Environment
Novell Access Manager 3.1 Linux based Access Gateway Service
Novell Access Manager 3.1 Support Pack 3 applied
Access Gateway Service running on SLES11 x86-64 platform
Already existing Access Gateway Service cluster
Novell Access Manager 3.1 Support Pack 3 applied
Access Gateway Service running on SLES11 x86-64 platform
Already existing Access Gateway Service cluster
Situation
A fresh install of Access Manager 3.1 SP3 was performed on a SLES11x86-64 Access GAteway Service (AGS) and the device imported successfully on an SLES11 based Admin console.
After this first AGS install, an Access Gateway cluster was created and the AGS added. After applying the changes, the service access works fine ie. users are able to access the accelerated resources without problems.
After this, another AGS on the same platform was installed and the device was imported into the Admin Console as expected. After adding it to the existing cluster, warnings and errors were reported in the healthcheck of the newly added AGS. Users trying to access protected resources through this newly added AGS would fail without even getting redirected to the Identity server to login.
This newly added AGS creates the listener socket 127.0.0.2:80 and does not listen on the real IP of the AGS.
After this first AGS install, an Access Gateway cluster was created and the AGS added. After applying the changes, the service access works fine ie. users are able to access the accelerated resources without problems.
After this, another AGS on the same platform was installed and the device was imported into the Admin Console as expected. After adding it to the existing cluster, warnings and errors were reported in the healthcheck of the newly added AGS. Users trying to access protected resources through this newly added AGS would fail without even getting redirected to the Identity server to login.
This newly added AGS creates the listener socket 127.0.0.2:80 and does not listen on the real IP of the AGS.
Resolution
Workaround the issue by doing the following:
1 Go to the proxy service page. Change the listening IP address to the other cluster member, then select the correct IP address again.
2 Click Update to save the changes.
3 Verify the correct address, then add the device to the cluster.
1 Go to the proxy service page. Change the listening IP address to the other cluster member, then select the correct IP address again.
2 Click Update to save the changes.
3 Verify the correct address, then add the device to the cluster.