IPP Error: 0x40001 creating or managing iPrint objects

  • 3005429
  • 20-Jun-2006
  • 07-Jan-2014


Novell iPrint for Linux Open Enterprise Server 2


Some or all of the symptoms listed below may exist:

Manage Printer within iManager returns this error:
       Exception reading printer control
       java.net.ConnectException:  Connection refused
       IPP Error: 0x40001

Create Print Manager within iManager returns this error:
       Error: Create Print Manager Failure
       Print Manager could not be configured: Request (SERVER_ERROR) - bad status code (0x500)
       iPrint Lib Error: 0x1000001

Manage Print Manager within iManager shows status of DOWN, when the status of ipsmd is running.

Running this command at the Linux console returns the error below:   iprntman printer [PrinterAgentName] -info
       Error: general error (Can not communicate with Manager)


See the troubleshooting section of this TID to help decide which workaround to implement.

Workaround 1:
Change the server listed in the AuthLDAPNDURL within the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf file.  Also, try different syntax (localhost, IP address, DNS name) to reference the same server.  After making the change, restart apache.  (rcapache2 restart)

Workaround 2:
Attempt to create and/or manage iPrint objects from iManager hosted on a different server, or many different servers.

Potential Fix:
Configure Apache to listen on port 443 on the LDAP and PSMHostAddress servers.  This is accomplished by editing the /etc/apache2/listen.conf to contain a statement equivalent to the following:

Listen 443

Save the change and restart Apache.  (rcapache2 restart)

Additional Information

iManager is unable to make an SSL connection (port 443) to the LDAP server defined in the iPrint server's iprint_ssl.conf AuthLDAPDNURL.   This connection failure can exist when iManager and iPrint are on the same or different servers.

The failure can be a result of a problem on the iManager server or a problem with the LDAP server defined in the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf.  

Can an SSL connection be made to the LDAP server?

From the iPrint server, type:

echo | openssl s_client -connect <address>:443
      replace <address> with the server defined in
      the AuthLDAPDNURL line of the iprint_ssl.conf  file.  Below
      are some examples:
      echo | openssl s_client -connect myserver.company.com:443
      echo | openssl s_client -connect localhost:443
      echo | openssl s_client -connect

The openssl command will attempt to make an SSL connection.

If the result is "Connection Refused", the cause of the problem is either with the LDAP server defined in the iprint_ssl.conf or the

If the result is 'Verify return code: 21 (unable to verify the first certificate)', that is not an indication of certificate problem.  That SSL connection was successful. 

Is Apache listening on the LDAP server and PSMHostAddress server?

To determine if Apache is listening on port 443, type this command on LDAP server defined in the iprint_ssl.conf.  Also run this command on the server defined as the PSMHostAddress in the /etc/opt/novell/iprint/conf/[psm_name].ipsmd.conf file:

netstat -atnp | grep httpd2

Look for:
tcp 0  0 :::443 :::* LISTEN [pid]/httpd2-worker

The three colons in front of port 443 means all IP Addresses bound to the server.  It is possible to have a single or multiple IP addresses listed instead of the three colons.  If an IP address is specified, make sure that address matches the PSMHostAddress found in /etc/opt/novell/iprint/conf/[psm_name].ipsmd.conf.

Possible solution for Non-nss cluster configuration

If iPrint is configured to cluster which is NOT nss, then copying the local iprint conf file to the cluster location might resolve the symptom stated above:

cp /etc/opt/novell/iprint/conf_local/* /mnt/<clusterVolName>/etc/opt/novell/iprint/conf/
note: replace <clusterVolname> with the name of the non-nss cluster volume name.