NAM base url unavailable after certificates expire
This document (7011395) is provided subject to the disclaimer at the end of this document.
After restarting the primary admin console we could login normally and see that default eDirectory server certificates had expired but had been automatically renewed on the restart.
Later the IDP server was restarted and when users attempted to access protected resources, they were redirected to the idp base URL, as expected, but no login was available.
The IDP catalina.out showed
DirAuthenticator...1114 (Error -669) An invalid password was used, authentication failed, one server tried to synchronize with another one but the target server's database was locked, or a problem exists with the remote ID or public key.
DirAuthenticator...1136 Login failed: admin.novell: 10.17.220.100
SRetryDispatcher retrying: 0
SRetryDispatcher retrying: 1
SRetryDispatcher retrying: 2
SRetryDispatcher retrying: 3
This is an administration console error. This IDP also hosted the secondary AC. The secondary AC was failing to load because the default server certificates had expired and this was preventing the IDP from loading.
The issue was fixed by connecting a standard version of iManager with certificate plugins to the secondary admin console and repairing default certificates on that secondary AC and then restarting the server.
In NAM 3.1, the secondary AC does not automatically renew the certifcates.
In NAM 3.2, the restarting the secondary AC does automatically renew the default certifcates if they are expired.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7011395
- Creation Date:19-NOV-12
- Modified Date:19-NOV-12
- NetIQAccess Manager (NAM)iManager
Did this document solve your problem? Provide Feedback