Environment
Novell Access Management 3 Linux Access Gateway
Novell Access Manager 3 Interim Release 1 applied (nam3ir1.tar.gz)
Linux Access Gateway build 74 applied
Situation
Setting up pinlist configuration on the Linux Access Gateway build
74. If the PinList had been previously configured with an earlier
build, it would have read the config from config.xml and created
separate configuration files for Pinning under /var/novell/cca.
With the newer build (74 for example), whenever the proxy comes up, it takes the configuration stored from /var/novell/cca but crashes when there is a connection failure to one of the server configured in pinlist.
The symptoms of the issue are
1) The following connection failure log messages are seen in the ics_dyn.log
ERROR Connection FAILED with peer (71.74.48.27), port(80)
2) The stack trace looks like the following
#0 0x454ea68a in Request::getConnectionHeaderToSend () from /opt/novell/lib/proxy.so.1
(gdb) bt
#0 0x454ea68a in Request::getConnectionHeaderToSend () from /opt/novell/lib/proxy.so.1
#1 0x454ec7b8 in HttpErrorResult () from /opt/novell/lib/proxy.so.1
#2 0x45566b17 in CachedWebItem::abortRequests () from /opt/novell/lib/proxy.so.1
#3 0x45566c2d in CachedWebItem::remove () from /opt/novell/lib/proxy.so.1
#4 0x4548a2da in HTTPClientError () from /opt/novell/lib/proxy.so.1
#5 0x4548ccfc in SendHTTPClientRequest () from /opt/novell/lib/proxy.so.1
#6 0x454d2c47 in RES_ConnectFailed () from /opt/novell/lib/proxy.so.1
With the newer build (74 for example), whenever the proxy comes up, it takes the configuration stored from /var/novell/cca but crashes when there is a connection failure to one of the server configured in pinlist.
The symptoms of the issue are
1) The following connection failure log messages are seen in the ics_dyn.log
ERROR Connection FAILED with peer (71.74.48.27), port(80)
2) The stack trace looks like the following
#0 0x454ea68a in Request::getConnectionHeaderToSend () from /opt/novell/lib/proxy.so.1
(gdb) bt
#0 0x454ea68a in Request::getConnectionHeaderToSend () from /opt/novell/lib/proxy.so.1
#1 0x454ec7b8 in HttpErrorResult () from /opt/novell/lib/proxy.so.1
#2 0x45566b17 in CachedWebItem::abortRequests () from /opt/novell/lib/proxy.so.1
#3 0x45566c2d in CachedWebItem::remove () from /opt/novell/lib/proxy.so.1
#4 0x4548a2da in HTTPClientError () from /opt/novell/lib/proxy.so.1
#5 0x4548ccfc in SendHTTPClientRequest () from /opt/novell/lib/proxy.so.1
#6 0x454d2c47 in RES_ConnectFailed () from /opt/novell/lib/proxy.so.1
Resolution
Search for the files under /var/novell/cca and remove them all so
that the directory is empty. The restart the proxy services using
/etc/init.d/novell-vmc restart.
Additional Information
The PIN list settings for the Linux Access Gateway are inactive
with the shipping build. It is planned to have support for PIN list
settings in SP1.