager, you get a "Service not available. Possible cause: Unauthorized" error message. However, the NetStorage service itself runs without problems. Of course, this assumes you have the eDirectory service running somewhere in you network (even on the server in discussion).

Solution

Assuming all the required services are running (Apache2, Novell Tomcat4, Novell xsrvd, Novell xregd), all you have to do is to generate a "cacerts" file in /etc/opt/novell/tomcat4/. This file is a SSL certificates repository used by (among others) the iManager plugin for NetStorage to communicate with the XTier service running on the same server.

It seems that this file is not copied from a RPM archive, but it is generated instead (probably by a post-installation script from a RPM). To generate it, you have to use the "keytool" utility from the Java SDK, which generally is already installed on the server. More specific, you should run the following, as root:

cd /etc/opt/novell/tomcat4/
keytool -import -alias myrootca -keystore cacerts -file /etc/ssl/servercerts/servercert.pem

where "myrootca" is an alias for the certificate to be imported (you can put any name here, but this alias has to be unique within a given certificate repository). "cacerts" is the file name of the certificate repository (which, in our case, will be created since it does not exist) and "/etc/ssl/servercerts/servercert.pem" is the file with the SSL certificate used by the Apache web server.

When running the above command, you will be prompted to introduce a password, which, in this case, must be "changeit" (this is the default one used by Tomcat).

Following the creation of the "cacerts" file, you will have to set the appropriate rights to it:

chown root.www cacerts
chmod 644 cacerts

Now, restart the Tomcat service (rcnovell-tomcat4 restart) and try the tasks below the "File Access (NetStorage)" section, in iManager.

Note: You may encounter one more problem. Even after you get all of the above done, when trying to access the "Files" task from the "File Access (NetStorage) section - you may get the following error:

NetStorage getData: IOExceptionURL = https:// ( https:/// )<your_IP_address_OR_DNS_name>/oneNet/xtier-loginnull

After that, the other tasks also become unavailable, requiring a Tomcat service restart.

The problem is that you didn't connect to the server using the same name as the one specified in the SSL certificate used by the Apache service running on that server. So, for instance, if you have configured the Apache service to use a SSL certificate with a CN (Common Name) of "my.server.com", and they connect to the same server, but using the IP address (https:///nps/iManager) instead of the name (https://my.server.com/nps/iManager), you would get the above error. In that case, you should use the server name when connecting to iManager on that server. The same principle applies when using a SSL certificate with a CN of the server's IP address.

Note: This solution was tested on OES (Linux) with SP2.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell