Environment
Novell iPrint for Linux Open Enterprise Server 2
Situation
Some or all of the symptoms listed below may exist:
Manage Printer within iManager returns this error:
Exception reading printer control
java.net.ConnectException: Connection refused
IPP Error: 0x40001
Create Print Manager within iManager returns this error:
Error: Create Print Manager Failure
Print Manager could not be configured: Request (SERVER_ERROR) - bad status code (0x500)
iPrint Lib Error: 0x1000001
Manage Print Manager within iManager shows status of DOWN, when the status of ipsmd is running.
Running this command at the Linux console returns the error below: iprntman printer [PrinterAgentName] -info
Error: general error (Can not communicate with Manager)
Manage Printer within iManager returns this error:
Exception reading printer control
java.net.ConnectException: Connection refused
IPP Error: 0x40001
Create Print Manager within iManager returns this error:
Error: Create Print Manager Failure
Print Manager could not be configured: Request (SERVER_ERROR) - bad status code (0x500)
iPrint Lib Error: 0x1000001
Manage Print Manager within iManager shows status of DOWN, when the status of ipsmd is running.
Running this command at the Linux console returns the error below: iprntman printer [PrinterAgentName] -info
Error: general error (Can not communicate with Manager)
Resolution
See the troubleshooting section of this TID to help decide which workaround to implement.
Workaround 1:
Change the server listed in the AuthLDAPNDURL within the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf file. Also, try different syntax (localhost, IP address, DNS name) to reference the same server. After making the change, restart apache. (rcapache2 restart)
Workaround 2:
Attempt to create and/or manage iPrint objects from iManager hosted on a different server, or many different servers.
Potential Fix:
Configure Apache to listen on port 443 on the LDAP and PSMHostAddress servers. This is accomplished by editing the /etc/apache2/listen.conf to contain a statement equivalent to the following:
Listen 443
Save the change and restart Apache. (rcapache2 restart)
Workaround 1:
Change the server listed in the AuthLDAPNDURL within the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf file. Also, try different syntax (localhost, IP address, DNS name) to reference the same server. After making the change, restart apache. (rcapache2 restart)
Workaround 2:
Attempt to create and/or manage iPrint objects from iManager hosted on a different server, or many different servers.
Potential Fix:
Configure Apache to listen on port 443 on the LDAP and PSMHostAddress servers. This is accomplished by editing the /etc/apache2/listen.conf to contain a statement equivalent to the following:
Listen 443
Save the change and restart Apache. (rcapache2 restart)
Additional Information
Cause:
iManager is unable to make an SSL connection (port 443) to the LDAP server defined in the iPrint server's iprint_ssl.conf AuthLDAPDNURL. This connection failure can exist when iManager and iPrint are on the same or different servers.
Troubleshooting:
The failure can be a result of a problem on the iManager server or a problem with the LDAP server defined in the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf.
Can an SSL connection be made to the LDAP server?
From the iPrint server, type:
echo | openssl s_client -connect <address>:443
replace <address> with the server defined in
the AuthLDAPDNURL line of the iprint_ssl.conf file. Below
are some examples:
echo | openssl s_client -connect myserver.company.com:443
echo | openssl s_client -connect localhost:443
echo | openssl s_client -connect 10.0.51.23:443
The openssl command will attempt to make an SSL connection.
If the result is "Connection Refused", the cause of the problem is either with the LDAP server defined in the iprint_ssl.conf or the
If the result is 'Verify return code: 21 (unable to verify the first certificate)', that is not an indication of certificate problem. That SSL connection was successful.
Is Apache listening on the LDAP server and PSMHostAddress server?
To determine if Apache is listening on port 443, type this command on LDAP server defined in the iprint_ssl.conf. Also run this command on the server defined as the PSMHostAddress in the /etc/opt/novell/iprint/conf/[psm_name].ipsmd.conf file:
netstat -atnp | grep httpd2
Look for:
tcp 0 0 :::443 :::* LISTEN [pid]/httpd2-worker
The three colons in front of port 443 means all IP Addresses bound to the server. It is possible to have a single or multiple IP addresses listed instead of the three colons. If an IP address is specified, make sure that address matches the PSMHostAddress found in /etc/opt/novell/iprint/conf/[psm_name].ipsmd.conf.
Possible solution for Non-nss cluster configuration
If iPrint is configured to cluster which is NOT nss, then copying the local iprint conf file to the cluster location might resolve the symptom stated above:
cp /etc/opt/novell/iprint/conf_local/* /mnt/<clusterVolName>/etc/opt/novell/iprint/conf/
iManager is unable to make an SSL connection (port 443) to the LDAP server defined in the iPrint server's iprint_ssl.conf AuthLDAPDNURL. This connection failure can exist when iManager and iPrint are on the same or different servers.
Troubleshooting:
The failure can be a result of a problem on the iManager server or a problem with the LDAP server defined in the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf.
Can an SSL connection be made to the LDAP server?
From the iPrint server, type:
echo | openssl s_client -connect <address>:443
replace <address> with the server defined in
the AuthLDAPDNURL line of the iprint_ssl.conf file. Below
are some examples:
echo | openssl s_client -connect myserver.company.com:443
echo | openssl s_client -connect localhost:443
echo | openssl s_client -connect 10.0.51.23:443
The openssl command will attempt to make an SSL connection.
If the result is "Connection Refused", the cause of the problem is either with the LDAP server defined in the iprint_ssl.conf or the
If the result is 'Verify return code: 21 (unable to verify the first certificate)', that is not an indication of certificate problem. That SSL connection was successful.
Is Apache listening on the LDAP server and PSMHostAddress server?
To determine if Apache is listening on port 443, type this command on LDAP server defined in the iprint_ssl.conf. Also run this command on the server defined as the PSMHostAddress in the /etc/opt/novell/iprint/conf/[psm_name].ipsmd.conf file:
netstat -atnp | grep httpd2
Look for:
tcp 0 0 :::443 :::* LISTEN [pid]/httpd2-worker
The three colons in front of port 443 means all IP Addresses bound to the server. It is possible to have a single or multiple IP addresses listed instead of the three colons. If an IP address is specified, make sure that address matches the PSMHostAddress found in /etc/opt/novell/iprint/conf/[psm_name].ipsmd.conf.
Possible solution for Non-nss cluster configuration
If iPrint is configured to cluster which is NOT nss, then copying the local iprint conf file to the cluster location might resolve the symptom stated above:
cp /etc/opt/novell/iprint/conf_local/* /mnt/<clusterVolName>/etc/opt/novell/iprint/conf/
note: replace <clusterVolname> with the name of the non-nss cluster volume name.